Cloud 101CircleEventsBlog
Gain exclusive access to CSA’s extensive network of cloud security experts by becoming a corporate member. Learn how today.

Download Publication

Cloud and Compromise (C&C): Gamifying of Cloud Security
Cloud and Compromise (C&C): Gamifying of Cloud Security
Who it's for:
  • Cloud security architects, engineers, analysts, and decision-makers
  • Developers
  • Infrastructure professionals
  • Consultants

Cloud and Compromise (C&C): Gamifying of Cloud Security

Release Date: 07/10/2023

Working Group: Top Threats

CSA’s Top Threats Working Group works to identify the most significant cloud security threats, vulnerabilities, and weaknesses; analyze major incidents; and evaluate and propose the means to mitigate the root causes of those threats. After their Cloud Threat Modeling publication, this guide is the working group’s next step to deepen the guidance on cloud security gamification.

Use this document as your template to conduct a cybersecurity tabletop exercise that familiarizes all participants with the cloud incident response process. Included in the download are instructions on how to play the game, tips and tricks for getting the most out of your tabletop exercise, and game cards to print out.

Key Takeaways:
  • Understand how to build and secure basic cloud architectures 
  • Understand basic security team roles when building a cybersecurity program 
  • Identify and protect key assets with cloud security controls and countermeasures 
  • Protect, detect, and respond to cloud threats and threat indicators
Download this Resource

Bookmark
Share
Related resources
What is IAM for the Cloud?
What is IAM for the Cloud?
CSA Code of Conduct Gap Resolution and Annex 10 to the CSA Code of Conduct for GDPR Compliance
CSA Code of Conduct Gap Resolution and Annex 10...
State of Financial Services in Cloud
State of Financial Services in Cloud
3 Ways Cybercriminals are Targeting Your Email
3 Ways Cybercriminals are Targeting Your Email
Published: 09/20/2023
Data Security Platforms: 9 Key Capabilities and Evaluation Criteria
Data Security Platforms: 9 Key Capabilities and Evaluation Criteria
Published: 09/19/2023
Reshaping Security Landscapes: The Essence of Cyber Transformation
Reshaping Security Landscapes: The Essence of Cyber Transformation
Published: 09/15/2023
5 Reasons Why Just-in-Time Cloud Access is Pioneering the Future of CIEM
5 Reasons Why Just-in-Time Cloud Access is Pioneering the Future of...
Published: 09/13/2023

Acknowledgements

Michael Roza
Michael Roza
Risk, Audit, Control, and Compliance Professional

Michael Roza

Risk, Audit, Control, and Compliance Professional

Since 2012 Michael has contributed to over 85 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud Ke...

Read more

Jon-Michael Brook
Jon-Michael Brook

Jon-Michael Brook

Jon-Michael C. Brook, Principal at Guide Holdings, LLC, has 20 years of experience in Information Security with such organizations as Raytheon, Northrop Grumman, Booz Allen Hamilton, Optiv Security and Symantec. Mr. Brook's work traverses the government, financial, healthcare, gaming, oil and gas and pharmaceutical industries. Mr. Brook obtained a number of industry certifications, including CISSP and CCSK, has patents and trade secrets in...

Read more

Randall Brooks Headshot Missing
Randall Brooks

Randall Brooks

This person does not have a biography listed with CSA.

Alexander Getsin
Alexander Getsin

Alexander Getsin

Alexander Stone Getsin is a financial technologies security leader with particular expertise and interest in cloud security, secure application design, and security governance. Alex is the lead author of industry security best practices, particularly with the Cloud Security Alliance, Top Threats research group, and the (ISC)2 Israeli Chapter, which he helps champion as a co-chairman. Alex leverages a decade of experience in finance, military, ...

Read more

Shira Shamban Headshot Missing
Shira Shamban

Shira Shamban

This person does not have a biography listed with CSA.

Adrian Lane Headshot Missing
Adrian Lane

Adrian Lane

Adrian Lane is a principle with research firm Securosis, and developer with cloud security firm DisruptOps. Adrian has over 25 years experience in data security and software development. Prior to joining Securosis, Adrian served as the CTO/VP at companies such as IPLocks, Touchpoint, CPMi and Transactor/Brodia. Presently Adrian focuses DevSecOps and Cloud security, performing cloud security audits, training and building solutions for secure...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training