There is a storm front of two strong forces hitting modern IT shops. Force #1 is “Get to the Cloud” and Force #2 is “Don’t Be The Next Security Breach Statistic”.
The Center for Internet Security (CIS) “benchmarks” are unique among security standards in that they are exceedingly practical, technology specific checklists. They also acknowledge, secure and leverage modern IT practices and technologies such as Cloud, DevOps, Agile and Automation. In addition, they are under continual development and improvement by a community of experts who speak into each benchmark.
All of these attributes make CIS Benchmarks more deployable for small organizations that may not have dedicated IT security staff.
The new PluralSight course I have authored takes the spirit of easier implementation a step further through the included automation code that configures a fresh AWS account according to the AWS Foundations Benchmark. It also contains a methodology for engineering least privilege AWS VPC Security Groups. Least privilege security groups are how the AWS Foundations Benchmark deals with the new security mindset known as “Presume Breach”. If you design security with an assumption that someone has already breached your first line of defense - a secure perimeter - it drives a whole different mindset in creating security controls.
I hope that this course can help many of you get started with securing your AWS environments!
You can find the course here: https://www.pluralsight.com/courses/securing-aws-cis-foundations