CISSP - Secure Provisioning CIS Benchmarks Golden Images and Capital One
Watch on YouTube CISSP Domain 2 secure provisioning explained: CIS Benchmarks vs DISA STIGs, golden images, infrastructure as code (IaC), cloud shared responsibility model, change management (RFC/CAB), and the Capital One 2019 breach as a cloud WAF misconfiguration case study. Includes SSRF attack chain walkthrough and the $190M breach settlement. Watch the next video: CISSP 2.4 - Managing the Data Lifecycle.
▶ Watch next: cissp_3_1 https://www.youtube.com/watch?v=h20_rNDZd6s
Chapters
- 0:00 Secure Provisioning -- Building Security In from Day One
- 3:11 Configuration Baselines -- CIS Benchmarks and STIGs
- 5:25 Golden Images and Infrastructure as Code
- 7:38 Cloud Resource Provisioning -- The Shared Responsibility Gap
- 10:07 Change Management and Provisioning Controls
- 12:47 Capital One 2019 -- Misconfigured WAF, SSRF, and 100 Million Records
- 15:37 Provisioning Security Exam Focus
- 18:08 Quiz Time
CISSP Domain 2 secure provisioning explained: CIS Benchmarks vs DISA STIGs, golden images, infrastructure as code (IaC), cloud shared responsibility model, change management (RFC/CAB), and the Capital One 2019 breach as a cloud WAF...
Key Topics
- Secure Provisioning -- Building Security In from Day One
- Configuration Baselines -- CIS Benchmarks and STIGs
- Golden Images and Infrastructure as Code
- Cloud Resource Provisioning -- The Shared Responsibility Gap
- Change Management and Provisioning Controls
- Capital One 2019 -- Misconfigured WAF, SSRF, and 100 Million Records
- Provisioning Security Exam Focus