Cloudsecurity Maturity Model Assessment

Always before starting a journey download the latest ass
https://maturitymodel.security.aws.dev/en/assessment-to
1.- Complete the information on the Data Tab

2.- View Scoring and Overview on the Results Tab
3.- On Charts Tab, update the charts by refreshing all
4.- Analyze charts - Present Results
5.- [Continuous task] As you implement improvements u
d the latest assessment tool from this URL
/assessment-tools
To populate the graphs use the following s

1- Select any graph
esults Tab 2.- Menu Bar --> PivotChart Analyze --> R
All
refreshing all
mprovements update the Data Tab

phs use the following steps:
ect any graph
otChart Analyze --> Refresh
All
Cloud Adoption Framework
Phase
(CAF) capability
1.1.1 Phase 1: Quick Wins Security governance
1.1.2 Phase 1: Quick Wins Security governance
1.2.1 Phase 1: Quick Wins Security assurance
1.3.1 Phase 1: Quick Wins Identity & access management
1.4.1 Phase 1: Quick Wins Threat detection
1.6.1 Phase 1: Quick Wins Infrastructure protection
1.7.1 Phase 1: Quick Wins Data protection
1.7.2 Phase 1: Quick Wins Data protection
1.8.1 Phase 1: Quick Wins Application security
1.9.1 Phase 1: Quick Wins Incident response
2.1.1
Phase 2: Security governance
Foundational
2.1.1
Phase 2: Security governance
Foundational
2.2.1
Phase 2: Security assurance
Foundational
2.3.1
Phase 2: Identity & access management
Foundational
2.3.2
Phase 2: Identity & access management
Foundational
2.4.1
Phase 2: Threat detection
Foundational
2.5.1
Phase 2: Vulnerability management
Foundational
2.5.2
Phase 2: Vulnerability management
Foundational
2.6.1
Phase 2: Infrastructure protection
Foundational
2.6.2
Foundational
2.6.3
Foundational
2.7.1
Phase 2: Data protection
Foundational
2.7.2
Foundational
2.7.3
Foundational
2.8.1
Phase 2: Application security
Foundational
2.8.2
Phase 2: Application security
Foundational
2.9.1
Phase 2: Incident response
Foundational
2.9.2
Phase 2: Incident response
Foundational
3.1.1 Phase 3: Efficient Security governance
3.2.1 Phase 3: Efficient Security assurance
3.3.1 Phase 3: Efficient Identity & access management

3.4.1 Phase 3: Efficient Threat detection
3.4.2 Phase 3: Efficient Threat detection
3.5.1 Phase 3: Efficient Vulnerability management
3.6.1 Phase 3: Efficient Infrastructure protection
3.7.1 Phase 3: Efficient Data protection
3.8.1 Phase 3: Efficient Application security
3.8.2 Phase 3: Efficient Application security
3.9.1 Phase 3: Efficient Incident response
4.1.1 Phase 4: Optimized Security governance
4.1.2 Phase 4: Optimized Security governance
4.3.1 Phase 4: Optimized Identity & access management
4.3.2 Phase 4: Optimized Identity & access management
4.4.1 Phase 4: Optimized Threat detection
4.4.2 Phase 4: Optimized Threat detection
4.6.1 Phase 4: Optimized Infrastructure protection

4.8.1 Phase 4: Optimized Application security
4.8.2 Phase 4: Optimized Application security
4.9.1 Phase 4: Optimized Incident response

Recommendation
Assign Security contacts
Select the region(s)
Automate alignment with best practices using AWS Security Hub
Multi-Factor Authentication
Avoid using Root and audit it
Access and role analysis with IAM Access Analyzer
Threat Detection with Amazon GuardDuty
Audit API calls with AWS CloudTrail
Remediate security findings found by AWS Trusted Advisor
Billing alarms for anomaly detection
Limit access using Security Groups
Amazon S3 Block Public Access
Analyze data security posture with Amazon Macie
AWS WAF with managed rules
Act on Amazon GuardDuty findings
Identify security and regulatory requirements
Cloud Security Training Plan
Configuration monitoring with AWS Config

Centralized user repository
Organization Policies - SCPs
Investigate most Amazon GuardDuty findings
Manage vulnerabilities in your infrastructure and perform pentesting
Manage vulnerabilities in your applications
Manage your instances with Fleet Manager
Network segmentation - Public/Private Networks (VPCs)
Multi-account management with AWS Control Tower
Data Encryption - AWS KMS
Backups
Discover sensitive data with Amazon Macie
Involve security teams in development
No secrets in your code - AWS Secrets Manager
Define incident response playbooks - TableTop Exercises
Redundancy using multiple Availability Zones
Perform threat modeling
Create your reports for compliance (such as PCI-DSS)
Privilege review (Least Privilege)
Tagging strategy
Customer IAM: security of your customers

Integration with SIEM/SOAR
Network Flows analysis (VPC Flow Logs)
Security Champions in Development
Image Generation Pipeline
Anti-Malware/EDR
Outbound Traffic Control
Use abstract services
Encryption in transit
WAF with custom rules
Shield Advanced: Advanced DDoS Mitigation
Automate critical and most frequently run Playbooks
Automate deviation correction in configurations
Using infrastructure as code (CloudFormation, CDK)
Forming a Chaos Engineering team (Resilience)
Sharing security work and responsibility
Context-based access control
IAM Policy Generation Pipeline
Amazon Fraud Detector
Integration with additional intelligence feeds
Process standardization with Service Catalog

DevSecOps
Forming a Red Team (Attacker's Point of View)
Automate most playbooks
Amazon Detective: Root cause analysis
Forming a Blue Team (Incident Response)
Multi-region disaster recovery automation

Alignment to recommendation Score
-- Select an option -- 0%
Comments Owner / Responsible
Phase 1: Quick Wins
Recommendation Status
Assign nce
rnaSecurity contacts 0%
o ve
G
urity Select the region(s)
Sec 0%
nce
A s sura
Automate alignment with best practices
0%
i t y using AWS Security Hub
Se cur
nt
Multi-Factor Authentication 0%
a geme
anRoot and audit it
Avoid using 0%
ce ss M
Ac
& Access and role analysis with IAM
nt it y 0%
Ide Access Analyzer
Threat Detection with Amazon
0%
GuardDuty
Audit API calls with ion CloudTrail
ectAWS 0%
et
at D
Thresecurity findings found by
Remediate
0%
AWS Trusted Advisor
Billing alarms for anomaly detection 0%
t
ge men
a
y Man
e ra bilit
Vuln
ion
ro tect
P
u c ure Security Groups
Limit access tusing 0%
st r
Infra
Amazon S3 Block public access 0%

n
o t ectio
r
Analyze data security posture with
ta P
DaAmazon 0%
Macie
ty
S e curi
ti on AWS WAF with managed rules 0%
p plica
A
e
s pons
Act on Amazon GuardDuty e
t R findings 0%
nc ide n
I
Act on Amazon GuardDuty findings 0%
Partial Score 0%
Phase 2: Foundational Phase 3: Efficient
Recommendation Status Recommendation
Identify security and regulatory
0%
requirements Perform threat modeling
Cloud security training plan 0%
Configuration monitoring with AWS

0% Create your reports for compliance (such as PCI-DSS)
Config
Centralized user repository 0% Privilege review (Least Privilege)

Tagging strategy
Organization policies - SCPs 0%
Customer IAM: security of your customers
Integration with SIEM/SOAR

Investigate most Amazon GuardDuty
0%
findings
Network Flows analysis (VPC Flow Logs)
Manage vulnerabilities in your

0%
infrastructure and perform pentesting
Security Champions in Development
Manage vulnerabilities in your
0%
applications
Manage your instances with Fleet Manager 0% Image Generation Pipeline
Network segmentation - Public/Private

0% Anti-Malware/EDR
Networks (VPCs)
Multi-account management with AWS Outbound Traffic Control
0%
Control Tower Use abstract services
Data encryption - AWS KMS 0%
Backups 0%
Encryption in transit
Discover sensitive data with Amazon
0%
Macie
Involve security teams in development 0% WAF with custom rules
No secrets in your code - AWS Secrets
0% Shield Advanced: Advanced DDoS Mitigation
Manager
Automate critical and most frequently run Playbooks

Define incident response playbooks -
0%
TableTop exercises
Automate deviation correction in configurations
Redundancy using multiple Availability
0% Using infrastructure as code (CloudFormation, CDK)
Zones
Partial Score 0%
ficient Phase 4: Optimized
Status Recommendation Status
Forming a Chaos Engineering team (Resilience) 0%
0%
Sharing security work and responsibility 0%
0%
0% Context-based access control 0%

0%
IAM Policy Generation Pipeline 0%
0%
0% Amazon Fraud Detector 0%
0% Integration with additional intelligence feeds 0%
0%
0%
0% Process standardization with Service Catalog 0%
0%
0%
0%
0% DevSecOps 0%
0% Forming a Red Team (Attacker's Point of View) 0%
Automate most playbooks 0%

0%
Amazon Detective: Root cause analysis 0%
0% Forming a Blue Team (Incident Response) 0%

0% Multi-region disaster recovery automation 0%
0% 0%
Phase Cloud Ad
Score
Phase 1: Quick Wins 0%
Security 0%
Security 0%
Threat d 0%
Infrastru 0%
Data pro 0%
Applicat 0%
Incident 0%
Identit 0% 0% y 0% n 0% t 0% 0%
rit ti o en se io
n
Phase 2: Foundational 0%
cu
e c e m p on e ct
e ot ot
Security s
n 0% pr na
g es pr
tio a a n tr e
Security a 0% at m de ur
p lic D ss ci u ct
e n r
Threat d Ap 0% c I
as
t Se
ac fr
Vulnerab 0% & In
y
Infrastru 0% n tit
e
Data pro 0% Id
Applicat 0%
Incident 0%
Total Result
Identit 0%
Phase 3: Efficient 0%
Security 0%
Security 0%
Threat d 0%
Vulnerab 0%
Infrastru Phase 0% 4: Optimized
Data pro 0%
Applicat 0%
Incident 0%
Identit 0%
Phase 4: Optimized 0%
Security 0%
Threat d 0%
Infrastru 0%
Applicat 0%
Phase 3: Efficient
Incident 0%
Identit 0%
Total Result 0%
Cloud Adoption Framework (CAF) cap

Score
Application security 0%
Data protection 0%
Identity & access management 0% Phase 2: Foundational
Incident response 0%
Infrastructure protection 0%
Security assurance 0%
Security governance 0%
Threat detection 0%
Vulnerability management 0%
Total Result 0%
Phase 1: Quick Wins

0% 10% 20% 30% 40%
Phase 1: Quick Wins
0% 10% 20% 30% 40%
Phase Score
Phase 1: Quick Wins 0%
Phase 2: Foundational 0%
Phase 3: Efficient 0%
Phase 4: Optimized 0%
Total Result 0%
% 0% 0% 0% 0% 0% t
0% 0% t
se n
tio ce ce n
ti o en ul
po
n
ec ra
n
na
n
ec em es
s ot u r et g l R 0% s 0% l
re pr ss v e d a ta in na
nt a go at an To W io
e re rit
y re m ck at
id ct
u ity Th ty ui nd
c ru cu ur li
In st Se ec bi :Q ou
fra S er
a
e
1
2 :F a s
In ln as se Ph
Vu Ph a
Ph
To populate the graphs

1- Select any graph
2.- Menu Bar --> PivotC
20% 30% 40% 50% 60% 70% 80% 90% 100%

20% 30% 40% 50% 60% 70% 80% 90% 100%
0% 0% l 0%nt 0% 0% t
in
s
na ie ed ul
W io fic
iz es
ck d at Ef tim l R
ui n 3: O
p ta
:Q Fou se 4: To
1 :
2 a se
e Ph a
as Ph
Ph
To populate the graphs use the following steps:

- Select any graph
.- Menu Bar --> PivotChart Analyze --> Refresh All

Cloudsecurity Maturity Model Assessment

Uploaded by

Copyright:

Available Formats

You might also like

Cloudsecurity Maturity Model Assessment

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cloudsecurity Maturity Model Assessment

Uploaded by

Copyright:

Available Formats

Always before starting a journey download the latest ass

1.- Complete the information on the Data Tab

To populate the graphs use the following s

mprovements update the Data Tab

1.1.2 Phase 1: Quick Wins Security governance

1.2.1 Phase 1: Quick Wins Security assurance

1.3.1 Phase 1: Quick Wins Identity & access management

1.3.2 Phase 1: Quick Wins Identity & access management

1.3.3 Phase 1: Quick Wins Identity & access management

1.4.1 Phase 1: Quick Wins Threat detection

1.4.2 Phase 1: Quick Wins Threat detection

1.4.3 Phase 1: Quick Wins Threat detection

1.4.4 Phase 1: Quick Wins Threat detection

1.6.1 Phase 1: Quick Wins Infrastructure protection

1.7.1 Phase 1: Quick Wins Data protection

1.7.2 Phase 1: Quick Wins Data protection

1.8.1 Phase 1: Quick Wins Application security

1.9.1 Phase 1: Quick Wins Incident response

3.2.1 Phase 3: Efficient Security assurance

3.3.1 Phase 3: Efficient Identity & access management

3.3.2 Phase 3: Efficient Identity & access management

3.3.3 Phase 3: Efficient Identity & access management

3.4.2 Phase 3: Efficient Threat detection

3.5.1 Phase 3: Efficient Vulnerability management

3.6.1 Phase 3: Efficient Infrastructure protection

3.6.2 Phase 3: Efficient Infrastructure protection

3.6.3 Phase 3: Efficient Infrastructure protection

3.6.4 Phase 3: Efficient Infrastructure protection

3.7.1 Phase 3: Efficient Data protection

3.8.1 Phase 3: Efficient Application security

3.8.2 Phase 3: Efficient Application security

3.9.1 Phase 3: Efficient Incident response

3.9.2 Phase 3: Efficient Incident response

3.9.3 Phase 3: Efficient Incident response

4.1.1 Phase 4: Optimized Security governance

4.1.2 Phase 4: Optimized Security governance

4.3.1 Phase 4: Optimized Identity & access management

4.3.2 Phase 4: Optimized Identity & access management

4.4.1 Phase 4: Optimized Threat detection

4.4.2 Phase 4: Optimized Threat detection

4.6.1 Phase 4: Optimized Infrastructure protection

4.8.2 Phase 4: Optimized Application security

4.9.1 Phase 4: Optimized Incident response

4.9.2 Phase 4: Optimized Incident response

4.9.3 Phase 4: Optimized Incident response

4.9.4 Phase 4: Optimized Incident response

Assign Security contacts

Select the region(s)

Automate alignment with best practices using AWS Security Hub

Avoid using Root and audit it

Access and role analysis with IAM Access Analyzer

Threat Detection with Amazon GuardDuty

Audit API calls with AWS CloudTrail

Remediate security findings found by AWS Trusted Advisor

Billing alarms for anomaly detection

Limit access using Security Groups

Amazon S3 Block Public Access