Cloud, Cyber Security

Cloud Security
Practises and Skills

Please contact us at
Time: 9:30am – 12:30pm HKT


This Lab is to demonstrate the use of selected AWS security services with an arrangement according to a Security Framework echoing lecture’s contents. NIST here is the chosen framework, and of course, it will depend on the final chosen security framework in the lecture.

NIST’s security framework core consists of five concurrent and continuous Functions. They are Identify, Protect, Detect, Respond and Recover. These Functions provide a high-level and strategic view of the lifecycle of an organisation’s management of cybersecurity risk. The selected AWS security services in the Lab are arranged and categorised into these Functions to form a complete lifecycle of Security strategy.


GitLab is used as an example in the Labs. The app and its data one of the organisation assets, which is in the scope of cybersecurity protection.

Lab Outline:

Lab 1: Identity Management (1 hr and 15 mins)
  • Introducing Identity & Access Management on Cloud
  • Concepts and Practices
  • Example: Installing GitLab on EC2 as an app example
  • Identity: Supply Chain Risk – AWS Artifact walk-through
  • Demonstrating the configuration of AWS SSO by the Lecturer
  • AWS SSO can only be created once in an AWS account. It acts as Idp of the GitLab.
  • Identify: Single-Sign-On SSO
  • Integration of the GitLab to AWS SSO – Identify + Protect
  • Enable MFA Protection
Lab 2: Data Protection (Data-in-Transit and Data-at-Rest) (1 hr and 15 mins)
  • Continue the lab result from Lab 1
  • Protect: Data-in-Rest Protection
  • Encryption for data-at-rest: VM disk encryption
  • Key Management System KMS
  • Protect: Data-at-Transit Protection
  • Encryption for data-in-transit: only self-sign (ELB + CDN)
  • Amazon Certificate Manager ACM
Lab 3: Infrastructure Security and Penetration Testing (1 hr and 15 mins)
  • Protect: Network Protection
  • Configuration of Security Group
  • Configuration of Network Architecture
  • Configuration of Web Application Firewall WAF
  • AWS Shield – mention DDOS basic protection is in place for free.
  • Detect: Simulating Penetration Tests
Lab 4: Detective Controls and Response (1 hr and 15 mins)
  • Detect: Conducting Vulnerability Scans
  • Amazon Inspector
  • Respond: Investigation
  • Amazon CloudWatch trigger email alerts
Time Estimation: 5 hrs to 6 hrs for 4 hand-on labs, and 1 hr for lecture