Cloud Incident Response
  • The Working Group (WG) Charter is now open for peer review till 17 December 2018 (Pacific Time). Contribute HERE.
  • Subject matter experts are also welcomed to join the Cloud Incident Response WG by submitting your request HERE.
  • Read more about Cloud Incident Response on our CSA Global page HERE.

​Mission Statement: To develop a holistic Cloud Incident Response (CIR) framework that comprehensively covers key causes of cloud outages (both security and non-security related), and their handling and mitigation strategies. The aim is to serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud outages, and also a transparent and common framework for Cloud Service Providers to share with cloud customers their cloud outage response practices.

With today’s fast-evolving threat landscape, the Cloud Security Alliance (CSA) opines that a holistic cloud incident response framework that considers an expansive scope of factors for cloud outages is necessary. Imperative factors of cloud outages including, but not limited to, operational mistakes, infrastructure or system failure, environmental issues, cyber security incidents and malicious acts will be included in development of the framework.
The first relevant framework,  the Cloud Outage Incident Response (COIR) Technical Reference (TR) which was originally developed by Singapore’s Infocomm Media Development Authority (IMDA) excludes cyber security incidents and malicious acts from the scope, a gap that can be  bridged by CSA’s ‘Security Guidance For Critical areas of Focus In Cloud Computing v4.0’ Domain 9 (Incident Response, aka D9). D9 details response lifecycle in incidences including cyber security incidents and malicious acts.

The Cloud Incident Response (CIR) working group aims to develop a holistic CIR framework by merging and establishing of the complements – COIR TR + CSA D9, along with inputs from international standard frameworks such as:
  • National Institute of Standards and Technology Computer Security Incident Handling Guide (NIST 800-61rev2 08/2012)
  • ISO/IEC 27035
  • ENISA Strategies
The resulting whitepaper will create a comprehensive guideline by collating and recommending best practices for effective management of cloud incidents. This will help CSPs align to market demand on service expectations, and regulators to standardise BCM requirements for CSPs. This framework will also help cloud users opt for the appropriate level of outage protection to complement their BC/DR capabilities.

Scope
The scope for the CIR working group includes, but is not limited to:
  • Develop a holistic CIR framework whitepaper by merging of the complements – COIR TR + CSA D9
  • Develop more situational awareness for cloud outage due to cyber security and/or malicious acts.
  • Enlightenment of C-level
  • Provide insights to the various reasons for cloud outages and importance of having an incidence response lifecycle
  • Develop industry specific standard and regulations
  • Holistic cloud outage response lifecycle

Goals
Q2 2019 Publish a whitepaper covering the following:
  • Merging of the complements – COIR TR + CSA D9
  • Analysis of cloud outage incidences
  • Analysis of current cloud outage response and recovery
  • Holistic guideline for cloud outage response for Cloud Users and CSPs