Cloud Incident Response
  • Subject matter experts are also welcomed to join the Cloud Incident Response WG by submitting your request HERE.
  • Read more about Cloud Incident Response on our CSA Global page HERE.

Mission Statement: To develop a holistic Cloud Incident Response (CIR) framework that comprehensively covers key causes of cloud incidents (both security and non-security related), and their handling and mitigation strategies. The aim is to serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, and also a transparent and common framework for Cloud Service Providers to share with cloud customers their cloud incident response practices.

With today’s fast-evolving threat landscape, the Cloud Security Alliance (CSA) opines that a holistic cloud incident response framework that considers an expansive scope of factors for cloud incidents is necessary. Imperative factors of cloud incidents including, but not limited to, operational mistakes, infrastructure or system failure, environmental issues, cyber security incidents and malicious acts will be included in development of the framework.

The first relevant framework,  the Cloud Outage Incident Response (COIR) Technical Reference (TR) which was originally developed by Singapore’s Infocomm Media Development Authority (IMDA) excludes cyber security incidents and malicious acts from the scope, a gap that can be  bridged by CSA’s ‘Security Guidance For Critical areas of Focus In Cloud Computing v4.0’ Domain 9 (Incident Response, aka D9). D9 details response lifecycle in incidences including cyber security incidents and malicious acts.

The Cloud Incident Response (CIR) working group aims to develop a holistic CIR framework by merging and establishing of the complements – COIR TR + CSA D9, along with inputs from international standard frameworks such as:
  • National Institute of Standards and Technology Computer Security Incident Handling Guide (NIST 800-61rev2 08/2012)
  • ISO/IEC 27035
  • ENISA Strategies
The resulting whitepaper will create a comprehensive guideline by collating and recommending best practices for effective management of cloud incidents. This will help CSPs align to market demand on service expectations, and regulators to standardise BCM requirements for CSPs. This framework will also help cloud users opt for the appropriate level of incident protection to complement their BC/DR capabilities.

Scope
The scope for the CIR working group includes, but is not limited to:
  • Develop a holistic CIR framework whitepaper by merging of the complements – COIR TR + CSA D9
  • Develop more situational awareness for cloud incident due to cyber security and/or malicious acts.
  • Enlightenment of C-level
  • Provide insights to the various reasons for cloud incidents and importance of having an incidence response lifecycle
  • Develop industry specific standard and regulations
  • Holistic cloud incident response lifecycle

Goals
Q2 2019 Publish a whitepaper covering the following:
  • Merging of the complements – COIR TR + CSA D9
  • Analysis of cloud incidences
  • Analysis of current cloud incident response and recovery
  • Holistic guideline for cloud incident response for Cloud Users and CSPs