Cloud Incident Response |
Mission Statement: To develop a holistic Cloud Incident Response (CIR) framework that comprehensively covers key causes of cloud incidents (both security and non-security related), and their handling and mitigation strategies. The aim is to serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, and also a transparent and common framework for Cloud Service Providers to share with cloud customers their cloud incident response practices. With today’s fast-evolving threat landscape, the Cloud Security Alliance (CSA) opines that a holistic cloud incident response framework that considers an expansive scope of factors for cloud incidents is necessary. Imperative factors of cloud incidents including, but not limited to, operational mistakes, infrastructure or system failure, environmental issues, cyber security incidents and malicious acts will be included in development of the framework. The first relevant framework, the Cloud Outage Incident Response (COIR) Technical Reference (TR) which was originally developed by Singapore’s Infocomm Media Development Authority (IMDA) excludes cyber security incidents and malicious acts from the scope, a gap that can be bridged by CSA’s ‘Security Guidance For Critical areas of Focus In Cloud Computing v4.0’ Domain 9 (Incident Response, aka D9). D9 details response lifecycle in incidences including cyber security incidents and malicious acts. The Cloud Incident Response (CIR) working group aims to develop a holistic CIR framework by merging and establishing of the complements – COIR TR + CSA D9, along with inputs from international standard frameworks such as:
|
Scope |
The scope for the CIR working group includes, but is not limited to:
|
Goals |
Q2 2019 Publish a whitepaper covering the following:
|