incident response in the cloud
DESCRIPTION
This is my presentation to SecureCloud 2014. Incident Response in the Cloud. The presentation looks at the challenges in dealing with incident response in the cloud compared to traditional onsite response. It also suggests ways to overcome those challengesTRANSCRIPT
Helping You Piece IT Together
http://www.bhconsulting.ie [email protected]
Incident Response&
Cloud Security
Business View of The Cloud
Vendor View of the Cloud
Security View of the Cloud
5
Stuff Happens !!
Traditional Incident Response
Detect
Contain
Eradicate
Remediate
Recover
Review
Communicate
Traditional IR
Cloud Incident Response
How Do You Contain Cloud?
Where is Your Data?
Data Protection & Privacy
Change of Mindset
Change of Mindset
Same IR Principles
Detect
Contain
Eradicate
Remediate
Recover
Review
Communicate
Engage Early with Business
Ensure IR Requirements in T&Cs
Establish Team
Information Security Operations Human
Resources Legal Public Relations
Facilities Management CSP
Establish Relationships
Agree Roles & Responsibilities
Agree Policies & Procedures
Agree Jurisdictional Issues
Agree Disclosure Rules
Notification in Place
Set up Alerting Mechanisms
Access to Logs
Other Alerting Mechanisms
Identify Tools
Practise Makes Perfect
Agree Testing
Review & Measure
Questions To CSP
Will the CSP Give You Access to Log Files, Including RAW Data?
What Is the CSP’s SLA? Are Security Demarcations Clearly Understood? What Are the CSP preventative measures?
DDOS Mitigation Security Monitoring, Alert You of Breach IR Plan
Questions ?
@brianhonan