« 欧州データ保護委員会 COVID-19に関する研究目的の健康データ処理についてのガイドライン | Main | イタリア政府 COVID-19緊急時のコンタクト・トレース・アプリに関する情報 »

2020.04.23

Cloud Security Alliance がクラウド上でのインシデント対応のフレームワーク(クイックガイド)を公表していますね。。。

こんにちは、丸山満彦です。

Cloud Security Alliance (CSA) がCloud Incident Response Framework – A Quick Guideを公表していますね。

Cloud Security Alliance (CSA)

・2020.04.21 Cloud Incident Response Framework – A Quick Guide - [Downloaded PDF]

Table of Contents
1. Executive Summary 
2. Introduction                                          
 2.1 Incident Response vs Cloud Incident Response
 2.2 What This Quick Guide Does 
 2.3 How Everything Kind of Fits Together
3. CIR Framework                                        
 3.1 Phase 1: Preparation                              
 3.2 Phase 2: Detection and Analysis Incident Classification Scale 
 3.3 Phase 3: Containment, Eradication, and Recovery
 3.4 Phase 4: Post-Mortem                              
 3.5 Continuous Phase: Coordination and Information Sharing
4. Incident Response Controls                              
5. Conclusion

-----

1. Executive Summary

Cyber risk exposure for an organization is a daily concern. Organizations regularly worry about cyber risk exposure to their IT infrastructure or data breaches, which as a result, could end in large penalties or outages. These cyber-threats are commonly caused by malicious attacks, misconfigurations, or even disgruntled employees. Any of which could easily cripple entire businesses, resulting in extensive reputational and financial repercussions. Major incidents serve as painful reminders of the fallout such occurrences can cause.

In today’s connected era, a comprehensive incident response strategy is an integral aspect of any organization aiming to manage and lower their risk profile. A good incident response strategy needs to be useful not only when dealing with incidents caused by malicious threat actors, but should also be applicable in a variety of other situations such as downtime caused by an unexpected power outage or cut internet fiber due to roadworks. There are, however, different considerations when it comes to incident response strategies for cloud-based infrastructure and systems, due in part to the nature of its shared responsibility.

Standards bodies, government agencies, cloud service providers (CSPs), research institutes and security experts have developed various incident response frameworks and best practices to help organizations be better prepared when dealing with cloud incidents. These frameworks and best practices provide methodical, step-by-step response plans to various types of cloud incidents, which in turn, help manage and minimize damage to businesses.

With the abundance of Cloud Incident Response (CIR) standards, frameworks and guidelines available in the industry, CSA’s CIR Working Group (WG) aims to provide a holistic and consistent view across widely used frameworks for the user, be it CSPs or cloud customers. Ultimately, the WG hopes to develop a holistic Cloud Incident Response (CIR) framework that covers the major causes of cloud incidents (both security and non-security related), and their handling and mitigation strategies. The aim is to serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, along with serving as a transparent and common framework for CSPs to share cloud incident response practices with their customers.

This Quick Guide distills the main objectives and gives readers an overview of the key contributions and efforts currently underway inside the CIR WG. As we move towards a comprehensive CIR framework, the CIR WG hopes to take this opportunity to encourage volunteers to participate in the WG’s efforts and provide valuable feedback to the ongoing work.

-----

5. Conclusion

In the event of a critical incident, there is no time to waste figuring out a game plan - every second that goes by puts data at risk of being potentially compromised. The CSA CIR WG is developing a sequel to this document, the Cloud Incident Response Framework, which delves into each chapter in greater depth. Readers can expect a step-by-step guide, from preparation to post-mortem, with CIR guidelines curated for different levels of incident severity. Key ideas and concepts are covered in each phase and should apply to all cloud incidents.

As a work in progress, the CIR WG welcomes individuals who are interested in contributing to this work to join the WG by registering here.

 

|

« 欧州データ保護委員会 COVID-19に関する研究目的の健康データ処理についてのガイドライン | Main | イタリア政府 COVID-19緊急時のコンタクト・トレース・アプリに関する情報 »

Comments

Post a comment



(Not displayed with comment.)


Comments are moderated, and will not appear on this weblog until the author has approved them.



« 欧州データ保護委員会 COVID-19に関する研究目的の健康データ処理についてのガイドライン | Main | イタリア政府 COVID-19緊急時のコンタクト・トレース・アプリに関する情報 »