incident response in the cloud. ceo of bh consulting – independent information security firm ...
TRANSCRIPT
Incident ResponseIn the Cloud
CEO of BH Consulting – Independent Information Security Firm
Founder & Head of IRISSCERT – Ireland’s first Computer Emergency Response Team
Special Advisor on Internet Security Europol's CyberCrime Centre (EC3)
Adjunct Lecturer at University College Dublin
Expert Advisor to European Network & Information Security Agency (ENISA)
Regularly comments on media stories – BBC, Forbes, Bloomberg, FT, Guardian, Sunday Times
Who Am I?
Business View of Cloud Computing
Vendors’ View of Cloud Computing
Security View of Cloud Computing
Stuff Happens
Cloud Security Alliance’s Notorious Nine
Data Breaches
Data Loss Account Hijacking
Insecure APIs
Denial of Service
Malicious Insiders
Abuse of Cloud
Services
Insufficient Due
Diligence
Shared Technology
Issues
Most Severe
Least Severe
Source: https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf
Cloud Security Breaches
Fatal Cloud Security Breaches
Traditional Incident Response
Detect
Contain
Eradicate
Remediate
Recover
Review
Communicate
Traditional Incident Response
Cloud Incident Response
Cloud Incident Response – Acquiring Evidence
Where Are Your Data?
Change of Mindset
Change of Mindset
Same IR Principles
Detect
Contain
Eradicate
Remediate
Recover
Review
Communicate
Engage Early with the Business
Ensure IR Requirements in T&Cs
Establish Team
Information Security Operations Human
Resources Legal Public Relations
Facilities Management CSP
Establish Relationships
Agree Roles & Responsibilities
Agree Policies & Procedures
Agree Jurisdictional Issues
Agree Disclosure Rules
Put Notification Rules in Place
Set Up Alerting Mechanisms
Ensure Access to Key Logs
Other Alerting Mechanisms
Other Alerting Mechanisms
Practise, Practise, Practise ….
Agree Testing
Review & Measure
Questions
[email protected] @BrianHonan