incident response in the cloud
DESCRIPTION
This is my presentation to SecureCloud 2014. Incident Response in the Cloud. The presentation looks at the challenges in dealing with incident response in the cloud compared to traditional onsite response. It also suggests ways to overcome those challengesTRANSCRIPT
![Page 1: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/1.jpg)
Helping You Piece IT Together
http://www.bhconsulting.ie [email protected]
Incident Response&
Cloud Security
![Page 3: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/3.jpg)
Business View of The Cloud
![Page 4: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/4.jpg)
Vendor View of the Cloud
![Page 5: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/5.jpg)
Security View of the Cloud
5
![Page 6: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/6.jpg)
Stuff Happens !!
![Page 7: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/7.jpg)
Traditional Incident Response
Detect
Contain
Eradicate
Remediate
Recover
Review
Communicate
![Page 8: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/8.jpg)
Traditional IR
![Page 9: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/9.jpg)
Cloud Incident Response
![Page 10: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/10.jpg)
How Do You Contain Cloud?
![Page 11: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/11.jpg)
Where is Your Data?
![Page 12: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/12.jpg)
Data Protection & Privacy
![Page 13: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/13.jpg)
Change of Mindset
![Page 14: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/14.jpg)
Change of Mindset
![Page 15: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/15.jpg)
Same IR Principles
Detect
Contain
Eradicate
Remediate
Recover
Review
Communicate
![Page 16: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/16.jpg)
Engage Early with Business
![Page 17: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/17.jpg)
Ensure IR Requirements in T&Cs
![Page 18: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/18.jpg)
Establish Team
Information Security Operations Human
Resources Legal Public Relations
Facilities Management CSP
![Page 19: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/19.jpg)
Establish Relationships
![Page 20: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/20.jpg)
Agree Roles & Responsibilities
![Page 21: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/21.jpg)
Agree Policies & Procedures
![Page 22: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/22.jpg)
Agree Jurisdictional Issues
![Page 23: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/23.jpg)
Agree Disclosure Rules
![Page 24: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/24.jpg)
Notification in Place
![Page 25: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/25.jpg)
Set up Alerting Mechanisms
![Page 26: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/26.jpg)
Access to Logs
![Page 27: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/27.jpg)
Other Alerting Mechanisms
![Page 28: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/28.jpg)
Identify Tools
![Page 29: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/29.jpg)
Practise Makes Perfect
![Page 30: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/30.jpg)
Agree Testing
![Page 31: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/31.jpg)
Review & Measure
![Page 32: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/32.jpg)
Questions To CSP
Will the CSP Give You Access to Log Files, Including RAW Data?
What Is the CSP’s SLA? Are Security Demarcations Clearly Understood? What Are the CSP preventative measures?
DDOS Mitigation Security Monitoring, Alert You of Breach IR Plan
![Page 33: Incident Response in the Cloud](https://reader033.vdocuments.mx/reader033/viewer/2022052820/548268e6b4af9f7d408b47bf/html5/thumbnails/33.jpg)
Questions ?
@brianhonan