Incident Response in the Cloud

1,566 views

Published on

This is my presentation to SecureCloud 2014.

Incident Response in the Cloud.
The presentation looks at the challenges in dealing with incident response in the cloud compared to traditional onsite response. It also suggests ways to overcome those challenges

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,566
On SlideShare
0
From Embeds
0
Number of Embeds
71
Actions
Shares
0
Downloads
35
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • 1
  • Incident Response in the Cloud

    1. 1. Helping You Piece IT Together http://www.bhconsulting.ie info@bhconsulting.ie Incident Response & Cloud Security
    2. 2. Who Am I? Brian.honan@bhconsulting.ie www.bhconsulting.ie www.twitter.com/brianhonan www.bhconsulting.ie/securitywatch
    3. 3. Business View of The Cloud
    4. 4. Vendor View of the Cloud
    5. 5. Security View of the Cloud 5
    6. 6. Stuff Happens !!
    7. 7. Traditional Incident Response Detect Contain Eradicate Remediate Recover Review Communicate
    8. 8. Traditional IR
    9. 9. Cloud Incident Response
    10. 10. How Do You Contain Cloud?
    11. 11. Where is Your Data?
    12. 12. Data Protection & Privacy
    13. 13. Change of Mindset
    14. 14. Change of Mindset
    15. 15. Same IR Principles Detect Contain Eradicate Remediate Recover Review Communicate
    16. 16. Engage Early with Business
    17. 17. Ensure IR Requirements in T&Cs
    18. 18. Establish Team Information Security Operations Human Resources Legal Public Relations Facilities Management CSP
    19. 19. Establish Relationships
    20. 20. Agree Roles & Responsibilities
    21. 21. Agree Policies & Procedures
    22. 22. Agree Jurisdictional Issues
    23. 23. Agree Disclosure Rules
    24. 24. Notification in Place
    25. 25. Set up Alerting Mechanisms
    26. 26. Access to Logs
    27. 27. Other Alerting Mechanisms
    28. 28. Identify Tools
    29. 29. Practise Makes Perfect
    30. 30. Agree Testing
    31. 31. Review & Measure
    32. 32. Questions To CSP  Will the CSP Give You Access to Log Files, Including RAW Data?  What Is the CSP’s SLA?  Are Security Demarcations Clearly Understood?  What Are the CSP preventative measures?  DDOS Mitigation  Security Monitoring,  Alert You of Breach  IR Plan
    33. 33. Questions ? @brianhonan

    ×