Post on 06-Dec-2014
description
Helping You Piece IT Together
http://www.bhconsulting.ie info@bhconsulting.ie
Incident Response&
Cloud Security
Who Am I?
Brian.honan@bhconsulting.iewww.bhconsulting.ie
www.twitter.com/brianhonanwww.bhconsulting.ie/securitywatch
Business View of The Cloud
Vendor View of the Cloud
Security View of the Cloud
5
Stuff Happens !!
Traditional Incident Response
Detect
Contain
Eradicate
Remediate
Recover
Review
Communicate
Traditional IR
Cloud Incident Response
How Do You Contain Cloud?
Where is Your Data?
Data Protection & Privacy
Change of Mindset
Change of Mindset
Same IR Principles
Detect
Contain
Eradicate
Remediate
Recover
Review
Communicate
Engage Early with Business
Ensure IR Requirements in T&Cs
Establish Team
Information Security Operations Human
Resources Legal Public Relations
Facilities Management CSP
Establish Relationships
Agree Roles & Responsibilities
Agree Policies & Procedures
Agree Jurisdictional Issues
Agree Disclosure Rules
Notification in Place
Set up Alerting Mechanisms
Access to Logs
Other Alerting Mechanisms
Identify Tools
Practise Makes Perfect
Agree Testing
Review & Measure
Questions To CSP
Will the CSP Give You Access to Log Files, Including RAW Data?
What Is the CSP’s SLA? Are Security Demarcations Clearly Understood? What Are the CSP preventative measures?
DDOS Mitigation Security Monitoring, Alert You of Breach IR Plan
Questions ?
@brianhonan