Incident ResponseIn the Cloud

CEO of BH Consulting – Independent Information Security Firm

Founder & Head of IRISSCERT – Ireland’s first Computer Emergency Response Team

Special Advisor on Internet Security Europol's CyberCrime Centre (EC3)

Adjunct Lecturer at University College Dublin

Expert Advisor to European Network & Information Security Agency (ENISA)

Regularly comments on media stories – BBC, Forbes, Bloomberg, FT, Guardian, Sunday Times

Who Am I?

Business View of Cloud Computing

Vendors’ View of Cloud Computing

Security View of Cloud Computing

Stuff Happens

Cloud Security Alliance’s Notorious Nine

Data Breaches

Data Loss Account Hijacking

Insecure APIs

Denial of Service

Malicious Insiders

Abuse of Cloud

Services

Insufficient Due

Diligence

Shared Technology

Issues

Most Severe

Least Severe

Source: https://downloads.cloudsecurityalliance.org/initiatives/top_threats/The_Notorious_Nine_Cloud_Computing_Top_Threats_in_2013.pdf

Cloud Security Breaches

Fatal Cloud Security Breaches

Traditional Incident Response

Detect

Contain

Eradicate

Remediate

Recover

Review

Communicate

Traditional Incident Response

Cloud Incident Response

Cloud Incident Response – Acquiring Evidence

Where Are Your Data?

Change of Mindset

Change of Mindset

Same IR Principles

Detect

Contain

Eradicate

Remediate

Recover

Review

Communicate

Engage Early with the Business

Ensure IR Requirements in T&Cs

Establish Team

Information Security Operations Human

Resources Legal Public Relations

Facilities Management CSP

Establish Relationships

Agree Roles & Responsibilities

Agree Policies & Procedures

Agree Jurisdictional Issues

Agree Disclosure Rules

Put Notification Rules in Place

Set Up Alerting Mechanisms

Ensure Access to Key Logs

Other Alerting Mechanisms

Other Alerting Mechanisms

Practise, Practise, Practise ….

Agree Testing

Review & Measure

Questions

Brian.honan@bhconsulting.ie @BrianHonan