Cloud Forensics Capability Maturity Model available for Download
The Incident Management and Forensics Working Group today released its “Cloud Forensics Capability Maturity Model”, a new research report that describes a Capability Maturity Model (CMM) that can be used by both cloud consumers and Cloud Service Providers (CSPs) in assessing their process maturity for conducting digital forensic investigations in the cloud environment.
Even the most capable enterprise cannot avoid data breaches entirely. As such, there is a rising need for enterprises to adopt mature forensic security processes. This need will rise at least at the speed at which adversaries improve their attack strategies and techniques. This situation is even more complex in the world of cloud computing. Only with close cooperation between the cloud consumer (who has given up some control) and the CSP (who has inherited it) can adequate, timely and accurate forensic analysis occur.
The target audience for this paper is enterprise users that deal with all aspects (technical and organizational) of their forensic processes, and that plan to or have already integrated cloud IaaS services into their IT infrastructure. The starting point for the model was the Carnegie Mellon University Software Engineering Institute’s (SEI) “Software Process Maturity Framework” which identifies five progressive levels of process maturity.
About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.
For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.