CSA Release Cloud Forensics Capability Maturity Model Report
Published 10/12/2015
CSA’s Incident Management and Forensics Working Group today released its “Cloud Forensics Capability Maturity Model”, a new research report that describes a Capability Maturity Model (CMM) that can be used by both cloud consumers and Cloud Service Providers (CSPs) in assessing their process maturity for conducting digital forensic investigations in the cloud environment.
Even the most capable enterprise cannot avoid data breaches entirely. As such, there is a rising need for enterprises to adopt mature forensic security processes. This need will rise at least at the speed at which adversaries improve their attack strategies and techniques. This situation is even more complex in the world of cloud computing. Only with close cooperation between the cloud consumer (who has given up some control) and the CSP (who has inherited it) can adequate, timely and accurate forensic analysis occur.
The target audience for this paper is enterprise users that deal with all aspects (technical and organizational) of their forensic processes, and that plan to or have already integrated cloud IaaS services into their IT infrastructure. The starting point for the model was the Carnegie Mellon University Software Engineering Institute’s (SEI) “Software Process Maturity Framework” which identifies five progressive levels of process maturity:
LEVEL | SEI Capability | Forensics Question |
1 | Initial | How are we ever going to do this? |
2 | Repeatable | Have we done this before? |
3 | Defined | What is our process for doing this? |
4 | Managed | What resources did this require? |
5 | Optimizing | How can we do this better? |
The report provides detailed guidance for each question via scenario planning and recommended process mapping.