Cloud 101CircleEventsBlog

Download Publication

Cloud Incident Response Framework
Cloud Incident Response Framework
Who it's for:
  • All cloud customers
  • Cloud service providers who need a clear framework for sharing incident response practices with customers

Cloud Incident Response Framework

Release Date: 05/04/2021

Preventive security controls cannot completely eliminate the possibility of critical data being compromised in a cyber attack. Therefore, organizations that utilize cloud services must ensure that they have a reliable cloud incident response strategy in place. Cloud incident response is simply the process used to manage cyber attacks in a cloud environment. There are several key aspects of a cloud incident response system that differentiate it from a non-cloud incident response system, notably in the areas of governance, shared responsibility, and visibility.

This framework created by the Cloud Incident Response Working Group serves as a go-to guide for cloud customers to effectively prepare for and manage cloud incidents. It explains how to assess an organization’s security requirements and then opt for the appropriate level of incident protection. Cloud customers will learn how to negotiate with cloud service providers, select security capabilities that are made-to-measure, and divide security responsibilities.

Key Takeaways:
  • How to effectively manage cloud incidents through the entire lifecycle of a disruptive event, including:
    • Preparation
    • Detection and analysis
    • Containment, eradication, and recovery
    • Post-mortem
  • How to coordinate and share information with stakeholders and other organizations
Download this Resource

Prefer to access this resource without an account? Download it now.

Share
View translations
Related resources
Agile Data Lake Threat Modeling
Agile Data Lake Threat Modeling
The Six Pillars of DevSecOps - Pragmatic Implementation
The Six Pillars of DevSecOps - Pragmatic Implem...
SaaS Governance Best Practices for Cloud Customers
SaaS Governance Best Practices for Cloud Customers
Compromise Detection vs. Threat Detection: Why ‘Right of Boom’ Now
Compromise Detection vs. Threat Detection: Why ‘Right of Boom’ Now
Published: 05/30/2023
Compromise Detection vs. Threat Detection: Why ‘Right of Boom’ Now
Compromise Detection vs. Threat Detection: Why ‘Right of Boom’ Now
Published: 05/30/2023
The Top 5 Cloud Security Risks of 2023 (So Far)
The Top 5 Cloud Security Risks of 2023 (So Far)
Published: 05/30/2023
Four Things You Need to Know Before Building a Secure SDLC
Four Things You Need to Know Before Building a Secure SDLC
Published: 05/26/2023

Acknowledgements

Soon Tein Lim
Soon Tein Lim

Soon Tein Lim

This person does not have a biography listed with CSA.

Michael Roza
Michael Roza
Risk, Audit, Control, and Compliance Professional

Michael Roza

Risk, Audit, Control, and Compliance Professional

Since 2012 Michael has contributed to over 85 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud Ke...

Read more

Alex Siow
Alex Siow

Alex Siow

This person does not have a biography listed with CSA.

Ashish Vashishtha
Ashish Vashishtha
Security Compliance Leader

Ashish Vashishtha

Security Compliance Leader

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Haojie Zhuang Headshot Missing
Haojie Zhuang

Haojie Zhuang

This person does not have a biography listed with CSA.

Larry Marks Headshot Missing
Larry Marks

Larry Marks

This person does not have a biography listed with CSA.

Oscar Monge Espana Headshot Missing
Oscar Monge Espana

Oscar Monge Espana

This person does not have a biography listed with CSA.

Dr. Hing-Yan Lee
Dr. Hing-Yan Lee
Executive Vice President of Government Affairs, CSA

Dr. Hing-Yan Lee

Executive Vice President of Government Affairs, CSA

Dr. Hing Yan Lee serves as the Executive Vice President of Asia Pacific (APAC) for Cloud Security Alliance. Dr. Lee has over 30 years of ICT working experience in both the public and private sectors. In the recent 9+ years, he was Director of National Cloud Computing Office at Infocomm Development Authority, where he was responsible for, inter alia, developing the cloud ecosystem, promoting cloud adoption by government agencies and private...

Read more

Nirenj George Headshot Missing
Nirenj George

Nirenj George

This person does not have a biography listed with CSA.

Fadi Sodah Headshot Missing
Fadi Sodah

Fadi Sodah

This person does not have a biography listed with CSA.

Abhishek Pradhan Headshot Missing
Abhishek Pradhan

Abhishek Pradhan

This person does not have a biography listed with CSA.

Saan Vandendriessche
Saan Vandendriessche

Saan Vandendriessche

This person does not have a biography listed with CSA.

Tanner Jamison Headshot Missing
Tanner Jamison

Tanner Jamison

This person does not have a biography listed with CSA.

Bowen Close Headshot Missing
Bowen Close

Bowen Close

This person does not have a biography listed with CSA.

David Cowen Headshot Missing
David Cowen

David Cowen

This person does not have a biography listed with CSA.

Ekta Mishra
Ekta Mishra
Membership Director & Country Manager (India), CSA APAC

Ekta Mishra

Membership Director & Country Manager (India), CSA APAC

This person does not have a biography listed with CSA.

Ashish Kurmi Headshot Missing
Ashish Kurmi

Ashish Kurmi

This person does not have a biography listed with CSA.

Alex Siow
Alex Siow

Alex Siow

This person does not have a biography listed with CSA.

Christopher Hughes Headshot Missing
Christopher Hughes

Christopher Hughes

This person does not have a biography listed with CSA.

Karen Gispanski Headshot Missing
Karen Gispanski

Karen Gispanski

This person does not have a biography listed with CSA.

Vani Murthy
Vani Murthy
Sr. Information Security Compliance Advisor, Akamai Technologies

Vani Murthy

Sr. Information Security Compliance Advisor, Akamai Technologies

Vani has 20+ years of IT experience in the areas such as Security, Risk, Compliance, Cloud services (IaaS/PaaS/SaaS) architecture

Read more

David Chong Headshot Missing
David Chong

David Chong

This person does not have a biography listed with CSA.

Sandeep Singh Headshot Missing
Sandeep Singh

Sandeep Singh

This person does not have a biography listed with CSA.

Dr. Ricci Ieong
Dr. Ricci Ieong

Dr. Ricci Ieong

Dr Ricci Ieong is the principal consultant of eWalker Consulting (HK) Ltd. and has over 20 years of industry experience in information technology, as well as more than 17 years of experience in IT security, where he specializes in security risk assessment, IT audit, penetration testing, and computer forensics investigation. He is the former vice chairman of professional development of Cloud CSA (HK & Macau Chapter) and has serve...

Read more

Aristide Bouix Headshot Missing
Aristide Bouix

Aristide Bouix

This person does not have a biography listed with CSA.

Chelsea Joyce Headshot Missing
Chelsea Joyce

Chelsea Joyce

This person does not have a biography listed with CSA.

Ashish Vashishtha
Ashish Vashishtha
Security Compliance Leader

Ashish Vashishtha

Security Compliance Leader

Analytical, results-oriented IS/IT Audit, Governance, Risk, and Compliance (GRC) leader over 19 years of experience managing enterprise-wide IT/IS security risk approach for large healthcare and IT services organizations. Passionate design thinker with an ability to harness innovation by facilitating collaboration to develop enterprise-wide security risk assessments (onsite as well as remote) for high-risk Third-Parties leveraging NIST 800-...

Read more

Soon Tein Lim
Soon Tein Lim

Soon Tein Lim

This person does not have a biography listed with CSA.

Dennis Holstein Headshot Missing
Dennis Holstein

Dennis Holstein

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training