Cloud Incident Response Working Group
Introduction to the Cloud Incident Reponse Working Group
Mission Statement: To develop a holistic Cloud Incident Response (CIR) framework that comprehensively covers key causes of cloud incidents (both security and non-security related), and their handling and mitigation strategies. The aim is to serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, and also a transparent and common framework for Cloud Service Providers to share with cloud customers their cloud incident response practices.
Download the Cloud Incident Response Working Group Charter
With today’s fast-evolving threat landscape, the Cloud Security Alliance (CSA) opines that a holistic cloud incident response framework that considers an expansive scope of factors for cloud outages is necessary. Imperative factors of cloud incidents including, but not limited to, operational mistakes, infrastructure or system failure, environmental issues, cyber security incidents and malicious acts will be included in development of the framework.
The first relevant framework, the Cloud Outage Incident Response (COIR) Technical Reference (TR) which was originally developed by Singapore’s Infocomm Media Development Authority (IMDA) excludes cyber security incidents and malicious acts from the scope, a gap that can be bridged by CSA’s ‘Security Guidance For Critical areas of Focus In Cloud Computing v4.0’ Domain 9 (Incident Response, aka D9). D9 details response lifecycle in incidences including cyber security incidents and malicious acts.
The Cloud Incident Response (CIR) working group aims to develop a holistic CIR framework by merging and establishing of the complements – COIR TR + CSA D9, along with inputs from international standard frameworks such as:
- National Institute of Standards and Technology Computer Security Incident Handling Guide (NIST 800-61rev2 08/2012)
- ISO/IEC 27035
- ENISA Strategies
The resulting whitepaper will create a comprehensive guideline by collating and recommending best practices for effective management of cloud incidents. This will help CSPs align to market demand on service expectations, and regulators to standardise BCM requirements for CSPs. This framework will also help cloud users opt for the appropriate level of incident protection to complement their BC/DR capabilities.
Cloud Incident Response Working Group Leadership
Cloud Incident Response Co-chairs
Raju Chellam is a Member of the Singapore NCCAC (National Cloud Computing Advisory Council) under IMDA (Infocomm & Media Development Authority of Singapore) & Deputy Chair of the COIR (Cloud Outage Incident Response) Group under ITSC (IT Standards Committee). He is also Hon Vice Chairman of the Cloud & Big Data Chapter at SGTech, previously called SiTF (Singapore IT Federation) & Hon Secretary of the Cloud Chapter of SCS (Singapore Computer Society). He has been a Past President of the BCG (Business Continuity Group) at SCS. He was conferred as an SCS Fellow in March 2018.
Soon Tein Lim
Soon Tein started his career in the Republic of Singapore Navy (RSN) as a Naval Engineering Officer. He had held several key engineering appointments in HQ-RSN to shape RSN’s C4, IT and support capabilities. Subsequently, he held several Command appointments in the Naval Bases. He was the first Commanding Officer of Changi Maintenance Base where he operationalised the Support & Organisational Infrastructure.
Currently, he is the Head of IT for ST Engineering Electronics, a leading ICT provider in the region. He is responsible for the overall IT strategic planning and implementation to support the Electronics Sector. As part of ST Engineering, he is appointed as Programme Director in the implementation of strategic IT Service Delivery project for the entire ST Group. Prior to his IT appointment, he was a Business Head in ST Electronics (Info-Software System) for 6 years to deliver and support Defence solutions as well as Enterprise systems locally and abroad.
Soon Tein is currently the Chairman of SGTech’s Cloud & Data Chapter. He represented SGTech in IMDA COIR Committee to work on the Cloud Outage Incident Reporting framework. He is also a member of Defence Technology Asia’s Technical Panel.
Prof Alex Siow is currently Professor (Practice) in the School of Computing, NUS and concurrently Director of the Advanced Computing for Executives Centre, the Strategic Technology Management Institute (STMI) and the Centre for Health Informatics.
Prior to the current appointment, Prof Alex was the Managing Director, Health & Public Service at Accenture. Alex started his career as a Structural Engineer in the HDB in 1981 and appointed the Chief Information Officer in 1989. In 2003, Alex joined the private sector and became the Senior Vice-President in StarHub Ltd. He held various portfolios including Head, Business Market, CIO and Head, Enterprise Risk Management.
Prof Alex was very active in the IT Community. He was the President of the Singapore Computer Society from 1997 to 2001. He was the President of ITMA from 1995 to 1999. He was the first President of the Singapore Chapter of the Project Management Institute and served from 2001 to 2012. From 2001 to 2005, Alex was the Chairman of the e-Learning Chapter of SiTF.
Alex is currently member of Temasek Polytechnic Board of Governors, and a member of the Board of Trustees of Singapore University of Social Sciences. He is also a member of the Edusave Advisory Council.
Prof Alex’s expertise is in IT Governance, Enterprise Risk Management, Management of Emerging Technology and Technology Roadmap Planning. He is also active in the Fintech and blockchain community.
Cloud Incident Response Working Group Initiatives
Please contact Working Group Leadership for more information.