Cloud Incident Response

Back to discussions

Expand all | Collapse all

Different theme on 5.2.1.1 Cause of Cloud Incident (CIR Framework)

1. Different theme on 5.2.1.1 Cause of Cloud Incident (CIR Framework)

Like
Ewaldo S Hiras
Posted Feb 21, 2025 06:08:00 AM

Reply Reply Privately
Hi community,

This might already been discussed, since the CIR framework have already published quite sometime ago.

But I noticed a different theme on 5.2.1.1 vs the whole CIR framework.

If someone was reading CIR framework from top to bottom, what comes to mind would be that CIR framework was talking about security incident (mentions of NIST 800-61, mentions of IOC, etc.)

But just by reading 5.2.1.1 cause of cloud incident, reader will think that the document was talking about IT incident (power failure, disaster, etc.).

I believe this can cause problem when the framework was use to build policy etc., there will be blur on who should ultimately led/ responsible for incident.

Should this be handled as an IT incident or security incident?

It is okay to reference this cause, but I believe the document should describe a clear separation between IT and security incident (e.g. NIST 800-61).

Any thought about this?

------------------------------
Ewaldo S Hiras
Independent Researcher
GGS
------------------------------

Powered by Higher Logic

Global message icon