Dear team,
Thank you to all who participated in the call last Friday.
Call Participants
Co-Chairs: Raju Chellam, Prof Alex Siow
WG Members: Suresh Agarwal, Paul Lee, Richard Kilpatrick, Saan Vandendriessche
CSA Staff: Haojie Zhuang, Jane Chow
Please spend some time to go through the attached audio recording (~23mins long) for better understanding. Here are some key takeaways for your perusal.
1. Quick recap of previous call (1:18 mins of recording)
Previous call was focused on brainstorming some ideas for deliverable title and scope, to which the WG has decided on "Cloud Incident Response Framework". From there, we've also come up with an outline with suggested areas in scope, as shared on "Update from 30 Jan Call" message thread.
2. Brief run through of CIR Framework outline (1:57 mins of recording)
- Scope (2:11 mins of recording)
Included 2 additional documents as recommended by our WG members.
"ISO 223220:2011 Societal Security - Emergency Management - Requirements for Incident Response". A large part of it seems to focus on disruptions due to natural disasters. Useful to consider where cause of incident or outage falls under natural disaster category.
"FedRAMP Incident Communications Procedure". Aligned with NIST document that we will be incorporating in the CIR Framework. While the context is US-centric, this document is useful in determining who and when to inform at each stage of the incident response process.
Co-Chair, Soon Tein, made a comment to remove "Develop industry specific standard and regulations" from the scope of charter. Co-Chairs and members on the call were agreeable. If it is deemed useful by the industry we can eventually feed the framework to an international standardisation process, but CSA typically does not set out to do standardisations and regulations. If suitable opportunity presents itself in the future, we can update the charter again to include this point.
- Structure (5:04 mins of recording)
As a recap, the CIR Framework need not be a very detailed document to start with, the first deliverable can be a higher-level framework, as a prelude to future documents that are covered in greater depth. This is also to maintain consistency with other research artefacts released by CSA, where they are bite-sized and more digestible for the industry.
With all the documents that we have as references (find in "Docs & Files" > "References"), we need to think of how to logically structure all these information into a single framework. Starting with a user not knowing the cause of disruption (incident or outage), and narrowing down to the cause using a decision tree-like method to provide an incident response. With this in mind, a suggestion is to use "TR 62 – Cloud Outage Incident Response Framework" as a base and refashion it to fit into CIR Framework. We can then work backwards from there and point to relevant clauses in other documents as reference material.
We would love to hear your suggestions and ideas if you have any. Please input your thoughts and comments below and/or include areas that you think are relevant in this draft structure.
- Timeline (10:55 mins of recording)
Please refer to the "CIR Deliverable Outline.pdf" for timeline.
3. Any other business (11:22 mins of recording)
Merging of the complements using AI tools as suggested by Soon Tein - not required for now since the process will be non-trivial and there are no apples to apples comparison between the documents. For now, we will pick on the brains of the subject matter experts in the working group.
Going forward, it would be helpful for volunteers to go through the reference documents shared, especially "TR 62 – Cloud Outage Incident Response Framework" since the document is intended as a base for CIR Framework.
Let's take some time to contribute to the draft structure and think of ways to piece the relevant documents together before we reconvene in a few weeks' time. Thank you!
Best Regards,
Jane Chow
------------------------------
Jane Chow
Apr 1 · Notified 28 people
------------------------------