Cloud Incident Response

Back to discussions
Expand all | Collapse all

Cloud Incident Response Framework-- Internal Peer Review

  • 1.  Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 14, 2020 08:29:00 AM
    All, 

    Please take a look at the CIR Framework for internal working group peer review. Comments should now be turned on. CIR FRAMEWORK LINK

    ------------------------------
    Sean Heide
    Research Analyst
    CSA
    ------------------------------


  • 2.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 15, 2020 01:58:00 AM
    Great to See!!!
    @Saan Vandendriessche

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------

    Original Message


  • 3.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 15, 2020 04:12:00 AM
    Hi,

    Maybe this is of some interest to you.

    @Ashish Vashishtha
    @Chirag Sheth​​

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------

    Original Message


  • 4.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 15, 2020 04:46:00 AM
    Sure. Happy to assist.

    ------------------------------
    Ashish Vashishtha
    CISSP, CRISC, CISM, CISA, CDPSE, HITRUST CCSFP, AWS Cloud Practitioner
    ------------------------------

    Original Message


  • 5.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 15, 2020 04:20:00 AM
    Hi,

    Per Sean, it looks like this may pick up.

    @Ricci Ieong
    @Chris Matthews
    @Olivier Caleff

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------

    Original Message


  • 6.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 23, 2020 02:37:00 PM

    Thanks for posting,

    I was only able to get through part of the document.

    I am a bit confused as to why Incident Handling and Business Continuity / Disaster Recovery are both addressed in the same document.

    regards,
    Chris McCall
    CISSP CCSP ITIL V4 Foundation



    ------------------------------
    Chris McCall CISSP, CCSP, ITIL V4 Foundations
    ------------------------------

    Original Message


  • 7.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 23, 2020 04:14:00 PM
    Hi Chris,

    Thanks for your great help to date.

    Please keep it up.

    In any case, just keeping pointing out issues where you find them and it can be dealt with later.

    @Sean Heide
    @John Yeoh


    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------

    Original Message


  • 8.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 26, 2020 07:41:00 AM
    Team,

    Do we have a tentative date for any milestones (e.g. internal peer review, public review/comment and publication)?

    Chris Hughes

    ------------------------------
    Christopher Hughes
    ------------------------------

    Original Message


  • 9.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 26, 2020 08:20:00 AM
    Hi,

    The purpose of the internal review is to get the document ready for peer review, which means it's essentially complete.
    The Internal Review usually lasts as long as the co-chairs think it's needed to get to essentially complete.
    I've seen it last a week to 30 days.
    As this internal review started 11 days ago then there could be 19 days left in the internal review, which I believe is fine if there is sufficient participation to complete the remaining open items - marked in blue and yellow.
    The comments that are currently there address a lot of the lesser issues though are no less important and need to be cleared to make the document easier for review to continue.

    Public review is usually 30 days.

    Publishing can take another 2 weeks or so depending on a number of factors (number of documents waiting to be published, etc. art needed).

    @Sean Heide
    @John Yeoh




    ​​​

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------

    Original Message


  • 10.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 26, 2020 11:57:00 AM
    Edited by Chris McCall Oct 26, 2020 12:03:52 PM
    Hi Michael,

    I think the paper requires a fundamental structural re-write which could take longer than 19 days.

    Two key issues
    1)The paper presents Cloud Incident Handling as a separate process from traditional Incident Handling
    2)It conflates Security Incident Handling process with  Business Continuity ITIL ITSM process (security vs non-security).

    The paper should focus on the similarities and differences across people, process, and technology in the Cloud vs on-premises Incident Handling, nothing more nothing less.
    Please consider https://cloud.gov/docs/ops/security-ir/ and https://cloud.google.com/security/incident-response in their simplicity.

    ------------------------------
    Chris McCall CISSP, CCSP, ITIL V4 Foundations
    ------------------------------

    Original Message


  • 11.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 26, 2020 09:23:00 PM
    Hi Chris,

    That of course would need to be considered by the co-chairs.
    If they decide to go that route I agree that could certainly take more than 19 days.

    @Sean Heide
    @John Yeoh


    ​​​

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------

    Original Message


  • 12.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 27, 2020 02:32:00 PM
    Hi Michael, Chris,

    I also think that the amount of comments is still too high to already consider end of internal peer review. :-)
    Next to this I still see titles in blue and section in yellow - please correct me if I'm wrong @Michael Roza but do we/can we still work on those sections?
    To my opinion the ToC can remain, but some sections need rework to make clear capabilities/requirements change with CIR on P/P/T per phase in the IRP.

    If it would boost this paper, would it be possible to setup a short conf call to align on which route we want to take (if other peers agree)?
    @Sean Heide
    @John Yeoh

    Many thanks in advance.

    ------------------------------
    Saan Vandendriessche CCSP | CISSP | CRISC
    Cyber Security Manager
    Deloitte
    Brussels
    ------------------------------

    Original Message


  • 13.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 27, 2020 06:55:00 PM
    Hi Saan,

    Yes, the yellow and blue sections can and still need to be worked on and yes there should be a meeting to direct the efforts including the open comments, and suggestions for improvement including direction.

    @Sean Heide
    @John Yeoh








    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------

    Original Message


  • 14.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 28, 2020 04:39:00 AM
    Michael thanks for your quick response. I'll check out those sections again and, if allowed add content that replaces whatever is in there right now (which I understood was a copy from other resources).@Sean Heide@John Yeoh can we setup this call as soon as possible so we can align with all peers to go to delivery of this paper?

    ------------------------------
    Saan Vandendriessche CCSP | CISSP | CRISC
    Brussels - Belgium
    ------------------------------

    Original Message


  • 15.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 29, 2020 07:03:00 AM
    I will get a meeting setup so we can begin discussing this

    ------------------------------
    Sean Heide
    Research Analyst
    CSA
    ------------------------------

    Original Message


  • 16.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 31, 2020 02:13:00 AM
    Edited by David Chong Oct 31, 2020 02:20:40 AM

    Hi guys

    David here. Nice to meet all of you. :)
    I have just joined this group and made some suggestions to the paper.

    Thanks

    David



    ------------------------------
    David Chong CISSP | CCSP | TOGAF
    Singapore
    ------------------------------

    Original Message


  • 17.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 31, 2020 02:41:00 AM
    Hi David,

    I took a look and the suggestions are great.

    Sean will set the meeting up soon with the papers leads to process the comments.




    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------

    Original Message


  • 18.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 31, 2020 06:01:00 AM
    Hey All,

    Great work so far in the paper! I've also made some suggested changes - will continue to review over the next few days. When is the first review meeting?

    Thanks,
    Amin






    Original Message


  • 19.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Oct 31, 2020 02:45:00 PM
    Hi Amin,

    Sean Heide the CSA Analyst assigned to the paper should be arranging this shortly.

    @Sean Heide

    Best regards,​

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------

    Original Message


  • 20.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Nov 02, 2020 07:33:00 AM
    Glad to have the new folks to the group and thank you for the contributions!

    ------------------------------
    Christopher Hughes
    ------------------------------

    Original Message


  • 21.  RE: Cloud Incident Response Framework-- Internal Peer Review

    Posted Nov 14, 2020 02:13:00 AM
    Hi all,

    Any news on that meeting? When are we going to align on this so we can continue with this paper.

    Many Thanks

    ------------------------------
    Saan Vandendriessche CCSP | CISSP | CRISC
    Brussels - Belgium
    ------------------------------

    Original Message