EP174 How to Measure and Improve Your Cloud Incident Response Readiness: A New Framework
Description
Guest:
-
Angelika Rohrer, Sr. Technical Program Manager , Cyber Security Response at Alphabet
Topics:
-
Incident response (IR) is by definition “reactive”, but ultimately incident prep determines your IR success. What are the broad areas where one needs to prepare?
-
You have created a new framework for measuring how ready you are for an incident, what is the approach you took to create it?
- Can you elaborate on the core principles behind the Continuous Improvement (CI) Framework for incident response?
-
Why is continuous improvement crucial for effective incident response, especially in cloud environments? Can’t you just make a playbook and use it?
-
How to overcome the desire to focus on the easy metrics and go to more valuable ones?
-
What do you think Google does best in this area?
-
Can you share examples of how the CI Framework could have helped prevent or mitigate a real-world cloud security incident?
-
How can other organizations practically implement the CI Framework to enhance their incident response capabilities after they read the paper?
Resources:
-
EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil
-
EP103 Security Incident Response and Public Cloud - Exploring with Mandiant
-
EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics
-
EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?