Measuring Cloud Incident Response Readiness

Guest:

• Angelika Rohrer, Sr. Technical Program Manager , Cyber Security Response at Alphabet

Topics:

• Incident response (IR) is by definition “reactive”, but ultimately incident prep determines your IR success. What are the broad areas where one needs to prepare?

• You have created a new framework for measuring how ready you are for an incident, what is the approach you took to create it?

• Can you elaborate on the core principles behind the Continuous Improvement (CI) Framework for incident response?

• Why is continuous improvement crucial for effective incident response, especially in cloud environments? Can’t you just make a playbook and use it?

• How to overcome the desire to focus on the easy metrics and go to more valuable ones?

• What do you think Google does best in this area?

• Can you share examples of how the CI Framework could have helped prevent or mitigate a real-world cloud security incident?

• How can other organizations practically implement the CI Framework to enhance their incident response capabilities after they read the paper?

Resources:

• “How do you know you are "Ready  to Respond"? paper

• EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil

• EP103 Security Incident Response and Public Cloud - Exploring with Mandiant

• EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics

• EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?