Sign up to save your podcasts
Or
Share AWS Security Incident Response Guide AWS Technical Guide Audiobook
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
AWS Security Incident Response Guide AWS Technical Guide Audiobook
AWS Security Incident Response Guide
This guide presents an overview of the fundamentals of responding to security incidents within a customer’s AWS Cloud environment.
It focuses on an overview of cloud security and incident response concepts, and identifies cloud capabilities, services, and mechanisms that are available to customers who are responding to security issues.
This paper is intended for those in technical roles and assumes that you are familiar with the general principles of information security, have a basic understanding of incident response in your current on- premises environments, and have some familiarity with cloud services.
Introduction
Security is the highest priority at AWS.
As an AWS customer, you benefit from a data center and network architecture that is built to meet the requirements of the most security-sensitive organizations.
The AWS Cloud has a shared responsibility model.
AWS manages security of the cloud.
You are responsible for security in the cloud.
This means that you retain control of the security you choose to implement.
You have access to hundreds of tools and services to help you meet your security objectives.
These capabilities help you establish a security baseline that meets your objectives for your applications running in the cloud.
When a deviation from your baseline does occur (such as by a misconfiguration), you may need to respond and investigate.
To successfully do so, you must understand the basic concepts of security incident response within your AWS environment, as well as the issues you need to consider to prepare, educate, and train your cloud teams before security issues occur.
It is important to know which controls and capabilities you can use, to review topical examples for resolving potential concerns, and to identify remediation methods that you can use to leverage automation and improve your response speed.
Because security incident response can be a complex topic, we encourage you to start small, develop runbooks, leverage basic capabilities, and create an initial library of incident response mechanisms to iterate from and improve upon.
This initial work should include your legal department as well as teams that are not involved with security, so that you are better able to understand the impact that incident response (IR), and the choices you have made, have on your corporate goals.
Before You Begin
In addition to this document, we encourage you to review the Best Practices for Security, Identity, & Compliance and the Security Perspective of the AWS Cloud Adoption Framework (CAF) whitepaper.
The AWS CAF provides guidance that supports coordinating between the different parts of organizations that are moving to the cloud.
The CAF guidance is divided into several areas of focus that are relevant to implementing cloud-based IT systems, which we refer to as perspectives.
The Security Perspective describes how to implement a security program across several workstreams, one of which focuses on incident response.
This document details some of our experiences in helping customers to assess and implement successful mechanisms in that workstream.
AWS CAF Security Perspective
The Security Perspective includes four components:
Directive controls establish the governance, risk, and compliance models within which the environment operates.
Preventive controls protect your workloads and mitigate threats and vulnerabilities.
Detective controls provide full visibility and transparency over the operation of your deployments in AWS.
Responsive controls drive remediation of potential deviations from your security baselines.
View all episodes
By AGPIAL Phillip J. MurphyAWS Security Incident Response Guide
This guide presents an overview of the fundamentals of responding to security incidents within a customer’s AWS Cloud environment.
It focuses on an overview of cloud security and incident response concepts, and identifies cloud capabilities, services, and mechanisms that are available to customers who are responding to security issues.
This paper is intended for those in technical roles and assumes that you are familiar with the general principles of information security, have a basic understanding of incident response in your current on- premises environments, and have some familiarity with cloud services.
Introduction
Security is the highest priority at AWS.
As an AWS customer, you benefit from a data center and network architecture that is built to meet the requirements of the most security-sensitive organizations.
The AWS Cloud has a shared responsibility model.
AWS manages security of the cloud.
You are responsible for security in the cloud.
This means that you retain control of the security you choose to implement.
You have access to hundreds of tools and services to help you meet your security objectives.
These capabilities help you establish a security baseline that meets your objectives for your applications running in the cloud.
When a deviation from your baseline does occur (such as by a misconfiguration), you may need to respond and investigate.
To successfully do so, you must understand the basic concepts of security incident response within your AWS environment, as well as the issues you need to consider to prepare, educate, and train your cloud teams before security issues occur.
It is important to know which controls and capabilities you can use, to review topical examples for resolving potential concerns, and to identify remediation methods that you can use to leverage automation and improve your response speed.
Because security incident response can be a complex topic, we encourage you to start small, develop runbooks, leverage basic capabilities, and create an initial library of incident response mechanisms to iterate from and improve upon.
This initial work should include your legal department as well as teams that are not involved with security, so that you are better able to understand the impact that incident response (IR), and the choices you have made, have on your corporate goals.
Before You Begin
In addition to this document, we encourage you to review the Best Practices for Security, Identity, & Compliance and the Security Perspective of the AWS Cloud Adoption Framework (CAF) whitepaper.
The AWS CAF provides guidance that supports coordinating between the different parts of organizations that are moving to the cloud.
The CAF guidance is divided into several areas of focus that are relevant to implementing cloud-based IT systems, which we refer to as perspectives.
The Security Perspective describes how to implement a security program across several workstreams, one of which focuses on incident response.
This document details some of our experiences in helping customers to assess and implement successful mechanisms in that workstream.
AWS CAF Security Perspective
The Security Perspective includes four components:
Directive controls establish the governance, risk, and compliance models within which the environment operates.
Preventive controls protect your workloads and mitigate threats and vulnerabilities.
Detective controls provide full visibility and transparency over the operation of your deployments in AWS.
Responsive controls drive remediation of potential deviations from your security baselines.
More shows like AGPIAL A Good Person Is Always Learning.
View all
Bannon`s War Room
16,894 Listeners