Determining Training Needs for Cloud Infrastructure Investigations using I-STRIDE

TL;DR

This paper extends the STRIDE risk assessment method to cloud infrastructure, enabling organizations to evaluate their incident response capabilities and improve forensic readiness in cloud environments.

Contribution

It introduces an extended STRIDE model tailored for cloud security investigations, aiding organizations in assessing and enhancing their incident response and forensic capabilities.

Findings

Extended STRIDE model for cloud environments

Framework for assessing incident responder capacity

Guidelines for forensic evidence preservation in the cloud

Abstract

As more businesses and users adopt cloud computing services, security vulnerabilities will be increasingly found and exploited. There are many technological and political challenges where investigation of potentially criminal incidents in the cloud are concerned. Security experts, however, must still be able to acquire and analyze data in a methodical, rigorous and forensically sound manner. This work applies the STRIDE asset-based risk assessment method to cloud computing infrastructure for the purpose of identifying and assessing an organization's ability to respond to and investigate breaches in cloud computing environments. An extension to the STRIDE risk assessment model is proposed to help organizations quickly respond to incidents while ensuring acquisition and integrity of the largest amount of digital evidence possible. Further, the proposed model allows organizations to assess the needs and capacity of their incident responders before an incident occurs.