An evidence-based cloud incident handling framework

Ab Rahman, Nurul Hidayah (2016) An evidence-based cloud incident handling framework. Doctoral thesis, University of South Australia.


Download (1MB) | Preview
[img] Text (Copyright Declaration)
Restricted to Repository staff only

Download (194kB) | Request a copy


Cloud computing is increasingly adopted by both individual and organisational users; thus, ensuring the security and privacy of data stored in the cloud is a crucial requirement in an organisation‘s business continuity and risk assessment strategies. An incident handling strategy is key to mitigating risks to the confidentiality, integrity and availability of information assets, particularly those outsourced to the cloud located in one or more different countries. Thus, organisational cloud users may face challenges or be limited in their capability to handle security incidents (e.g. security breaches) on their sites since the infrastructure on which the data resides belongs to the cloud providers. Surveys were conducted with industry practitioners to identify: (1) the implications of emerging technologies and its information security threats on the incident handling practices, and (2) the factors influencing incident handling adoption for organisational cloud users. The results indicated that the current landscape of information security threats have impacted on their security strategic planning, resulting in practitioners being more proactive, requiring better tactical tools, and cultivating a culture of information security. The factors identified as having a significant influence on the adoption were determined using an integration of Situational Awareness and Protection Motivation Theory. Users are more likely to adopt if they are aware of cloud security and privacy related risks, confident in their capability, understand the benefits, and understand the impact due to an ineffective strategy. The cloud incident handing framework presented in this thesis draws upon principles and practices from both incident handling and digital forensics. The integration of digital forensic principles and practices facilitates the collection of digital evidence, reconstructing of events and establish facts of who, what, when, where, how, and why an incident took place. The framework consists of six phases, namely: Preparation (integrated with forensic readiness principles); Identification; Assessment (integrated with forensic collection and analysis practices); Action and Monitoring; Recovery; and Evaluation (integrated with forensic presentation practices). A feasibility study was conducted that simulates private cloud storage (i.e. ownCloud) in a virtual environment. A security information and event management tool was used to demonstrate that each phase is feasible with significant evidence artefacts can be collected. This framework was also validated using two case studies: mobile cloud storage (Google Drive, Dropbox, and OneDrive) and mobile communication (Viber, Telegram, Skype, WhatsApp and Messenger) applications. Both studies simulated typical user activities on the studied applications on the Android platform. Mobile forensics and network tools were deployed for the collection and analysis of evidence artefacts. The first case study simulated uploads, share, read and download files. The artefacts were then analysed based on the activities. The second case study was setting up the scenario of terrorists‘ use of mobile communication applications by simulating chat conversation, adds contacts, and shared media files activities. The artefacts were classified into accounts, contacts, chat logs, shared media files, and location data to facilitate terrorism investigations. This research has shown that the framework supports organisational users in both the incident handling and forensic investigations, as well as informing the design of security strategies for organisations.

Item Type: Thesis (Doctoral)
Subjects: Q Science > QA Mathematics > QA71-90 Instruments and machines > QA75-76.95 Calculating machines
Depositing User: Miss Afiqah Faiqah Mohd Hafiz
Date Deposited: 06 Sep 2021 08:25
Last Modified: 06 Sep 2021 08:25

Actions (login required)

View Item View Item