UTHM Institutional Repository

An evidence-based cloud incident handling framework

Ab Rahman, Nurul Hidayah (2016) An evidence-based cloud incident handling framework. PhD thesis, University of South Australia.


Download (1MB)


Cloud computing is increasingly adopted by both individual and organisational users; thus, ensuring the security and privacy of data stored in the cloud is a crucial requirement in an organisation‘s business continuity and risk assessment strategies. An incident handling strategy is key to mitigating risks to the confidentiality, integrity and availability of information assets, particularly those outsourced to the cloud located in one or more different countries. Thus, organisational cloud users may face challenges or be limited in their capability to handle security incidents (e.g. security breaches) on their sites since the infrastructure on which the data resides belongs to the cloud providers. Surveys were conducted with industry practitioners to identify: (1) the implications of emerging technologies and its information security threats on the incident handling practices, and (2) the factors influencing incident handling adoption for organisational cloud users. The results indicated that the current landscape of information security threats have impacted on their security strategic planning, resulting in practitioners being more proactive, requiring better tactical tools, and cultivating a culture of information security. The factors identified as having a significant influence on the adoption were determined using an integration of Situational Awareness and Protection Motivation Theory. Users are more likely to adopt if they are aware of cloud security and privacy related risks, confident in their capability, understand the benefits, and understand the impact due to an ineffective strategy. The cloud incident handing framework presented in this thesis draws upon principles and practices from both incident handling and digital forensics. The integration of digital forensic principles and practices facilitates the collection of digital evidence, reconstructing of events and establish facts of who, what, when, where, how, and why an incident took place. The framework consists of six phases, namely: Preparation (integrated with forensic readiness principles); Identification; Assessment (integrated with forensic collection and analysis practices); Action and Monitoring; Recovery; and Evaluation (integrated with forensic presentation practices). A feasibility study was conducted that simulates private cloud storage (i.e. ownCloud) in a virtual environment. A security information and event management tool was used to demonstrate that each phase is feasible with significant evidence artefacts can be collected.

Item Type: Thesis (PhD)
Subjects: Q Science > QA Mathematics > QA76 Computer software
Depositing User: Mr. Mohammad Shaifulrip Ithnin
Date Deposited: 02 Jul 2018 02:43
Last Modified: 02 Jul 2018 02:43
URI: http://eprints.uthm.edu.my/id/eprint/10219
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item


Downloads per month over past year