Philip Cao

Stay Hungry. Stay Foolish.

CSA Release Cloud Forensics Capability Maturity Model Report

2 min read


CSA’s Incident Management and Forensics Working Group today released its “Cloud Forensics Capability Maturity Model”, a new research report that describes a Capability Maturity Model (CMM) that can be used by both cloud consumers and Cloud Service Providers (CSPs) in assessing their process maturity for conducting digital forensic investigations in the cloud environment.

Even the most capable enterprise cannot avoid data breaches entirely. As such, there is a rising need for enterprises to adopt mature forensic security processes. This need will rise at least at the speed at which adversaries improve their attack strategies and techniques. This situation is even more complex in the world of cloud computing. Only with close cooperation between the cloud consumer (who has given up some control) and the CSP (who has inherited it) can adequate, timely and accurate forensic analysis occur.

The target audience for this paper is enterprise users that deal with all aspects (technical and organizational) of their forensic processes, and that plan to or have already integrated cloud IaaS services into their IT infrastructure. The starting point for the model was the Carnegie Mellon University Software Engineering Institute’s (SEI) “Software Process Maturity Framework” which identifies five progressive levels of process maturity:

LEVEL SEI Capability Forensics Question
1 Initial How are we ever going to do this?
2 Repeatable Have we done this before?
3 Defined What is our process for doing this?
4 Managed What resources did this require?
5 Optimizing How can we do this better?


The report provides detailed guidance for each question via scenario planning and recommended process mapping.

To download a free copy of the report, visit:

[Cloud Security Alliance Blog]

Leave a Reply

Copyright © 2006-2022 Philip Hung Cao. All rights reserved