ACG Working Group Update: Implementation Patterns for the Cloud Security Notification Framework
The Cloud Security Notification Framework (CSNF) is a set of guidelines and best practices for cloud security incident management and communication. It’s designed to help organizations improve their incident response capabilities and ensure the timely communication of security incidents to relevant stakeholders. This session will explore the implementation patterns for CSNF, which will include a demonstration by Splunk on how they have implemented the CSNF Canonical Data Model (CDM) to normalize messages for your SOC.
Session Outline:
-Introduction: The basics of Cloud Security Notification Framework (CSNF)
-Overview of the CSNF guidelines and best practices for incident management, incident notification, and incident response
-Best practices & design patterns for implementing CSNF
-Real-world examples of CSNF implementation and the challenges faced
-Discussion and sharing of attendees’ experiences with implementing CSNF
-Conclusion and Q&A
Target Audience:
IT professionals, security professionals, IT operations professionals and anyone interested in learning about the best practices for incident management, incident notification, and incident response in the cloud.
Peter Campbell is Platform Security Engineer and Information Protection Senior Director at Evernorth Health Services. As Co-Chair of the ONUG Agentic AI Working Group, he leads efforts to define standards for securing autonomous AI agents and reducing Agentic AI risk.
With a technical foundation forged in the U.S. Navy, Peter brings a unique investigative lens to cloud security. His current research and consulting focus on Ransomware Resilience and DFIR, specifically leveraging AI to accelerate the forensic lifecycle in digital investigations. A holder of numerous advanced certifications (including CISSP and GCFA), he is committed to architecting resilient ecosystems that can withstand the next generation of extortion and automated threats.
Staff Solutions Engineer for Splunk in the New York City area. A technologist with 20+ years working in the health and financial industries, focused on IT infrastructure and security monitoring, management, and tooling.
Josh Hammer is a Field CISO with Oracle. In this role, he works with customers to help them build innovative cloud security architectures and strategies that standardize and accelerate the secure adoption of Oracle Cloud Infrastructure (OCI). Before returning to Oracle, he was a Security Partner Solutions Architect with Amazon Web Services. In this role, he works closely with various strategic security partners to build cloud-optimized architecture and develop strategies with business development teams. Before this, he was a Security Architect in the AWS Professional Services organization, where he helped large enterprises adopt AWS.
