trademark
2c2kIhh
2c2kIhh
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
9.0 Granular Audits (cont.)<br />
database configurations, for example.<br />
• Setup and enable the necessary audit settings of the big data infrastructure, like routers,<br />
OS, Hadoop, and applications for which the audit information must be collected upfront.<br />
Setup the settings for other audit information, which might be collected in a later stage.<br />
• Collect and process the audit data with a SIEM solution or auditing tool, when<br />
applicable.<br />
9.3 Ensure timely access to audit information<br />
9.3.1 Why?<br />
To accelerate incident response. Time is the most important aspect in case of an attack, not only<br />
to determine when the attack happened, but also to have timely access to audit information in<br />
case it is needed. This goes hand-in-hand with the best practice mentioned in section 9.2.<br />
9.3.2 How?<br />
As described in best practice 9.2, setting up audit information upfront is key, not only<br />
for the completeness of the information, but also to get access to the information in a<br />
timely fashion.<br />
9.4 Maintain integrity of information<br />
9.4.1 Why?<br />
To ensure trust in audit data. Without an integrity guarantee, there is no single version<br />
of the truth. Audit information can’t be trusted and, as such, becomes useless.<br />
9.4.2 How?<br />
• Consider implementing integrity controls, like secure hashing. Use SHA-1, SHA-224,<br />
SHA-256, and/or SHA-512.<br />
• Ensure the integrity of the audit information is guaranteed along the complete<br />
path of collection, processing, use and storage of the data. This helps to ensure the<br />
information’s chain of custody.<br />
CLOUD SECURITY ALLIANCE Big Data Working Group Guidance<br />
© Copyright 2016, Cloud Security Alliance. All rights reserved.<br />
49