trademark
2c2kIhh
2c2kIhh
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
9.0 Granular Audits (cont.)<br />
9.5 Safeguard confidentiality of information<br />
9.5.1 Why?<br />
To prevent audit data from reaching the wrong hands. While ensuring the integrity of<br />
the audit emphasizes the accuracy of the information, confidentiality addresses the fact<br />
that not everyone needs to have access to that data. This is important because audit<br />
information contains data related to potential attackers and methods. As such, only<br />
authorized people (typically auditors and forensic researchers) should be awarded access.<br />
9.5.2 How?<br />
• Ensure that audit information is stored separately (see best practice 9.9).<br />
• Ensure that audit information can only be accessed by authorized people (see best practice<br />
9.6).<br />
• Consider the use of encryption to encrypt the audit information, where feasible and applicable.<br />
9.6 Implement access control and monitoring for<br />
audit information<br />
9.6.1 Why?<br />
To safeguard audit information. Audit information contains important data regarding<br />
the “what, when and who” of system access and data use. As this information is critical<br />
for investigations, access to this information has to be strictly controlled. Limited access<br />
also helps to avoid tampering with audit information, which may allow the attacker to<br />
erase his/her tracks.<br />
9.6.2 How?<br />
• When setting up the identity and access management process, carefully determine<br />
who has access to audit information and consider creating a designated “auditor”<br />
position.<br />
• Monitor the use of this role on a regular basis, especially for exceptions or access<br />
attempts.<br />
• Ensure that a cohesive view of the attack is created from audit information.<br />
CLOUD SECURITY ALLIANCE Big Data Working Group Guidance<br />
© Copyright 2016, Cloud Security Alliance. All rights reserved.<br />
50