trademark
2c2kIhh
2c2kIhh
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
9.0 Granular Audits (cont.)<br />
9.7 Enable all required logging<br />
9.7.1 Why?<br />
To build up an audit view. This process is only as effective as the data collected. Most of<br />
this information comes from log files (e.g., networks, OS, database, and applications). As<br />
such, enabling logging according to what needs to be audited is key.<br />
9.7.2 How?<br />
This is related to best practice 9.2, which describes which information is needed. Based<br />
on this data, evaluate the logging capabilities of the big data infrastructure components<br />
and enable the different logging features.<br />
9.8 Use tools for data collection and processing<br />
9.8.1 Why?<br />
To find actionable information without being overwhelmed by big data. There is simply<br />
too much information (especially now with big data) to be processed manually. Tools—<br />
such as a SIEM tool—are necessary to collect and process the data.<br />
9.8.2 How?<br />
Use available tools such as a SIEM tool to process the information gathered from logs.<br />
9.9 Separate big data and audit data<br />
9.9.1 Why?<br />
To enforce separation of duties. As the audit data contains information about what has happened<br />
in the big data infrastructure, it is recommended to separate this data from the “regular” big data.<br />
9.9.2 How?<br />
• Implement the audit system in a different infrastructure than the big data infrastructure.<br />
For example, this may include a different network segment or cloud.<br />
• Ensure that only the pre-defined “auditor” has access to the audit system and audit data.<br />
• Monitor the audit system.<br />
CLOUD SECURITY ALLIANCE Big Data Working Group Guidance<br />
© Copyright 2016, Cloud Security Alliance. All rights reserved.<br />
51