Here's the outline for Audit/Forensics Use Cases that I will be working on with other team members to complete.
-Kurt
OASIS ID-Cloud Audit and Forensics Use Cases
Logging must be sufficient to support the following use cases:
Reporting and Assurances - SLA's (Service Level Agreements)
- Service Billing
- Marketing uses of data
- Customer activity reporting
- Data aggregation w/o linking to private data
- Audit thresholds for dynamic environments
- User Identification assurances – source, factors, strength
- Authentication assurances – source, factors, strength
- Transaction assurances – source, validation, tokenization
- Encryption assurances – methods, key management
- Administrative user write access to logs
Problem Determination and Fraud Investigation - Service abuse identification and correlation
- Attack identification and correlation
- Vulnerabilities during logging/reporting/auditing period – known at time and retrospective
- Log management – transmission, rollover, administrative access, audit access
- Time management – time adjustments, drift, log heartbeat validation
Legal and Forensic Requirements
- Segregation of data/instances subject to regulatory requirements
- Formal tenant isolation and data location plan
- Formal user isolation and data location plan
- Mapping physical requirements to the logical presentation of virtualization
- Pre-determination of materials to surrender upon subpoena
- Formal plan for logs that must move with the data vs. maintained in central repositories
- Formal plan for logs directly associated with physical assets
Aspects unique to IaaS, PaaS and SaaS need to be identified.
|