Manualshelf

User`s guide

ManualsBrandsVMware ManualsOtherVCLOUD REQUEST MANAGER 1.0.0
30313233343536373839
Technical white paper
35
Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit-organization that provides guidance, education, and promotes best practices
for security in cloud computing. The Cloud Security Alliance’s mission statement is:
“To promote the use of best practices for providing security assurance within cloud computing, and provide education on
the uses of cloud computing to help secure all other forms of computing.”
In accordance with their mission statement, the Cloud Security Alliance publishes security guidance and a cloud controls
matrix to address security concerns in cloud computing.
The HP ArcSight products address several areas that are outlined in the security guidance document.
The Cloud Security Alliance guidance document, Security Guidance for Critical Areas of Focus in Cloud Computing, defines 14
domains for operating in a cloud environment and provides recommendations on how to securely operate in those domains.
Each domain addresses a specific area of concern with respect to security and cloud computing. The HP ArcSight products
address areas of concern in the Cloud Security Alliance Domains listed below:
Domain 5 Information Management and Data Security
5.4.1 Locations and Access
5.6.5 Database and File Activity Monitoring
Domain 6 Interoperability and Portability
6.3.2 Portability Recommendations (logging)
6.3.3 Recommendations for Different Cloud Models log traces
Domain 9 Incident Response
9.3.2 Detection and Analysis
9.3.3 Data Sources
9.3.4 Forensic and Other Investigative Support for Incident Analysis
9.3.5 Containment, Eradication, and Recovery
Domain 10 Application Security
10.2 Authentication, Authorization, and Compliance Application Security Architecture in the Cloud
10.3 Identity Management
10.5 Monitoring Applications in the Cloud
10.5.1 Application Monitoring in the Cloud
10.6.3 Architecture Recommendations
Domain 14 Security As A Service
14.4.7 Security Information & Event Management (SIEM)
14.7.7 SIEM SECaaS Requirements
SECASS Category 7 Security Information and Event Management Implementation Guidance
https://cloudsecurityalliance.org/research/secaas/
The Cloud Security Alliance Security Control Matrix contains a list of controls that identify and describe security controls that
are applicable to cloud computing. The security controls in Table 1 can be addressed with the HP ArcSight solution.