Audits:
1.In order to be able to perform effective audits and investigations.The CSP should provide an audit log with as much information as is relevant.
2.When: Time and date of logs and events.
3.Where: Application identifies,application address (cluster/host or IP address).
4.Who: Human/machine
5.What: Types of event,severity of event and description.
Security and Event Management:
Software and products combining security information management.It provides real-time analysis of security alerts generated by network hardware and applications.SEIM systems often provide:
+Aggregation from many sources.
+Correlation across common attribute.
+Alerting to a predefined entity responsible for monitoring.
+Dashboard tools to take event event data and organize into charts or other formats.
+Compliance tools automate the gathering of compliance data
+Retention employs long term storage of historical data to facilitate correlation of data over time to provide the retention necessary for compliance.
+Forensic analysis provides the ability to search across logs on different nodes and time periods based on specific criteria.
Liabilities:
Failure of management to execute Due care and/or Due Diligence culpable negligence is often used to prove liability.
+Data Privacy
+Compliance
+Due Diligence and Due Care
+Service Level Agreements