P1: ,Implement P1 security controls first
The organization allocates audit record storage capacity in accordance with [Assignment: ,organization-defined audit record storage requirements]
Organizations consider the types of auditing to be performed and the audit processing requirements when allocating audit storage capacity
Storing audit records on separate physical systems or components also preserves the confidenality and integrity of audit records and facilitates the management of audit records as an organizaon-wide acvity
Storing audit records on separate systems or components applies to inial generaon as well as backup or long-term storage of audit records
Storing audit records on separate systems or components applies to inial generaon as well as backup or long-term storage of audit records
Related controls: ,AU-4, AU-5(3) PROTECTION OF AUDIT INFORMATION | CRYPTOGRAPHIC PROTECTION Implement cryptographic mechanisms to protect the integrity of audit informaon and audit tools
It is a common process in information systems with limited audit storage capacity; the audit storage is used only in a transitory fashion until the system can communicate with the secondary or alternate system designated for storing the audit records, at which point the information is transferred
Dissemination to the relevant parties You need to decide how the various audiences will receive the findings from the audit
This may take the form of reports, presentations, email, or staff meetings
This will depend on the target audience, The capacity audit report5 Storage Security Audit The Storage Security Audit is a systematic, professional examination and verification of security and information management controls as applied in the storage infrastructure
It is performed by an independent party or internal audit function
Organizations consider the types of auditing to be performed and the audit processing requirements when allocating audit storage capacity
Allocating sufficient audit storage capacity reduces the likelihood of such capacity being exceeded and resulting in the potential loss or reduction of auditing capability
Information technology resources are sufficient to meet business requirements effectively
Capacity management's goal is to ensure that information technology resources are sufficient to meet upcoming business requirements cost-effectively.One common interpretation of capacity management is described in the ITIL framework.ITIL version 3 views capacity management as comprising three sub-processes:
Business capacity management
Service capacity management
And component capacity management.
Adaptable Modular Storage 2000 is the brand name of Hitachi Data Systems mid-range storage platforms.
