Implementation -> Infrastructure Hardening: Usage of an security account
Risk and Opportunity
Risk: Having security auditing in the same account as infrastructure and applications at the cloud provide might cause evil administrators (or threat actors taking over an account of an administrator) to alter evidence like audit logs.
Opportunity: Usage of a seperate account dedicated for security activities.
Additional Information
Usefulness and Requirements of this Activity
Usefullness: High
Required knowledge: Medium (two disciplines)
Required time: Low
Required resources (systems): Medium
OWASP SAMM VERSION 2
ISO27001 2017