ImageVerifierCode 换一换
格式:PDF , 页数:22 ,大小:600.73KB ,
资源ID:588233      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-588233.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO IEC 10181-7-1996 Information technology - Open systems interconnection - Security frameworks for open systems - Security audit and alarms framework《信息技术 开放式系统互连 开放式系统的安全框架 安.pdf)为本站会员(李朗)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO IEC 10181-7-1996 Information technology - Open systems interconnection - Security frameworks for open systems - Security audit and alarms framework《信息技术 开放式系统互连 开放式系统的安全框架 安.pdf

1、BRITISH STANDARD BS ISO/IEC 10181-7:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Security audit and alarms framework (ITU-T Rec. X.816 (1995)| ISO/IEC10181-7:1996) ICS 35.100.01BSISO/IEC 10181-7:1996 This British Standard, having been prepared under

2、the direction of the DISC Board, was published under the authority of the Standards Board and comes into effect on 15 November 1996 BSI 11-1998 ISBN 0 580 26525 0 National foreword This British Standard reproduces verbatim ISO/IEC 10181-7:1996, and implements it as the UK national standard. The UK p

3、articipation in its preparation was entrusted to Technical Committee IST/21, Open Systems Interconnection, Data Management and Open Distributed Processing, which has the responsibility to: aid enquirers to understand the text; present to the responsible international/European committee any enquiries

4、 on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee is available on request. Cross-references The British Standards which impl

5、ement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or using the “Find” facility of the BSI Standards Electronic Catalogue. A British Standard does not purport

6、 to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cove

7、r, the ISO/IEC title page, pages ii to iv, pages 1 to 14 an inside back cover andaback cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on theinside front cover. Amendments issued since publication Amd.

8、 No. Date CommentsBSISO/IEC 10181-7:1996 ii BSI 11-1998 Contents Page Foreword iii Introduction 1 1 Scope 1 2 Normative references 2 2.1 Identical Recommendations | International Standards 2 2.2 Paired Recommendations | International Standards equivalent in technical content 2 3 Definitions 2 3.1 Ba

9、sic Reference Model definitions 2 3.2 Security architecture definitions 2 3.3 Management framework definitions 2 3.4 Security framework overview definitions 3 3.5 Additional definitions 3 4 Abbreviations 3 5 Notation 3 6 General discussion of security audit and alarms 4 6.1 Model and functions 4 6.2

10、 Phases of security audit and alarms procedures 6 6.3 Correlation of audit information 7 7 Policy and other aspects of security audit and alarms 7 7.1 Policy 7 7.2 Legal aspects 8 7.3 Protection requirements 8 8 Security audit and alarms information and facilities 8 8.1 Audit and alarms information

11、8 8.2 Security audit and alarms facilities 9 9 Security audit and alarms mechanisms 10 10 Interaction with other security services and mechanisms 10 10.1 Entity authentication 10 10.2 Data origin authentication 10 10.3 Access Control 10 10.4 Confidentiality 10 10.5 Integrity 10 10.6 Non-repudiation

12、10 Annex A General security audit and alarms principles for OSI 11 Annex B Realization of the security audit and alarm model 12 Annex C Security Audit and Alarms Facilities Outline 14 Annex D Time Registration of Audit Events Inside back cover Figure 1 Security audit and alarms model 5 Figure 2 Dist

13、ributed audit trail model 6 Figure B.1 An Example of realization of a alarm and audit service 13BSISO/IEC 10181-7:1996 BSI 11-1998 iii Foreword ISO (the International Organization for Standardization) and IEC (theInternational Electrotechnical Commission) form the specialized system for worldwide st

14、andardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields

15、 of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted b

16、y the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 10181-7 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information

17、 technology, Subcommittee SC 21, Open systems interconnection, data management and open distributed processing, in collaboration with ITU-T. The identical text is published as ITU-TRecommendation X.816. ISO/IEC 10181 consists of the following parts, under the general title Information technology Ope

18、n Systems Interconnection Security frameworks for open systems: Part 1: Overview; Part 2: Authentication framework; Part 3: Access control framework; Part 4: Non-repudiation framework; Part 5: Confidentiality framework; Part 6: Integrity framework; Part 7: Security audit and alarms framework. Annexe

19、s A to D of this part of ISO/IEC 10181 are for information only.iv blankBSISO/IEC 10181-7:1996 BSI 11-1998 1 Introduction This Recommendation|International Standard refines the concept of security audit described in ITU-T Rec. X.810|ISO/IEC 10181-1. This includes event detection and actions resultin

20、g from these events. The framework, therefore, addresses both security audit and security alarms. A security audit is an independent review and examination of system records and activities. The purposes of a security audit include: assisting in the identification and analysis of unauthorized actions

21、 or attacks; helping ensure that actions can be attributed to the entities responsible for those actions; contributing to the development of improved damage control procedures; confirming compliance with established security policy; reporting information that may indicate inadequacies in system cont

22、rols; and identifying possible required changes in controls, policy and procedures. In this framework, a security audit consists of the detection, collection and recording of various security-related events in a security audit trail and analysis of those events. Both audit and accountability require

23、 that information be recorded. A security audit ensures that sufficient information is recorded about both routine and exceptional events so that later investigations can determine if security violations have occurred and, if so, what information or other resources have been compromised. Accountabil

24、ity ensures that relevant information is recorded about actions performed by users, or processes acting on their behalf, so that the consequences of those actions can later be linked to the user(s) in question, and the user(s) can be held accountable for his or her actions. Provision of a security a

25、udit service can contribute to the provision of accountability. A security alarm is a warning issued to an individual or process to indicate that a situation has arisen that may require timely action. The purposes of a security alarm service include: to report real or apparent attempts to violate se

26、curity; to report various security-related events, including “normal” events; and to report events triggered by threshold limits being reached. 1 Scope This Recommendation|International Standard addresses the application of security services in an Open Systems environment, where the term “Open Syste

27、ms” is taken to include areas such as Database, Distributed Applications, Open Distributed Processing and OSI. The Security Frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The Security Framewo

28、rks are not concerned with the methodology for constructing systems or mechanisms. The Security Frameworks address both data elements and sequences of operations (but not protocol elements) which are used to obtain specific security services. These security services may apply to the communicating en

29、tities of systems as well as to data exchanged between systems, and to data managed by systems. The purpose of security audit and alarms as described in this Recommendation|International Standard is to ensure that open system-security-relatedevents are handled in accordance with the security policy

30、of the applicable security authority. In particular, this framework: a) defines the basic concepts of security audit and alarms; b) provides a general model for security audit and alarms; and c) identifies the relationship of the Security Audit and Alarms service with other security services. As wit

31、h other security services, a security audit can only be provided within the context of a defined security policy. The Security Audit and Alarms model provided inclause 6 supports a variety of goals not all of which may be necessary or desired in a particular environment. The security audit service p

32、rovides an audit authority with the ability to specify the events which need to be recorded within a security audit trail. A number of different types of standard can use this framework including: 1) standards that incorporate the concept of audit and alarms; 2) standards that specify abstract servi

33、ces that include audit and alarms; 3) standards that specify uses of audit and alarms; 4) standards that specify the means of providing audit and alarms within an open system architecture; andBSISO/IEC 10181-7:1996 2 BSI 11-1998 5) standards that specify audit and alarms mechanisms. Such standards c

34、an use this framework as follows: standard types 1), 2), 3), 4) and 5) can use the terminology of this framework; standard types 2), 3), 4) and 5) can use the facilities defined in clause 8; and standard types 5) can be based upon the characteristics of mechanisms defined inclause9. 2 Normative refe

35、rences The following Recommendations and International Standards contain provisions, which through reference in this text, constitute provisions of this Recommendation|International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject

36、 to revision, and parties to agreements based on this Recommendation|International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards indicated below. Members of IEC and ISO maintain registers of currently valid Internation

37、al Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations|International Standards ITU-T Recommendation X.200 (1994)| ISO/IEC 7498-1:1994, Information technology Open Systems Interconnection Basic Ref

38、erence Model: The Basic Model. CCITT Recommendation X.734 (1992)| ISO/IEC 10164-5:1993, Information technology Open Systems Interconnection Systems management: Event report management function. CCITT Recommendation X.735 (1992)| ISO/IEC 10164-6:1993, Information technology Open Systems Interconnecti

39、on Systems management: Log control function. CCITT Recommendation X.736 (1992)| ISO/IEC 10164-7:1992, Information technology Open Systems Interconnection Systems management: Security alarm reporting function. CCITT Recommendation X.740 (1992)| ISO/IEC 10164-8:1993, Information technology Open System

40、s Interconnection Systems management: Security audit trail function. ITU-T Recommendation X.810 (1995) | ISO/IEC 10181-1:1996, Information technology Open Systems Interconnection Security frameworks for open systems: Overview. 2.2 Paired Recommendations|International Standards equivalent in technica

41、l content CCITT Recommendation X.700 (1992), Management framework for Open Systems Interconnection (OSI) for CCITT applications. ISO/IEC 7498-4:1989, Information processing systems Open Systems Interconnection Basic Reference Model Part 4: Management framework. CCITT Recommendation X.800 (1991), Sec

42、urity Architecture for Open Systems Interconnection for CCITT applications. ISO 7498-2:1989, Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture. 3 Definitions For the purposes of this Recommendation|International Standard, the following de

43、finitions apply. 3.1 Basic Reference Model definitions this Recommendation|International Standard makes use of the following terms defined in ITU-TRec.X.200|ISO/IEC 7498-1 a) entity; b) facility; c) function; d) service. 3.2 security architecture definitions this Recommendation|International Standar

44、d makes use of the following terms defined in CCITTRec. X.800|ISO/IEC 7498-2 a) Accountability; b) Availability; c) Security Audit; d) Security Audit Trail; e) Security Policy. 3.3 management framework definitions this Recommendation|International Standard makes use of the following terms defined in

45、CCITTRec. X.700|ISO/IEC 7498-4: Managed Object.BSISO/IEC 10181-7:1996 BSI 11-1998 3 3.4 security framework overview definitions this Recommendation|International Standard makes use of the following terms defined in ITU-TRec.X.810|ISO/IEC 10181-1 Security Domain. 3.5 Additional definitions for the pu

46、rposes of this Recommendation|International Standard, the following definitions apply. 3.5.1 alarm processor a function which generates an appropriate action in response to a security alarm and generates a security audit message 3.5.2 audit authority the manager responsible for defining those aspect

47、s of a security policy applicable to conducting a security audit 3.5.3 audit analyser a function that checks a security audit trail in order to produce, if appropriate, security alarms and security audit messages 3.5.4 audit archiver a function that archives a part of the security audit trail 3.5.5

48、audit dispatcher a function which transfers parts, or the whole, of a distributed security audit trail to the audit trail collector function 3.5.6 audit trail examiner a function that builds security reports out of one or more security audit trails 3.5.7 audit recorder a function that generates secu

49、rity audit records and stores them in a security audit trail 3.5.8 audit provider a function that provides security audit trail records according to some criteria 3.5.9 audit trail collector a function that gathers records from a distributed audit trail into a security audit trail 3.5.10 event discriminator a function which provides initial analysis of a security-related event and, if appropriate, generates a security audit and/or an alarm 3.5.11 security alarm a message

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1