BS ISO IEC 10181-7-1996 Information technology - Open systems interconnection - Security frameworks for open systems - Security audit and alarms framework《信息技术 开放式系统互连 开放式.pdf

上传人:registerpick115 文档编号:396183 上传时间:2018-10-18 格式:PDF 页数:22 大小:1,022KB
下载 相关 举报
BS ISO IEC 10181-7-1996 Information technology - Open systems interconnection - Security frameworks for open systems - Security audit and alarms framework《信息技术 开放式系统互连 开放式.pdf_第1页
第1页 / 共22页
BS ISO IEC 10181-7-1996 Information technology - Open systems interconnection - Security frameworks for open systems - Security audit and alarms framework《信息技术 开放式系统互连 开放式.pdf_第2页
第2页 / 共22页
BS ISO IEC 10181-7-1996 Information technology - Open systems interconnection - Security frameworks for open systems - Security audit and alarms framework《信息技术 开放式系统互连 开放式.pdf_第3页
第3页 / 共22页
BS ISO IEC 10181-7-1996 Information technology - Open systems interconnection - Security frameworks for open systems - Security audit and alarms framework《信息技术 开放式系统互连 开放式.pdf_第4页
第4页 / 共22页
BS ISO IEC 10181-7-1996 Information technology - Open systems interconnection - Security frameworks for open systems - Security audit and alarms framework《信息技术 开放式系统互连 开放式.pdf_第5页
第5页 / 共22页
亲,该文档总共22页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、BRITISH STANDARD BS ISO/IEC 10181-7:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Security audit and alarms framework (ITU-T Rec. X.816 (1995)| ISO/IEC10181-7:1996) ICS 35.100.01BSISO/IEC 10181-7:1996 This British Standard, having been prepared under

2、the direction of the DISC Board, was published under the authority of the Standards Board and comes into effect on 15 November 1996 BSI 11-1998 ISBN 0 580 26525 0 National foreword This British Standard reproduces verbatim ISO/IEC 10181-7:1996, and implements it as the UK national standard. The UK p

3、articipation in its preparation was entrusted to Technical Committee IST/21, Open Systems Interconnection, Data Management and Open Distributed Processing, which has the responsibility to: aid enquirers to understand the text; present to the responsible international/European committee any enquiries

4、 on the interpretation, or proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee is available on request. Cross-references The British Standards which impl

5、ement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or using the “Find” facility of the BSI Standards Electronic Catalogue. A British Standard does not purport

6、 to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cove

7、r, the ISO/IEC title page, pages ii to iv, pages 1 to 14 an inside back cover andaback cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on theinside front cover. Amendments issued since publication Amd.

8、 No. Date CommentsBSISO/IEC 10181-7:1996 ii BSI 11-1998 Contents Page Foreword iii Introduction 1 1 Scope 1 2 Normative references 2 2.1 Identical Recommendations | International Standards 2 2.2 Paired Recommendations | International Standards equivalent in technical content 2 3 Definitions 2 3.1 Ba

9、sic Reference Model definitions 2 3.2 Security architecture definitions 2 3.3 Management framework definitions 2 3.4 Security framework overview definitions 3 3.5 Additional definitions 3 4 Abbreviations 3 5 Notation 3 6 General discussion of security audit and alarms 4 6.1 Model and functions 4 6.2

10、 Phases of security audit and alarms procedures 6 6.3 Correlation of audit information 7 7 Policy and other aspects of security audit and alarms 7 7.1 Policy 7 7.2 Legal aspects 8 7.3 Protection requirements 8 8 Security audit and alarms information and facilities 8 8.1 Audit and alarms information

11、8 8.2 Security audit and alarms facilities 9 9 Security audit and alarms mechanisms 10 10 Interaction with other security services and mechanisms 10 10.1 Entity authentication 10 10.2 Data origin authentication 10 10.3 Access Control 10 10.4 Confidentiality 10 10.5 Integrity 10 10.6 Non-repudiation

12、10 Annex A General security audit and alarms principles for OSI 11 Annex B Realization of the security audit and alarm model 12 Annex C Security Audit and Alarms Facilities Outline 14 Annex D Time Registration of Audit Events Inside back cover Figure 1 Security audit and alarms model 5 Figure 2 Dist

13、ributed audit trail model 6 Figure B.1 An Example of realization of a alarm and audit service 13BSISO/IEC 10181-7:1996 BSI 11-1998 iii Foreword ISO (the International Organization for Standardization) and IEC (theInternational Electrotechnical Commission) form the specialized system for worldwide st

14、andardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields

15、 of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted b

16、y the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 10181-7 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information

17、 technology, Subcommittee SC 21, Open systems interconnection, data management and open distributed processing, in collaboration with ITU-T. The identical text is published as ITU-TRecommendation X.816. ISO/IEC 10181 consists of the following parts, under the general title Information technology Ope

18、n Systems Interconnection Security frameworks for open systems: Part 1: Overview; Part 2: Authentication framework; Part 3: Access control framework; Part 4: Non-repudiation framework; Part 5: Confidentiality framework; Part 6: Integrity framework; Part 7: Security audit and alarms framework. Annexe

19、s A to D of this part of ISO/IEC 10181 are for information only.iv blankBSISO/IEC 10181-7:1996 BSI 11-1998 1 Introduction This Recommendation|International Standard refines the concept of security audit described in ITU-T Rec. X.810|ISO/IEC 10181-1. This includes event detection and actions resultin

20、g from these events. The framework, therefore, addresses both security audit and security alarms. A security audit is an independent review and examination of system records and activities. The purposes of a security audit include: assisting in the identification and analysis of unauthorized actions

21、 or attacks; helping ensure that actions can be attributed to the entities responsible for those actions; contributing to the development of improved damage control procedures; confirming compliance with established security policy; reporting information that may indicate inadequacies in system cont

22、rols; and identifying possible required changes in controls, policy and procedures. In this framework, a security audit consists of the detection, collection and recording of various security-related events in a security audit trail and analysis of those events. Both audit and accountability require

23、 that information be recorded. A security audit ensures that sufficient information is recorded about both routine and exceptional events so that later investigations can determine if security violations have occurred and, if so, what information or other resources have been compromised. Accountabil

24、ity ensures that relevant information is recorded about actions performed by users, or processes acting on their behalf, so that the consequences of those actions can later be linked to the user(s) in question, and the user(s) can be held accountable for his or her actions. Provision of a security a

25、udit service can contribute to the provision of accountability. A security alarm is a warning issued to an individual or process to indicate that a situation has arisen that may require timely action. The purposes of a security alarm service include: to report real or apparent attempts to violate se

26、curity; to report various security-related events, including “normal” events; and to report events triggered by threshold limits being reached. 1 Scope This Recommendation|International Standard addresses the application of security services in an Open Systems environment, where the term “Open Syste

27、ms” is taken to include areas such as Database, Distributed Applications, Open Distributed Processing and OSI. The Security Frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The Security Framewo

28、rks are not concerned with the methodology for constructing systems or mechanisms. The Security Frameworks address both data elements and sequences of operations (but not protocol elements) which are used to obtain specific security services. These security services may apply to the communicating en

29、tities of systems as well as to data exchanged between systems, and to data managed by systems. The purpose of security audit and alarms as described in this Recommendation|International Standard is to ensure that open system-security-relatedevents are handled in accordance with the security policy

30、of the applicable security authority. In particular, this framework: a) defines the basic concepts of security audit and alarms; b) provides a general model for security audit and alarms; and c) identifies the relationship of the Security Audit and Alarms service with other security services. As wit

31、h other security services, a security audit can only be provided within the context of a defined security policy. The Security Audit and Alarms model provided inclause 6 supports a variety of goals not all of which may be necessary or desired in a particular environment. The security audit service p

32、rovides an audit authority with the ability to specify the events which need to be recorded within a security audit trail. A number of different types of standard can use this framework including: 1) standards that incorporate the concept of audit and alarms; 2) standards that specify abstract servi

33、ces that include audit and alarms; 3) standards that specify uses of audit and alarms; 4) standards that specify the means of providing audit and alarms within an open system architecture; andBSISO/IEC 10181-7:1996 2 BSI 11-1998 5) standards that specify audit and alarms mechanisms. Such standards c

34、an use this framework as follows: standard types 1), 2), 3), 4) and 5) can use the terminology of this framework; standard types 2), 3), 4) and 5) can use the facilities defined in clause 8; and standard types 5) can be based upon the characteristics of mechanisms defined inclause9. 2 Normative refe

35、rences The following Recommendations and International Standards contain provisions, which through reference in this text, constitute provisions of this Recommendation|International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject

36、 to revision, and parties to agreements based on this Recommendation|International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards indicated below. Members of IEC and ISO maintain registers of currently valid Internation

37、al Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. 2.1 Identical Recommendations|International Standards ITU-T Recommendation X.200 (1994)| ISO/IEC 7498-1:1994, Information technology Open Systems Interconnection Basic Ref

38、erence Model: The Basic Model. CCITT Recommendation X.734 (1992)| ISO/IEC 10164-5:1993, Information technology Open Systems Interconnection Systems management: Event report management function. CCITT Recommendation X.735 (1992)| ISO/IEC 10164-6:1993, Information technology Open Systems Interconnecti

39、on Systems management: Log control function. CCITT Recommendation X.736 (1992)| ISO/IEC 10164-7:1992, Information technology Open Systems Interconnection Systems management: Security alarm reporting function. CCITT Recommendation X.740 (1992)| ISO/IEC 10164-8:1993, Information technology Open System

40、s Interconnection Systems management: Security audit trail function. ITU-T Recommendation X.810 (1995) | ISO/IEC 10181-1:1996, Information technology Open Systems Interconnection Security frameworks for open systems: Overview. 2.2 Paired Recommendations|International Standards equivalent in technica

41、l content CCITT Recommendation X.700 (1992), Management framework for Open Systems Interconnection (OSI) for CCITT applications. ISO/IEC 7498-4:1989, Information processing systems Open Systems Interconnection Basic Reference Model Part 4: Management framework. CCITT Recommendation X.800 (1991), Sec

42、urity Architecture for Open Systems Interconnection for CCITT applications. ISO 7498-2:1989, Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture. 3 Definitions For the purposes of this Recommendation|International Standard, the following de

43、finitions apply. 3.1 Basic Reference Model definitions this Recommendation|International Standard makes use of the following terms defined in ITU-TRec.X.200|ISO/IEC 7498-1 a) entity; b) facility; c) function; d) service. 3.2 security architecture definitions this Recommendation|International Standar

44、d makes use of the following terms defined in CCITTRec. X.800|ISO/IEC 7498-2 a) Accountability; b) Availability; c) Security Audit; d) Security Audit Trail; e) Security Policy. 3.3 management framework definitions this Recommendation|International Standard makes use of the following terms defined in

45、CCITTRec. X.700|ISO/IEC 7498-4: Managed Object.BSISO/IEC 10181-7:1996 BSI 11-1998 3 3.4 security framework overview definitions this Recommendation|International Standard makes use of the following terms defined in ITU-TRec.X.810|ISO/IEC 10181-1 Security Domain. 3.5 Additional definitions for the pu

46、rposes of this Recommendation|International Standard, the following definitions apply. 3.5.1 alarm processor a function which generates an appropriate action in response to a security alarm and generates a security audit message 3.5.2 audit authority the manager responsible for defining those aspect

47、s of a security policy applicable to conducting a security audit 3.5.3 audit analyser a function that checks a security audit trail in order to produce, if appropriate, security alarms and security audit messages 3.5.4 audit archiver a function that archives a part of the security audit trail 3.5.5

48、audit dispatcher a function which transfers parts, or the whole, of a distributed security audit trail to the audit trail collector function 3.5.6 audit trail examiner a function that builds security reports out of one or more security audit trails 3.5.7 audit recorder a function that generates secu

49、rity audit records and stores them in a security audit trail 3.5.8 audit provider a function that provides security audit trail records according to some criteria 3.5.9 audit trail collector a function that gathers records from a distributed audit trail into a security audit trail 3.5.10 event discriminator a function which provides initial analysis of a security-related event and, if appropriate, generates a security audit and/or an alarm 3.5.11 security alarm a message

展开阅读全文
相关资源
  • BS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdfBS ISO IEC 29150-2011 Information technology Security techniques Signcryption《信息技术 安全技术 签密》.pdf
  • BS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdfBS ISO IEC 15408-1-2009 Information technology - Security techniques - Evaluation criteria for IT Security - Introduction and general model《信息技术 安全技术 IT安全评价准则 一.pdf
  • BS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdfBS ISO 7295-1988+A1-2014 Tyre valves for aircraft Interchangeability dimensions《飞机轮胎汽门嘴 互换性尺寸》.pdf
  • BS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdfBS ISO 15118-1-2013 Road vehicles Vehicle to grid communication interface General information and use-case definition《道路车辆 车辆到电力通讯接口 通用信息和使用案例定义》.pdf
  • BS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdfBS ISO 13765-2-2004 Refractory mortars - Determination of consistency using the reciprocating flow table method《耐熔灰浆 使用往复流动表法测定一致性》.pdf
  • BS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdfBS ISO 10998-2008+A1-2014 Agricultural tractors Requirements for steering《农业拖拉机 操纵要求》.pdf
  • BS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdfBS Z 9-1998 Space data and information transfer systems - Advanced orbiting systems - Networks and data links - Architectural specification《空间数据和信息传输系统 高级轨道系统 网络和数据链接 结构规范》.pdf
  • BS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdfBS Z 7-1998 Space data and information transfer systems - ASCII encoded English《空间数据和信息传输系统 ASCII 编码英语》.pdf
  • BS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdfBS Z 5-1997 Space data and information transfer systems - Standard formatted data units - Control authority procedures《航天数据和信息发送系统 标准格式数据单元 控制授权程序》.pdf
  • BS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdfBS Z 4-1997 Space data and information transfer systems - Standard formatted data units - Structure and construction rules《航天数据和信息传输系统 标准格式数据单元 结构和构造规则》.pdf
  • 猜你喜欢
    相关搜索

    当前位置:首页 > 标准规范 > 国际标准 > BS

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1