• There are no items in your cart

BS ISO/IEC 10181-7:1996

Current

Current

The latest, up-to-date edition.

Information technology. Open systems interconnection. Security frameworks for open systems Security audit and alarms framework

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

15-11-1996

€165.94
Excluding VAT

1 Scope
2 Normative references
    2.1 Identical Recommendations/International
         Standards
    2.2 Paired Recommendations/International Standards
         equivalent in technical content
3 Definitions
    3.1 Basic Reference Model definitions
    3.2 Security architecture definitions
    3.3 Management framework definitions
    3.4 Security framework overview definitions
    3.5 Additional definitions
4 Abbreviations
5 Notation
6 General discussion of security audit and alarms
    6.1 Model and functions
    6.2 Phases of security audit and alarms procedures
    6.3 Correlation of audit information
7 Policy and other aspects of security audit and alarms
    7.1 Policy
    7.2 Legal aspects
    7.3 Protection requirements
8 Security audit and alarms information and facilities
    8.1 Audit and alarms information
    8.2 Security audit and alarms facilities
9 Security audit and alarms mechanisms
10 Interaction with other security services and
    mechanisms
    10.1 Entity authentication
    10.2 Data origin authentication
    10.3 Access Control
    10.4 Confidentiality
    10.5 Integrity
    10.6 Non-repudiation
Annex A - General security audit and alarms principles
          for OSI
Annex B - Realization of the security audit and alarm
          model
Annex C - Security Audit and Alarms Facilities Outline
Annex D - Time Registration of Audit Events

Deals with security services application in an Open Systems environment, to include areas such as Database, Distributed Applications, Open Distributed Processing and OSI. Defines protection for systems and objects within systems and with interactions between systems. Does not include methodology for construction of systems or mechanisms.

Committee
ICT/1
DevelopmentNote
Supersedes 95/641769 DC (08/2004)
DocumentType
Standard
Pages
22
PublisherName
British Standards Institution
Status
Current
Supersedes

This Recommendation | International Standard addresses the application of security services in an Open Systems environment, where the term \'Open Systems\' is taken to include areas such as Database, Distributed Applications, Open Distributed Processing and OSI. The Security Frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The Security Frameworks are not concerned with the methodology for constructing systems or mechanisms. The Security Frameworks address both data elements and sequences of operations (but not protocol elements) which are used to obtain specific security services. These security services may apply to the communicating entities of systems as well as to data exchanged between systems, and to data managed by systems. The purpose of security audit and alarms as described in this Recommendation | International Standard is to ensure that open system-security-related events are handled in accordance with the security policy of the applicable security authority. In particular, this framework: defines the basic concepts of security audit and alarms; provides a general model for security audit and alarms; and identifies the relationship of the Security Audit and Alarms service with other security services. As with other security services, a security audit can only be provided within the context of a defined security policy. The Security Audit and Alarms model provided in clause6 supports a variety of goals not all of which may be necessary or desired in a particular environment. The security audit service provides an audit authority with the ability to specify the events which need to be recorded within a security audit trail. A number of different types of standard can use this framework including: standards that incorporate the concept of audit and alarms; standards that specify abstract services that include audit and alarms; standards that specify uses of audit and alarms; standards that specify the means of providing audit and alarms within an open system architecture; and standards that specify audit and alarms mechanisms. Such standards can use this framework as follows: standard types1), 2), 3), 4) and 5) can use the terminology of this framework; standard types2), 3), 4) and 5) can use the facilities defined in clause8; and standard types5) can be based upon the characteristics of mechanisms defined in clause9.

Standards Relationship
ISO/IEC 10181-7:1996 Identical

ISO/IEC 7498-1:1994 Information technology Open Systems Interconnection Basic Reference Model: The Basic Model
ISO/IEC 10181-1:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Overview
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 10164-7:1992 Information technology Open Systems Interconnection Systems Management: Security alarm reporting function
ISO/IEC 10164-8:1993 Information technology Open Systems Interconnection Systems Management: Security audit trail function
ISO/IEC 10164-5:1993 Information technology Open Systems Interconnection Systems management: Event Report Management Function
ISO/IEC 7498-4:1989 Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 4: Management framework
ISO/IEC 10164-6:1993 Information technology — Open Systems Interconnection — Systems Management: Log control function

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.