NEN - NPR-ISO/IEC TR 15947
Information technology - Security techniques - IT intrusion detection framework
|Publication Date:||1 January 2003|
|ICS Code (Management systems):||03.100.70|
|ICS Code (IT Security):||35.030|
This is a Type 3 Technical Report (TR), which defines a framework for detection of intrusions in IT systems. Many classes of intrusions are considered. These include intrusions that are intentional or unintentional, legal or illegal, harmful or harmless and unauthorized access by insiders or outsiders. The TR focuses on: - establishing common definitions for terms and concepts associated with an IT intrusion detection framework, -describing a generic model of intrusion detection, - providing high level examples of attempts to exploit systems vulnerabilities, - discussing common types of input data and the sources needed for an effective intrusion detection capability, - discussing different methods and combinations of methods of intrusion detection analysis, - describing activities/actions in response to indications of intrusions.