Computer Security Threat Monitoring and Surveillance

15.07.2013 Views
Obviously with the records being dropped and added the other consider ation is that a previous history record does not exist for a par ticular user. In this case, new master records are created and insert ed in the correct place. No statistical reporting or distribution tests are performed in this case, but the absolute limits tests are recorded. In order to provide the security officer with some notion of what is going on, an exception report item is created for the session summary records that indicates that a new history master record is being created, and the new master record is avail able for display as part of the exception reporting.

Job/User Identification Program Sort by Jobid/Userid Keep First of Each 'Job' Parameter Editor FIGURE 5 Processing to Audit File Use to Main Audit Run

Page 1: James P. Anderson Co. Box 42 Fort W

Page 10 and 11: FIGURE 2 · Threat Representations

Page 12 and 13: In most systems such data is not co

Page 14: is interesting in that it is by def

Page 21 and 22: This is well illustrated by the exa

Page 24 and 25: If (for purposes of illustration) w

Page 27: The abnormal patterns of reference

Page 30: and so forth. The purpose of the so

Page 40: S.l Relevant SMF Records 5. Adaptin

Page 47: Rather than attempt to treat all me

Page 53 and 54: 6.5 Tasks The trace records will ha

audit

legitimate

parameters

summary

programs

individual

logons

exception

masquerader

detect

monitoring

csrc.nist.gov

Computer Security Threat Monitoring and Surveillance

Computer Security Threat Monitoring and Surveillance ... View more Computer Security Threat Monitoring and Surveillance

Delete template?

Save as template ?

Computer Security Threat Monitoring and Surveillance Computer Security Threat Monitoring and Surveillance