ISO/IEC 18043:2006

Course

Online

£ 168 + VAT

Description

  • Type

    Course

  • Methodology

    Online

Information Technology. Security Techniques. Selection, Deployment and Operations of Intrusion Detection Systems.

Questions & Answers

Add your question

Our advisors and other users will be able to reply to you

Who would you like to address this question to?

Fill in your details to get a reply

We will only publish your name and question

Reviews

Course programme

Description
Information Technology. Security Techniques. Selection, Deployment and Operations of Intrusion Detection Systems.

Program

ISO/IEC 18043:2006 Information Technology. Security Techniques. Selection, Deployment and Operations of Intrusion Detection SystemsOrganizations should not only know when, if, and how an intrusion of their network, system or application occurs, they also should know what vulnerability was exploited and what safeguards or appropriate risk treatment options (i.e. risk transfer, risk acceptance, risk avoidance) should be implemented to prevent similar intrusions in the future. Organizations should also recognize and deflect cyber-based intrusions. This requires an analysis of host and network traffic and/or audit trails for attack signatures or specific patterns that usually indicate malicious or suspicious intent.

In the mid-1990s, organizations began to use Intrusion Detection Systems (IDS) to fulfil these needs. The general use of IDS continues to expand with a wider range of IDS products being made available to satisfy an increasing level of organizational demands for advanced intrusion detection capability.
In order for an organization to derive the maximum benefits from IDS, the process of IDS selection, deployment, and operations should be carefully planned and implemented by properly trained and experienced personnel. In the case where this process is achieved, then IDS products can assist an organization in obtaining intrusion information and can serve as an important security device within the overall information and communications technology (ICT) infrastructure.
This standard provides guidelines for effective IDS selection, deployment and operation, as well as fundamental knowledge about IDS. It is also applicable to those organizations that are considering outsourcing their intrusion detection capabilities. Information about outsourcing service level agreements can be found in the IT Service Management (ITSM) processes based on ISO/IEC 20000 .
This standard also provides guidelines to assist organizations in preparing to deploy Intrusion Detection System (IDS). In particular, it addresses the selection, deployment and operations of IDS. It also provides background information from which these guidelines are derived.
This standard is intended to be helpful to
  1. an organization in satisfying the following requirements of ISO/IEC 27001 :
    a) The organization shall implement procedures and other controls capable of enabling prompt detection of and response to security incidents.
    b) The organization shall execute monitoring and review procedures and other controls to properly identify attempted and successful security breaches and incidents.

  2. an organization in implementing controls that meet the following security objectives of ISO/IEC 17799 :
    a) To detect unauthorized information processing activities.
    b) Systems should be monitored and information security events should be recorded. Operator logs and fault logging should be used to ensure information system problems are identified.
    c) An organization should comply with all relevant legal requirements applicable to its monitoring and logging activities.
    d) System monitoring should be used to check the effectiveness of controls adopted and to verify conformity to an access policy model.
An organization should recognize that deploying IDS is not a sole and/or exhaustive solution to satisfy or meet the above-cited requirements. Furthermore, this standard is not intended as criteria for any kind of conformity assessments, e.g., Information Security Management System (ISMS) certification, IDS services or products certification.

Publisher: IEC
Format: Electronic Download .PDF (0.3MB)
Licensing Terms : Purchase and Use of this Product is Subject to this EULA .
Published Date: 15 June 2006
Availability: Immediate Download

Order today for immediate download!

ISO/IEC 18043:2006

£ 168 + VAT