scope:

This International Standard provides guidelines to assist organizations in preparing to deploy Intrusion Detection System (IDS). In particular, it addresses the selection, deployment and operations of IDS. It also provides background information from which these guidelines are derived. This International Standard is intended to be helpful to a) an organization in satisfying the following requirements of ISO/IEC 27001: The organization shall implement procedures and other controls capable of enabling prompt detection of and response to security incidents. The organization shall execute monitoring and review procedures and other controls to properly identify attempted and successful security breaches and incidents. b) an organization in implementing controls that meet the following security objectives of ISO/IEC 17799: To detect unauthorized information processing activities. Systems should be monitored and information security events should be recorded. Operator logs and fault logging should be used to ensure information system problems are identified. An organization should comply with all relevant legal requirements applicable to its monitoring and logging activities. System monitoring should be used to check the effectiveness of controls adopted and to verify conformity to an access policy model. An organization should recognize that deploying IDS is not a sole and/or exhaustive solution to satisfy or meet the above-cited requirements. Furthermore, this International Standard is not intended as criteria for any kind of conformity assessments, e.g., Information Security Management System (ISMS) certification, IDS services or products certification.