标准摘要
[中文适用范围]: 本国际标准提供了帮助组织准备部署入侵检测系统 (IDS) 的指南。 特别是,它涉及 IDS 的选择、部署和操作。 它还提供了衍生这些指南的背景信息。 本国际标准旨在帮助 a) 组织满足 ISO/IEC 27001 的以下要求: ——组织应实施能够及时检测和响应安全事件的程序和其他控制措施。 - 组织应执行监控和审查程序以及其他控制措施,以正确识别尝试的和成功的安全漏洞和事件。 b) 组织实施满足 ISO/IEC 17799 下列安全目标的控制措施: ——检测未经授权的信息处理活动。 - 应监控系统并记录信息安全事件。 应使用操作员日志和故障记录来确保识别信息系统问题。 - 组织应遵守适用于其监测和记录活动的所有相关法律要求。 - 系统监控应用于检查所采用的控制措施的有效性并验证访问策略模型的一致性。 组织应该认识到,部署 IDS 并不是满足或满足上述要求的唯一和/或详尽的解决方案。 此外,本国际标准无意作为任何类型的合格评定的标准,例如信息安全管理体系(ISMS)认证、IDS 服务或产品认证。 [外文原描述]: ISO/IEC 18043:2006 provides guidance for an organization that decides to include an intrusion detection capability within its IT infrastructure. It is a "how to" for managers and users who want to: understand the benefits and limitations of IDS; develop a strategy and implementation plan for IDS; effectively manage the outputs of an IDS; integrate intrusion detection into the organization's security practices; and understand the legal and privacy issues involved in the deployment of IDS. ISO/IEC 18043:2006 provides information that will facilitate collaboration among organizations using IDS. The common framework it provides will help make it easier for organizations to exchange information about intrusions that cut across organizational boundaries. ISO/IEC 18043:2006 provides a brief overview of the intrusion detection process; discusses what an IDS can and cannot do; provides a checklist that helps identify the best IDS features for a specific IT environment; describes various deployment strategies; provides guidance on managing alerts from IDSs; and discusses management and legal considerations.
英文名称Information technology - Security techniques - Selection, deployment and operations of intrusion detection systems