ISO/IEC 27039 2015 (ISO 27039 Standard) – Intrusion detection and prevention systems

ISO/IEC 27039:2015 – Information technology – Security techniques – Selection, deployment and operations of intrusion detection systems (IDPS)

As a fundamental part of information security management – such as that set out in ISO 27001 – organisations should not only know if and when an intrusion into their network, system or application occurs, they should also know the vulnerabilities that were exploited and the safeguards or appropriate risk treatment options that should be implemented to prevent similar intrusions in the future.

An intrusion detection and prevention system allows organisations to do this. There are, however, many different commercial or open-source IDPS products and services available, based on different technologies and approaches.

• Network-based systems (NIDPSs) monitor network traffic for particular network segments or devices and analyse the network and application protocol activity to identify suspicious activity.
• Host-based systems (HIDPSs) monitor the characteristics of, and events occurring within, a particular host for suspicious activity.

There are advantages and disadvantages to each type of system. ISO 27039 explains these and provides fundamental information about, and guidelines for the effective selection, deployment and operation of, IDPSs for all organisations.

When an organisation is preparing to deploy an IDPS, it should therefore be familiar with the guidelines and information provided by this standard as a minimum.

The Standard is also applicable to organisations that are considering outsourcing their intrusion detection capabilities.