A framework for the detection of intrusions in computer systems is contained in a new standard from ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission).
An Intrusion Detection System (IDS) is an important tool for security management used to predict and identify intrusions in computer systems and to raise appropriate alarms during an intrusion attempt. The system enables local collection of information on intrusions, and subsequent consolidation and analysis, as well as analysis of an organization's normal IT patterns of behaviour and usage.
"One of the problems that businesses have is being able to detect when their systems are being intruded upon in order that effective action can be taken to prevent harm or loss to their assets," said Ted Humphreys, convenor of the ISO/IEC working group that has developed the standard. "The development of ISO/IEC 18043:2006 is an important step forward in dealing with the growing problem of intrusions and provides a good basis for progressing solutions and implementations."
Organizations are vulnerable to various kinds of security threats, such as unauthorized computer access, denial of service attacks and hackers. Typical misuse takes advantage of vulnerabilities in system configuration, user neglect and carelessness, as well as design flaws in software, protocols and operating systems. Outsiders, as well as insiders – disgruntled employees, inside trading, and temporary employees – can exploit these vulnerabilities.
ISO/IEC 18043:2006 provides guidelines to assist organizations in preparing to deploy Intrusion Detection Systems. In particular, it addresses the selection, deployment and operation of IDS. It also provides background information from which these guidelines are derived.
"It is estimated that intentional attacks on information systems are costing businesses worldwide around USD 15 billion each year and the cost is rising. In addition, there is the cost of the loss or damage to the corporate reputation, brand names, intellectual property and digital rights of multimedia content (for example, video and audio recordings) of the corporation, customer trust and loyalty, and of course the price of stocks and shares," further noted Ted Humphreys.
The new standard is expected to assist IT managers with setting up interoperable intrusion detection systems within their organizations and facilitating collaboration among organizations worldwide where cooperation is desired and/or essential to counter intrusion attempts.
ISO/IEC 18043:2006 costs 146 Swiss francs and is available from ISO national member institutes (see complete list with contact) and from ISO Central Secretariat (see below). The new standard is the work of Joint technical committee, ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT Security techniques, working group WG 1, Requirements, services and guidelines.
- ISO/IEC 18043:2006 [Withdrawn]Information technologySecurity techniquesSelection, deployment and operations of intrusion detection systems