Information technology -- Security techniques -- Selection, deployment and operations of intrusion detection systems
This standard has been revised by ISO/IEC 27039:2015.
ISO/IEC 18043:2006 provides guidance for an organization that decides to include an intrusion detection capability within its IT infrastructure. It is a "how to" for managers and users who want to: understand the benefits and limitations of IDS; develop a strategy and implementation plan for IDS; effectively manage the outputs of an IDS; integrate intrusion detection into the organization's security practices; and understand the legal and privacy issues involved in the deployment of IDS.
ISO/IEC 18043:2006 provides information that will facilitate collaboration among organizations using IDS. The common framework it provides will help make it easier for organizations to exchange information about intrusions that cut across organizational boundaries.
ISO/IEC 18043:2006 provides a brief overview of the intrusion detection process; discusses what an IDS can and cannot do; provides a checklist that helps identify the best IDS features for a specific IT environment; describes various deployment strategies; provides guidance on managing alerts from IDSs; and discusses management and legal considerations.