ISO 27039 provides fundamental information about, and guidelines for the effective selection, deployment and operation of, intrusion detection and prevention systems (IDPSs).
An IDPS can help organisations by providing network and system intrusion information, and can serve as an important security device within the overall information and communications technology (ICT) infrastructure – such as an ISO 27001-compliant information security management system (ISMS).
As a fundamental part of information security management – such as that set out in ISO 27001 – organisations should not only know if and when an intrusion into their network, system or application occurs, they should also know the vulnerabilities that were exploited and the safeguards or appropriate risk treatment options that should be implemented to prevent similar intrusions in the future.
An intrusion detection and prevention system allows organisations to do this. There are, however, many different commercial or open-source IDPS products and services available, based on different technologies and approaches.
There are advantages and disadvantages to each type of system. ISO 27039 explains these and provides fundamental information about, and guidelines for the effective selection, deployment and operation of, IDPSs for all organisations.
When an organisation is preparing to deploy an IDPS, it should therefore be familiar with the guidelines and information provided by this standard as a minimum.
The Standard is also applicable to organisations that are considering outsourcing their intrusion detection capabilities.