ISO/IEC 27039:2015
Information technology — Security techniques — Selection, deployment and operations of intrusion detection and prevention systems (IDPS)
ISO/IEC 27039:2015 provides guidelines to assist organizations in preparing to deploy intrusion detection and prevention systems (IDPS). In particular, it addresses the selection, deployment, and operations of IDPS. It also provides background information from which these guidelines are derived.
| Get this standard | Prices exclude GST | |
|---|---|---|
| PDF ( Single user document) |
$343.00 NZD
|
|
| HardCopy |
$389.00 NZD
|
|
| Networkable PDF |
Price varies
|
Foreword
Introduction
1 Scope
2 Terms and definitions
3 Background
4 General
5 Selection
5.1 Introduction
5.2 Information security risk assessment
5.3 Host or Network IDPS
5.3.1 Overview
5.3.2 Host-based IDPS (HIDPS)
5.3.3 Network-based IDPS (NIDPS)
5.4 Considerations
5.4.1 System environment
5.4.2 Security protection mechanisms
5.4.3 IDPS security policy
5.4.4 Performance
5.4.5 Verification of capabilities
5.4.6 Cost
5.4.7 Updates
5.4.8 Alert strategies
5.4.9 Identity management
5.5 Tools that complement IDPS
5.5.1 Overview
5.5.2 File integrity checkers
5.5.3 Firewall
5.5.4 Honeypots
5.5.5 Network management tools
5.5.6 Security Information Event Management (SIEM) tools
5.5.7 Virus/Content protection tools
5.5.8 Vulnerability assessment tools
5.6 Scalability
5.7 Technical support
5.8 Training
6 Deployment
6.1 Overview
6.2 Staged deployment
6.3 NIDPS deployment
6.3.1 Overview
6.3.2 Location of NIDPS inside an Internet firewall
6.3.3 Location of NIDPS outside an Internet firewall
6.3.4 Location of NIDPS on a major network backbone
6.3.5 Location of NIDPS on critical subnets
6.4 HIDPS deployment
6.5 Safeguarding and protecting IDPS information security
7 Operations
7.1 Overview
7.2 IDPS tuning
7.3 IDPS vulnerabilities
7.4 Handling IDPS alerts
7.4.1 Overview
7.4.2 Information Security Incident Response Team (ISIRT)
7.4.3 Outsourcing
7.5 Response options
7.5.1 Principles
7.5.2 Active response
7.5.3 Passive reaction
7.6 Legal Considerations
7.6.1 Overview
7.6.2 Privacy
7.6.3 Other legal and policy considerations
7.6.4 Forensics
Annex A (informative) Intrusion Detection and Prevention System (IDPS): Framework and issues to be considered
Bibliography
Keep me up-to-date
Sign up to receive updates when there are changes to this standard
Related Information
Similar Standards
-
AS/NZS ISO/IEC 27001:2023
Information security, cybersecurity and privacy protection – Information security management systems – Requirements
-
AS/NZS ISO/IEC 27001:2023 A1
Information security, cybersecurity and privacy protection - Privacy enhancing data de-identification framework
-
AS/NZS ISO/IEC 27002:2022
Information security, cybersecurity and privacy protection — Information security controls
-
AS/NZS ISO/IEC 27011:2025
Information security, cybersecurity and privacy protection – Information security controls based on ISO/IEC 27002 for telecommunications organizations
Foreword
Introduction
1 Scope
2 Terms and definitions
3 Background
4 General
5 Selection
5.1 Introduction
5.2 Information security risk assessment
5.3 Host or Network IDPS
5.3.1 Overview
5.3.2 Host-based IDPS (HIDPS)
5.3.3 Network-based IDPS (NIDPS)
5.4 Considerations
5.4.1 System environment
5.4.2 Security protection mechanisms
5.4.3 IDPS security policy
5.4.4 Performance
5.4.5 Verification of capabilities
5.4.6 Cost
5.4.7 Updates
5.4.8 Alert strategies
5.4.9 Identity management
5.5 Tools that complement IDPS
5.5.1 Overview
5.5.2 File integrity checkers
5.5.3 Firewall
5.5.4 Honeypots
5.5.5 Network management tools
5.5.6 Security Information Event Management (SIEM) tools
5.5.7 Virus/Content protection tools
5.5.8 Vulnerability assessment tools
5.6 Scalability
5.7 Technical support
5.8 Training
6 Deployment
6.1 Overview
6.2 Staged deployment
6.3 NIDPS deployment
6.3.1 Overview
6.3.2 Location of NIDPS inside an Internet firewall
6.3.3 Location of NIDPS outside an Internet firewall
6.3.4 Location of NIDPS on a major network backbone
6.3.5 Location of NIDPS on critical subnets
6.4 HIDPS deployment
6.5 Safeguarding and protecting IDPS information security
7 Operations
7.1 Overview
7.2 IDPS tuning
7.3 IDPS vulnerabilities
7.4 Handling IDPS alerts
7.4.1 Overview
7.4.2 Information Security Incident Response Team (ISIRT)
7.4.3 Outsourcing
7.5 Response options
7.5.1 Principles
7.5.2 Active response
7.5.3 Passive reaction
7.6 Legal Considerations
7.6.1 Overview
7.6.2 Privacy
7.6.3 Other legal and policy considerations
7.6.4 Forensics
Annex A (informative) Intrusion Detection and Prevention System (IDPS): Framework and issues to be considered
Bibliography