Re: Building an IDS security policy

[Stephane <stephane.d () ecologie net>]

Knorr Markus wrote:

> Hi list,
> I´m an recent alumnus of computer science (who will be given his Diploma in two weeks) and this is the first Job i did. 
> In cause of writing my diploma thesis about the advantages of korrelation the data from Vulnerability Scanners und NIDS 
> i´m now the person who has to implement the IDS/IPS in all questions about this topic...
> To solve the technical implementation is no problem, but what about the policy? 
> However, i have not much experience in such organisational topics at all.
>
> Are there any papers or books on how to write a specifical IDS-Policy?
>
> The paper/book should deal with questions like:
> How should the the IDS/IPS be monitored (24-Hours? in the business hours from an analyst and the other time on call?)?
> What is to do when an High-Risk-Event occurs?
> What should an IDS/IPS-Policy descripe/include?
> How can i accomplish the IDS/IPS-Thoughts in the whole Company and further to cooperate with the relevant Units 
> (Webhosting, etc.)?
>
> Questions over questions...
>
> Thx in advance for your help.
>
> Markus
>
> P.s.: Plz do not make any business offers ;-)      
>  

Here, you'll find the references you need

X-Force Education Services
http://www.iss.net/education/

ISS Bookstore
http://xforce.iss.net/xforce/bookstore/

-> http://xforce.iss.net/xforce/bookstore/0471290009.php
-> http://xforce.iss.net/xforce/bookstore/0735708681.php

Kind regqards,

S.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------