Have a look in http://www.nsecure.net ----- Original Message ----- From: "Derrick Lewis" <dlewis@linuxsecurity.com> To: <security-discuss@linuxsecurity.com> Sent: Monday, August 19, 2002 7:29 PM Subject: Intrusion Detection System Implementation (Proposal) > > I am doing research on possible Intrusion Detection System Implementation > for a friend of mine who sent me an RFP (Request For Proposals). The RFP > involves assisting XYZ company in its HIPAA Program remediation planning > and implementation as a result of the mandated Health Insurance > Portability and Accountability Act of 1996 (HIPAA) requirements. Some of > the RFP is clipped below. I wanted to know if anyone on the list has had > any experience doing such a task? If so, can you point me to resources on > that would assist me in completing this task? Thanks. -D > > > > Objective 3: Intrusion Detection System Implementation > > Implement a Host and Network based Intrusion Detection System (IDS) that > will monitor activities on the servers and network. If unwanted activity > is detected, an event notification would be sent to the appropriate > person. > > > Intrusion Detection System Implementation Deliverables: > > -Develop detailed project plan and timelines for project management. > > -Develop a Strategy and Requirements documents. This document should > include Business Requirements, Technical Requirements, ROI analysis and > in-source vs. out-source analysis. > > -Perform a risk and needs analysis to determine what type (network based, > host based, etc.) of IDS and how many. > > -Identify intrusion detection technologies that would best work for XYZ > Companies model. > > -Develop an RFP based on the previous steps to purchase an IDS product. > > -Periodically test the effectiveness of the IDS over the next several > quarters by performing a planned and staged hack of the network. > > -Identify the policies and procedures that will be needed to support IDS > implementation. > > -- > Derrick Lewis > Assistant Site Manager LinuxSecurity.com > (201) 934-9230 "The Linux Community's Center for Security." > dlewis@linuxsecurity.com http://www.linuxsecurity.com > > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
