29
•
Collaborating IDS
with
firewall
needs also to be considered. This is
to determine
how both
work
together
in
taking
the action to
stop the
intrusions. It
can
use
the
basic
approach
of
response,
including
preparation, detection,
containment,
eradication, recovery, and follow-up.
•
There
are
other
important
control
issues,
which
are
deeply
dealing
with
the
access
and
authorization control of
the
users
or
employees of
the
organizations.
This obliges the
IS auditors or
the
IDS administrators to properly
take actions
to
the
incidents determined
from
what
and
how
the
employees are
illegally
behaving inside the
network, such
as
opening URL
links or
emails
with
attached
malicious
code,
accessing
through
illegal
modem
lines,
and
utilizing
software
that can pose threats.
•
The
main
task
of IS auditor
is
to
perform
such auditing
work
gathered
from
the
IDS.
This
includes the
understanding and
the
operation of
data
flow
processing
and
examination,
IDS
testing
and
reviewing,
monitoring,
and
audit
documentations.
•
The
last
step
is
reporting
process. Weaknesses and
other
kind
of
flaws
found
in
the IDS by conducting evaluations are supposedly reported to the
management so
that
proper
actions such
as
control strengthening and
management improvement
are taken appropriately.
 |