Auditing a Distributed Intrusion Detection System: An Auditors Perspective

I am auditing a Distributed Intrusion Detection System (IDS) that will be used by a healthcare organization to satisfy the proposed Health Insurance Portability and Accountability Act (HIPAA) security regulations which require a system to be in place to 'guard data integrity confidentiality and availability'. If using a network the following security measures must be in place to ensure HIPAA compliance: Alarm Audit Trail Entity Authentication and Event Reporting.1 An intrusion detection system will aid in satisfying 3 of the 4 proposed regulations. The IDS design being audited is currently residing in a test network for evaluation purposes only. The intent of this audit is to certify the design to ensure it will comply with stated security policies and guidelines set forth by the healthcare organization. In order for the IDS design to be certified it must undergo a detailed audit and any deficiencies must be addressed before the system can be installed into the production network.