ISO/IEC 27033-1:2015(E)
Introduction
In today’s world, the majority of both commercial and government organizations have their information
systems connected by networks (see
Figure 1
), with the network connections being one or more of the
following:
— within the organization,
— between different organizations,
— between the organization and the general public.
Network A 1
Network A 3
Network A 2
Public
Network
Private
Network
Network B 1
Network B 2
Network C 1
Organization A
Organization B
Organization C
General Public
Figure 1 — Broad types of network connection
Further, with the rapid developments in publicly available network technology (in particular with
the Internet) offering significant business opportunities, organizations are increasingly conducting
electronic business on a global scale and providing online public services. The opportunities include the
provision of lower cost data communications, using the Internet simply as a global connection medium,
through to more sophisticated services provided by Internet service providers (ISPs). This can mean the
use of relatively low cost local attachment points at each end of a circuit to full scale online electronic
trading and service delivery systems, using web-based applications and services. Additionally, the new
technology (including the integration of data, voice and video) increases the opportunities for remote
working (also known as “teleworking” or “telecommuting”) that enable personnel to operate away
from their homework base for significant periods of time. They are able to keep in contact through the
use of remote facilities to access organization and community networks and related business support
information and services.
However, whilst this environment does facilitate significant business benefits, there are new security
risks to be managed. With organizations relying heavily on the use of information and associated
networks to conduct their business, the loss of confidentiality, integrity, and availability of information
and services could have significant adverse impacts on business operations. Thus, there is a major