Information technology — Security techniques — Network security —




Download 363,46 Kb.
Pdf ko'rish
bet8/10
Sana12.06.2024
Hajmi363,46 Kb.
#262991
1   2   3   4   5   6   7   8   9   10
Bog'liq
27033-1-2015

 
vi
 
© ISO/IEC 2015 – All rights reserved
This is a preview - click here to buy the full publication


 
ISO/IEC 27033-1:2015(E)
requirement to properly protect networks and their related information systems and information. In 
other words: 
implementing and maintaining adequate network security is absolutely critical to the success 
of any organization’s business operations.
In this context, the telecommunications and information technology industries are seeking cost-
effective comprehensive security solutions, aimed at protecting networks against malicious attacks 
and inadvertent incorrect actions, and meeting the business requirements for confidentiality, integrity, 
and availability of information and services. Securing a network is also essential for maintaining the 
accuracy of billing or usage information as appropriate. Security capabilities in products are crucial to 
overall network security (including applications and services). However, as more products are combined 
to provide total solutions, the interoperability, or the lack thereof, will define the success of the solution. 
Security must not only be a thread of concern for each product or service, but must be developed in a 
manner that promotes the interweaving of security capabilities in the overall security solution.
The purpose of this International Standard is to provide detailed guidance on the security aspects of 
the management, operation and use of information system networks, and their inter-connections. Those 
individuals within an organization that are responsible for information security in general, and network 
security in particular, should be able to adapt the material in this International Standard to meet their 
specific requirements. Its main objectives are as follows.
— ISO/IEC 27033-1, to define and describe the concepts associated with, and provide management 
guidance on, network security. This includes the provision of an overview of network security and 
related definitions, and guidance on how to identify and analyse network security risks and then 
define network security requirements. It also introduces how to achieve good quality technical 
security architectures, and the risk, design and control aspects associated with typical network 
scenarios and network “technology” areas (which are dealt with in detail in subsequent parts of 
ISO/IEC 27033).
— ISO/IEC 27033-2, to define how organizations should achieve quality network technical security 
architectures, designs and implementations that will ensure network security appropriate to their 
business environments, using a consistent approach to the planning, design and implementation 
of network security, as relevant, aided by the use of models/frameworks (in this context, a 
model/framework is used to outline a representation or description showing the structure and high 
level workings of a type of technical security architecture/design), and is relevant to all personnel 
who are involved in the planning, design and implementation of the architectural aspects of network 
security (for example network architects and designers, network managers, and network security 
officers).
— ISO/IEC 27033-3, to define the specific risks, design techniques and control issues associated with 
typical network scenarios. It is relevant to all personnel who are involved in the planning, design and 
implementation of the architectural aspects of network security (for example, network architects 
and designers, network managers, and network security officers).
— ISO/IEC 27033-4, to define the specific risks, design techniques and control issues for securing 
information flows between networks using security gateways. It is relevant to all personnel who 
are involved in the detailed planning, design and implementation of security gateways (for example, 
network architects and designers, network managers, and network security officers).
— ISO/IEC 27033-5, to define the specific risks, design techniques and control issues for securing 
connections that are established using Virtual Private Networks (VPNs). It is relevant to all 
personnel who are involved in the detailed planning, design and implementation of VPN security 
(for example, network architects and designers, network managers, and network security officers).
— ISO/IEC 27033-6

to define the specific risks, design techniques and control issues for securing 
IP wireless networks. It is relevant to all personnel who are involved in the detailed planning
design and implementation of security for wireless networks (for example, network architects and 
designers, network managers, and network security officers).
It is emphasized that this International Standard provides further detailed implementation guidance on 
the network security controls that are described at a basic standardized level in ISO/IEC 27002.
 
© ISO/IEC 2015 – All rights reserved 
vii
This is a preview - click here to buy the full publication



Download 363,46 Kb.
1   2   3   4   5   6   7   8   9   10




Download 363,46 Kb.
Pdf ko'rish

Bosh sahifa
Aloqalar

    Bosh sahifa



Information technology — Security techniques — Network security —

Download 363,46 Kb.
Pdf ko'rish