ISO/IEC INTERNATIONAL STANDARD 27033-1 Second edition 2015-08-15 Information technology Security techniques Network security - Part 1: Overview and concepts Technologies de I'information Techniques de seécurité Sécurité deréseau Partie 1: Vue d'ensemble et concepts Reference number IS0/IEC 27033-1:2015(E) E( Ts . International Organization for Standardization Institute of Standardization 5956617 @ IS0/IEC 2015 ted without license from IHS IS0/IEC 27033-1:2015(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC 2015, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org License-zhejiang nste of tandarRalSS/JEC 2015 - All rights reserved Not for Resale, 2015/11/11 09:10:39 networking permited without license from IHS IS0/IEC 27033-1:2015(E) Contents Page Foreword ..V Introduction. ..vi 1 Scope. 2 Normative references 3 Terms and definitions 4 Symbols and abbreviated terms 5 Structure ..8 6 Overview ..10 6.1 Background ..10 6.2 Network security planning and management. ..11 7 Identifying risks and preparing to identify security controls. ..13 7.1 Introduction ..13 7.2 Information on current and/or planned networking ..13 7.2.1 Security requirements in corporate information security policy .13 7.2.2 Information on current/planned networking ..14 7.3 Information security risks and potential control areas. .18 8 Supporting controls. .21 8.1 Introduction 21 8.2 Management of network security 21 8.2.1 Background. 21 8.2.2 Network security management activities 21 8.2.3 Network security roles and responsibilities 23 8.2.4 Network monitoring. 24 8.2.5 Evaluating network security 25 8.3 Technical vulnerability management. 25 8.4 Identification and authentication 25 8.5 Network audit logging and monitoring 26 8.6 Intrusion detection and prevention. 27 8.7 Protection against malicious code 28 8.8 Cryptographic based services. .28 8.9 Business continuity management ..29 9 Guidelines for the design and implementation of network security .30 9.1 Background ..30 9.2 Network technical security architecture/design ..30 10 Reference network scenarios - Risks, design, techniques and control issues. .32 10.1 Introduction .32 10.2 Internet access services for employees. .33 10.3 Enhanced collaboration services .33 10.4 Business to business services. 33 10.5 Businesstocustomerservices .34 10.6 Outsourced services. 34 10.7 Network segmentation. 34 10.8 Mobile communication 34 10.9 Networking support for travelling users ..35 10.10 Networking support for home and small business offices. .35 11 ‘Technology' topics - Risks, design techniques and control issues ..35 12 Develop and test security solution ..36 13 Operate security solution. .36 ntenainalgnzationE2015All righsreserved iii icensee=Zhejang Institute of Standardization 5956617 ed without license from IHS Not for Resale, 2015/11/11 09:10:39