ISO/IEC 27033-1, “Information technology – Security techniques – Network security – Part 1: Overview and concepts,” has just been updated. The new 2nd Edition replaces the 1st Edition from 2009, with is now obsolete. The 2015 update is reflective of the changes in network security issues from the time of the original release date as well as changes in the structure of the ISO/IEC 27033 series itself.
Implementing and maintaining adequate network security is essential in today’s world. Numerous news reports of security failures have impacted the very nature of how we view the wired world today. And the scope of information “violations” have caused many people to rethink how they will make use of online products and services.
First of all, the ISO/IEC 27033 is not intended to be a requirements set of standards. There are too many regional, regulatory, and legal requirements that differ from jurisdiction to jurisdiction for that. However, the series is intended to provide detailed implementation guidance on network security. This supplements the basic standardization that is found in ISO/IEC 27002, “Information technology – Security techniques – Code of practice for information security controls.”
ISO/IEC 27033-1 is the overview document for this series. It contains the definitions and conceptual details that you’ll need for your implementation of network security in your organization and products. It also provides management guidance for oversight of this aspect of IT activities. In this regards, it is not only for technical staff but also for managers and adminstrators tasked with security program responsibilities.
In ISO/IEC 27033-1 you’ll learn to identify and analize network security risks, including how to make requirements statements based on that analysis. You learn about the controls available to support network security architectures, both technical and non-technical. The standard reviews the quality aspects involved in the process, including various scenarios and implementation issues. And it discusses issues associated with operating and monitoring networks for continuous security vigilence.
The standard is 58 pages in length which is a reduction in page length from the previous edition’s 82 pages. Most of this is due to smaller fonts and tightened page layouts. However, the Annex C that is present in the previous 1st Edition has been removed from the new 2nd Edition. Otherwise, all clauses remain the same. Additionally, the bibliography has been reduced from 33 references down to 27.
One other item to note is that when the 1st Edition was released, the balance of the series was still in draft form or set up as work items. So the actual series differs from the original concept. At this time, five parts have been published and a sixth is in development. There are no plans for a seventh part as originally envisioned. Here is a list of the other 4 published parts along with the additional draft information:
- ISO/IEC 27033-2, Information technology – Security techniques – Network security – Part 2: Guidelines for the design and implementation of network security
- ISO/IEC 27033-3, Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues
- ISO/IEC 27033-4, Information technology – Security techniques – Network security – Part 4: Securing communications between networks using security gateways
- ISO/IEC 27033-5, Information technology – Security techniques – Network security – Part 5: Securing communications across networks using Virtual Private Networks (VPNs)
- ISO/IEC 27033-6 (not publicly available as yet), Information technology — Security techniques — Network security — Part 6: Securing wireless IP network access
Now you’ll need to get copies. Be sure to use an authorized distributor, as the ISO, IEC and ISO/IEC standards are all covered by the laws of copyright. You can purchase your copies with confidence at the Document Center webstore, www.document-center.com. They are available in both paper format and for pdf download. Here’s a link directly to the order page for ISO/IEC 27033-1.
Interested in multi-user access for your company? Contact our staff for more information on our Standards Online subscription service. They can be reached by phone (650-591-7600), fax (650-591-7617) or email (email@example.com). We’re here to help you so make us your Standards Experts!