By Joaquim Pereira on April 9, 2014
Network security it is one of the biggest challenges in nowadays for IT Administrators and Information Security Managers. There are too many tools, too many technologies, too many approaches and too many IT Providers setting the “standard” on how doing it.
Network Security Management it is one of the many concerns of CISO’s, CTO’s and Information Security Managers. Some select the technical solutions, that hardware and software providers wish to sell and which, according to them, are the best ones. Other providers, the “big fishes”, provide even guidance and, recently, start to include some best practices on their tools, providing additional value to their customers.
Whatever tool, or technique or provider you choose, the biggest concern on the management of network security is not so much if we are using the best tool, but, if you are using the best or even a recognized approach and guidance that will allow you to ensure an effective and efficient management of your network security.
Once again ISO/IEC 27001, with the support of ISO/IEC 27002, and with the support of the several parts of the ISO 27033 standard, provides you the guidance needed to manage network security according the international best practices.
ISO 27001, Annex A, clause A13 Network Security Management, as the objective of ensuring the protection of information in networks and its supporting information processing facilities. Based on ISO 27001, can be used the controls, A.13.1.1 Network controls; A.13.1.2 Security of network Services; A.13.1.3 Segregation in networks.
Aware of the need for additional guidance, and in addition to the existing guidance of ISO 27002, ISO launches the first part of the standard ISO/IEC 27033-1 in 2009 – Information technology — Security techniques — Network security — Part 1: Overview and concepts. Now this part of the standard is under revision so it can be aligned with the recent ISO/IEC 27001:2013.
All the family is supported by five parts of the standard,
- ISO/IEC 27033-1:2009 — Network security — Part 1: Overview and concepts
- ISO/IEC 27033-2:2012 — Network security — Part 2: Guidelines for the design and implementation of network security
- ISO/IEC 27033-3:2010 — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues
- ISO/IEC 27033-4:2014 — Network security — Part 4: Securing communications between networks using security gateways
- ISO/IEC 27033-5:2013 — Network security — Part 5: Securing communications across networks using Virtual Private Networks (VPNs)
- And, in development, ISO/IEC CD 27033-6 — Network security — Part 6: Securing wireless IP network access
Now, a full family of network security management guidance can be used to support your ISO/IEC 27001 ISMS implementation or, used as separated guidance.
Well done ISO!