标准摘要
[中文适用范围]: ISO/IEC 18028-1 提供了有关网络和通信的指导,包括连接信息系统网络本身以及将远程用户连接到网络的安全方面。 它针对的是负责一般信息安全管理,特别是网络安全管理的人员。 该方向支持识别和分析建立网络安全要求时应考虑的通信相关因素,介绍如何识别与通信网络连接相关的安全性的适当控制区域,并概述可能的控制领域,包括 ISO/IEC 18028-2 至 ISO/IEC 18028-5 中详细讨论的技术设计和实施主题。 [外文原描述]: ISO/IEC 18028-1:2006 provides detailed guidance on the security aspects of the management, operation and use of information technology (IT) networks, and their interconnections. It defines and describes the concepts associated with, and provides management guidance on, network security - including on how to identify and analyse the communications-related factors to be taken into account to establish network security requirements, with an introduction to the possible control areas and the specific technical areas (dealt with in subsequent parts of ISO/IEC 18028). It is relevant to anyone who owns, operates or uses a network. This includes senior managers and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security and/or network security, network operation, or who are responsible for an organization's overall security programme and security policy development. The general objective of ISO/IEC 18028 is to extend the security management guidelines provided in ISO/IEC TR 13335 and ISO/IEC 17799 by detailing the specific operations and mechanisms needed to implement network security controls in a wider range of network environments, providing a bridge between general IT security management issues and network security technical implementations.
英文名称Information technology - Security techniques - IT network security - Part 1: Network security management