标准摘要
[中文适用范围]: 本部分 ISO/IEC 27033 提供了网络安全及相关定义的概述。它定义和描述了与网络安全相关的概念,并提供了关于网络安全的指导。网络安全适用于设备的安全、与设备相关的安全管理活动、应用程序/服务的安全、最终用户的安全,以及通过通信链路传输的信息的安全。它适用于任何拥有、运营或使用网络的人员。这包括高级管理人员和其他非技术管理人员或用户,以及负责信息安全、网络安全、网络运营或负责组织整体安全计划和安全政策开发的管理人员和管理员。它也适用于任何参与网络安全架构方面规划、设计和实施的人员。本部分 ISO/IEC 27033 还提供了关于如何识别和分析网络安全风险,并基于该分析定义网络安全要求的指导;提供了支持网络安全技术架构及相关技术控制、以及不仅适用于网络的非技术控制和技术控制的概述;介绍了如何实现高质量的网络安全技术架构,以及与典型网络场景和网络“技术”领域相关的风险、设计和控制方面(这些在 ISO/IEC 27033 的后续部分中详细讨论);并简要解决了实施和运营网络安全控制以及持续监控和审查其实施的相关问题。总体而言,它提供了 ISO/IEC 27033 系列的概述和通往其他所有部分的“路线图”。 [外文原描述]: ISO/IEC 27033-1:2009 provides an overview of network security and related definitions. It defines and describes the concepts associated with, and provides management guidance on, network security. (Network security applies to the security of devices, security of management activities related to the devices, applications/services and end-users, in addition to security of the information being transferred across the communication links.) It is relevant to anyone involved in owning, operating or using a network. This includes senior managers and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security and/or network security, network operation, or who are responsible for an organization's overall security program and security policy development. It is also relevant to anyone involved in the planning, design and implementation of the architectural aspects of network security. ISO/IEC 27033-1:2009 also provides guidance on how to identify and analyse network security risks and the definition of network security requirements based on that analysis, provides an overview of the controls that support network technical security architectures and related technical controls, as well as those non-technical controls and technical controls that are applicable not just to networks, introduces how to achieve good quality network technical security architectures, and the risk, design and control aspects associated with typical network scenarios and network “technology” areas (which are dealt with in detail in subsequent parts of ISO/IEC 27033), and briefly addresses the issues associated with implementing and operating network security controls, and the on-going monitoring and reviewing of their implementation. Overall, it provides an overview of the ISO/IEC 27033 series and a “road map” to all other parts.
英文名称Information technology - Security techniques - Network security - Part 1: Overview and concepts