ISO/IEC 27033-2
ISO/IEC 27033-2:2012 Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security
(first edition)
Abstract
ISO/IEC 27033 part 2 “gives guidelines for organizations to plan, design, implement and document network security.”
[Source: ISO/IEC 27033-2:2012]
Introduction
Part 2 revised and replaced ISO/IEC 18028 part 2.
Defines a network security architecture for providing end-to-end network security. The architecture can be applied to various kinds of networks where end-to-end security is a concern and independently of the network's underlying technology.
Scope
Planning, designing, implementing and documenting network security.
Objective: “to define how organisations should achieve quality network technical security architectures, designs and implementations that will ensure network security appropriate to their business environments, using a consistent approach to the planning, design and implementation of network security, as relevant aided by the use of models/frameworks. (In this context, a model/framework is used to outline a representation or description showing the structure and high level workings of a type of technical security architecture/design)”.
Structure
Main sections:
6 - Preparing for design of network security
7 - Design of network security
8 - Implementation
Annex A - Cross-reference between the network security-related controls in Annex A of ISO/IEC 27001:2005 plus ISO/IEC 27002:2005, and ISO/IEC 27033-2
Annex B - Example documentation templates
Annex C - Mapping between the ITU-T X.805 framework and ISO/IEC 27001:2005 controls
Status
ISO/IEC 27033-2 revised and replaced ISO/IEC 18028-2.
The current first edition of part 2 was published in 2012.
It was confirmed unchanged in 2018.
Commentary
Defines a network security architecture for providing end-to-end network security. The architecture can be applied to various kinds of networks where end-to-end security is a concern and independently of the network's underlying technology.
Serves as a foundation for detailed recommendations on end-to-end network security.
Covers risks, design, techniques and control issues.
Refers to other parts of ISO/IEC 27033 for more specific guidance.