ISO/IEC 27033-2
ISO/IEC 27033-2:2012 Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security
(first edition)
Abstract
ISO/IEC 27033 part 2 “gives guidelines for organizations to plan, design, implement and document network security.”
[Source: ISO/IEC 27033-2:2012]
Introduction
Part 2 revised and replaced ISO/IEC 18028 part 2.
Defines a network security architecture for providing end-to-end network security. The architecture can be applied to various kinds of networks where end-to-end security is a concern and independently of the network's underlying technology.
Scope
Planning, designing, implementing and documenting network security.
Objective: “to define how organisations should achieve quality network technical security architectures, designs and implementations that will ensure network security appropriate to their business environments, using a consistent approach to the planning, design and implementation of network security, as relevant aided by the use of models/frameworks. (In this context, a model/framework is used to outline a representation or description showing the structure and high level workings of a type of technical security architecture/design)”.
Structure
Main clauses:
6: Preparing for design of network security
7: Design of network security
8: Implementation
Annex A: Cross-references between ISO/IEC 27001:2005/ISO/IEC 27002:2005 network security-related controls and ISO/IEC 27033-2:2012 clauses
Annex B: Example documentation templates
Annex C: ITU-T X.805 framework and ISO/IEC 27001:2005 control mapping
Status
ISO/IEC 27033-2 revised and replaced ISO/IEC 18028-2.
The current first edition of part 2 was published way back in 2012 and confirmed unchanged in 2018. It is now seriously out of date, referring to old editions of other standards and missing out on current networking security issues such as cloud security and virtual networking.
Commentary
Defines a network security architecture for providing end-to-end network security. The architecture can be applied to various kinds of networks where end-to-end security is a concern and independently of the network's underlying technology.
Serves as a foundation for detailed recommendations on end-to-end network security.
Covers risks, design, techniques and control issues.
Refers to other parts of ISO/IEC 27033 for more specific guidance.