top of page

ISO/IEC 27033-3

ISO/IEC 27033-3:2010 Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — threats, design techniques and control issues

(first edition)

Abstract

ISO/IEC 27033 part 3 “describes the threats, design techniques and control issues associated with reference network scenarios. For each scenario, it provides detailed guidance on the security threats and the security design techniques and controls required to mitigate the associated risks. Where relevant, it includes references to ISO/IEC 27033-4 to ISO/IEC 27033-6 to avoid duplicating the content of those documents. The information in ISO/IEC 27033-3:2010 is for use when reviewing technical security architecture/design options and when selecting and documenting the preferred technical security architecture/design and related security controls, in accordance with ISO/IEC 27033-2. The particular information selected (together with information selected from ISO/IEC 27033-4 to ISO/IEC 27033-6) will depend on the characteristics of the network environment under review, i.e. the particular network scenario(s) and ‘technology’ topic(s) concerned. Overall, ISO/IEC 27033-3:2010 will aid considerably the comprehensive definition and implementation of security for any organization's network environment.” 


[Source: ISO/IEC 27033-3:2010]

Introduction

Using a set of 'reference scenarios' (worked examples), part 3 demonstrates how to identify, evaluate and treat typical information risks in the networking security context. 

Scope

Part 3 intended to“define the specific risks, design techniques and control issues associated with typical network scenarios” 

[Source: ISO/IEC 27033-1].

Structure

Main sections:

  • 7: Internet access services for employees

  • 8: Business to business services

  • 9: Business to customer services

  • 10: Enhanced collaboration services

  • 11: Network segmentation

  • 12: Networking support for home and small business offices

  • 13: Mobile communication

  • 14: Networking support for travelling users

  • 15: Outsourced services

  • Annex A: An Example Internet Use Policy

  • Annex B: Catalogue of Threats

Status

The current first edition of part 3 was published in 2010 and confirmed unchanged in 2018.

Commentary

Discusses threats, specifically, rather than all the elements of risk.


Refers to other parts of ISO/IEC 27033 for more specific guidance.

This page last updated:

2 November 2025

© 2025 IsecT Limited 

 

  • Link
  • LinkedIn
bottom of page