Information Technology (IT) networks allowing the exchange of data are quite common nowadays, in particular in the enterprise setting, whether they are for offering online services, or for internal information systems management, or even to implement remote working. As a result, correctly securing these networks is essential, in order to lower the risks of intrusions or disturbances linked to unexpected errors, and to be able to satisfy business requirements in terms of confidentiality, integrity, and availability of services and information.
In this context, the international technical standardization subcommittee ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection has published a series of technical standards on the security of IT networks, primarily aimed at organizations’ network architects and network managers. The series provides detailed indications on security and management aspects regarding the deployment and usage of IT networks and their interconnections. It is divided into six parts:
- ISO/IEC 27033-1:2015 Information technology — Security techniques — Network security — Part 1: Overview and concepts
- ISO/IEC 27033-2:2012 Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security
- ISO/IEC 27033-3:2010 Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues
- ISO/IEC 27033-4:2014 Information technology — Security techniques — Network security — Part 4: Securing communications between networks using security gateways
- ISO/IEC 27033-5:2013 Information technology — Security techniques — Network security — Part 5: Securing communications across networks using Virtual Private Networks (VPNs)
- ISO/IEC 27033-6:2016 Information technology — Security techniques — Network security — Part 6: Securing wireless IP network access
The video below gives a quick overview of these normative documents. It also describes the services proposed by ILNAS and ANEC GIE, in particular showing how national organizations can consult, buy or participate in the development of technical standards.
For any questions related to the content of this video or other standards in IT, one can contact us at the following address: anec@ilnas.etat.lu.
For more information:
- Video – Network security standards and ILNAS standards reading stations
- Webpage of the ISO/IEC JTC 1/SC 27 subcommittee
- Program of work of the ISO/IEC JTC 1/SC 27 subcommittee
- Register of national technical standardization delegates
- Becoming a national technical standardization delegate
- Registration form to join standardization technical committees
- Purchasing and consulting technical standards
- ILNAS e-shop
Editor’s note: This article is brought to you by ILNAS and only reflects the opinion of the author.