INTERNATIONAL ISO/IEC STANDARD 18028-1

More documents

Recommendations

Info

IS0/IEC18028-1:2006(E)11 Review Networking Characteristics and Related Trust Relationships11.1 Network CharacteristicsThe characteristics of the existing or proposed network should be reviewed. It is particularly important toidentify whether the network is a:— public network - a network accessible by anyone, or— private network, e.g. a network consisting of owned or leased lines, therefore considered to be moresecure than a public network.It is also important to know the type of data transported by the network, for example a:— data network - a network transferring primarily data and making use of data protocols,— voice network - a network intended for telephone but also usable for data, or— network encompassing both data and voice, and possibly video.Other information, such as:— whether the network is a packet or switched network,— whether it supports a QoS, i.e. in an MPLS network,is also relevant.(QoS concerns consistent performance. Network services should be delivered to provide the minimumperformance level to be useable. For example, voice service will stutter and break up if the bandwidth isinadequate. QoS refers to a network system's ability to sustain a given service at or above its requiredminimum performance level.)Further, it should also be established whether a connection is permanent, or established at time of need.11.2 Trust RelationshipsOnce the characteristics of the existing or proposed networking have been identified, and at minimum it hasbeen established if the network is public or private (see Clause 11.1 above), then the related trustrelationships should be identified.Firstly, the applicable trust environment(s) associated with the network connection(s) should be identifiedusing the simple list shown below— Low, such as a network with an unknown community of users,— Medium, such as a network with a known community of users and within a closed business community (ofmore than one organization),— High, such as a network with a known community of users solely within the organization.Secondly, the relevant trust environment(s) (from Low, Medium and High) should be related to the applicablenetwork characteristic (public or private) and the type(s) of network connection involved (from 'A' to 'G'), toestablish the trust relationships. This can be accomplished using a matrix similar to that shown in Table 2below.20 © ISO/IEC 2006 - All rights reserved
ISO/IEC18028-1:2006(E)Table 2 — Identification of Trust RelationshipsFrom Table 2 the reference category for each relevant trust relationship should be determined. All of thepossible categories are described in Table 3 below.Table 3— Trust Relationship ReferencesThese references should be used when working through Clause 12 to confirm the types of security risk andidentify potential control areas.This task can be aided as necessary by the information available on network architectures and applications(as gained by using Clause 9).© ISO/IEC 2006 - All rights reserved 21
Page 1 and 2: INTERNATIONAL ISO/IECSTANDARD 18028
Page 3 and 4: ISO/IEC18028-1:2006(E)ContentsPageF
Page 5 and 6: ISO/IEC 18028-1:2006(E)ForewordISO
Page 7 and 8: INTERNATIONAL STANDARDISO/IEC 18028
Page 9 and 10: ISO/IEC FDIS 18028-1:2006(E)3.2.9de
Page 11 and 12: ISO/IEC FDIS 18028-1:2006(E)3.2.30n
Page 13 and 14: ISO/IEC FDIS 18028-1:2006(E)4 Abbre
Page 15 and 16: ISO/IEC FDIS 18028-1:2006(E)5 Struc
Page 17 and 18: ISO/IEC FDIS 18028-1:2006(E)An exam
Page 19 and 20: ISO/IEC FDIS 18028-1:2006(E)— det
Page 21 and 22: ISO/IEC FD1S 18028-1:2006(E)8 Consi
Page 23 and 24: ISO/IEC FDIS 18028-1:2006(E)9.4 Net
Page 25: ISO/IEC 18028-1:2006(E)© ISO/IEC 2
Page 29 and 30: IS0/IEC18028-1:2006(E)A conceptual
Page 31 and 32: ISO/IEC 18028-1:2006(E)Using the se
Page 33 and 34: ISO/IEC 18028-1:2006(E)13 Identify
Page 35 and 36: ISO/IEC 18028-1:2006(E)These Securi
Page 37 and 38: ISO/IEC 18028-1:2006(E)13.2.3 Wide
Page 39 and 40: ISO/IEC 18028-1:2006(E)— flawed S
Page 41 and 42: ISO/IEC18028-1:2006(E)13.2.5.3 Secu
Page 43 and 44: ISO/IEC 18028-1:2006(E)With all sec
Page 45 and 46: ISO/IEC18028-1:2006(E)• uncertain
Page 47 and 48: ISO/IEC 18028-1:2006(E)— IDS shou
Page 49 and 50: ISO/IEC18028-1:2006{E)— exploitat
Page 51 and 52: ISO/IEC 18028-1:2006(E)The content
Page 53 and 54: ISO/IEC18028-1:2006(E)— web-based
Page 55 and 56: ISO/IEC 18028-1:2006(E)13.4.4 Netwo
Page 57 and 58: ISO/IEC18028-1:2006(E)13.6.5 Secure
Page 59 and 60: ISO/IEC 18028-1:2006(E)use rules to
Page 61 and 62: IS0/IEC18028-1:2006(E)Where it is i
Page 63 and 64: IS0/IEC18028-1:2006(E)13.10.5.2 Sec
Page 65 and 66: IS0/IEC18028-1:2006(E)Bibliography[

INTERNATIONAL ISO/IEC STANDARD 18028-1

Create successful ePaper yourself

Delete template?

Save as template?