INTERNATIONAL ISO/IEC STANDARD 18028-1

More documents

Recommendations

Info

IS0/IEC18028-1:2006(E)3 Terms and definitions3.1 Terms defined in other International StandardsFor the purposes of this document, the terms and definitions given in ISO/IEC 7498 (all parts) and thefollowing terms defined in ISO/IEC 17799 and ISO/IEC 13335-1 apply: accountability, asset, authenticity,availability, baseline controls, confidentiality, data integrity, impact, integrity, security policy, non-repudiation,reliability, risk, risk analysis, risk assessment, risk management, control, threat and vulnerability.3.2 Terms defined in this part of ISO/IEC 18028For the purposes of this document, the following terms and definitions apply.3.2.1alert'instant' indication that an information system and network may be under attack, or in danger because ofaccident, failure or people error3.2.2attackerany person deliberately exploiting vulnerabilities in technical and non-technical security controls in order tosteal or compromise information systems and networks, or to compromise availability to legitimate users ofinformation system and network resources3.2.3auditformal inquiry, formal examination, or verification of facts against expectations, for compliance and conformity3.2.4audit logginggathering of data on information security events for the purpose of review and analysis, and ongoingmonitoring3.2.5 audittoolsautomated tools to aid the analysis of the contents of audit logs3.2.6business continuity managementprocess to ensure that recovery of operations will be assured should any unexpected or unwanted incidentoccur that is capable of negatively impacting the continuity of essential business functions and supportingelementsNOTE The process should also ensure that recovery is achieved in the required priorities and timescales, andsubsequently all business functions and supporting elements will be recovered back to normal. The key elements of thisprocess need to ensure that the necessary plans and facilities are put in place, and tested, and that they encompassinformation, business processes, information systems and services, voice and data communications, people and physicalfacilities.3.2.7Comp128-1proprietary algorithm that was initially used by default in SIM cards3.2.8demilitarized zoneDMZperimeter network (also known as a screened sub-net) inserted as a "neutral zone" between networksNOTEIt forms a security buffer zone.2 © ISO/IEC 2006 - All lights reserved
ISO/IEC FDIS 18028-1:2006(E)3.2.9denial of serviceDoSprevention of authorized access to a system resource or the delaying of system operations and functions3.2.10extranetextension of an organization's Intranet, especially over the public network infrastructure, enabling resourcesharing between the organization and other organizations and individuals that it deals with by providing limitedaccess to its Intranet3.2.11filteringprocess of accepting or rejecting data flows through a network, according to specified criteria3.2.12firewalltype of security barrier placed between network environments - consisting of a dedicated device or acomposite of several components and techniques - through which all traffic from one network environment toanother, and vice versa, traverses and only authorized traffic, as defined by the local security policy, isallowed to pass3.2.13hubnetwork device that functions at layer 1 of the OSI reference model (ISO/IEC 7498-1)NOTE There is no real intelligence in network hubs; they only provide physical attachment points for networkedsystems or resources.3.2.14information security eventidentified occurrence of a system, service or network state indicating a possible breach of information securitypolicy or failure of controls, or a previously unknown situation that may be security relevantNOTE See ISO/IEC 18044.3.2.15information security incidentthat indicated by a single or a series of unwanted or unexpected information security events that have asignificant probability of compromising business operations and threatening information securityNOTE See ISO/IEC 18044.3.2.16information security incident managementformal process of responding to and dealing with information security events and incidentsNOTE See ISO/IEC 18044.3.2.17internetglobal system of inter-connected networks in the public domain3.2.18intranetprivate network established internally in an organization© ISO/IEC 2006 - All rights reserved 3
Page 1 and 2: INTERNATIONAL ISO/IECSTANDARD 18028
Page 3 and 4: ISO/IEC18028-1:2006(E)ContentsPageF
Page 5 and 6: ISO/IEC 18028-1:2006(E)ForewordISO
Page 7: INTERNATIONAL STANDARDISO/IEC 18028
Page 11 and 12: ISO/IEC FDIS 18028-1:2006(E)3.2.30n
Page 13 and 14: ISO/IEC FDIS 18028-1:2006(E)4 Abbre
Page 15 and 16: ISO/IEC FDIS 18028-1:2006(E)5 Struc
Page 17 and 18: ISO/IEC FDIS 18028-1:2006(E)An exam
Page 19 and 20: ISO/IEC FDIS 18028-1:2006(E)— det
Page 21 and 22: ISO/IEC FD1S 18028-1:2006(E)8 Consi
Page 23 and 24: ISO/IEC FDIS 18028-1:2006(E)9.4 Net
Page 25 and 26: ISO/IEC 18028-1:2006(E)© ISO/IEC 2
Page 27 and 28: ISO/IEC18028-1:2006(E)Table 2 — I
Page 29 and 30: IS0/IEC18028-1:2006(E)A conceptual
Page 31 and 32: ISO/IEC 18028-1:2006(E)Using the se
Page 33 and 34: ISO/IEC 18028-1:2006(E)13 Identify
Page 35 and 36: ISO/IEC 18028-1:2006(E)These Securi
Page 37 and 38: ISO/IEC 18028-1:2006(E)13.2.3 Wide
Page 39 and 40: ISO/IEC 18028-1:2006(E)— flawed S
Page 41 and 42: ISO/IEC18028-1:2006(E)13.2.5.3 Secu
Page 43 and 44: ISO/IEC 18028-1:2006(E)With all sec
Page 45 and 46: ISO/IEC18028-1:2006(E)• uncertain
Page 47 and 48: ISO/IEC 18028-1:2006(E)— IDS shou
Page 49 and 50: ISO/IEC18028-1:2006{E)— exploitat
Page 51 and 52: ISO/IEC 18028-1:2006(E)The content
Page 53 and 54: ISO/IEC18028-1:2006(E)— web-based
Page 55 and 56: ISO/IEC 18028-1:2006(E)13.4.4 Netwo
Page 57 and 58: ISO/IEC18028-1:2006(E)13.6.5 Secure
Page 59 and 60:
ISO/IEC 18028-1:2006(E)use rules to
Page 61 and 62:
IS0/IEC18028-1:2006(E)Where it is i
Page 63 and 64:
IS0/IEC18028-1:2006(E)13.10.5.2 Sec
Page 65 and 66:
IS0/IEC18028-1:2006(E)Bibliography[
show all

INTERNATIONAL ISO/IEC STANDARD 18028-1

Create successful ePaper yourself

Delete template?

Save as template?