22/12/08

Novedades sobre ISO 27033-IT network security

Ya está en modo borrador la nueva ISO 27033 que es la revisión de la ISO/IEC 18028-1:2006 destinada a la seguridad de redes de comunicaciones. Y por lo que se anuncia en ISO27001security.com parece que va muy avanzado el proceso de revisión. ISO 27033 pretende ser un complemento exhaustivo para todos los aspectos relacionados con la seguridad en redes que vienen definidos en ISO 27002. Por ahora ya se encuentran en proceso los siguientes documentos:

  • ISO/IEC 27033-1: Guidelines for network security (FCD)

  • ISO/IEC 27033-2: Guidelines for the design and implementation of network security (WD)

  • ISO/IEC 27033-3: Reference networking scenarios -- Risks, design techniques and control issues (WD)

  • ISO/IEC 27033-4: Securing communications between networks using security gateways -- Risks, design techniques and control issues (NP)

  • ISO/IEC 27033-5: Securing Virtual Private Networks -- Risks, design techniques and control issues (NP)

  • ISO/IEC 27033-6: IP convergence (NP)


Más información detallada de cada uno de estos documentos en ISO27001security.com
Publicado por No hay comentarios:
Etiquetas:

10/12/08

Estado de situación de la serie ISO 27000 a fecha 10 de diciembre 2008

A continuación voy a listar el conjunto de normas publicadas o en proceso de elaboración de la serie ISO 27000 a fecha 10 de diciembre de 2008. Estos resultados son fruto de una consulta a la Web de ISO.org en relación al área de trabajo del Subcomité 27 del JTC 1 - IT Security techniques.

El estado de las normas se codifica en base a unos acrónimos que ISO tiene identificados y que son:
  • 1.PWI = Preliminary Work Item - initial feasibility and scoping activities

  • 2.NP = New Proposal (or study period) - formal scoping phase

  • 3.WD = Working Draft (1st WD, 2nd WD etc.) - development phase

  • 4.CD = Committee Draft (1st CD, 2nd CD etc.)- quality control phase

  • 5.FCD = Final Committee Draft - ready for final approval.

  • 6.DIS = Draft International Standard - nearly there. Stage 40.

  • 7.FDIS = Final Draft or Distribution International Standard - just about ready to publish. Stage 50.

  • 8.IS = International Standard - published. Stage 60.

  • 9. Under revisión. Stage 90.


Como podréis comprobar en la siguiente relación de normas, hay bastantes ya en el Stage 40 y 50 lo que indica que pronto pueden ver la luz. La situación actual del marco internacional de normas ISO 27000 es:

  • ISO/IEC FCD 27000.
    Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary. Stage:40.99

  • ISO/IEC 27001:2005.
    Information technology -- Security techniques -- Information security management systems -- Requirements. Stage:60.60

  • ISO/IEC 27002:2005
    Information technology -- Security techniques -- Code of practice for information security management. Stage:90.92

  • ISO/IEC FCD 27003
    Information technology -- Information security management system implementation guidance. Stage:40.20

  • ISO/IEC FCD 27004.2
    Information technology -- Security techniques -- Information security management -- Measurement. Stage:40.20

  • ISO/IEC 27005:2008
    Information technology -- Security techniques -- Information security risk management. Stage:60.60

  • ISO/IEC 27006:2007
    Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems. Stage:60.60

  • ISO/IEC WD 27007
    Guidelines for Information security management systems auditing. Stage:20.60

  • ISO/IEC FDIS 27011
    Information technology -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002. Stage:50.60

  • ISO/IEC NP 27012
    Information technology - Security techniques -- ISM guidelines for e-government services. Stage:10.99

  • ISO/IEC NP 27032
    Guidelines for cybersecurity. Stage:10.99

  • ISO/IEC NP 27033
    Information technology -- IT Network security.Stage:10.99

  • ISO/IEC CD 27033-1
    Information technology -- Security techniques -- IT network security -- Part 1: Guidelines for network security. Stage:30.60

  • ISO/IEC WD 27033-2
    Information technology -- Security techniques -- IT network security -- Part 2: Guidelines for the design and implementation of network security. Stage:20.60

  • ISO/IEC WD 27033-3
    Information technology -- Security techniques -- IT network security -- Part 3: Reference networking scenarios -- Risks, design techniques and control issues. Stage:20.60

  • ISO/IEC NP 27033-4
    Information technology -- Security techniques -- IT network security -- Part 4: Securing communications between networks using security gateways - Risks, design techniques and control issues. Stage:10.99

  • ISO/IEC NP 27033-5
    Information technology -- Security techniques -- IT network security -- Part 5: Securing Remote Access - Risks, design techniques and control issues. Stage:10.99

  • ISO/IEC NP 27033-6
    Information technology -- Security techniques -- IT network security -- Part 6: Securing communications across networks using Virtual Private Networks (VPNs) -- Risks, design techniques and control issues. Stage:10.99

  • ISO/IEC NP 27033-7
    Information technology -- Security techniques -- IT network security -- Part 7: Guidelines for securing (specific networking technology topic heading(s) to be inserted3) -- Risks, design techniques and control issues. Stage:10.99

  • ISO/IEC NP 27034
    Guidelines for application security. Stage:10.99

  • ISO/IEC NP 27037
    Information technology - Security techniques -- on Information security management: Sector to sector interworking and communications for industry and government . Stage:10.99


El detalle de los diferentes escalones dentro de cada nivel o stage lo podéis consultar en Stages ISO.
Publicado por No hay comentarios:
Etiquetas:
Suscribirse a: Entradas (Atom)