ANSI-ISO-IEC-TR-13335-5-2001.pdf
《ANSI-ISO-IEC-TR-13335-5-2001.pdf》由会员分享,可在线阅读,更多相关《ANSI-ISO-IEC-TR-13335-5-2001.pdf(38页珍藏版)》请在三一文库上搜索。
1、 Reference number ISO/IEC TR 13335-5:2001(E) ISO/IEC 2001 TECHNICAL REPORT ISO/IEC TR 13335-5 First edition 2001-11-01 Information technology Guidelines for the management of IT Security Part 5: Management guidance on network security Technologies de linformation Lignes directrices pour la gestion d
2、e scurit IT Partie 5: Guide pour la gestion de scurit du rseau Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard.Adopted by INCITS (InterNational Committee for Information Technology Standards) as an American National Standard. Date of
3、ANSI Approval: 6/11/02 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2002 by Information Technology Industry Council (ITI). All rights reserved. These materials are subject to copyright claims of International Standardization Organization
4、 (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reproduced in any form, including an electronic retrieval system, without the prior written per
5、mission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/99
6、61031100 Not for Resale, 05/08/2007 21:00:35 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC TR 13335-5:2001(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not
7、be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe
8、is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO mem
9、ber bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. ISO/IEC 2001 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic
10、or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.ch Web
11、www.iso.ch Printed in Switzerland ii ISO/IEC 2001 All rights reserved Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 21:00:35 MDTNo reproduction or networking permitted without l
12、icense from IHS -,-,- ISO/IEC TR 13335-5:2001(E) ISO/IEC 2001 All rights reserved iii TABLE OF CONTENTS Forewordv Introduction vi 1.SCOPE1 2.REFERENCES1 3.DEFINITIONS2 4.ABBREVIATIONS2 5.STRUCTURE2 6.AIM3 7.OVERVIEW3 7.1Background3 7.2Identification Process3 8REVIEW CORPORATE IT SECURITY POLICY REQU
13、IREMENTS6 9REVIEW NETWORK ARCHITECTURES AND APPLICATIONS6 9.1Introduction6 9.2Types of Network7 9.3Network Protocols8 9.4Network Applications8 9.5Other Considerations8 10IDENTIFY TYPES OF NETWORK CONNECTION8 11REVIEW NETWORKING CHARACTERISTICS AND RELATED TRUST RELATIONSHIPS11 11.1Network Characteri
14、stics11 11.2Trust Relationships12 Copyright American National Standards Institute Provided by IHS under license with ANSI Licensee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 21:00:35 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC TR 133
15、35-5:2001(E) iv ISO/IEC 2001 All rights reserved 12DETERMINE THE TYPES OF SECURITY RISK13 13IDENTIFY APPROPRIATE POTENTIAL SAFEGUARD AREAS17 13.1Introduction17 13.2Secure Service Management18 13.2.1Introduction18 13.2.2Security Operating Procedures19 13.2.3Security Compliance Checking19 13.2.4 Secur
16、ity Conditions For Connection19 13.2.5Documented Security Conditions for Users of Network Services20 13.2.6Incident Handling20 13.3Identification and Authentication20 13.3.1Introduction20 13.3.2Remote Log-in20 13.3.3Authentication Enhancements21 13.3.4Remote System Identification21 13.3.5Secure Sing
17、le Sign-on22 13.4Audit Trails22 13.5Intrusion Detection23 13.6Protection Against Malicious Code24 13.7Network Security Management24 13.8Security Gateways25 13.9Data Confidentiality Over Networks26 13.10Data Integrity Over Networks26 13.11Non-Repudiation27 13.12 Virtual Private Networks28 13.13Busine
18、ss Continuity/Disaster Recovery28 14DOCUMENT AND REVIEW SECURITY ARCHITECTURE OPTIONS29 15PREPARE FOR THE ALLOCATION OF SAFEGUARD SELECTION, DESIGN, IMPLEMENTATION AND MAINTENANCE29 16SUMMARY29 Bibliography 31 Copyright American National Standards Institute Provided by IHS under license with ANSI Li
19、censee=USN Ship Repair Facility Yokosuka/9961031100 Not for Resale, 05/08/2007 21:00:35 MDTNo reproduction or networking permitted without license from IHS -,-,- ISO/IEC TR 13335-5:2001(E) ISO/IEC 2001 All rights reserved v Foreword ISO (the International Organization for Standardization) and IEC (t
20、he International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with parti
21、cular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have estab
22、lished a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 3. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint techni
23、cal committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. In exceptional circumstances, the joint technical committee may propose the publication of a Technical Report of one of the f
24、ollowing types: type 1, when the required support cannot be obtained for the publication of an International Standard, despite repeated efforts; type 2, when the subject is still under technical development or where for any other reason there is the future but not immediate possibility of an agreeme
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ANSI ISO IEC TR 13335 2001
链接地址:https://www.31doc.com/p-3730221.html