ISO/IEC 18028-1:2006 provides detailed guidance on the security aspects of the management, operation and use of information technology (IT) networks, and their interconnections.
It defines and describes the concepts associated with, and provides management guidance on, network security - including on how to identify and analyse the communications-related factors to be taken into account to establish network security requirements, with an introduction to the possible control areas and the specific technical areas (dealt with in subsequent parts of ISO/IEC 18028). It is relevant to anyone who owns, operates or uses a network. This includes senior managers and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security and/or network security, network operation, or who are responsible for an organization's overall security programme and security policy development.
The general objective of ISO/IEC 18028 is to extend the security management guidelines provided in ISO/IEC TR 13335 and ISO/IEC 17799 by detailing the specific operations and mechanisms needed to implement network security controls in a wider range of network environments, providing a bridge between general IT security management issues and network security technical implementations.