This part of GB/T25068 specifies an overview of network security and related definitions, defines and describes concepts related to network security and provides management guidance on network security (the network security in this part applies to information security transmitted through communication links , device security, and security of administrative activities related to devices, applications/services, and end users). Users of this section include anyone who owns, operates or uses a network, including senior managers and other non-technical managers or users, as well as those who have specific responsibilities for information security and/or network security, network operations, or those responsible for the organization Overall security plan and security policy development for responsible managers and administrators. In addition, everyone involved in the planning, design, and implementation of network security architecture aspects is included. This part also includes the following contents: --- Provides guidelines for identifying and analyzing network security risks, and defines network security requirements based on the above analysis; --- Provides an overview of supporting network technology security architecture and related technical controls, and not only Network-based technical and non-technical controls; ——Introduces how to achieve a high-quality network technical security architecture, as well as risk, design and control elements related to typical network scenarios and network "technical" areas (in other parts of GB/T 25068 Discussed in detail in Section 2), briefly discusses issues related to implementing and operating cybersecurity controls, and issues related to ongoing monitoring and review of their implementation. This part provides an overview of the GB/T 25068 series of standards and guidance to other parts.
GB/T 25068.1-2020 Referenced Document
ISO/IEC 27000 Information technology — Security techniques — Information security management systems — Overview and vocabulary
ISO/IEC 27001 Information security, cybersecurity and privacy protection - Information security management systems - Requirements*, 2022-10-25 Update
ISO/IEC 27002 Information security, cybersecurity and privacy protection — Information security controls*, 2022-02-15 Update
ISO/IEC 27005 Information security, cybersecurity and privacy protection - Guidance on managing information security risks*, 2022-10-25 Update
ISO/IEC 7498 Information processing systems; Open Systems Interconnection; basic reference model; Part 4: Management framework
GB/T 25068.1-2020 history
2020GB/T 25068.1-2020 Information technology—Security techniques—Network security—Part 1:Overview and concepts
2012GB/T 25068.1-2012 Information technology.Security techniques.IT network security.Part 1:Network security management