The implementation guidance for practicing network isolation by referring to ISO-17799 standard

In these years, the company budgets are raised dramatically for eliminating the security problems or mitigating the security risks in companies, but the numbers of incidents happening on computer systems in intranet or internet are still increasing. Many researchers proposed the way–to isolate the computers storing sensitive information for preventing information on these computers revealed or vulnerability on these computers exploited. However, there are few materials available for implementing network isolation. In this paper, we define ways of network isolation, “physical isolation” and “logical isolation”. In ISO-17799, there is no implementation guidance for practicing network logical isolation but auditing network physical isolation. This paper also provides the implementation guidance of network isolation in two aspects. One is for the technique viewpoints. The other aspect is for management viewpoints. These proposed implementation outlines and security measures will be considered in revising the security plan, “The Implementation Plan for Information Security Level in Government Departments” [“The implementation plan for information security level in government departments,” National Information and Communication Security Taskforce, Taiwan R.O.C., Programs, Jul. 20 2005].