Information Security Fundamentals
Definition of Information Security
Confidentiality, Integrity and Availability are the three cornerstones of information security.
Five levels of information protection.
| Guarantee registration | Applicable information system and industry | Degree of infringement after the destruction of the information system |
|---|---|---|
| The first level (autonomous protection level) | Generally applicable to small private enterprises, individual enterprises, primary and secondary schools, township-owned information systems, and general information systems in county-level units. | After the information system is damaged, it will cause damage to the lawful rights and interests of citizens, legal persons and other organizations, but will not damage national security, social order and public interests. |
| Level 2 (Guide protection level) | Generally applicable to important information systems in other units at the county level; general information systems in state agencies and enterprises and institutions at or above the prefecture level. For example, office systems and management systems that do not involve work secrets, trade secrets, and sensitive information. | After the information system is damaged, it will cause serious damage to the legitimate rights and interests of citizens, legal persons, and other organizations, or cause damage to social order and public interests, but does not harm national security. |
| Level 3 (Supervision and Protection Level) | Generally applicable to important internal information systems of state agencies, enterprises, and institutions at or above the prefecture and city level, such as office systems and management systems involving work secrets, trade secrets, and sensitive information; inter-provincial or national networking operations for production, scheduling, Important information systems for management, command, operation, control, etc., as well as branch systems of such systems in provinces, prefectures and cities; central ministries and commissions, provincial (regional, municipal) portals and important websites; inter-provincial network systems, etc. | After the information system is damaged, it will cause serious damage to social order and public interests, or cause damage to national security. |
| The fourth level (mandatory protection level) | Generally applicable to important areas of the country, particularly important systems in important departments, and core systems. For example, power, telecommunications, radio and television, railways, civil aviation, banking, taxation and other important departmental production, dispatch, command and other core systems related to national security, national economy and people's livelihood. | After the information system is damaged, it will cause particularly serious damage to social order and public interests, or cause serious damage to national security. |
| The fifth level (special control protection level) | Generally applicable to extremely important systems in important fields and departments of the country. | After the information system is damaged, it will cause particularly serious damage to national security. Classification criteria and classification of information system security grade protection |
Physical security
cyber security
(1) Network attacks: DDOS, ARP, etc.
(2) Network security needs: architecture security, transmission encryption, access control and intrusion prevention
Host security
need:
Identity authentication, access control, security audit, resource control, malicious code prevention
Application security
need:
Identity authentication, access control, security audit, software fault tolerance, resource control
Data Security
Data security needs: data confidentiality, data backup, personal information protection, data integrity