Basic concepts of information security graded protection, classification of information security grades, graded protection evaluation, implementation process, required materials

Enterprise 2023-05-04 22:45:36 views: null

Basic concepts of information security level protection

Information security level protection is the basic system of national information security guarantee

Network security graded protection refers to the implementation of graded protection and graded supervision of networks (including information systems and data).

Information system security level evaluation is an evaluation process to verify whether an information system meets the corresponding security protection level. Information security level protection requires that information systems with different security levels should have different security protection capabilities.

Classification of information security

At present, according to the importance of the network, information system, data and information on the network, it is divided into five security protection levels, from level one to level five, which are gradually enhanced. Different levels of networks, information systems, and data on the network should have different security protection measures.

first level

After the information system is destroyed, it will cause damage to the legitimate rights and interests of citizens, legal persons and other organizations, but will not damage national security, social order and public interest.

second level

After the information system is destroyed, it will seriously damage the legitimate rights and interests of citizens, legal persons and other organizations, or cause damage to social order and public interests, but will not damage national security.

third level

After the information system is destroyed, it will cause serious damage to social order and public interests, or cause damage to national security.

fourth level

After the information system is destroyed, it will cause particularly serious damage to social order and public interests, or cause serious damage to national security.

fifth level

When an information system is compromised, it can cause particularly serious damage to national security.

Why is information level protection assessment required?

one's own safety

Information system operators and users can discover potential safety hazards and deficiencies within the system by carrying out hierarchical protection work, and can improve the system's security protection capabilities through security rectification and reduce the risk of being attacked.

strengthen competition

When the information system operation unit provides business services to external customers, it can demonstrate the security commitment of the information system to customers and stakeholders through the assessment of equal protection, and enhance the confidence of customers, partners and stakeholders.

by law

The "Network Security Law" and the "Measures for the Administration of Leveled Protection of Information Security" clearly stipulate that information system operators and users should perform security protection obligations in accordance with the requirements of the network security level protection system. If they refuse to do so, they will be punished accordingly.

Information level protection implementation process

1. System Rating

According to the requirements of the superior competent department, the actual situation of the industry and its own business conditions, and in accordance with relevant laws and policies, prepare a grading report and fill in the grading filing form.

2. System filing

After completing the grading record form, submit the grading materials to the public security organ for record review.

3. Construction rectification

Conduct research on the system, carry out gap assessment, carry out copywriting design in accordance with relevant national standards, complete the corresponding equipment procurement and adjustment, strategy configuration and debugging, and improve the management system.

4. System Evaluation

Invite the local evaluation agency to conduct a comprehensive evaluation of the system, and obtain a qualified evaluation report after passing the evaluation and scoring, and finally obtain a graded protection record certificate.

5. Supervision and inspection

The system is continuously improved and optimized, and annual inspections are carried out in accordance with relevant requirements (the second-level system is evaluated and inspected every 2 years, and the third-level system is inspected once a year).

Materials required for information security level protection assessment

01. Filing form and grading report;
02. Emergency contact registration form for classified network security protection;
03. "Information Security Work Management System";
04. List of security products used in the system, certification, and sales license;
05. Unit topology map and instructions;
06. Expert review opinions.

Guess you like

Origin blog.csdn.net/a913222/article/details/130486895
Recommended
Ranking
Linux关机和重启详解(shutdown、halt、poweroff、reboot、init)
Netty work notes 0007---NIO's three core component relationships
Knife4j tutorial
2021.10.29,内容:什么时候用接口和抽象类
How to solve the problem that changing the memory frequency causes the computer to become unusable?
SpringMVC Tutorial - Controller
linux learning skills -Linux 25 transport Vega paid special privileges and facl extension
Financial quarterly report evaluation report data automatic generation 1.0
Agile Development Series - The Values of Agile Development
scrapy achieve browsercookie Middleware
Daily
More
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)

Code World

© 2018 codetd.com