With the implementation, network level protection system Security Act of 2017 rose to law.
[Regulations]
, "People's Republic of China Network Security Law" in the June 1, 2017 implementation, network infrastructure as a legal security, Article 21 clearly defines the "national implementation of network security protection system, in accordance with the requirements of network operators should network security protection system requirements to fulfill security obligations "; Article 31 provides that" for the nation's critical information infrastructure, on the basis of network security protection system, based on special protection. " Level protection system today has risen to the law, and established the basis for its central position in the field of network security at the legal level, as the industry puts it, and so do the insurance is illegal.
Network operators should be in accordance with the requirements of the network security level protection system, perform the following security duty - to protect networks from interference, destruction or unauthorized access to the network to prevent data leakage or stolen, tampered with.
[Main Content]
network security law defined the core level of protection.
Including:
(1) the definition of critical information infrastructure:
Article 31 national public communication and information services, energy, transportation, water conservancy, finance, public services, e-government and other important industries and fields, and once destroyed, data leakage or loss of function, may seriously harm the national security of critical information infrastructure, people's livelihood, public interest, on the basis of network security protection system, based on special protection. Specific scope and safety measures to protect critical information infrastructures by the State Council.
(2) the obligation to protect the security of critical information infrastructure
Article 34 operators set up specialized agencies and the person in charge of education and training network security, disaster recovery, contingency plans and drills.
Article 59 The operators refuse to correct or cause harm to network security, a fine of 10-100 million people directly responsible for fine 1-10 million.
(3) sensitive information stored
personal information and important data was collected within Article 37 should be stored in the territory. Really necessary to overseas provided safety assessment should be carried out.
Article 66 violation of the provisions of the operator, confiscate the illegal income, a fine of 5-50 million, license suspension, a fine person directly responsible 1-10 million.
(4) the risk of detection and evaluation
Article 38 operators organize at least once a year to detect security risk assessment, and to assess the situation and report to relevant departments improvement measures.
We always say there are five defined action level of protection that classification, filing, construction rectification, classified evaluation and supervision.
The most important aspect is the level of information system security assessment, which is used to verify information system can not meet the appropriate level of security protection, includes security control assessment and evaluation of the overall system of two levels: the level of security protection since the information of different security levels of information system requirements should have different security protection, on the one hand by the choice of control measures and to adapt the security level in the security and safety management technology to achieve; on the other hand these various security controls, act on the information systems, making information system close correlation between the overall structure of the security features and information systems as well as different levels of security. 
Standard [five]
(1) the first stage of the lowest security level, affecting only the internal organization and individuals. Specifically, the first level refers to the destruction of information systems, will citizens, legal persons and other organizations of the legitimate rights and interests cause damage, but does not harm national security, social order and the public interest. This level of information systems operated by using the unit for protection in accordance with relevant national management practices and technical standards.
(2) a second stage, after the destruction of information systems, will citizens, legal persons and other organizations of the legitimate rights and interests have serious damage, or damage to the social order and the public interest without compromising national security. In addition to this level requires information systems operation, and use of protection in accordance with relevant national management practices and technical standards, but also the needs of national information security regulatory authorities for the information systems security level information protection guidance.
(3) The third stage, after the destruction of the information system, social order and the public interest would cause serious damage, or damage to the national security. Information system operators, the use of units should be protected in accordance with relevant national management practices and technical standards. National information security regulatory authorities the information systems of information security protection work supervise and inspect.
(4) the fourth grade, after the destruction of the information system, social order and the public interest would be especially serious harm, or cause serious damage to national security. Information system operators, the use of units should be based on relevant national management practices, technical standards and business needs special protection. National information security regulatory authorities for the information security level information systems protection mandatory supervision and inspection.
(5) the fifth grade, the information system is damaged, would cause particularly serious damage to national security. Information system operation, the unit should be based on the use of national management standards, technical standards and business security needs special protection. Countries designated a special department for the information systems of information security protection work of special supervision and inspection.
The main areas covered]
1, government agencies;
2, banking, securities, insurance and other financial institutions;
3, telecommunications, postal system;
4, the press, publishing, radio and television units;
5, electricity, gas, coal and other energy organizations;
6, aviation, railways, waterways and other transportation companies;
7, national key project construction unit;
8, focusing on research, education institutions;
9, medical, consumer, emergency and other organizations;
10, a large electricity providers, P2P, payments, consumer finance and other large data processing company;
11, large-scale information technology R & D enterprise;
[trend]
1, the national level in order to promote information security system, now into the secure implementation of the basic, from the telecommunications industry, network and information security protection work by the end of 2019 basically universal;
2, user information security has become a point of most concern to consumers, the level of protection testing standards to enhance the competitiveness of unit operations, but also for user data desperate criminals enhance the cost of crime;
3, the next 2 years, the Internet has become big business and the basic standard enterprise data, improve the market access threshold.
[] Focus detection
1, host security;
2, network security;
3, network equipment protection;
4, application security;
5, data security;
6, the safety management system;
7, system contingency plans;
Sweep the two-dimensional code pattern above, plus my micro-channel Learn More