书籍详情

中国网络安全等级保护制度理解与实施(英文版)

中国网络安全等级保护制度理解与实施(英文版)

作者:Guo Qiquan 著

出版社:人民邮电出版社

出版时间:2021-03-01

ISBN:9787115558671

定价:¥99.80

购买这本书可以去
内容简介
  This book introduces the China Cybersecurity Classified Protection System (CCPS), covering its development, interpretation of the Cybersecurity Law of the People’s Republic of China, the underlying standards, and procedures in practice such as cybersecurity system classification level determination, registration, development and improvement, evaluation, supervision and inspection.In this book, we analyze the implementation and practice of cybersecurity protection in China, and provide an interpretation of the existing cybersecurity related laws, regulations and standards. The purpose of this book is to serve the training and implementation needs of foreign organizations, including companies along the Belt and Road Initiatives, in establishing their cybersecurity protection in line with the requirements of China Cybersecurity Classified Protection System.
作者简介
  Mr. Guo Qiquan,chief engineer and vice director at the Cybersecurity Protection Bureau of the Ministry of Public Security, P. R. China.Mr. Wang Xinjie, general manager of Beijing Powertime Co., Ltd. He has been engaged in network and information security since 1999 and has specialized in in information security management systems consulting and auditing, information system auditing, information security risk management and business continuity management. Since 2002, he has been engaged in the Chinese mirror committee to ISO/IEC JTC1/SC27, SAC/TC 260. As a member of TC 260 has been involved in the development of many Chinese information security national standards.He has been actively involved in the work of SC27/WG1 since 2007, and he is currently the member of the SC27/AG01(Management Advisory Group). During this time, he has taken part in all of the working group meetings of WG1 including many of the SC27 Plenary meetings, giving him a broader management perspective of the sub-committee and its technical work. His technical work in WG1 has included the work on the ISO/IEC 27000 family of standards, such ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27005. In 2007, he was the co-editor of ISO/IEC 27007.He established and currently runs the China authorized agency of (ISC)2, and is also a member of RAISE (Regional Asia Information Security Exchange Forum)
目录
Table of Contents
Part Ⅰ Interpretation of Cybersecurity Classified
Protection System of China 1
Chapter 1 Development of China Cybersecurity Classified Protection System 2
1.1 Establishment of Computer Information Systems Security Protection System 2
1.2 Establishment of Information Security Classified Protection System 3
1.3 Establishment of Cybersecurity Classified Protection System 5
Chapter 2 Interpretation of the Cybersecurity Law 6
2.1 Cybersecurity Obligations and Primary Tasks 6
2.2 Division of Responsibilities and Related Obligations 12
2.3 National Cybersecurity Classified Protection System 14
2.4 Basic Responsibilities and Obligations of Network Operators 15
2.5 Operation Security of Critical Information Infrastructure 19
2.6 Network Data and Information Security 25
2.7 Monitoring, Early Warning, and Emergency Response 28
2.8 Acts Prohibited and Legal Responsibility 32
Chapter 3 Interpretation of Cybersecurity Classified Protection System of China 47
3.1 Policies on Cybersecurity Classified Protection 47
3.1.1 General Policy Documents 47
3.1.2 Policy Document of Classified Protection Specific Stages 48
3.2 Basic Concept of Cybersecurity Classified Protection 50
3.2.1 Legal Basis for Carrying Out Cybersecurity Classified Protection 50
3.2.2 Policy Basis for Carrying Out Cybersecurity Classified Protection 51
3.2.3 What is Cybersecurity Classified Protection 54
3.2.4 Division and Supervision of Security Protection Levels 56
3.2.5 Critical Information Infrastructure Protection 58
3.3 Main Contents of the Cybersecurity Classified Protection System 59
3.3.1 Organization Structure of Cybersecurity Classified Protection 59
3.3.2 Main Stages and Basic Requirements of Classified Protection 61
3.3.3 Security Management of Evaluation 65
3.3.4 Network Products and Security Service Requirements 66
Table of Contents
Interpretation and Implementation of Cybersecurity Classified Protection System in China
viii
3.3.5 Monitoring, Early Warning and Information Reporting 66
3.3.6 Data Security Protection 68
3.3.7 Emergency Disposal Requirements 68
3.3.8 Evaluation Requirements 69
3.3.9 Risk Control of New Technology and New Application 69
3.3.10 Supervision and Administration of Cybersecurity Classified Protection Practices 69
Chapter 4 Interpretation of Cybersecurity Classified Protection Standards of China 72
4.1 Cybersecurity Classified Protection Standards Framework 72
4.2 Relationship between Relevant Standards and Different Stages of Classified Protection 73
4.2.1 Basic Standards 73
4.2.2 Classification 73
4.2.3 Security Requirements 74
4.2.4 Methodology and Guidance 75
4.2.5 Status Analysis 76
4.3 Issues Need Attentions for the Application of Relevant Standards 77
4.4 Brief Description of Main Standards on Cybersecurity Classified Protection 77
4.4.1 Classified Criteria for Security Protection of Computer Information System
(GB 17859—1999) 78
4.4.2 Implementation Guide for Classified Protection of Cybersecurity (GB/T 25058—2019) 78
4.4.3 Testing and Evaluation Process Guide for Classified Protection of Cybersecurity
(GB/T 28449—2018) 79
Part Ⅱ Implementation of Cybersecurity Classified Protection
System of China 81
Chapter 5 Classification of Cybersecurity Classified Protection 82
5.1 Classification of Security Protection Levels 82
5.1.1 Principle of Classification 82
5.1.2 Security Protection Levels of Network 82
5.1.3 Classification Factors of Cybersecurity Protection Level 83
5.1.4 Protection and Supervision of the Five Levels 84
5.2 Procedures of Classification 84
5.2.1 Determine the Classification Object 85
5.2.2 Determine the Security Protection Level of Network 87
5.2.3 Expert Reviews of Cybersecurity Protection Level 88
5.2.4 Examination of Cybersecurity Protection Level 88
5.2.5 Public Security Authorities Examine the Security Protection Level of Network 89
Table of Contents
ix
5.3 How to Determine the Security Protection Level of Network 89
5.3.1 How to Understand the Five Security Protection Levels of Network 89
5.3.2 General Process of Network Classification 90
Chapter 6 Registration of Cybersecurity Classified Protection 92
6.1 Registration and Acceptance 92
6.2 Public Security Authorities Accept Network Registration 94
6.3 Treatment for Inaccurate Level and Non-registration 95
6.4 Public Security Authorities’ Guidance on Network Classification and Registration 95
Chapter 7 Development and Improvement of Cybersecurity Classified Protection 96
7.1 Objective and Content 96
7.1.1 Objective 96
7.1.2 Scope and Characteristics 96
7.1.3 Contents 97
7.1.4 Cybersecurity Protection Capability Objective 99
7.2 Methods and Processes 101
7.2.1 Methods 101
7.2.2 Processes 102
7.3 Security Management System Development 103
7.3.1 Implementing Cybersecurity Responsibility System 103
7.3.2 Cybersecurity Management Status Analysis 103
7.3.3 Formulating Security Management Strategy and System 104
7.3.4 Conducting Security Management Measures 104
7.3.5 Security Self-Inspection and Adjustment 107
7.4 Security Technology Measures Development 107
7.4.1 Security Protection Technology Status Analysis of Network 107
7.4.2 Designing of Cybersecurity Technology Development and Improvement Plan 108
7.4.3 Implementation and Management of Security Development and Improvement Engineering 110
7.4.4 Elements of Cybersecurity Development and Improvement Plan 111
7.5 Selection and Use of Information Security Products 112
7.5.1 Selecting the Information Security Products Licensed for Sale 112
7.5.2 Multilevel Testing and Use of Products 112
7.5.3 Issues Related to Information Security Products Used in Networks at or Above Level Ⅲ 113
7.5.4 Issues Related to the Commercial Cryptography Products Used in Networks at
or above Level Ⅲ 114
7.6 Selecting the Development Service Organization of Cybersecurity Classified Protection 115
Chapter 8 Level Evaluation of Cybersecurity Classified Protection 117
8.1 Overview of Level Evaluation 117
Interpretation and Implementation of Cybersecurity Classified Protection System in China
x
8.1.1 Basic Connotation of Level Evaluation 117
8.1.2 Goals of Level Evaluation 118
8.1.3 When Should We Carry Out Level Evaluation 118
8.1.4 Business Scope of Level Evaluation Organizations 119
8.1.5 Standards of Level Evaluation 119
8.1.6 Development of Level Evaluation Business 120
8.1.7 Notes on the Application of Level Evaluation Standards 123
8.2 Management and Supervision of Level Evaluation Organizations and Personnel 123
8.2.1 Why Need to Develop the Level Evaluation System 123
8.2.2 Management of Evaluation Organizations and Personnel 124
8.2.3 Business Scope and Work Requirements of Evaluation Organizations 125
8.3 Risk Control of Level Evaluation 125
8.3.1 Existing Risks 125
8.3.2 Risk Aversion 126
8.4 Evaluation Reports 127
Chapter 9 Supervision and Inspection of Cybersecurity Classified Protection 128
9.1 Regular Self-Inspection and Supervision 128
9.1.1 Regular Self-inspection of Registration Organizations 128
9.1.2 Supervision and Inspection of Industry Competent Departments 128
9.2 Supervision and Inspection of Public Security Authorities 129
9.2.1 Principles and Methods 129
9.2.2 Main Contents of Inspection 129
9.2.3 Inspection and Improvement Requirements 130
9.2.4 Inspection Requirements 130
9.2.5 Incidents Investigation 131
9.3 Supervision and Management of Network Service Organizations 131
Part Ⅲ Appendices 133
Appendix A Cybersecurity Law of the People’s Republic of China 134
Appendix B The Cryptography Law of the People’s Republic of China 150
Appendix C Regulations of the People’s Republic of China on the Protection of Computer
Information System Security 159
Appendix D Administration Measures for Information Security Classified Protection 163
Appendix E Regulations for the Cybersecurity Classified Protection 176
Appendix F Specifications on Information Security Classified Protection Inspection of
Public Security Authorities (Trial) 194
Table of Contents
xi
Appendix G Administration Measures for Cybersecurity Classified Protection
Evaluation Organizations 200
Appendix H Interpretation of Classification Guide for Classified Protection of
Cybersecurity (GB/T 22240—2020) 211
Appendix I Interpretation of Baseline for Classified Protection of Cybersecurity
(GB/T 22239—2019) 218
Appendix J Interpretation of Technical Requirements of Security Design for
Classified Protection of Cybersecurity (GB/T 25070—2019) 235
Appendix K Interpretation of Evaluation Requirement for Classified Protection of
Cybersecurity (GB/T 28448—2019) 259
Glossary of Classified Protection Terms 265
猜您喜欢

读书导航