- ISBN:9787115558671
- 装帧:平装
- 册数:暂无
- 重量:暂无
- 开本:16开
- 页数:268
- 出版时间:2021-03-01
- 条形码:9787115558671 ; 978-7-115-55867-1
本书特色
This book introduces the China Cybersecurity Classified Protection System (CCPS), covering its development, interpretation of the Cybersecurity Law of the People’s Republic of China, the underlying standards, and procedures in practice such as cybersecurity system classification level determination, registration, development and improvement, evaluation, supervision and inspection.
In this book, we analyze the implementation and practice of cybersecurity protection in China, and provide an interpretation of the existing cybersecurity related laws, regulations and standards. The purpose of this book is to serve the training and implementation needs of foreign organizations, including companies along the Belt and Road Initiatives, in establishing their cybersecurity protection in line with the requirements of China Cybersecurity Classified Protection System.
内容简介
This book introduces the China Cybersecurity Classified Protection System (CCPS), covering its development, interpretation of the Cybersecurity Law of the People’s Republic of China, the underlying standards, and procedures in practice such as cybersecurity system classification level determination, registration, development and improvement, evaluation, supervision and inspection. In this book, we analyze the implementation and practice of cybersecurity protection in China, and provide an interpretation of the existing cybersecurity related laws, regulations and standards. The purpose of this book is to serve the training and implementation needs of foreign organizations, including companies along the Belt and Road Initiatives, in establishing their cybersecurity protection in line with the requirements of China Cybersecurity Classified Protection System.
目录
Part Ⅰ Interpretation of Cybersecurity Classified
Protection System of China 1
Chapter 1 Development of China Cybersecurity Classified Protection System 2
1.1 Establishment of Computer Information Systems Security Protection System 2
1.2 Establishment of Information Security Classified Protection System 3
1.3 Establishment of Cybersecurity Classified Protection System 5
Chapter 2 Interpretation of the Cybersecurity Law 6
2.1 Cybersecurity Obligations and Primary Tasks 6
2.2 Division of Responsibilities and Related Obligations 12
2.3 National Cybersecurity Classified Protection System 14
2.4 Basic Responsibilities and Obligations of Network Operators 15
2.5 Operation Security of Critical Information Infrastructure 19
2.6 Network Data and Information Security 25
2.7 Monitoring, Early Warning, and Emergency Response 28
2.8 Acts Prohibited and Legal Responsibility 32
Chapter 3 Interpretation of Cybersecurity Classified Protection System of China 47
3.1 Policies on Cybersecurity Classified Protection 47
3.1.1 General Policy Documents 47
3.1.2 Policy Document of Classified Protection Specific Stages 48
3.2 Basic Concept of Cybersecurity Classified Protection 50
3.2.1 Legal Basis for Carrying Out Cybersecurity Classified Protection 50
3.2.2 Policy Basis for Carrying Out Cybersecurity Classified Protection 51
3.2.3 What is Cybersecurity Classified Protection 54
3.2.4 Division and Supervision of Security Protection Levels 56
3.2.5 Critical Information Infrastructure Protection 58
3.3 Main Contents of the Cybersecurity Classified Protection System 59
3.3.1 Organization Structure of Cybersecurity Classified Protection 59
3.3.2 Main Stages and Basic Requirements of Classified Protection 61
3.3.3 Security Management of Evaluation 65
3.3.4 Network Products and Security Service Requirements 66
Table of Contents
Interpretation and Implementation of Cybersecurity Classified Protection System in China
viii
3.3.5 Monitoring, Early Warning and Information Reporting 66
3.3.6 Data Security Protection 68
3.3.7 Emergency Disposal Requirements 68
3.3.8 Evaluation Requirements 69
3.3.9 Risk Control of New Technology and New Application 69
3.3.10 Supervision and Administration of Cybersecurity Classified Protection Practices 69
Chapter 4 Interpretation of Cybersecurity Classified Protection Standards of China 72
4.1 Cybersecurity Classified Protection Standards Framework 72
4.2 Relationship between Relevant Standards and Different Stages of Classified Protection 73
4.2.1 Basic Standards 73
4.2.2 Classification 73
4.2.3 Security Requirements 74
4.2.4 Methodology and Guidance 75
4.2.5 Status Analysis 76
4.3 Issues Need Attentions for the Application of Relevant Standards 77
4.4 Brief Description of Main Standards on Cybersecurity Classified Protection 77
4.4.1 Classified Criteria for Security Protection of Computer Information System
(GB 17859—1999) 78
4.4.2 Implementation Guide for Classified Protection of Cybersecurity (GB/T 25058—2019) 78
4.4.3 Testing and Evaluation Process Guide for Classified Protection of Cybersecurity
(GB/T 28449—2018) 79
Part Ⅱ Implementation of Cybersecurity Classified Protection
System of China 81
Chapter 5 Classification of Cybersecurity Classified Protection 82
5.1 Classification of Security Protection Levels 82
5.1.1 Principle of Classification 82
5.1.2 Security Protection Levels of Network 82
5.1.3 Classification Factors of Cybersecurity Protection Level 83
5.1.4 Protection and Supervision of the Five Levels 84
5.2 Procedures of Classification 84
5.2.1 Determine the Classification Object 85
5.2.2 Determine the Security Protection Level of Network 87
5.2.3 Expert Reviews of Cybersecurity Protection Level 88
5.2.4 Examination of Cybersecurity Protection Level 88
5.2.5 Public Security Authorities Examine the Security Protection Level of Network 89
Table of Contents
ix
5.3 How to Determine the Security Protection Level of Network 89
5.3.1 How to Understand the Five Security Protection Levels of Network 89
5.3.2 General Process of Network Classification 90
Chapter 6 Registration of Cybersecurity Classified Protection 92
6.1 Registration and Acceptance 92
6.2 Public Security Authorities Accept Network Registration 94
6.3 Treatment for Inaccurate Level and Non-registration 95
6.4 Public Security Authorities’ Guidance on Network Classification and Registration 95
Chapter 7 Development and Improvement of Cybersecurity Classified Protection 96
7.1 Objective and Content 96
7.1.1 Objective 96
7.1.2 Scope and Characteristics 96
7.1.3 Contents 97
7.1.4 Cybersecurity Protection Capability Objective 99
7.2 Methods and Processes 101
7.2.1 Methods 101
7.2.2 Processes 102
7.3 Security Management System Development 103
7.3.1 Implementing Cybersecurity Responsibility System 103
7.3.2 Cybersecurity Management Status Analysis 103
7.3.3 Formulating Security Management Strategy and System 104
7.3.4 Conducting Security Management Measures 104
7.3.5 Security Self-Inspection and Adjustment 107
7.4 Security Technology Measures Development 107
7.4.1 Security Protection Technology Status Analysis of Network 107
7.4.2 Designing of Cybersecurity Technology Development and Improvement Plan 108
7.4.3 Implementation and Management of Security Development and Improvement Engineering 110
7.4.4 Elements of Cybersecurity Development and Improvement Plan 111
7.5 Selection and Use of Information Security Products 112
7.5.1 Selecting the Information Security Products Licensed for Sale 112
7.5.2 Multilevel Testing and Use of Products 112
7.5.3 Issues Related to Information Security Products Used in Networks at or Above Level Ⅲ 113
7.5.4 Issues Related to the Commercial Cryptography Products Used in Networks at
or above Level Ⅲ 114
7.6 Selecting the Development Service Organization of Cybersecurity Classified Protection 115
Chapter 8 Level Evaluation of Cybersecurity Classified Protection 117
8.1 Overview of Level Evaluation 117
Interpretation and Implementation of Cybersecurity Classified Protection System in China
x
8.1.1 Basic Connotation of Level Evaluation 117
8.1.2 Goals of Level Evaluation 118
8.1.3 When Should We Carry Out Level Evaluation 118
8.1.4 Business Scope of Level Evaluation Organizations 119
8.1.5 Standards of Level Evaluation 119
8.1.6 Development of Level Evaluation Business 120
8.1.7 Notes on the Application of Level Evaluation Standards 123
8.2 Management and Supervision of Level Evaluation Organizations and Personnel 123
8.2.1 Why Need to Develop the Level Evaluation System 123
8.2.2 Management of Evaluation Organizations and Personnel 124
8.2.3 Business Scope and Work Requirements of Evaluation Organizations 125
8.3 Risk Control of Level Evaluation 125
8.3.1 Existing Risks 125
8.3.2 Risk Aversion 126
8.4 Evaluation Reports 127
Chapter 9 Supervision and Inspection of Cybersecurity Classified Protection 128
9.1 Regular Self-Inspection and Supervision 128
9.1.1 Regular Self-inspection of Registration Organizations 128
9.1.2 Supervision and Inspection of Industry Competent Departments 128
9.2 Supervision and Inspection of Public Security Authorities 129
9.2.1 Principles and Methods 129
9.2.2 Main Contents of Inspection 129
9.2.3 Inspection and Improvement Requirements 130
9.2.4 Inspection Requirements 130
9.2.5 Incidents Investigation 131
9.3 Supervision and Management of Network Service Organizations 131
Part Ⅲ Appendices 133
Appendix A Cybersecurity Law of the People’s Republic of China 134
Appendix B The Cryptography Law of the People’s Republic of China 150
Appendix C Regulations of the People’s Republic of China on the Protection of Computer
Information System Security 159
Appendix D Administration Measures for Information Security Classified Protection 163
Appendix E Regulations for the Cybersecurity Classified Protection 176
Appendix F Specifications on Information Security Classified Protection Inspection of
Public Security Authorities (Trial) 194
Table of Contents
xi
Appendix G Administration Measures for Cybersecurity Classified Protection
Evaluation Organizations 200
Appendix H Interpretation of Classification Guide for Classified Protection of
Cybersecurity (GB/T 22240—2020) 211
Appendix I Interpretation of Baseline for Classified Protection of Cybersecurity
(GB/T 22239—2019) 218
Appendix J Interpretation of Technical Requirements of Security Design for
Classified Protection of Cybersecurity (GB/T 25070—2019) 235
Appendix K Interpretation of Evaluation Requirement for Classified Protection of
Cybersecurity (GB/T 28448—2019) 259
Glossary of Classified Protection Terms 265
作者简介
Mr. Guo Qiquan,chief engineer and vice director at the Cybersecurity Protection Bureau of the Ministry of Public Security, P. R. China. Mr. Wang Xinjie, general manager of Beijing Powertime Co., Ltd. He has been engaged in network and information security since 1999 and has specialized in in information security management systems consulting and auditing, information system auditing, information security risk management and business continuity management. Since 2002, he has been engaged in the Chinese mirror committee to ISO/IEC JTC1/SC27, SAC/TC 260. As a member of TC 260 has been involved in the development of many Chinese information security national standards. He has been actively involved in the work of SC27/WG1 since 2007, and he is currently the member of the SC27/AG01(Management Advisory Group). During this time, he has taken part in all of the working group meetings of WG1 including many of the SC27 Plenary meetings, giving him a broader management perspective of the sub-committee and its technical work. His technical work in WG1 has included the work on the ISO/IEC 27000 family of standards, such ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27005. In 2007, he was the co-editor of ISO/IEC 27007. He established and currently runs the China authorized agency of (ISC)2, and is also a member of RAISE (Regional Asia Information Security Exchange Forum)
-
有限与无限的游戏:一个哲学家眼中的竞技世界
¥37.4¥68.0 -
全图解零基础word excel ppt 应用教程
¥12.0¥48.0 -
机器学习
¥59.4¥108.0 -
深度学习的数学
¥43.5¥69.0 -
智能硬件项目教程:基于ARDUINO(第2版)
¥37.7¥65.0 -
硅谷之火-人与计算机的未来
¥14.3¥39.8 -
元启发式算法与背包问题研究
¥38.2¥49.0 -
AI虚拟数字人:商业模式+形象创建+视频直播+案例应用
¥62.9¥89.8 -
UNIX环境高级编程(第3版)
¥164.9¥229.0 -
剪映AI
¥52.8¥88.0 -
深度学习高手笔记 卷2:经典应用
¥90.9¥129.8 -
纹样之美:中国传统经典纹样速查手册
¥77.4¥109.0 -
UG NX 12.0数控编程
¥24.8¥45.0 -
MATLAB计算机视觉与深度学习实战(第2版)
¥90.9¥128.0 -
界面交互设计理论研究
¥30.8¥56.0 -
UN NX 12.0多轴数控编程案例教程
¥25.8¥38.0 -
微机组装与系统维护技术教程(第二版)
¥37.8¥43.0 -
明解C语言:实践篇
¥62.9¥89.8 -
Linux服务器架设实战(Linux典藏大系)
¥84.5¥119.0 -
Visual Basic 语言程序设计基础(第6版)
¥32.0¥45.0