×
超值优惠券
¥50
100可用 有效期2天

全场图书通用(淘书团除外)

关闭
中国网络安全等级保护制度理解与实施 英文版

中国网络安全等级保护制度理解与实施 英文版

1星价 ¥77.8 (7.8折)
2星价¥77.8 定价¥99.8
暂无评论
图文详情
  • ISBN:9787115558671
  • 装帧:平装
  • 册数:暂无
  • 重量:暂无
  • 开本:16开
  • 页数:268
  • 出版时间:2021-03-01
  • 条形码:9787115558671 ; 978-7-115-55867-1

本书特色

This book introduces the China Cybersecurity Classified Protection System (CCPS), covering its development, interpretation of the Cybersecurity Law of the People’s Republic of China, the underlying standards, and procedures in practice such as cybersecurity system classification level determination, registration, development and improvement, evaluation, supervision and inspection.

In this book, we analyze the implementation and practice of cybersecurity protection in China, and provide an interpretation of the existing cybersecurity related laws, regulations and standards. The purpose of this book is to serve the training and implementation needs of foreign organizations, including companies along the Belt and Road Initiatives, in establishing their cybersecurity protection in line with the requirements of China Cybersecurity Classified Protection System.

内容简介

This book introduces the China Cybersecurity Classified Protection System (CCPS), covering its development, interpretation of the Cybersecurity Law of the People’s Republic of China, the underlying standards, and procedures in practice such as cybersecurity system classification level determination, registration, development and improvement, evaluation, supervision and inspection. In this book, we analyze the implementation and practice of cybersecurity protection in China, and provide an interpretation of the existing cybersecurity related laws, regulations and standards. The purpose of this book is to serve the training and implementation needs of foreign organizations, including companies along the Belt and Road Initiatives, in establishing their cybersecurity protection in line with the requirements of China Cybersecurity Classified Protection System.

目录

Table of Contents

Part Ⅰ Interpretation of Cybersecurity Classified

Protection System of China 1

Chapter 1 Development of China Cybersecurity Classified Protection System 2

1.1 Establishment of Computer Information Systems Security Protection System 2

1.2 Establishment of Information Security Classified Protection System 3

1.3 Establishment of Cybersecurity Classified Protection System 5

Chapter 2 Interpretation of the Cybersecurity Law 6

2.1 Cybersecurity Obligations and Primary Tasks 6

2.2 Division of Responsibilities and Related Obligations 12

2.3 National Cybersecurity Classified Protection System 14

2.4 Basic Responsibilities and Obligations of Network Operators 15

2.5 Operation Security of Critical Information Infrastructure 19

2.6 Network Data and Information Security 25

2.7 Monitoring, Early Warning, and Emergency Response 28

2.8 Acts Prohibited and Legal Responsibility 32

Chapter 3 Interpretation of Cybersecurity Classified Protection System of China 47

3.1 Policies on Cybersecurity Classified Protection 47

3.1.1 General Policy Documents 47

3.1.2 Policy Document of Classified Protection Specific Stages 48

3.2 Basic Concept of Cybersecurity Classified Protection 50

3.2.1 Legal Basis for Carrying Out Cybersecurity Classified Protection 50

3.2.2 Policy Basis for Carrying Out Cybersecurity Classified Protection 51

3.2.3 What is Cybersecurity Classified Protection 54

3.2.4 Division and Supervision of Security Protection Levels 56

3.2.5 Critical Information Infrastructure Protection 58

3.3 Main Contents of the Cybersecurity Classified Protection System 59

3.3.1 Organization Structure of Cybersecurity Classified Protection 59

3.3.2 Main Stages and Basic Requirements of Classified Protection 61

3.3.3 Security Management of Evaluation 65

3.3.4 Network Products and Security Service Requirements 66

Table of Contents

Interpretation and Implementation of Cybersecurity Classified Protection System in China

viii

3.3.5 Monitoring, Early Warning and Information Reporting 66

3.3.6 Data Security Protection 68

3.3.7 Emergency Disposal Requirements 68

3.3.8 Evaluation Requirements 69

3.3.9 Risk Control of New Technology and New Application 69

3.3.10 Supervision and Administration of Cybersecurity Classified Protection Practices 69

Chapter 4 Interpretation of Cybersecurity Classified Protection Standards of China 72

4.1 Cybersecurity Classified Protection Standards Framework 72

4.2 Relationship between Relevant Standards and Different Stages of Classified Protection 73

4.2.1 Basic Standards 73

4.2.2 Classification 73

4.2.3 Security Requirements 74

4.2.4 Methodology and Guidance 75

4.2.5 Status Analysis 76

4.3 Issues Need Attentions for the Application of Relevant Standards 77

4.4 Brief Description of Main Standards on Cybersecurity Classified Protection 77

4.4.1 Classified Criteria for Security Protection of Computer Information System

(GB 17859—1999) 78

4.4.2 Implementation Guide for Classified Protection of Cybersecurity (GB/T 25058—2019) 78

4.4.3 Testing and Evaluation Process Guide for Classified Protection of Cybersecurity

(GB/T 28449—2018) 79

Part Ⅱ Implementation of Cybersecurity Classified Protection

System of China 81

Chapter 5 Classification of Cybersecurity Classified Protection 82

5.1 Classification of Security Protection Levels 82

5.1.1 Principle of Classification 82

5.1.2 Security Protection Levels of Network 82

5.1.3 Classification Factors of Cybersecurity Protection Level 83

5.1.4 Protection and Supervision of the Five Levels 84

5.2 Procedures of Classification 84

5.2.1 Determine the Classification Object 85

5.2.2 Determine the Security Protection Level of Network 87

5.2.3 Expert Reviews of Cybersecurity Protection Level 88

5.2.4 Examination of Cybersecurity Protection Level 88

5.2.5 Public Security Authorities Examine the Security Protection Level of Network 89

Table of Contents

ix

5.3 How to Determine the Security Protection Level of Network 89

5.3.1 How to Understand the Five Security Protection Levels of Network 89

5.3.2 General Process of Network Classification 90

Chapter 6 Registration of Cybersecurity Classified Protection 92

6.1 Registration and Acceptance 92

6.2 Public Security Authorities Accept Network Registration 94

6.3 Treatment for Inaccurate Level and Non-registration 95

6.4 Public Security Authorities’ Guidance on Network Classification and Registration 95

Chapter 7 Development and Improvement of Cybersecurity Classified Protection 96

7.1 Objective and Content 96

7.1.1 Objective 96

7.1.2 Scope and Characteristics 96

7.1.3 Contents 97

7.1.4 Cybersecurity Protection Capability Objective 99

7.2 Methods and Processes 101

7.2.1 Methods 101

7.2.2 Processes 102

7.3 Security Management System Development 103

7.3.1 Implementing Cybersecurity Responsibility System 103

7.3.2 Cybersecurity Management Status Analysis 103

7.3.3 Formulating Security Management Strategy and System 104

7.3.4 Conducting Security Management Measures 104

7.3.5 Security Self-Inspection and Adjustment 107

7.4 Security Technology Measures Development 107

7.4.1 Security Protection Technology Status Analysis of Network 107

7.4.2 Designing of Cybersecurity Technology Development and Improvement Plan 108

7.4.3 Implementation and Management of Security Development and Improvement Engineering 110

7.4.4 Elements of Cybersecurity Development and Improvement Plan 111

7.5 Selection and Use of Information Security Products 112

7.5.1 Selecting the Information Security Products Licensed for Sale 112

7.5.2 Multilevel Testing and Use of Products 112

7.5.3 Issues Related to Information Security Products Used in Networks at or Above Level Ⅲ 113

7.5.4 Issues Related to the Commercial Cryptography Products Used in Networks at

or above Level Ⅲ 114

7.6 Selecting the Development Service Organization of Cybersecurity Classified Protection 115

Chapter 8 Level Evaluation of Cybersecurity Classified Protection 117

8.1 Overview of Level Evaluation 117

Interpretation and Implementation of Cybersecurity Classified Protection System in China

x

8.1.1 Basic Connotation of Level Evaluation 117

8.1.2 Goals of Level Evaluation 118

8.1.3 When Should We Carry Out Level Evaluation 118

8.1.4 Business Scope of Level Evaluation Organizations 119

8.1.5 Standards of Level Evaluation 119

8.1.6 Development of Level Evaluation Business 120

8.1.7 Notes on the Application of Level Evaluation Standards 123

8.2 Management and Supervision of Level Evaluation Organizations and Personnel 123

8.2.1 Why Need to Develop the Level Evaluation System 123

8.2.2 Management of Evaluation Organizations and Personnel 124

8.2.3 Business Scope and Work Requirements of Evaluation Organizations 125

8.3 Risk Control of Level Evaluation 125

8.3.1 Existing Risks 125

8.3.2 Risk Aversion 126

8.4 Evaluation Reports 127

Chapter 9 Supervision and Inspection of Cybersecurity Classified Protection 128

9.1 Regular Self-Inspection and Supervision 128

9.1.1 Regular Self-inspection of Registration Organizations 128

9.1.2 Supervision and Inspection of Industry Competent Departments 128

9.2 Supervision and Inspection of Public Security Authorities 129

9.2.1 Principles and Methods 129

9.2.2 Main Contents of Inspection 129

9.2.3 Inspection and Improvement Requirements 130

9.2.4 Inspection Requirements 130

9.2.5 Incidents Investigation 131

9.3 Supervision and Management of Network Service Organizations 131

Part Ⅲ Appendices 133

Appendix A Cybersecurity Law of the People’s Republic of China 134

Appendix B The Cryptography Law of the People’s Republic of China 150

Appendix C Regulations of the People’s Republic of China on the Protection of Computer

Information System Security 159

Appendix D Administration Measures for Information Security Classified Protection 163

Appendix E Regulations for the Cybersecurity Classified Protection 176

Appendix F Specifications on Information Security Classified Protection Inspection of

Public Security Authorities (Trial) 194

Table of Contents

xi

Appendix G Administration Measures for Cybersecurity Classified Protection

Evaluation Organizations 200

Appendix H Interpretation of Classification Guide for Classified Protection of

Cybersecurity (GB/T 22240—2020) 211

Appendix I Interpretation of Baseline for Classified Protection of Cybersecurity

(GB/T 22239—2019) 218

Appendix J Interpretation of Technical Requirements of Security Design for

Classified Protection of Cybersecurity (GB/T 25070—2019) 235

Appendix K Interpretation of Evaluation Requirement for Classified Protection of

Cybersecurity (GB/T 28448—2019) 259

Glossary of Classified Protection Terms 265

展开全部

作者简介

Mr. Guo Qiquan,chief engineer and vice director at the Cybersecurity Protection Bureau of the Ministry of Public Security, P. R. China. Mr. Wang Xinjie, general manager of Beijing Powertime Co., Ltd. He has been engaged in network and information security since 1999 and has specialized in in information security management systems consulting and auditing, information system auditing, information security risk management and business continuity management. Since 2002, he has been engaged in the Chinese mirror committee to ISO/IEC JTC1/SC27, SAC/TC 260. As a member of TC 260 has been involved in the development of many Chinese information security national standards. He has been actively involved in the work of SC27/WG1 since 2007, and he is currently the member of the SC27/AG01(Management Advisory Group). During this time, he has taken part in all of the working group meetings of WG1 including many of the SC27 Plenary meetings, giving him a broader management perspective of the sub-committee and its technical work. His technical work in WG1 has included the work on the ISO/IEC 27000 family of standards, such ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27005. In 2007, he was the co-editor of ISO/IEC 27007. He established and currently runs the China authorized agency of (ISC)2, and is also a member of RAISE (Regional Asia Information Security Exchange Forum)

预估到手价 ×

预估到手价是按参与促销活动、以最优惠的购买方案计算出的价格(不含优惠券部分),仅供参考,未必等同于实际到手价。

确定
快速
导航