GB/T 42708-2023 English PDFUS$269.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 42708-2023: Guideline for financial cybersecurity threat information sharing Status: Valid
Basic dataStandard ID: GB/T 42708-2023 (GB/T42708-2023)Description (Translated English): Guideline for financial cybersecurity threat information sharing Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: A11 Classification of International Standard: 35.240.40 Word Count Estimation: 14,118 Date of Issue: 2023-08-06 Date of Implementation: 2023-08-06 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 42708-2023: Guideline for financial cybersecurity threat information sharing---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.ICS 35.240.40 CCSA11 National Standards of People's Republic of China Financial Cybersecurity Threat Information Sharing Guide Published on 2023-08-06 2023-08-06 Implementation State Administration for Market Regulation Released by the National Standardization Administration Committee Table of contentsPrefaceⅠ Introduction II 1 Scope 1 2 Normative reference documents 1 3 Terms and Definitions 1 4 Abbreviations 1 5 General 2 6 Threat Information Sharing Framework 2 7 Threat Information Sharing Principles 3 8 Threat information sharing methods 3 9 Threat Information Sharing Process 3 9.1 Basic process of threat information sharing 3 9.2 Threat information analysis 4 9.3 Threat information sharing 4 9.4 Use of threat information 4 9.5 Threat information usage feedback 5 10 Threat Information Quality Management5 10.1 Threat Information Component Format 5 10.2 Comprehensive assessment of threat information 6 11 Threat information sharing guarantee mechanism 6 12 Threat information sharing security management 7 12.1 Access control 7 12.2 Data Management7 12.3 Security Audit 7 12.4 Emergency response 7 Appendix A (informative) Typical financial network security threat information sharing scenarios 8 A.1 Threat information sharing among network security service providers8 A.2 Threat information sharing among infrastructure providers8 A.3 Threat information sharing between different financial institutions9 A.4 Threat information sharing among financial institutions’ business partners9 Reference 10ForewordThis document complies with the provisions of GB/T 1.1-2020 "Standardization Work Guidelines Part 1.Structure and Drafting Rules of Standardization Documents" Drafting. Please note that some content in this document may be subject to patents. The publisher of this document assumes no responsibility for identifying patents. This document is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC180). This document was drafted by. Beijing UnionPay Gold Card Technology Co., Ltd., Industrial and Commercial Bank of China Co., Ltd., China Construction Bank Co., Ltd. Co., Ltd., CCB Financial Technology Co., Ltd., Postal Savings Bank of China Co., Ltd., China UnionPay Co., Ltd., Bank of China Bank Co., Ltd., Agricultural Bank of China Co., Ltd., China Unicom Payment Co., Ltd., Tianyi E-Commerce Co., Ltd., Beijing National Bank Rong Technology Certification Center Co., Ltd., Tencent Cloud Computing (Beijing) Co., Ltd. The main drafters of this document. Wang Ling, Li Xiaowei, Zhang Zhibo, Yu Ge, Li Bowen, Duan Chao, Hou Xiaochen, Yu Si, Nie Yuhan, Chen Defeng, Huang Jiande, Liao Yuan, Zhao Kaifeng, Su Han, Wang Meike, He Qiao, Liu Rujun, Ren Zhen, Peng Daxiang, Meng Xi, Pan Liyang, Li Fan, Jiang Zengzeng, Lin Zhixin.IntroductionCurrently, Internet technology is widely used in the financial industry. Network technology not only brings convenience to users, but also brings network security threats. The financial industry enhances its ability to obtain network security threat information and strengthens the sharing and use of threat information, which will help improve the overall network security prevention and control. level. Financial network security threat information sharing aims to use technical means to achieve the effective flow of network security threat information. Information sharing mechanism promotes the integration and analysis of threat information, improves the accuracy of threat information utilization, and achieves timely early warning and response to security risks. response and disposal to reduce the cost of using financial network threat information and improve financial network risk handling capabilities. Financial Cybersecurity Threat Information Sharing Guide1 ScopeThis document provides the sharing framework, sharing principles, sharing methods, sharing process, quality management, and guarantee of financial network security threat information. Suggestions on mechanisms, safety management, etc. This document is applicable to financial institutions and related organizations that participate in information sharing on financial cybersecurity threats.2 Normative reference documentsThe contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, the dated quotations For undated referenced documents, only the version corresponding to that date applies to this document; for undated referenced documents, the latest version (including all amendments) applies to this document. GB/T 2260 Administrative division code of the People's Republic of China GB/T 2659 Name codes of countries and regions around the world GB 32100 Unified Social Credit Code Coding Rules for Legal Persons and Other Organizations3 Terms and definitionsThe following terms and definitions apply to this document. 3.1 Threat Potential causes of undesired events that may cause harm to a system or organization. [Source. GB/T 29246-2017,2.83] 3.2 Threat information threat information An evidence-based knowledge used to describe existing or possible threats to enable response and prevention of threats. Note. Threat information includes context, attack mechanism, attack indicators, possible impact and other information. [Source. GB/T 36643-2018,3.3] 3.3 Organizations or individuals who have the ability to determine the purpose, method, etc. of processing threat information. 3.4 sharing The process in which threat information controllers provide threat information to other controllers, and both parties have independent control over the threat information.4 AbbreviationsThe following abbreviations apply to this document. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 42708-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 42708-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 42708-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 42708-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
