HOME   Cart(0)   Quotation   About-Us Tax PDFs Standard-List Powered by Google www.ChineseStandard.net Database: 189759 (12 Jan 2025)

GB/T 20274.3-2008 PDF English


Search result: GB/T 20274.3-2008_English: PDF (GB/T20274.3-2008)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 20274.3-2008English145 Add to Cart 0-9 seconds. Auto-delivery. Information security technology -- Evaluation framework for information systems security assurance -- Part 3: Management assurance Valid
BUY with any currencies (Euro, JPY, GBP, KRW etc.): GB/T 20274.3-2008     Related standards: GB/T 20274.3-2008

PDF Preview: GB/T 20274.3-2008


GB/T 20274.3-2008: PDF in English (GBT 20274.3-2008)

GB/T 20274.3-2008 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information Security Technology - Evaluation Framework for Information Systems Security Assurance - Part 3. Management Assurance ISSUED ON. JULY 18, 2008 IMPLEMENTED ON. DECEMBER 1, 2008 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People’s Republic of China; Standardization Administration of the People's Republic of China. Table of Contents Foreword ... 5  1 Scope ... 6  2 Normative References ... 6  3 Terms and Definitions ... 6  4 Structure of This Part ... 7  5 Framework for Information Systems Security Management Assurance ... 8  5.1 Overview of Information Management Assurance ... 8  5.2 Information Security Management Assurance Control ... 9  5.3 Information Security Assurance Management Capability Levels ... 11  6 Structure of Information Security Management Assurance Control Class ... 12  6.1 General... 12  6.2 Structure of Management Assurance Control Class ... 12  6.3 Structure of Management Assurance Control Subclass ... 13  6.4 Structure of Management Assurance Control Module ... 14  6.5 Allowable Operation ... 15  7 MRM Management Assurance Control Class. Management of Risk ... 16  7.1 Object Establishment (MRM_TEM) ... 16  7.2 Risk Assessment (MRM_RAM) ... 18  7.3 Risk Control (MRM_RCT) ... 20  7.4 Communication and Monitoring (MRM_CAM) ... 21  8 MSP Management Assurance Control Class. Information Security Policy ... 22  8.1 Information Security Policy (MSP_SPL) ... 23  9 MSO Management Assurance Control Class. Information Security Organization ... 26  9.1 Management Support of Information Security (MSO_SOM) ... 27  9.2 Information Security Organization Structure (MSO_ORG) ... 28  9.3 Responsibility of Information Security (MSO_RES) ... 29  9.4 Communication and Cooperation (MSO_CAC) ... 31  10 MSP Management Assurance Control Class. Management of Personal Security ... 33  10.1 Personnel Examination (MPS_PEC) ... 33  10.2 Security Awareness and Training (MPS_SAT)... 36  10.3 Examination and Reward & Punishment (MPS_CRP) ... 37  10.4 Management of Personnel Change (MPS_PCM) ... 38  11 MAM Management Assurance Control Class. Management of Asset ... 39  11.1 Asset Register Management (MAM_ARM) ... 39  11.2 Asset Management Responsibility (MAM_AMR) ... 40  11.3 Asset Classification Management (MAM_ACM) ... 41  12 MPE Management Assurance Control Class. Management of Physical and Environmental Security ... 43  12.1 Management of Physical Security Area (MPE_PSA) ... 44  12.2 Supporting Infrastructure Security (MPE_SIS) ... 48  12.3 Equipment Security (MPE_EMS) ... 51  13 MCM Management Assurance Control Class. Management of Compliance ... 53  13.1 Laws & Regulations and Policy Compliance (MCM_LCP)... 53  13.2 Standard Compliance (MCM_STP) ... 57  13.3 Security Policy Compliance (MCM_PSP) ... 58  14 MSP Management Assurance Control Class. Management of Information Security Planning ... 59  14.1 Information Security Planning (MSP_ISP) ... 60  14.2 Investment and Budget (MSP_IAB) ... 62  15 MSD Management Assurance Control Class. Management of System Development ... 63  15.1 Security Requirement Management (MSD_SRM) ... 63  15.2 System Design Management (MSD_SDM) ... 65  15.3 Engineering Execution Management (MSD_ENM) ... 65  15.4 Delivery Management (MSD_IRM) ... 67  16 MOP Management Assurance Control Class. Management of Operation ... 68  16.1 System Vulnerability Management (MOP_TVM) ... 69  16.2 Management of Logic Access Control (MOP_LAC) ... 71  16.3 Audit and Monitoring Management (MOP_AMM) ... 76  16.4 Security Configuration Management (MOP_SSC) ... 79  16.5 System Change Management (MOP_SCM) ... 81  16.6 IT Management (MOP_ITM) ... 82  16.7 Information Transmission Security (MOP_IEX) ... 87  17 MBD Management Assurance Control Class. Management of Business Continuity and Disaster Recovery ... 89  17.1 Business Continuity Management (MBD_BCM) ... 90  18 MCM Management Assurance Control Class. Management of Emergency Response ... 96  18.1 Report Security Event and Security Vulnerability (MER_REW) ... 96  18.2 Management of Emergency Response (MER_IMI) ... 98  19 Description of Security Management Capability Levels ... 101  19.1 General ... 101  19.2 Description of Security Management Capability Levels ... 102  19.3 Application of Information System Security Assurance Management Capability Levels ... 106  Bibliography ... 108  Figure 1 Information System Security Management Assurance Control Class ... 10  Figure 2 Structure of Management Assurance Control Class ... 12  Figure 3 Structure of Management Assurance Control Subclass ... 13  Figure 4 Structure of Management Assurance Control Component ... 14  Figure 5 Structure of Management Assurance Control Class - Management of Risk (MRM) ... 17  Figure 6 Structure of Management Assurance Control Class - Information Security Policy (MSP) ... 23  Figure 7 Structure of Management Assurance Control Class - Information Security Organization (MSO)... 27  Figure 8 Structure of Management Assurance Control Class – Management of Personal Security (MPS) ... 33  Figure 9 Structure of Management Assurance Control Class - Management of Asset (MAM) ... 39  Figure 10 Structure of Management Assurance Control Class - Management of Physical and Environmental Security (MPE) ... 44  Figure 11 Structure of Management Assurance Control Class - Management of Compliance ... ......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.