Powered by Google www.ChineseStandard.net Database: 189759 (21 Jul 2024)

GB/T 32924-2016 PDF in English


GB/T 32924-2016 (GB/T32924-2016, GBT 32924-2016, GBT32924-2016)
Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 32924-2016English150 Add to Cart 0-9 seconds. Auto-delivery. Information security technology -- Guideline for cyber security warning Valid

PDF Preview

Standards related to: GB/T 32924-2016

GB/T 32924-2016: PDF in English (GBT 32924-2016)

GB/T 32924-2016
GB
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Guideline for cyber
security warning
ISSUED ON: AUGUST 29, 2016
IMPLEMENTED ON: MARCH 01, 2017
Issued by: General Administration of Quality Supervision, Inspection and
Quarantine;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3 
Introduction ... 4 
1 Scope ... 5 
2 Normative references ... 5 
3 Terms and definitions ... 5 
4 Classification of cyber security warning ... 6 
5 Cyber security warning process ... 11 
Bibliography ... 13 
Information security technology - Guideline for cyber
security warning
1 Scope
This Standard gives classification guidelines and processing procedures for
cyber security warning.
This Standard provides guidance for timely and accurate understanding of the
impact of cyber security incidents or threats, possible consequences, and
effective measures. This Standard is also applicable to network and information
system supervisors and operation departments referring to the handling of
cyber security incidents or threats.
2 Normative references
The following referenced documents are indispensable for the application of
this document. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any
amendments) applies.
GB/T 22240-2008, Information security technology - Classification guide for
classified protection of information systems security
GB/T 25069-2010, Information security technology - Glossary
3 Terms and definitions
For the purposes of this document, the terms and definitions defined in GB/T
25069-2010 as well as the followings apply. For ease of use, some terms and
definitions in GB/T 25069-2010 are listed repeatedly below.
3.1 object of cyber security protection
It also refers to assets, information or resources that are valuable to the
organization. It is the object of security policy protection.
NOTE: It mainly refers to the application, data, and equipment of important information
systems.
[GB/T 20984-2007, definition 3.1]
protection
The degree to which the object of cyber security protection may be damaged
refers to the damage to its software and hardware, functions and data by a
cyber security incident or threat, the extent to which the system business is slow
or interrupted, data leakage, tampering, loss or damage, and direct and indirect
losses to the object of protection. Its size mainly considers the possible direct
losses of the object of protection itself, as well as the cost of defending against
attacks, restoring the normal operation of the system, and eliminating negative
effects. It is classified into very severe, severe, large and general.
Specifically:
a) Very severe damage refers to the large-scale paralysis that may cause or
has caused the network or information system to lose business processing
capabilities, or the confidentiality, integrity, and availability of critical
system data have been severely damaged; the cost of restoring the
normal operation of the system and eliminating the negative effects is
huge. For example:
- Large-scale and continuous cyber attacks may cause or have caused a
large-scale paralysis of the network or information system, causing it to
lose business processing capabilities;
- Security vulnerabilities and vulnerability exploitation processes involving
management permissions are disclosed, and automated attack tools
appear, which may cause or have caused large-scale personal
information leakage, including account password, bank card number and
other information that may affect property.
b) Severe damage refers that it may cause or has caused a long-term
interruption or partial paralysis of the network or information system, so
that its business processing capabilities are greatly affected, or the
confidentiality, integrity, and availability of key system data are destroyed;
the cost of restoring the system to normal operation and eliminating
negative effects is huge. For example:
- Organized and targeted attacks may cause or have caused a long-term
interruption or partial paralysis of the network or information system,
which greatly affects its business processing capabilities;
- Security vulnerabilities and vulnerability exploitation processes involving
remote command execution are disclosed, which may cause or have
caused large-scale personal information leakage but does not contain
financial information.
c) Large damage refers to the network or information system that may cause
greatly threaten national security, cause social unrest, have extremely bad
negative effects on economic construction, or seriously damage public interests,
a red warning shall be issued. That is, it may cause particularly serious damage
to very important object of cyber security protection.
4.2.3 Orange warning (level II warning)
When a serious cyber security incident or threat occurs, which may threaten
national security, cause social panic, have a major negative impact on
economic construction, or harm the public interest, an orange warning shall be
issued. Including the following:
a) It may cause serious damage to very important object of cyber security
protection;
b) It may cause particularly serious damage to important object of cyber
security protection.
4.2.4 Yellow warning (level III warning)
When a serious cyber security incident or threat occurs, which may affect
national security, disrupt social order, have a certain negative impact on
economic construction, or affect public interests, a yellow warning shall be
issued. Including the following:
a) It may cause greater or general damage to very important object of cyber
security protection;
b) It may cause serious or greater damage to important object of cyber
security protection;
c) It may cause very serious or serious damage to general cyber security
protection.
4.2.5 Blue warning (level IV warning)
When a general cyber security incident or threat occurs, it has basically no
impact on national security, social order, economic construction and public
interests, but may cause damage to the interests of individual citizens, legal
persons or other organizations, and a blue warning shall be issued. When it is
especially mild, no warning can be issued. Including the following:
a) It may cause general damage to important object of cyber security
protection;
b) It may cause greater or general damage to general object of cyber security
protection.
......
 
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.