GA/T 713-2007 English PDF

Standard ID	USD	BUY PDF	Lead-Days	Standard Title (Description)	Status
GA/T 713-2007	RFQ	ASK	6 days	Information security technology--Information system security anagement testing and evaluation	Obsolete

Similar standards

GB 4943.1   GB 4943.21   GB 4793.1   

Basic data

Standard ID: GA/T 713-2007 (GA/T713-2007)
Description (Translated English): Information security technology--Information system security anagement testing and evaluation
Sector / Industry: Public Security (Police) Industry Standard (Recommended)
Classification of Chinese Standard: L09
Classification of International Standard: 35.020
Word Count Estimation: 31,337
Date of Issue: 2007-08-13
Date of Implementation: 2007-10-01
Quoted Standard: GB 17859-1999; GB/T 20269-2006
Issuing agency(ies): Ministry of Public Security
Summary: This standard specifies the principles and methods for the implementation of safety management evaluation of information systems according to the requirements of GB 17859-1999. This standard applies to safety management evaluation and self-assessment carried out by relevant organizations (departments) on the implementation of security level protection for information systems.

GA/T 713-2007: Information security technology--Information system security anagement testing and evaluation

---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security technology--Information system security anagement testing and evaluation ICS 35.020 L09 People's Republic of China Public Safety Industry Standard Information security technology Information System Security Management Assessment Released on.2007-08-13 2007-10-01 implementation Ministry of Public Security

Content

Foreword V Introduction VI 1 Scope 1 2 Normative references 1 3 Terms and Definitions 1 4 Basic principles of management evaluation 1 5 Evaluation Method 2 5.1 Investigation interview 2 5.1.1 Investigative interview main object 2 5.1.2 Investigation interview preparation 2 5.1.3 Investigation interview phase division 2 5.1.4 Investigative interview quality control 3 5.2 Compliance check 3 5.2.1 Compliance check main object 3 5.2.2 Compliance check method 3 5.2.3 Compliance Check Quality Control 4 5.3 Validation 4 5.3.1 Validation verification main object 4 5.3.2 Validation Method 4 5.3.3 Validation Quality Control 5 5.4 Monitoring Verification 5 5.4.1 Main basis for monitoring and verification 5 5.4.2 Monitoring and verification method 5 5.4.3 Monitoring and verification quality control 6 6 Evaluation Implementation 7 6.1 Determining the assessment target 7 6.2 Control Evaluation Process 7 6.3 Processing evaluation results 8 6.4 Establishing evidence of safeguards 8 7 rating assessment 9 7.1 First level. User self-protection level 9 7.1.1 Management Objectives and Scope Assessment 9 7.1.2 Strategy and institutional assessment 9 7.1.3 Institutional and Personnel Management Assessment 9 7.1.4 Risk Management Assessment 9 7.1.5 Environmental and Resource Management Assessment 9 7.1.6 Operation and Maintenance Management Assessment 10 7.1.7 Business Continuity Management Assessment 10 7.1.8 Supervision and inspection management assessment 10 7.1.9 Life cycle management assessment 10 7.1.10 Implementation Principles and Methods 10 7.2 Level 2. System Audit Protection Level 11 7.2.1 Management Objectives and Scope Assessment 11 7.2.2 Strategy and System Assessment 11 7.2.3 Evaluation of Institutional and Personnel Management 11 7.2.4 Risk Management Assessment 11 7.2.5 Environmental and Resource Management Assessment 11 7.2.6 Operation and Maintenance Management Assessment 12 7.2.7 Business Continuity Management Assessment 12 7.2.8 Monitoring and inspection management assessment 12 7.2.9 Life cycle management assessment 13 7.2.10 Implementation Principles and Methods 13 7.3 Level 3. Security Mark Protection Level 13 7.3.1 Management Objectives and Scope Assessment 13 7.3.2 Strategy and Institutional Assessment 13 7.3.3 Evaluation of Institutional and Personnel Management 13 7.3.4 Risk Management Assessment 13 7.3.5 Environmental and resource management assessment 14 7.3.6 Operation and Maintenance Management Assessment 14 7.3.7 Business continuity management assessment 14 7.3.8 Supervision and inspection management assessment 15 7.3.9 Life cycle management assessment 15 7.3.10 Implementation Principles and Methods 15 7.4 Level 4. Structured Protection Level 15 7.4.1 Management Objectives and Scope Assessment 15 7.4.2 Strategy and Institutional Assessment 15 7.4.3 Institutional and Personnel Management Assessment 16 7.4.4 Risk Management Assessment 16 7.4.5 Environmental and resource management assessment 16 7.4.6 Operation and Maintenance Management Assessment 16 7.4.7 Business continuity management assessment 17 7.4.8 Monitoring and inspection management assessment 17 7.4.9 Life Cycle Management Assessment 17 7.4.10 Implementation Principles and Methods 17 7.5 Level 5. Access Verification Protection Level 17 7.5.1 Management Objectives and Scope Assessment 17 7.5.2 Strategy and Institutional Assessment 18 7.5.3 Institutional and Personnel Management Assessment 18 7.5.4 Risk Management Assessment 18 7.5.5 Environmental and resource management assessment 18 7.5.6 Operation and Maintenance Management Assessment 18 7.5.7 Business continuity management assessment 19 7.5.8 Monitoring and inspection management assessment 19 7.5.9 Life cycle management assessment 19 7.5.10 Implementation Principles and Methods 19 Appendix A (informative) Safety Management Assessment Content 20 Reference 24

Foreword

Appendix A of this standard is an informative annex. This standard is proposed and managed by the Information System Security Standardization Technical Committee of the Ministry of Public Security. This standard was drafted. Beijing Jiangnan Tianan Technology Co., Ltd., Beijing Siyuan Xinchuang Information Security Information Co., Ltd. The main drafters of this standard. Chen Guanzhi, Wang Zhiqiang, Ji Zengrui, Jing Yuyuan, Song Jianping.

Introduction

This standard is used in the implementation of information system security level protection, according to GB/T 20269-2006 "Information Security Technology Information System" The Safety Management Requirements assesses the implementation of safety management requirements at all levels of the safety management system, and specifies the main contents of the assessment and the original Then, the evaluation process and method are clarified. For the confidential management of information and information systems involving state secrets, Regulations and related assessment standards are implemented. The main body of the information system security management assessment includes the competent leadership department of the information system, the information security regulatory agency, and the third-party evaluation machine. The corresponding assessment can be an inspection assessment, a third-party assessment or a self-assessment, which is collectively referred to in this standard. Each safety protection is given in Chapter 4 of this standard (Basic Principles of Management Evaluation), Chapter 5 (Evaluation Methods), and Chapter 6 (Evaluation Implementation). The assessment of the grades requires the implementation of uniform requirements and assessment methods, and the assessments specified in GB/T 20269-2006 are described in Chapter 7. Claim. See Appendix A for the evaluation items of information system security management in this standard. Information security technology Information System Security Management Assessment

1 Scope

This standard specifies the principles for the implementation of safety management assessment of information systems in accordance with the requirements of GB 17859-1999. method. This standard is applicable to the safety management assessment and self-assessment of the security level protection of information systems by relevant organizations (departments). Evaluation.

2 Normative references

The terms in the following documents become the terms of this standard by reference to this standard. All dated references, followed by all Modifications (not including errata content) or revisions do not apply to this standard, however, parties to agreements based on this standard are encouraged to study Is it possible to use the latest version of these files? For undated references, the latest edition applies to this standard. GB 17859-1999 Computer Information System Security Protection Level Division Guidelines GB/T 20269-2006 Information Security Technology Information System Security Management Requirements

3 Terms and definitions

GB 17859-1999, GB/T 20269-2006 established and the following terms and definitions apply to this standard. 3.1 Independent review and inspection of information system records and activities to test the adequacy of system controls to ensure compliance with established safety Policies and operational processes that detect security violations and make recommendations for changes indicated in controls, security policies, and processes. 3.2 The whole process of risk identification, analysis and valuation, the goal is to determine and estimate the risk value. 3.3 One or more security rules, procedures, practices, and guidelines defined by an organization for its operation. 3.4 Through analysis of monitoring information related to safety management, including audit information and information collected by various monitoring and monitoring mechanisms, The process of verifying the effectiveness of security management implementation.

4 Basic principles of management evaluation

The assessment of information system security management should adhere to the basic principles of science, effectiveness, and impartiality, that is, the principles, methods, and processes of assessment. The specific requirements are scientific and correct; the methods, processes, etc. of the assessment are operational, acceptable in terms of cost and efficiency; The assessment agency is neutral and authoritative. The following principles should also be followed. --- Validity principle. According to GB/T 20269-2006, the information system function is fully considered, and the importance of information assets may be affected. Threats and risks, assessing the effectiveness of the entire safety management system; ......

Image     

Tips & Frequently Asked Questions:

Question 1: How long will the true-PDF of GA/T 713-2007_English be delivered?

Answer: Upon your order, we will start to translate GA/T 713-2007_English as soon as possible, and keep you informed of the progress. The lead time is typically in 9 seconds (download/delivered in 9 seconds). The lengthier the document the longer the lead time.

Question 2: Can I share the purchased PDF of GA/T 713-2007_English with my colleagues?

Answer: Yes. The purchased PDF of GA/T 713-2007_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.