GB/T 20274.1-2023 PDF EnglishUS$185.00 · In stock · Download in 9 seconds
GB/T 20274.1-2023: Information security technology - Evaluation framework for information systems security assurance - Part 1: Introduction and general model Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Valid GB/T 20274.1: Historical versions
Similar standardsGB/T 20274.1-2023: Information security technology - Evaluation framework for information systems security assurance - Part 1: Introduction and general model---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20274.1-2023 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.030 CCS L 80 Replacing GB/T 20274.1-2006 Information Security Technology - Evaluation Framework for Information Systems Security Assurance - Part 1. Introduction and General Model Issued on. MARCH 17, 2023 Implemented on. OCTOBER 1, 2023 Issued by. State Administration for Market Regulation; Standardization Administration of the People’s Republic of China. Table of ContentsForeword... 3 Introduction... 6 1 Scope... 7 2 Normative References... 7 3 Terms and Definitions... 7 4 Overview... 8 5 Information System Security Assurance Model and Level... 9 5.1 Concept of Assurance... 9 5.2 Assurance Model... 10 5.3 Assurance Capability Level... 11 6 Information System Security Assurance Elements... 12 6.1 Structure of Information System Security Assurance Elements... 12 6.2 Generation of Information System Security Assurance Elements... 14 7 Evaluation Framework for Information System Security Assurance... 17 7.1 Concept and Relations of Evaluation of Information System Security Assurance... 17 7.2 Evaluation Content of Information System Security Assurance... 18 7.3 Judgment of Information System Security Assurance Evaluation... 20 Bibliography... 221 ScopeThis document provides the basic concept and model of information system security assurance, and proposes the evaluation framework for information system security assurance. This document is applicable to guide system builders, operators, service providers and evaluators in carrying out information system security assurance work.2 Normative ReferencesThe contents of the following documents constitute indispensable clauses of this document through the normative references in the text. In terms of references with a specified date, only versions with a specified date are applicable to this document. In terms of references without a specified date, the latest version (including all the modifications) is applicable to this document. GB/T 18336.1-2015 Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 1.Introduction and General Model GB/T 25069-2022 Information Security Techniques - Terminology3 Terms and DefinitionsWhat is defined in GB/T 25069-2022 and GB/T 18336.1-2015, and the following terms and definitions are applicable to this document. 3.1 information system Information system refers to a combination of applications, services, information technology assets or other information processing components. 3.2 information system security assurance Information system security assurance refers to a series of appropriate behaviors or processes that guarantee the security attributes, functions and efficiency of information system.4 OverviewThe relevant parties related to the evaluation of information system security assurance generally include information system builders, information system operators, service providers and evaluators, etc.5 Information System Security Assurance Model and Level5.1 Concept of Assurance Information system operates in a specific real environment. It belongs to a certain organization, and is constrained by the internal and external environment of the organization. Hence, in addition to putting forward corresponding requirements on the basis of thoroughly analyzing the technology, business and management characteristics of the information system itself, the security assurance of information system must also consider the requirements arising from these constraint conditions. 5.3 Assurance Capability Level The information system security assurance capability level includes elements of two dimensions. The first dimension is information system security assurance elements (including technical assurance requirements, management assurance requirements and engineering assurance requirements) selected based on risk evaluation. The identification of these security assurance elements, which is carried out throughout the life cycle process, can reduce the risk to an acceptable level (that is, the adequacy of assurance countermeasures).6 Information System Security Assurance Elements6.1 Structure of Information System Security Assurance Elements In accordance with the differences of the fields of security techniques, security management and security engineering, the security assurance elements are divided into security technical assurance requirements, security management assurance requirements and security engineering assurance requirements. The security assurance elements adopt a hierarchical structure of “class - subclass - component”. Users shall select specific security assurance requirements based on the results of risk evaluation. The relations between different structures of the security assurance elements are shown in Figure 3. 6.2 Generation of Information System Security Assurance Elements 6.2.1 Generation process of security assurance elements Figure 4 provides an example of a method for confirming the information system security assurance elements, through which, security assurance elements can be derived. The example provided does not limit the specific analysis process, development method and evaluation system of generating the information system security assurance elements. 6.2.5 Confirmation of security assurance elements The security assurance elements of the information system are to subdivide the security assurance goals into a series of security assurance requirements of the information system and its environment. Once these requirements are satisfied, it can be guaranteed that the information system can achieve its security assurance goals.7 Evaluation Framework for Information System Security Assurance7.1 Concept and Relations of Evaluation of Information System Security Assurance The evaluation of information system security assurance is to conduct an objective evaluation of the specific work and activities of information system security assurance in the operating environment where the information system is located. 7.2 Evaluation Content of Information System Security Assurance In the information system security assurance model, the life cycle level and the security assurance element level of the information system are not isolated from each other, but interrelated and inseparable. Their relations are shown in Figure 6. ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of English version of GB/T 20274.1-2023 be delivered?Answer: The full copy PDF of English version of GB/T 20274.1-2023 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.Question 2: Can I share the purchased PDF of GB/T 20274.1-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20274.1-2023_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 20274.1-2023 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.Question 5: Should I purchase the latest version GB/T 20274.1-2023?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 20274.1-2023 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.How to buy and download a true PDF of English version of GB/T 20274.1-2023?A step-by-step guide to download PDF of GB/T 20274.1-2023_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).Step 2: Search keyword "GB/T 20274.1-2023". Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click "Checkout". Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9 |
