GB/T 28453-2012 English PDF
Basic dataStandard ID: GB/T 28453-2012 (GB/T28453-2012)Description (Translated English): Information security technology -- Information system security management assessment requirements Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 195,176 Quoted Standard: GB/T 20269-2006; GB/T 20282-2006; GB/T 25070-2010; GB 17859-1999 Regulation (derived from): National Standards Bulletin No. 13 of 2012 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China Summary: This standard specifies hierarchical security management information system requirements, from information systems at different stages of life cycle, provides for the assessment of information system security management principles and patterns, organizati GB/T 28453-2012: Information security technology -- Information system security management assessment requirements---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information security technology. Information system security management assessment requirements ICS 35.040 L80 National Standards of People's Republic of China Information Security Technology Information system security management assessment requirements Issued on. 2012-06-29 2012-10-01 implementation Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China Standardization Administration of China released Table of ContentsIntroduction Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions 4 assessment principles and mode 2 4.1 Principles Management Assessment 2 4.2 Management Evaluation operating mode 2 5 evaluate the organization and activities of 3 5.1 Assessment Organization 3 5.1.1 assess the implementation team 3 5.1.2 Assessment Governing Body 3 5.1.3 Evaluators personnel 4 5.2 Assessment based on the target range and 4 5.2.1 Assessment objective 4 5.2.2 assess the range of 5 5.2.3 The basis for this assessment 5 5 5.3 Assessment Activities 5.3.1 Assessment and prepare to start 5 5.3.2 determine assets and information systems security requirements 6 5.3.3 determine information system security management status 8 5.3.4 determining information security management systems assessment findings 12 5.3.5 completion of the evaluation and follow-up arrangements 13 A process safety management assessment tools and implementation 14 6.1 Evaluation 14 6.1.1 Interview Survey 14 6.1.2 Compliance check 15 16 6.1.3 Validation 6.1.4 Detection 17 6.2 Assessment Tool 19 6.2.1 Survey Table 19 6.2.2 Interview Questionnaire 20 6.2.3 Checklist 21 Example 22 6.3 Evaluation 6.3.1 assess the implementation of control 22 6.3.2 The conclusions of the assessment is determined 23 7 hierarchical management evaluation 25 7.1 project management planning and assessment requirements 25 7.1.1 The scope of the assessment stage 25 7.1.2 The first level information system 25 7.1.3 The second level information system 27 7.1.4 tertiary information system 29 7.1.5 The fourth level information system 30 7.1.6 Fifth-level information system 32 7.2 Design Implementation Management Assessment Requirements 34 7.2.1 The scope of the assessment stage 34 7.2.2 The first level information system 36 7.2.3 The second level information system 38 7.2.4 tertiary information system 41 7.2.5 The fourth level information system 44 Fifth grade 47 7.2.6 Information System 7.3 operation and maintenance management assessment requirements 50 7.3.1 The scope of the assessment stage 50 7.3.2 The first level information system 52 7.3.3 The second level information system 54 7.3.4 tertiary information system 56 7.3.5 The fourth level information system 59 7.3.6 Fifth-level information system 62 7.4 termination disposal management assessment requirements 65 7.4.1 The scope of the assessment stage 65 7.4.2 The first level information system 66 7.4.3 The second level information system 67 7.4.4 tertiary information system 69 7.4.5 fourth level information system 71 Fifth grade 73 7.4.6 Information System Appendix A (informative) information system security management evaluation reference table 76 References 189ForewordThis standard was drafted in accordance with GB/T 1.1-2009 given rules. Please note that some of the content of this document may involve patents. Release mechanism of the present document does not assume responsibility for the identification of these patents. This standard by the National Safety Standardization Technical Committee (SAC/TC260) and focal points. This standard was drafted. Beijing Jiangnan Tian Technology Co., Ltd. The main drafters of this standard. Chen Guan straight, Ji Zengrui, Shuo Chen, Jing Qian Yuan, Wang Zhiqiang.IntroductionThis standard is based on information security protection of national policies and regulations, it is proposed to be used to standardize management information system security assessment begging. Including information systems security management principles and models to assess the organization and activities, methods, tools and implementation requirements, and information Each phase of the system life cycle, for the first grade to fifth grade information system security management evaluation requirements. Main information system security management evaluation, including management information systems department in charge of leadership, information security regulatory agencies, information systems Person, third-party assessment agencies, the corresponding assessment can be inspection and evaluation, self-assessment or third party assessment. The standard of the three assessment model Collectively assess the proposed common requirements. Information Security Management System in order to assess the information security management system to assess the main line, if necessary collection Information technology security evaluation results were analyzed. Information Security Management System Assessment may be an independent assessment to be and Information Security Joint technical evaluation comprehensive assessment. Information system security management evaluation throughout the entire life cycle of information systems, management of the various stages of assessment Principles and methods of assessment are the same, the contents of each stage safety management, object, security needs must be different, so that the safety management assessment Various purposes, requirements are different. Information system security management evaluation system to protect all levels of information, security information security It requires management to assess the level of protection as the improvement and enhancement. The standard Chapter 4 describes the principles and modalities of management evaluation; Chapter 5 describes the organization and management of evaluation, and in accordance with the target range, the tube Content management activities; Chapter 6 describes management assessment methods, management assessment tools, management assess the implementation, given the various security levels of security Full management assessment common requirements need to be performed and evaluation methods; Chapter 7 graded assessment, information system to GB/T 20269-2006 provisions Safety management system requirements as the fundamental basis, from the planning stage of the project life cycle of information systems, the design implementation phase, operation and maintenance phase, the Disposal stage, five levels of security and safety management assessment requirements described separately. Information provided in Appendix A safety management Referring to assess management table, described the assessment of the specific criteria for each class information systems security requirements of content management evaluation points. This standard is still used in the GB/T 20269-2006 title for owner information system may include state organs, institutions, Industrial enterprises, companies, groups and other types and sizes of organizations, collectively referred to as "the organization." Information Security Technology Information system security management assessment requirements1 ScopeThis standard is based on information system GB/T 20269-2006 predetermined hierarchical security management requirements, from the information system life cycle is not The same stage, sets out principles and modalities, organizations and activities, methods and implementation of information systems security management evaluation of proposed information security Grade Protection Information security management systems assessment requirements of the first stage to the fifth stage. This standard applies to the relevant organizations (sector) on the implementation of safety management information system to assess the security level of protection and self-assessment carried out Assessment, and the assessment and management being evaluated for assessment.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version suitable for use herein Member. For undated references, the latest edition (including any amendments) applies to this document. GB 17859-1999 computer information system security protection classification criterion GB/T 20269-2006 Information Security techniques - Information security management systems requirements GB/T 20282-2006 Information Security techniques - Information Systems Security Engineering management requirements GB/T 25070-2010 Information security technology to protect the security of information systems level design requirements3 Terms and DefinitionsGB 17859-1999, GB/T 20269-2006 and as defined in the following terms and definitions apply to this document. 3.1 Security Assessment securityassessment In accordance with relevant state regulations and standards for information systems security degree assessment activities, including the safety assessment and safety technology Management evaluation. This refers to the evaluation criteria of information security management systems assessment. 3.2 Self-assessment self-assessment By the information system owner's own promotion, formation evaluation mechanism within the organization, in accordance with relevant state regulations and standards, information system Safety management systems assessment activities. 3.3 Inspection and evaluation inspectionassessment Be evaluated by the higher authorities information system owners, business administration or relevant national regulatory authorities initiated, according to the State Off regulations and standards for information security management systems assessment activities. 3.4 Third-party evaluation thirdpartyassessment Commissioned by the owners of the business information systems assessment agency or other assessments, in accordance with the relevant national regulations and standards for information system security Management evaluation activities carried out. ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 28453-2012_English be delivered?Answer: Upon your order, we will start to translate GB/T 28453-2012_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 28453-2012_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 28453-2012_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
