GB/T 42926-2023 English PDFUS$1179.00 · In stock
Delivery: <= 8 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 42926-2023: Specification of financial information system cybersecurity risk assessment Status: Valid
Basic dataStandard ID: GB/T 42926-2023 (GB/T42926-2023)Description (Translated English): Specification of financial information system cybersecurity risk assessment Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: A11 Classification of International Standard: 03.060 Word Count Estimation: 62,675 Date of Issue: 2023-08-06 Date of Implementation: 2023-12-01 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 42926-2023: Specification of financial information system cybersecurity risk assessment---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.ICS 03.060 CCSA11 National Standards of People's Republic of China Specifications for Network Security Risk Assessment of Financial Information Systems Published on 2023-08-06 Implemented on 2023-12-01 State Administration for Market Regulation Released by the National Standardization Administration Committee Table of contentsPrefaceⅠ Introduction II 1 Scope 1 2 Normative reference documents 1 3 Terms and Definitions 1 4 Abbreviations 1 5 Key points and principles of risk assessment 2 5.1 Work Points 2 5.2 Working Principles 2 6 Elements and principles of risk assessment 2 6.1 Risk assessment elements 2 6.2 Principles of Risk Assessment 3 7 Phased work of risk assessment 4 7.1 Preparatory phase 4 7.2 Identification Phase 5 7.3 Risk calculation and treatment stage 11 Appendix A (Informative) Evaluation Reference Sample 15 A.1 Network security system protection vulnerability assessment (235 points) 15 A.2 Network security technology protection vulnerability assessment (258 points) 29 Appendix B (Informative) Asset Identification and Value Assignment Table 49 Appendix C (informative) Information system threat assessment method 52 Appendix D (informative) Information system vulnerability assignment method 53 D.1 Level vulnerability assessment and assignment 53 D.2 Information system vulnerability assessment and assignment 54 Appendix E (informative) Method for assigning the likelihood of information system vulnerability being exploited 56 Appendix F (informative) Asset risk list of information system 57 Reference 58ForewordThis document complies with the provisions of GB/T 1.1-2020 "Standardization Work Guidelines Part 1.Structure and Drafting Rules of Standardization Documents" Drafting. Please note that some content in this document may be subject to patents. The publisher of this document assumes no responsibility for identifying patents. This document is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC180). This document was drafted by. China Financial Electronic Group Co., Ltd., Beijing National Financial Technology Certification Center Co., Ltd., Beijing Tianrong Information Network Security Technology Co., Ltd., Industrial and Commercial Bank of China Co., Ltd., AsiaInfo Technology (Chengdu) Co., Ltd. The main drafters of this document. Zhang Haiyan, Tang Hui, Gao Qiangyi, Pan Liyang, Zhang Lu, Zhang Shu, Yang Jian, Meng Xianzhe, Li Ji, Jin Hongyue, Li Zhelong.IntroductionAs the integration of finance and technology becomes a new trend, new financial technology applications such as cloud computing, big data, Internet of Things, mobile Internet, and artificial intelligence have Application scenarios are growing explosively, and financial information systems are facing complex and ever-changing network security threats and an increasingly severe network security situation. Financial information system network security risk assessment helps to comprehensively analyze the threats, vulnerabilities and risks faced by financial information systems, etc. level, and carry out risk treatment work based on the risk assessment results. In order to better adapt to the changes in financial technology, financial information system network security risks The risk assessment system also needs to be further improved. This document is based on mature risk assessment methodology, combined with the characteristics of financial information systems and the requirements for information system security construction. Network security risk assessment models, processes and risk analysis methods for financial businesses and financial information systems are common to financial information systems. Provide guidance on cybersecurity risk assessment. Specifications for Network Security Risk Assessment of Financial Information Systems1 ScopeThis document establishes the key points, principles, elements and principles of risk assessment work, and stipulates the risk assessment preparation stage, identification stage, risk Requirements for calculation and processing phase work. This document is applicable to financial management departments, financial industry institutions and network security risk assessment service agencies when conducting financial information system network security. Complete risk assessment work. Note. The “risk assessment” in the terms of this document refers to “financial information system network security risk assessment”.2 Normative reference documentsThe contents of the following documents constitute essential provisions of this document through normative references in the text. Among them, the dated quotations For undated referenced documents, only the version corresponding to that date applies to this document; for undated referenced documents, the latest version (including all amendments) applies to this document. GB/T 20269-2006 Information security technology information system security management requirements GB/T 20984-2022 Information security technology Information security risk assessment method GB/T 22240-2020 Information security technology network security level protection grading guide GB/T 25069-2022 Information security technical terms GB/T 31509-2015 Information Security Technology Information Security Risk Assessment Implementation Guide3 Terms and definitionsThe following terms and definitions as defined in GB/T 20269-2006, GB/T 25069-2022 and GB/T 20984-2022 apply in this document. 3.1 asset value assetvalue An indication of the importance or sensitivity of an asset. Note. Asset value is the attribute of the asset and is also the main content of asset identification.4 AbbreviationsThe following abbreviations apply to this document. ty) ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 42926-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 42926-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 5 ~ 8 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 42926-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 42926-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
