JR/T 0071.4-2020 English PDFUS$239.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email. JR/T 0071.4-2020: Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 4: Guidelines for training Status: Valid
Basic dataStandard ID: JR/T 0071.4-2020 (JR/T0071.4-2020)Description (Translated English): Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 4: Guidelines for training Sector / Industry: Finance Industry Standard (Recommended) Classification of Chinese Standard: A11 Classification of International Standard: 03.060 Word Count Estimation: 10,18 Date of Issue: 2020 Date of Implementation: 2020-11-11 Issuing agency(ies): People's Bank of China JR/T 0071.4-2020: Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 4: Guidelines for training---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Implementation guidelines for classified protection of cybersecurity of financial industry-Part 4.Guidelines for training People's Republic of China Financial Industry Standards Guidelines for the Implementation of Levels of Cybersecurity Protection in the Financial Industry 2020-11-11 release 2020-11-11 implementation Issued by the People's Bank of China 1 Scope...1 2 Normative references...1 3 Training objectives...1 4 Training Principles...1 5 Training plan...1 6 Trainees...2 7 Training content requirements...2 8 Training Implementation...3 9 Training and assessment...3 10 Training file management...3 References...4 ForewordJR/T 0071 "Implementation Guidelines for Cyber Security Graded Protection in the Financial Industry" consists of the following 6 parts. --Part 1.Basics and terminology; --Part 2.Basic requirements; --Part 3.Job ability requirements and evaluation guidelines; --Part 4.Training Guidelines; --Part 5.Audit requirements; --Part 6.Audit Guidelines. This part is part 4 of JR/T 0071. This part was drafted in accordance with the rules given in GB/T 1.1-2009. This part was proposed by the People's Bank of China. This part is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC 180). Drafting organizations of this section. the Department of Science and Technology of the People’s Bank of China, the Statistical Information and Risk Monitoring Department of China Banking and Insurance Regulatory Commission, China China Financial Electronics Corporation, Beijing Zhongjin Guosheng Certification Co., Ltd. The main drafters of this section. Li Wei, Chen Liwu, Shen Xiaoyan, Che Zhen, Zan Xin, Xia Lei, Fang Yi, Zhang Haiyan, Tang Hui, Li Fan, Wang Haitao, Zhang Lu, Pan Liyang, Deng Hao, Sun Guodong, Liu Wenjuan, Hou Manli, Zhao Fangmeng, Qiao Yuan, Cui Ying, Chen Xuefeng, Ma Chenglong, Du Wei, Li Ruifeng.IntroductionThe level of cyber security protection is a basic system for the national cyber security assurance work. Important systems in the financial industry are related to the national economy and the people’s livelihood. It is the key protection object of national network security, so it needs a series of grade protection standard systems suitable for the financial industry as the support to standardize and Guide the implementation of hierarchical protection in the financial industry. With the widespread application of new technologies such as cloud computing, mobile internet, Internet of Things, and big data, the Golden Financial institutions are continuing to promote the transformation of IT architecture in accordance with their own development needs. In order to adapt to the new technology, new application and new structure, the financial bank For the development of industrial network security level protection, JR/T 0071 is now revised. The revised JR/T 0071 is based on the national cyber security level Protect relevant requirements, provide methodology, specific construction measures and technical guidance for the financial industry’s network security construction, and improve the financial industry’s network The network security level protection system is better adapted to the application of new technologies in the financial industry. Guidelines for the Implementation of Levels of Cybersecurity Protection in the Financial Industry Part 4.Training Guidelines1 ScopeThis part specifies the training objectives, training principles, training plans, training targets, training content requirements, and training practices for cybersecurity training. Implementation, training assessment and training file management. This part is applicable to financial institutions, evaluation institutions and financial industry cybersecurity level protection departments that implement cybersecurity level protection Gate.2 Normative referencesThe following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this document. For undated reference documents, the latest version (including all amendments) is applicable to this document. GB/T 20269 Information Security Technology Information System Security Management Requirements GB/T 22239 Information Security Technology Network Security Level Protection Basic Requirements GB/T 25058 Information Security Technology Network Security Level Protection Implementation Guide GB/T 28448 Information Security Technology Network Security Level Protection Evaluation Requirements3 Training objectivesIn accordance with the requirements of GB/T 20269, GB/T 22239, GB/T 25058, GB/T 28448, financial institutions should carry out cyber security training jobs. Through the implementation of network security training in the financial industry, relevant personnel of financial institutions have basic knowledge of network security level protection and network security All basic knowledge and skills provide human resources guarantee for financial institutions to effectively implement the level of network security protection.4 Training principlesTraining should follow the following principles. a) Combination of personal skills training and corporate training. b) Short-term training is the main focus, and long-term training is the supplement. c) Carry out diversified training based on the needs of relevant positions for network security level protection.5 Training planThe training plan should include the following. a) Annual training plan. In order to implement the requirements of the cyber security level protection system, financial institutions should formulate an annual cyber security training plan. Plan, focusing on the training of management personnel and new recruits related to network security level protection. Annual cyber security training should be accepted Enter the overall annual training plan of the institution. b) Plan requirements. The training plan should specify training objectives, training content, training time, participants in training, training methods, training Required resources, training budget and assessment requirements, etc.6 TraineesBased on the corresponding job requirements of the organization's cyber security level protection, the training objects mainly include management personnel and cyber security level protection Implementation personnel and other related personnel (or departments). a) Institutional management. mainly includes members of the board of directors, chief executive officer, audit committee, legal department, etc. b) Employees. c) Specific cyber security roles, including. 1) Security Supervisor. 2) Cyber security internal auditor. 3) Security operators. d) Personnel involved in network security level protection work, including. 1) The network security level protects work managers. 2) Network security level protection work implementation personnel. 3) Network security level protection work evaluation personnel.7 Training content requirementsFinancial institutions shall implement corresponding trainings in accordance with the requirements for implementing cyber security level protection for each post, including. a) For full-staff training, the training content includes. 1) Network security awareness education. 2) Network security level protection policy document. 3) Network security laws, regulations and standards. b) Conduct network security audit knowledge training for the audit committee. c) Carry out training for safety supervisors, the training content includes. 1) Network security planning ability. 2) Knowledge of network security architecture. 3) Knowledge of cyber security risks. 4) Professional network security technology. d) Conduct training for cyber security auditors, the training content includes. 1) Basic knowledge training of network security and auditing. 2) Relevant cyber security laws and regulations. 3) Various network security policy requirements. e) Carry out training for safety operators, the training content includes. 1) The hardware, software and required safety regulations of the business department. 2) Implementation of security architecture and programs. 3) Implement and maintain safety practices and procedures. f) Carry out training for network security level protection personnel, the training content includes. technical standards and specifications, and level protection evaluation Methods, procedures and work specifications.8 Training implementationFinancial institutions should reasonably arrange training in accordance with the annual training plan formulated, and actively organize employees to participate in various forms of training. The training organization department of financial institutions shall issue training notices in advance, hire lecturers, design courses, prepare teaching materials, and arrange training venues. The training organization department of the financial institution or the personnel participating in the training should fill in the training record form carefully after the training, and submit it to the human resources department for deposit. files. There is no arrangement in the annual training plan of financial institutions. After evaluation, the training is urgently needed for the job. The network security department submits a training application. Implemented after approval by the Human Resources Department.9 Training and assessment9.1 Training and assessment basis and requirements The cyber security department of financial institutions shall put forward training evaluation requirements and make corresponding evaluations or assessments for various types of training. For formal training, the assessment basis is generally based on the training certificate issued by the training party. If you do not have a training certificate, you should submit your personal training experience. For informal training, there is generally no direct assessment, and the training effect evaluation is carried out at the same time as the personnel performance appraisal. 9.2 Implementation of training and assessment The cyber security department of financial institutions is responsible for the implementation of training and assessment. 9.3 Training assessment results Qualification of training and assessment should be an important part of the job skill assessment and performance assessment of financial institutions. 9.4 Treatment of unqualified training assessment Those who fail the assessment of on-the-job training are specifically divided into the following two situations and dealt with separately. a) Non-network security level protection direct job training, unqualified persons will receive re-training until they are qualified. b) Job placement training for network security level protection work (Once the person passes the training and assessment, he will assume the target job position). Those who are qualified will receive re-training; those who fail the two assessments will be treated as abandoning the target job. 10 Training file management The training organization department of financial institutions shall manage various levels of protection training files. The contents of the training files include. a) Training plan. b) List of trainers. c) Assessment standards and assessment results records. references [1] GB 17859 Classification criteria for security protection grades of computer information systems [2] GB/T 22240 Information Security Technology Network Security Level Protection Rating Guidelines ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of JR/T 0071.4-2020_English be delivered?Answer: Upon your order, we will start to translate JR/T 0071.4-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of JR/T 0071.4-2020_English with my colleagues?Answer: Yes. The purchased PDF of JR/T 0071.4-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
