HOME Cart(0) Quotation About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (26 Oct 2025)

GB/T 20984-2022 PDF English

Q: Do you accept my currency other than USD?

Yes. https://www.ChineseStandard.us/products/GBT20984-2022 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

Q: How to buy and download a true PDF of English version of GB/T 20984-2022?

Answer: A step-by-step guide to download PDF of GB/T 20984-2022_English. Step 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD). Step 2: Search keyword 'GB/T 20984-2022'. Step 3: Click 'Add to Cart'. If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click 'Checkout'. Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: https://www.chinesestandard.net/Img/LDHowToStep1-3.jpg https://www.chinesestandard.net/Img/LDHowToStep4-6.jpg https://www.chinesestandard.net/Img/LDHowToStep7.jpg https://www.chinesestandard.net/Img/LDHowToStep8.jpg https://www.chinesestandard.net/Img/LDHowToStep9.jpg

US$470.00 · In stock · Download in 9 seconds
GB/T 20984-2022: Information security technology - Risk assessment method for information security
Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure
Status: Valid

GB/T 20984: Evolution and historical versions

Standard ID	Contents [version]	USD	STEP2	[PDF] delivery	Name of Chinese Standard	Status
GB/T 20984-2022	English	470	Add to Cart	0-9 seconds. Auto-delivery	Information security technology - Risk assessment method for information security	Valid
GB/T 20984-2007	English	225	Add to Cart	0-9 seconds. Auto-delivery	Information security technology -- Risk assessment specification for information security	Obsolete

Excerpted PDFs (Download full copy in 9 seconds upon purchase)

PDF Preview: GB/T 20984-2022

Similar standards

GB/T 21028 GB/T 20520 GB/T 20988

GB/T 20984-2022: Information security technology - Risk assessment method for information security

---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20984-2022
NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.030 CCS L 80 Replacing GB/T 20984-2007 Information security technology - Risk assessment method for information security Issued on. APRIL 15, 2022 Implemented on. NOVEMBER 01, 2022 Issued by. State Administration for Market Regulation; Standardization Administration of the PRC.

Foreword... 3 1 Scope... 5 2 Normative references... 5 3 Terms and definitions, abbreviations... 5 3.1 Terms and definitions... 5 3.2 Abbreviations... 7 4 Risk assessment framework and process... 8 4.1 Relationship between risk factors... 8 4.2 Principles of risk analysis... 9 4.3 Risk assessment process... 9 5 Implementation of risk assessment... 11 5.1 Preparation of risk assessment... 11 5.2 Risk identification... 12 5.3 Risk analysis... 22 5.4 Risk evaluation... 22 5.5 Communication and negotiation... 24 5.6 Risk assessment documentation... 24 Appendix A (Informative) Risk assessment at each stage of assessment object lifecycle ... 27 Appendix B (Informative) Work forms of risk assessment... 33 Appendix C (Informative) Tools for risk assessment... 35 Appendix D (Informative) Asset identification... 40 Appendix E (Informative) Threat identification... 43 Appendix F (Informative) Examples of risk calculation... 47 Bibliography... 49

1 Scope

This document describes the basic concepts of information security risk assessment, relationship between risk factors, principles of risk analysis, implementation process and assessment method of risk assessment, as well as the implementation points and work forms of risk assessment at different stages of information system lifecycle. This document applies to all types of organizations conducting information security risk assessments.

2 Normative references

The contents of the following documents, through normative references in this text, constitute indispensable provisions of this document. Among them, for dated references, only the edition corresponding to that date applies to this document. For undated references, the latest edition (including all amendments) applies to this document. GB/T 25069 Information security techniques - Terminology GB/T 33132-2016 Information security technology - Guide of implementation for information security risk treatment

3 Terms and definitions, abbreviations

3.1 Terms and definitions The terms and definitions defined in GB/T 25069 and the following ones apply to this document. 3.1.1 Information security risk The potential for a particular threat to exploit the vulnerability of a single or group of assets and the damage that this may cause to an organization. 3.1.2 Risk assessment The entire process of risk identification, risk analysis, and risk evaluation. 3.1.3 Organization An individual or group that has its own responsibilities, authority, and relationships to achieve its goals. Note. The concept of organization includes, but is not limited to, a sole proprietor, company, legal person, firm, enterprise, agency, partnership, charity or institution, or parts or combinations thereof, whether incorporated or not, public or private. [Source. GB/T 29246-2017, 2.57, modified]

4 Risk assessment framework and process

4.1 Relationship between risk factors The relationship between the basic factors in risk assessment is shown in Figure 1.The basic factors of risk assessment include asset, threat, vulnerability, and security control. Risk assessment is carried out based on the above factors. 4.2 Principles of risk analysis The principles of risk analysis are as follows. 4.3 Risk assessment process The implementation process of risk assessment is shown in Figure 2.The risk assessment process shall include the following.

5 Implementation of risk assessment

5.1 Preparation of risk assessment Organization’s implementation of risk assessment is a strategic consideration. Its results will be affected by organizational planning, business, business process, security requirement, system scale and structure, etc. Therefore, before the implementation of risk assessment, the following work shall be prepared. 5.2 Risk identification 5.2.1 Asset identification 5.2.2 Threat identification 5.2.2.1 Content of threat identification The content of threat identification includes the source, subject, type, motivation, timing, and frequency of the threat. 5.2.4 Vulnerability identification 5.2.4.1 Content of vulnerability identification If vulnerabilities do not have a corresponding threat, controls do not need to be implemented; but they shall be noted and monitored for changes. Conversely, if a threat does not have a corresponding vulnerability, it does not lead to a risk. It shall be noted that unreasonable implementation of controls, failure of controls, or misuse of controls are inherent vulnerabilities. Controls may or may not be effective depending on the environment in which they operate. 5.4 Risk evaluation 5.4.1 Evaluation of system asset risk According to the risk evaluation criteria, the system asset risk calculation results are graded. Table 11 presents a grading method for system asset risk. 5.4.2 Evaluation of business risk According to the risk evaluation criteria, the business risk calculation results are graded. When conducting business risk evaluation, it can be analyzed from two aspects. Social impact and organizational impact. Social impact covers the aspects such as national security, social order, public interests, and the legitimate rights and interests of citizens, legal persons, and other organizations. 5.6.2 Risk assessment documents Risk assessment documents refer to the process documents and result documents generated during the risk assessment process, including (but not limited to).

Appendix A

(Informative) Risk assessment at each stage of assessment object lifecycle A.1 Overview Risk assessment shall run through all stages of the assessment object lifecycle. The risk assessment principles and methods involved in each stage of the assessment object lifecycle are consistent. But due to the different implementation contents, objects, and security requirements in each stage, the risk assessment objects, purposes, requirements and other aspects are also different. In the planning and design stage, use risk assessment to determine the security objectives of the assessment object. ......
Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al.

Tips & Frequently Asked Questions

Question 1: How long will the true-PDF of English version of GB/T 20984-2022 be delivered?

Answer: The full copy PDF of English version of GB/T 20984-2022 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.

Question 2: Can I share the purchased PDF of GB/T 20984-2022_English with my colleagues?

Answer: Yes. The purchased PDF of GB/T 20984-2022_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.

Question 3: Does the price include tax/VAT?

Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countries

Question 4: Do you accept my currency other than USD?

Answer: Yes. www.ChineseStandard.us -- GB/T 20984-2022 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.

Question 5: Should I purchase the latest version GB/T 20984-2022?

Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 20984-2022 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.

How to buy and download a true PDF of English version of GB/T 20984-2022?

A step-by-step guide to download PDF of GB/T 20984-2022_English

Step 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).
Step 2: Search keyword "GB/T 20984-2022".
Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart.
Step 4: Select payment option (Via payment agents Stripe or PayPal).
Step 5: Customize Tax Invoice -- Fill up your email etc.
Step 6: Click "Checkout".
Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively.
Step 8: Optional -- Go to download PDF.
Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice.
See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9

Refund Policy Privacy Policy Terms of Service Shipping Policy Contact Information