|
US$519.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 20986-2023: Information security technology - Guidelines for category and classification of cybersecurity incidents
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 20986-2023 | English | 519 |
Add to Cart
|
5 days [Need to translate]
|
Information security technology - Guidelines for category and classification of cybersecurity incidents
| Valid |
GB/T 20986-2023
|
PDF similar to GB/T 20986-2023
Basic data | Standard ID | GB/T 20986-2023 (GB/T20986-2023) | | Description (Translated English) | Information security technology - Guidelines for category and classification of cybersecurity incidents | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | A90 | | Classification of International Standard | 35.030 | | Word Count Estimation | 25,232 | | Date of Issue | 2023-05-23 | | Date of Implementation | 2023-12-01 | | Older Standard (superseded by this standard) | GB/Z 20986-2007 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 20986-2023: Information security technology - Guidelines for category and classification of cybersecurity incidents
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35:030
CCSA90
National Standards of People's Republic of China
Replacing GB /Z 20986-2007
Information Security Technology
Guidelines for Classifying and Grading Network Security Incidents
Released on 2023-05-23
2023-12-01 implementation
State Administration for Market Regulation
Released by the National Standardization Management Committee
table of contents
Preface III
Introduction V
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Abbreviations 2
5 Classification of network security incidents 2
5:1 Classification method 2
5:2 Event Category 2
6 Classification of network security incidents6
6:1 Grading method 6
6:2 Event Level 7
6:3 Event classification process 8
Appendix A (Informative) Network Security Event Category and Level Correlation 10
Appendix B (Normative) Network Security Event Classification Code 12
Reference 16
index 17
foreword
This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents"
drafting:
This document replaces GB /Z 20986-2007 "Guidelines for Classification and Grading of Information Security Technology Information Security Incidents", and GB /Z 20986-
Compared with:2007, except for structural adjustment and editorial changes, the main technical changes are as follows:
a) Changed from the guiding technical document GB /Z to the recommended national standard GB/T ;
b) Changed the expression of "scope" (see Chapter 1, Chapter 1 of the:2007 edition);
c) In "Terms and Definitions", the definition of "information system" was changed (see 3:1, 2:1 of the:2007 edition), and "data, network security
Security and network security incidents" (see 3:1~3:4);
d) Changed the "Abbreviation", deleted the content of the original abbreviation (see Chapter 3 of the:2007 edition), and added a new abbreviation "APT,
BGP, DDOS, DNS, IP, WLAN” etc: (see Chapter 4);
e) In "Classification of Network Security Events", the expression of "Classification Method" has been changed, and the classification of network security events has been increased from 7 categories to
Class 10 (see 5:1, 4:1 of the:2007 edition):
1) In the "malicious program event", 3 events of "malicious code host site event, ransomware event, and mining virus event" were added
event subclasses (see 5:2:1, 4:2:1 of the:2007 edition);
2) Added "backdoor implantation events, credential attack events, web page tampering events, dark link implantation events" in "cyber attack events"
events, domain name hijacking events, domain name transfer events, DNS pollution events, WLAN hijacking events, traffic hijacking events, BGP
Hijacking attack event, broadcast fraud event, lost host event, supply chain attack event, APT event" 14 event sub-
class (see 5:2:2, 4:2:2 of the:2007 edition);
3) Change the name of "Information Destruction Event" to "Data Security Event", and change the event subcategory to "Data Tampering Event, Data Fake Event"
Incidents of fraud, data leaks, data theft, data loss", added "social engineering incidents, data interception
event, location detection event, data poisoning event, data abuse event, and privacy violation event” (see
5:2:3, 4:2:3 of the:2007 edition);
4) In "Information Content Security Incidents", the number of incident subcategories has been increased from 4 to 8, and the name has been changed to "Reactionary Propaganda Incidents, Violence and Terrorism Incidents"
Publicity incidents, pornography incidents, false information dissemination incidents, rights infringement incidents, information spamming incidents, network fraud incidents
documents and other information content security incidents” (see 5:2:4, 4:2:4 of the:2007 edition);
5) In "Equipment and Facility Failure Events", the number of event subcategories is increased from 4 to 5, and the name is changed to "Technical Failure Events, Supporting
Facility failure events, physical damage events, radiation interference events, and other equipment and facility failure events" (see 5:2:5,:2007
version 4:2:5);
6) Added the category of "violation operation events", including "authority abuse events, authorization forgery events, behavior denial events, intentional violations
Operation events, misoperation events, personnel usability damage events, unauthorized resource use events, copyright violation events, etc:
Operation violation event" 9 event subcategories (see 5:2:6);
7) The category of "potential security incidents" has been added, including "network vulnerability incidents, network configuration compliance defect incidents, and other potential security incidents":
Event" 3 event subclasses (see 5:2:7);
8) Added "abnormal behavior events" category, including "abnormal access events, traffic abnormal events and other abnormal behavior events" 3
event subclasses (see 5:2:8);
9) Change "catastrophic event" to "force majeure event", including "natural disaster event, accident disaster event, public health event
events, social security events, and other force majeure events" (see 5:2:9, 4:2:6 of the:2007 edition);
f) In "Classification of Network Security Events", change "Information System" to "Event Affected Objects":
1) Changed the expression of "grading method" (see 6:1, 5:1 of the:2007 edition);
2) Added descriptions of 3 important levels of "Event Affected Objects" (see 6:1:2);
3) Change "system loss" to "business loss", and "system critical data" to "important data/sensitive personal information
Information" (see 6:1:3, 5:1:3 of the:2007 edition);
4) Change "Social Impact" to "Social Harm" (see 6:1:4, 5:1:4 of the:2007 edition);
5) Changed the expression of "event level" (see 6:2:1~6:2:5, 5:2 of the:2007 edition);
6) Added "event grading process" (see 6:3);
g) In order to facilitate applications such as information reporting, event research and judgment, "Appendix B" is added, and event classification codes are given:
Please note that some contents of this document may refer to patents: The issuing agency of this document assumes no responsibility for identifying patents:
This document is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260):
This document was drafted by: Beijing Times Newway Information Technology Co:, Ltd:, Institute of Software, Chinese Academy of Sciences, China Three Gorges Corporation
Co:, Ltd:, Hangzhou Anheng Information Technology Co:, Ltd:, Beijing Tianrongxin Network Security Technology Co:, Ltd:, Venustech Information Technology Group
Co:, Ltd:, Shaanxi Provincial Network and Information Security Evaluation Center, Beijing Dongfangtong Network Communication Technology Co:, Ltd:, Beijing Shenzhou Green League Technology Co:, Ltd:
Co:, Ltd:, State Grid Smart Grid Research Institute Co:, Ltd:, China Software Evaluation Center, China Information Security Evaluation Center, the Third Research Institute of the Ministry of Public Security
Institute, National Computer Network Emergency Technology Coordination Center, China Southern Power Grid Digital Grid Research Institute Co:, Ltd:, OPPO Guangdong Mobile Communications
Ltd:
The main drafters of this document: Wang Lianqiang, Wang Xinjie, Guo Qiquan, Huang Xiaosu, Yang Yuzhong, Yan Ruotong, Yu Zhengchen, Ren Juanjuan, Xia Yu, Ren Bin,
Lian Yifeng, Zhang Haixia, Huang Kezhen, Li Yangzhao, Li Qi, Liang Wei, Yang Jian, Liu Shupeng, Wei Yufeng, Cui Tingting, Li Wenjin, Zhang Daojuan, Li Jing, Shang Ke,
Qu Jie, Guo Jing, Zuo Xiaodong, Wang Jian, Wang Xiaopu, Yu Guoping, He Yu, Wang Yuanrong, Lu Ming, Gao Qi, Zhu Jianxing:
The release status of previous versions of this document and the documents it replaces are as follows:
---It was first released as GB /Z 20986-2007 in:2007;
--- This is the first revision:
Introduction
The prevention and disposal of network security incidents is an important link in the national network security system, and it is also an important work content: network
The classification and grading of security incidents is one of the foundations for quickly and effectively handling network security incidents:
The purpose of this document is to:
a) Facilitate the collection and analysis of security incident data;
b) facilitate the identification of the severity of security incidents;
c) facilitate the exchange and sharing of security incident information;
d) facilitate automated reporting and response to security incidents;
e) Improve the efficiency and effectiveness of security incident notification and emergency response:
In Appendix A, the relationship between security event classification and security event classification is given:
Information Security Technology
Guidelines for Classifying and Grading Network Security Incidents
1 Scope
This document describes the classification and grading methods of network security incidents, defines the categories and levels of network security incidents, and specifies the network security
Full event classification code:
This document is applicable to network operators and relevant departments to carry out research and judgment of network security incidents, information notification, monitoring and early warning and emergency response, etc:
Activity:
2 Normative references
The contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references
For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
this document:
GB/T 22240-2020 Information Security Technology Network Security Classified Protection Grading Guide
GB/T 25069-2022 Information Security Technical Terminology
3 Terms and Definitions
The following terms and definitions defined in GB/T 25069-2022 apply to this document:
3:1
information system information system
A collection of applications, services, information technology assets, or other information processing components:
Note: Information systems are usually composed of computers or other information terminals and related equipment, and carry out information processing or processing according to certain application objectives and rules:
program control:
[Source: GB/T 25069-2022, 3:696, modified]
3:2
data data
Any record of information, electronic or otherwise:
3:3
cybersecuritycybersecurity
By taking necessary measures to prevent attacks, intrusions, interference, destruction, illegal use and accidents on the network, the network is in a stable state:
Determine the state of reliable operation, and the ability to ensure data integrity, confidentiality, and availability:
[Source: GB/T 22239-2019, 3:1]
3:4
The network and
Events in which an information system or its data and business applications cause harm and negatively impact the country, society, and economy:
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 20986-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 20986-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 20986-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20986-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|