|
US$1079.00 · In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 38645-2020: Information security techniques - Guide for cybersecurity incident emergency exercises
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 38645-2020 | English | 1079 |
Add to Cart
|
7 days [Need to translate]
|
Information security techniques - Guide for cybersecurity incident emergency exercises
| Valid |
GB/T 38645-2020
|
PDF similar to GB/T 38645-2020
Basic data | Standard ID | GB/T 38645-2020 (GB/T38645-2020) | | Description (Translated English) | Information security techniques - Guide for cybersecurity incident emergency exercises | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.040 | | Word Count Estimation | 58,572 | | Date of Issue | 2020-04-28 | | Date of Implementation | 2020-11-01 | | Quoted Standard | GB/T 25069 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | | Summary | This standard specifies the purpose, principles, forms, methods and planning of emergency drills for network security incidents, and specifies the organizational structure and implementation process of emergency drills. This standard applies to guiding relevant organizations to implement emergency drills for cybersecurity incidents. | GB/T 38645-2020: Information security techniques - Guide for cybersecurity incident emergency exercises
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information security techniques - Guide for cybersecurity incident emergency exercises
ICS 35.040
L80
National Standards of People's Republic of China
Information security technology network security incident emergency drill guide
2020-04-28 released
2020-11-01 implementation
State Administration for Market Regulation
Issued by the National Standardization Management Committee
Table of contents
Foreword Ⅰ
Introduction Ⅱ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Purpose of emergency drill 1
5 Emergency drill principles 2
6 Emergency drill form 2
7 Emergency drill planning 3
8 Emergency drill organization structure 3
8.1 Summary 3
8.2 Management Department 3
8.3 Command organization 3
8.4 Participating institutions 4
9 Implementation process of emergency drill 5
9.1 Preparation stage 5
9.2 Implementation phase 8
9.3 Evaluation and summary stage 9
9.4 Achievement application stage 10
Appendix A (Informative Appendix) Comparison Table of Common Exercise Forms 11
Appendix B (informative appendix) Reference template for each step of emergency drill 17
Appendix C (informative appendix) Practice scenario library 29
Appendix D (informative appendix) Reference case 31
Reference 55
Foreword
This standard was drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that certain contents of this document may involve patents. The issuing agency of this document is not responsible for identifying these patents.
This standard was proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260).
Drafting organizations of this standard. Fibertech (Beijing) Co., Ltd., National Industrial Information Security Development Research Center, State Grid Co., Ltd.,
National Information Technology Security Research Center, China Securities Regulatory Commission Information Center, China Electric Power Research Institute Co., Ltd., China Electronic Technology Standards
Research Institute of Chemistry, Heilongjiang Provincial Department of Industry and Information Technology, Tsinghua University, Beijing Institute of Computing and Communication, Beijing Institute of Technology, Harbin Industry
University, Harbin Engineering University, Guilin University of Electronic Technology, Third Research Institute of Ministry of Public Security, China Information Security Evaluation Center, National Computer Network
Network Emergency Technology Coordination Center, China Internet Network Information Center, Institute of Information Engineering, Chinese Academy of Sciences, China Electronics Technology Network Information
Information Security Co., Ltd., Heilongjiang Institute of Electronic Technology, Beijing Venustech Information Security Technology Co., Ltd., Harbin Institute of Technology Tianchuang Power
Co., Ltd., State Grid Shandong Electric Power Company Electric Power Research Institute, Beijing Antiy Network Security Technology Co., Ltd., Beijing Netteng Technology
Co., Ltd., Harbin Institute of Technology Software Engineering Co., Ltd., Heilongjiang Vocational College of Information Technology, Beijing Municipal Affairs Information Security Emergency
Disposal Center, Beijing Wangyu Xingyun Information Technology Co., Ltd., Beijing Zhuoshi Network Security Technology Co., Ltd.
The main drafters of this standard. Gong Lianghua, Yin Libo, Wang Lei, Gong Yafeng, Liu Ying, Wang Dongming, Zhang Ge, Liu Ying, Zhu Chaoyang, Wei Qinzhi, Zhou Liang,
Li Lin, Zhang Yongjing, Zhang Hong, Li Jun, Yu Meng, Wang Da, Xue Yibo, Zhu Liehuang, Wang Bailing, Sun Jianguo, Ding Yong, Tong Weiwei, Sun Lili, Wang Qimeng,
Lei Chenglin, Zhao Xudong, Qiu Zihua, Zou Chunming, Jia Ruolun, Zi Liqiang, Xie Feng, Du Hongliang, He Nengqiang, Li Ruoyu, Hao Zhiyu, Ao Jia, Liu Huijing,
Zheng Xiansheng, Meng Yahui, Liu Wenyue, Wang Wenting, Li Bosong, Tong Zhiming, Li Zuomin, Guo Yuliang, Zuo Xiaoying, Fan Shixi, Zhang Tao, Wei Bin, Du Jun,
Liu Jianshuai and Liu Ren.
Introduction
Establishing a cybersecurity incident emergency work mechanism and carrying out emergency drills are the most important part of reducing and preventing the loss and harm caused by cybersecurity incidents.
Be assured. In order to standardize and guide the emergency drills of network security incidents, it is necessary to formulate guidelines for emergency drills of network security incidents.
Information security technology network security incident emergency drill guide
1 Scope
This standard gives the purpose, principles, forms, methods and plans of the implementation of emergency drills for cybersecurity incidents, and describes the groups of emergency drills.
Organizational structure and implementation process.
This standard is applicable to guide relevant organizations to implement emergency drills for cybersecurity incidents.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this article
Pieces. For undated references, the latest version (including all amendments) applies to this document.
GB/T 25069 Information Security Technical Terms
3 Terms and definitions
The following terms and definitions defined in GB/T 25069 apply to this document.
3.1
Cybersecurity incident
Due to human reasons, software and hardware defects or failures, natural disasters, etc., the network and information systems or the data and business applications in them are created
An event that is harmful to the country, society, and economy.
4 Purpose of emergency drill
The purpose of the emergency drill is as follows.
a) Inspection plan. Through carrying out emergency drills, find and verify the problems in the emergency plan, improve the emergency plan, and improve the emergency plan.
The scientific, practical and operability of the case;
b) Perfect preparation. Through carrying out emergency drills, check the emergency team, materials, equipment, technology and other aspects required to respond to cyber security incidents
If the preparedness is found to be insufficient, make adjustments and supplements in time, and make emergency preparations;
c) Training team. Through carrying out emergency drills, the drill management department, command organization, participating organizations and personnel will be strengthened in the emergency response plan.
Familiarity, exercise the skills required for emergency response, strengthen cooperation, and improve its emergency response capabilities;
d) Running-in mechanism. Through emergency drills, the responsibilities and tasks of relevant units and personnel are further clarified, working relationships are straightened out, and various
Separate, block, and support emergency linkage mechanisms between related parties to prevent network security risk transmission;
e) Publicity and education. Through the implementation of emergency drills, popularize emergency knowledge, continuously enhance the professionalism of network security management, and improve all employees
Network security risk prevention awareness.
5 Emergency drill principles
The principles of emergency drills are as follows.
a) Combining reality. combining the requirements of emergency management work, clarifying the purpose of the exercise, and determining the method and scale of the exercise according to resource conditions;
b) Appropriate to actual combat. Improve the command and coordination capabilities of the emergency command organization and the actual emergency response capabilities of the emergency team;
c) Improving actual results. Pay attention to the evaluation and assessment of the exercise process and exercise effect, summarize the promotion experience, and rectify the problems found;
d) Ensure safety. plan the drill content around the purpose of the drill, scientifically formulate the drill plan, deploy the drill activities, formulate and comply with relevant safety
Full measures to ensure the safety of drill participants and drill facilities;
e) Overall planning. overall planning of emergency drills, effective complementation of drills and exercises, and appropriate implementation of cross-industry and cross-regional comprehensive drills,
Use existing resources to improve the effectiveness of emergency drills.
6 Emergency drill format
According to the organizational form, content, purpose, and role of emergency drills, emergency drills can be divided into multiple dimensions.
a) According to the organization form of emergency drill, it is divided into the following forms.
1) Desktop deduction. According to the emergency plan, the participants use flowcharts, computer simulations, video conferences and other auxiliary methods to target
The pre-assumed drill scenario simulates the emergency decision-making and on-site disposal process, verifies the effectiveness of the emergency plan, and promotes
Relevant personnel clarify relevant responsibilities in the emergency plan, master emergency procedures and emergency operations, and improve command decision-making and coordination of all parties
Cooperating ability.
2) Simulation exercise. participants use network and information system related software and hardware or shooting range technology to simulate and build a close-to-real environment
The test environment, simulating emergencies or scene fragments, pays attention to the verification of the simulation exercise technology operation, and the exercise process
Coordination and cooperation of resources from all parties, response to various problems and risks during the exercise.
3) Practical exercise. Participants use the real environment of the network and information system to simulate emergency scenarios to complete judgment, decision-making, and handling.
The emergency response process of the related links, inspection and improvement of the on-site organization and command, emergency response and logistical support capabilities of relevant personnel
force. Practical exercises can also be divided into designated subject exercises and pre-notified subject exercises.
b) According to the content of emergency drill, it is divided into the following forms.
1) Special drills. refer to drills involving specific systems or emergency response functions in the emergency plan. For one or a few
The specific links and functions of each participating department (post) are tested.
2) Comprehensive drill. Refers to drills involving multiple or all emergency response functions in the emergency plan. For multiple links and functions
Perform inspection.
c) According to the purpose and function of emergency drills, it is divided into the following forms.
1) Test drill. to test the feasibility of emergency plans, the adequacy of emergency preparedness, the coordination of emergency mechanisms, and related personnel
Drills based on the emergency response capabilities of personnel.
2) Demonstration exercise. in order to demonstrate emergency response capabilities to observers or provide demonstration teaching, a performance exercise carried out in accordance with the exercise plan
drill.
3) Research drill. In order to study and solve the key and difficult problems of emergency response, test new plans, new technologies, and new
Equipment and organized drills.
d) Other forms of exercises.
The combination of exercises of different dimensions can form a special desktop exercise, a comprehensive desktop exercise, a special practical exercise, and a comprehensive practical exercise
Common drills such as training, special demonstration drills, comprehensive demonstration drills, etc. See Appendix A for common drills.
7 Emergency drill planning
Relevant organizations, in accordance with actual conditions, in accordance with relevant laws and regulations, emergency response plans, and
Make an overall plan for emergency drills, including the frequency, scale, format, time, location, and budget of emergency drills. Generally one year
Develop a drill plan for each cycle.
8 Emergency drill organization structure
8.1 Summary
The organizational structure of the exercise includes management departments, command organizations and participating organizations. According to event level, drill scale, drill purpose, and drill form
The organization can merge and adjust the personnel and responsibilities of related organizations, and make corresponding organizational subdivisions according to actual conditions.
8.2 Management Department
The management departments include higher-level units, relevant national cybersecurity supervision departments, etc., and their main responsibilities are as follows.
a) Issue emergency drill requirements;
c) If necessary, announce the start, end or termination of emergency drills.
8.3 Command organization
8.3.1 Commander
The main responsibilities are as follows.
a) Commitment and support for emergency drills, including issuing official documents and providing necessary resources (human, financial, material), etc.;
b) Review and approve the emergency drill plan;
c) Approval and decide on major issues of emergency drills;
d) Deploy, inspect, guide and coordinate all preparations for emergency drills;
e) Responsible for the coordination of cross-organization and cross-field emergency drills;
f) Contact relevant units externally and coordinate the responsibilities of each unit in emergency drills;
g) Command and dispatch emergency drills on site;
h) Announce the start, end or termination of emergency drills;
i) Summarize the effects of emergency drills and complete drill summary reports;
j) Follow up the application of exercise results.
8.3.2 Planner
The main responsibilities are as follows.
a) Planning and formulating emergency drill plans;
b) Responsible for the explanation during the emergency drill.
8.3.3 Supervisors
The main responsibilities are as follows.
a) Supervise whether the drill activities meet the requirements of emergency drill planning;
b) On-site supervision and guidance of the specific work of emergency drills.
8.4 Participating institutions
8.4.1 Consultant
It is composed of leaders and technical experts of relevant participating institutions led by the drill organization unit, and went to the drill site of each participating institution during the implementation stage
Guide the drill work.
8.4.2 Implementers
The main responsibilities are as follows.
a) Execute the exercise script;
b) Carry out emergency response and handling of cybersecurity incidents triggered by simulations in accordance with emergency plans;
c) Conduct actual combat emergency response to network security incidents triggered by simulations of scenarios without scenarios;
d) Use the exercise results.
8.4.3 Security personnel
The main responsibilities are as follows.
a) Follow up the planned exercise personnel to participate in exercise activities as required;
b) Responsible for mobilizing various equipment required for the exercise process, and preparing technical support systems such as communication and scheduling;
c) Implement the exercise site and materials, and carry out logistical support;
d) Track and implement the funds required in the exercise plan;
e) Responsible for safety assurance work at the drill site.
8.4.4 Technical support staff
The main responsibilities are as follows.
a) Provide emergency technology and drill technical consultation and support for emergency drill activities;
b) Debug the various equipment required during the exercise, and do a good job in technical support for technical support systems such as communication and dispatch;
c) Responsible for the specific technical realization of each link of the emergency drill, including monitoring and disposal;
d) Simulate and trigger network security events.
8.4.5 Evaluator
The main responsibilities are as follows.
a) Record the exercise process and the essentials of emergency actions;
b) Evaluate the exercise effect, exercise process and action essentials, and complete the exercise evaluation report;
c) Find out the problems existing in the emergency drill, and promptly put forward opinions or suggestions to the relevant responsible personnel.
8.4.6 Other personnel
The main responsibilities are as follows.
a) Contact other participating organizations to assist in the completion of emergency drills;
b) Coordinate cross-organization and cross-field participants to complete emergency drills;
c) Invite leaders of relevant units and other personnel to observe the exercise process, etc.;
d) Responsible for other work of emergency drills.
9 Implementation process of emergency drill
9.1 Preparation phase
9.1.1 Develop a drill plan
9.1.1.1 Overview
The emergency command organization formulates a drill plan based on the emergency drill plan and emergency plan, clarifies the purpose of the drill, analyzes the drill requirements, and determines the drill.
The scope of the exercise, the drafting of the schedule, and the preparation of the exercise budget. For the emergency drill plan template, see Appendix B, B.1.
9.1.1.2 Clarify the purpose of the exercise
Clarify the reasons for carrying out emergency drills, the problems to be solved by the drills, and the desired effects.
9.1.1.3 Analysis and drill requirements
According to the requirements of emergency drill planning and emergency plan, and on the basis of careful analysis of the pre-set event scenario risks and emergency plan, the conclusion
In the case of network security incidents during the joint year, existing problems and weaknesses are found, and the drills to be adjusted and the skills to be trained are determined.
Analyze the equipment to be inspected, complete emergency response procedures, command and dispatch procedures, and further clarify responsibilities.
Urgent drill requirements.
9.1.1.4 Determine the scope of the exercise
According to the requirements of the exercise and the comprehensive venue and resources (including but not limited to human resources, financial resources, material resources, technical resources, and information resources)
Source, etc.) and time and other constraints and factors, determine the type, level, location, and organizational structure of the exercise (management department, guidance
Organizations and participating organizations), number of people, methods of exercises, etc. Exercise requirements and scope of exercises often influence each other.
9.1.1.5 Drafting a schedule
Draft the drill work plan and schedule, and specify the main tasks and completion time limits of each stage of the emergency drill, including the compilation of various drill documents
The time limit for writing and reviewing, the time limit for preparing information systems and technical materials, the date of the exercise, etc.
9.1.1.6 Preparation of exercise budget
Formulate various funds, supporting funds and safeguard measures for conducting drills.
9.1.2 Develop a drill plan
9.1.2.1 Preparation of work plan
The steps to prepare an emergency drill work plan are as follows.
a) Determine the goal
The goal of the exercise is the main exercise task to be completed and the results achieved. It generally states "who will complete what task under what conditions,
According to what standards, what effects are achieved." The drill objectives should be clear, specific, quantifiable, and achievable. For example, there are several drills in one drill.
Each exercise goal must be achieved in the exercise plan with corresponding events and exercise activities, and there should be corresponding evaluation in the exercise evaluation.
The project judges the achievement of this goal.
b) Design exercise scenarios and implementation steps
The rehearsal scene should provide initial conditions for the rehearsal activity, and the rehearsal activity should be guided through a series of situational events to continue until the end of the exercise.
Completed, see Appendix C for the exercise scene library. The exercise scene includes the following exercise scene overview and exercise scene list.
1) Overview of the exercise scenario. A summary description of each drill scene should explain the type of event, the time and place of occurrence, and the speed of development.
Degree, affected area, distribution of personnel and materials, losses caused, follow-up development forecast, etc.
2) List of rehearsal scenarios (steps). It is necessary to clarify the chronological list and time-consuming situation of each scene (each step) during the exercise.
The logical connection between the exercise scenarios depends on the law of event development, control messages, and the response of the exercise personnel after receiving the control messages.
Action taken.
c) Draft a list of drill personnel
The participating agencies of the emergency drill shall uniformly establish an emergency drill command organization. If the drill is initiated by the command organization, the emergency of the emergency drill
The command organization should file with the management department. According to the actual situation such as the form, content, and scope of the exercise, the organization and functions of the exercise may be appropriate.
When adjusting.
The exercise should be carried out under the supervision and command of the command organization.
d) Preparation of work plan
The content of the emergency drill work plan should include. guiding ideology, work principles, drill purpose, drill scenario, drill time and location, command organization
And participating institutions, role responsibilities, exercise implementation process, other preparations, work requirements and related attachments, etc. See B.2.for the template.
9.1.2.2 Preparation of safeguard plan
When formulating the exercise guarantee plan, it includes personnel guarantee, fund guarantee, site guarantee, infrastructure guarantee, communication guarantee, technical guarantee, and safety
Formulate detailed and feasible plans for full security and other aspects, clarify the attribution of responsibilities, and scientifically predict accidents or failures that may occur during the exercise.
Formulate corresponding accident or failure handling procedures, measures, etc. See B.3.for the template.
9.1.2.3 Preparation of evaluation plan
Exercise evaluation is to compare the difference between the actual effect of the exercise and the goal through observation, experience and recording of the exercise, and to summarize the effectiveness of the exercise
And insufficient process. The exercise evaluation should be based on the exercise objectives. For each exercise goal, reasonable evaluation project methods and standards must be designed.
Depending on the goals of the exercise, you can use options (e.g. yes/no judgment, multiple choices), subjective scoring (e.g.. 1---bad, 3--pass,
5---Excellent), quantitative measurement and other methods for evaluation.
In order to facilitate the exercise evaluation operation, the planning team usually designs the evaluation form in advance, including the exercise objectives, evaluation methods, evaluation standards and related
Record items, etc., can also use professional evaluation software and other tools, see B.4 for templates.
9.1.2.4 Writing exercise scripts
Prepare emergency drill scripts according to the purpose, content and form of emergency drills. The emergency drill script is the specific operation of the emergency drill work plan.
It is a manual to control the time course of emergency drills, and explain in detail the emergency drill scenarios and response procedures.
Each key node of the exercise process is the backbone, describing the scene of the emergency exercise, starting and ending time, executive personnel, handling actions, instructions and dialogue, and timely
For the selected technical equipment, video pictures and subtitles, commentary, etc., see B.5 for the template.
9.1.3 Review and revise the exercise plan
Review the drill plan and determine that the drill plan is scientific and feasible to ensure the smooth progress of emergency drills. For confidential or unsuitable
It is advisable to formulate confidentiality measures for the content of the drill.
Refer to Appendix D for the formulation of emergency drill plans.
9.1.4 Emergency drill support
9.1.4.1 Personnel protection
Ensure the time for relevant personnel to participate in the exercise, ensure that all personnel participating in the exercise have passed the exercise training, and have a clear division of responsibilities.
9.1.4.2 Financial guarantee
It is advisable to prepare an emergency drill budget according to the emergency drill plan every year, and incorporate it into the annual financial (financial) budget of each participating org...
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 38645-2020_English be delivered?Answer: Upon your order, we will start to translate GB/T 38645-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 38645-2020_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 38645-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|