|
US$239.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
JR/T 0071.4-2020: Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 4: Guidelines for training
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| JR/T 0071.4-2020 | English | 239 |
Add to Cart
|
3 days [Need to translate]
|
Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 4: Guidelines for training
| Valid |
JR/T 0071.4-2020
|
PDF similar to JR/T 0071.4-2020
Basic data | Standard ID | JR/T 0071.4-2020 (JR/T0071.4-2020) | | Description (Translated English) | Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 4: Guidelines for training | | Sector / Industry | Finance Industry Standard (Recommended) | | Classification of Chinese Standard | A11 | | Classification of International Standard | 03.060 | | Word Count Estimation | 10,18 | | Date of Issue | 2020 | | Date of Implementation | 2020-11-11 | | Issuing agency(ies) | People's Bank of China | JR/T 0071.4-2020: Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 4: Guidelines for training
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Implementation guidelines for classified protection of cybersecurity of financial
industry-Part 4.Guidelines for training
People's Republic of China Financial Industry Standards
Guidelines for the Implementation of Levels of Cybersecurity Protection in the Financial Industry
2020-11-11 release
2020-11-11 implementation
Issued by the People's Bank of China
1 Scope...1
2 Normative references...1
3 Training objectives...1
4 Training Principles...1
5 Training plan...1
6 Trainees...2
7 Training content requirements...2
8 Training Implementation...3
9 Training and assessment...3
10 Training file management...3
References...4
Foreword
JR/T 0071 "Implementation Guidelines for Cyber Security Graded Protection in the Financial Industry" consists of the following 6 parts.
--Part 1.Basics and terminology;
--Part 2.Basic requirements;
--Part 3.Job ability requirements and evaluation guidelines;
--Part 4.Training Guidelines;
--Part 5.Audit requirements;
--Part 6.Audit Guidelines.
This part is part 4 of JR/T 0071.
This part was drafted in accordance with the rules given in GB/T 1.1-2009.
This part was proposed by the People's Bank of China.
This part is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC 180).
Drafting organizations of this section. the Department of Science and Technology of the People’s Bank of China, the Statistical Information and Risk Monitoring Department of China Banking and Insurance Regulatory Commission, China
China Financial Electronics Corporation, Beijing Zhongjin Guosheng Certification Co., Ltd.
The main drafters of this section. Li Wei, Chen Liwu, Shen Xiaoyan, Che Zhen, Zan Xin, Xia Lei, Fang Yi, Zhang Haiyan, Tang Hui, Li Fan, Wang
Haitao, Zhang Lu, Pan Liyang, Deng Hao, Sun Guodong, Liu Wenjuan, Hou Manli, Zhao Fangmeng, Qiao Yuan, Cui Ying, Chen Xuefeng, Ma Chenglong, Du Wei,
Li Ruifeng.
Introduction
The level of cyber security protection is a basic system for the national cyber security assurance work. Important systems in the financial industry are related to the national economy and the people’s livelihood.
It is the key protection object of national network security, so it needs a series of grade protection standard systems suitable for the financial industry as the support to standardize and
Guide the implementation of hierarchical protection in the financial industry. With the widespread application of new technologies such as cloud computing, mobile internet, Internet of Things, and big data, the Golden
Financial institutions are continuing to promote the transformation of IT architecture in accordance with their own development needs. In order to adapt to the new technology, new application and new structure, the financial bank
For the development of industrial network security level protection, JR/T 0071 is now revised. The revised JR/T 0071 is based on the national cyber security level
Protect relevant requirements, provide methodology, specific construction measures and technical guidance for the financial industry’s network security construction, and improve the financial industry’s network
The network security level protection system is better adapted to the application of new technologies in the financial industry.
Guidelines for the Implementation of Levels of Cybersecurity Protection in the Financial Industry
Part 4.Training Guidelines
1 Scope
This part specifies the training objectives, training principles, training plans, training targets, training content requirements, and training practices for cybersecurity training.
Implementation, training assessment and training file management.
This part is applicable to financial institutions, evaluation institutions and financial industry cybersecurity level protection departments that implement cybersecurity level protection
Gate.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this document.
For undated reference documents, the latest version (including all amendments) is applicable to this document.
GB/T 20269 Information Security Technology Information System Security Management Requirements
GB/T 22239 Information Security Technology Network Security Level Protection Basic Requirements
GB/T 25058 Information Security Technology Network Security Level Protection Implementation Guide
GB/T 28448 Information Security Technology Network Security Level Protection Evaluation Requirements
3 Training objectives
In accordance with the requirements of GB/T 20269, GB/T 22239, GB/T 25058, GB/T 28448, financial institutions should carry out cyber security training
jobs. Through the implementation of network security training in the financial industry, relevant personnel of financial institutions have basic knowledge of network security level protection and network security
All basic knowledge and skills provide human resources guarantee for financial institutions to effectively implement the level of network security protection.
4 Training principles
Training should follow the following principles.
a) Combination of personal skills training and corporate training.
b) Short-term training is the main focus, and long-term training is the supplement.
c) Carry out diversified training based on the needs of relevant positions for network security level protection.
5 Training plan
The training plan should include the following.
a) Annual training plan. In order to implement the requirements of the cyber security level protection system, financial institutions should formulate an annual cyber security training plan.
Plan, focusing on the training of management personnel and new recruits related to network security level protection. Annual cyber security training should be accepted
Enter the overall annual training plan of the institution.
b) Plan requirements. The training plan should specify training objectives, training content, training time, participants in training, training methods, training
Required resources, training budget and assessment requirements, etc.
6 Trainees
Based on the corresponding job requirements of the organization's cyber security level protection, the training objects mainly include management personnel and cyber security level protection
Implementation personnel and other related personnel (or departments).
a) Institutional management. mainly includes members of the board of directors, chief executive officer, audit committee, legal department, etc.
b) Employees.
c) Specific cyber security roles, including.
1) Security Supervisor.
2) Cyber security internal auditor.
3) Security operators.
d) Personnel involved in network security level protection work, including.
1) The network security level protects work managers.
2) Network security level protection work implementation personnel.
3) Network security level protection work evaluation personnel.
7 Training content requirements
Financial institutions shall implement corresponding trainings in accordance with the requirements for implementing cyber security level protection for each post, including.
a) For full-staff training, the training content includes.
1) Network security awareness education.
2) Network security level protection policy document.
3) Network security laws, regulations and standards.
b) Conduct network security audit knowledge training for the audit committee.
c) Carry out training for safety supervisors, the training content includes.
1) Network security planning ability.
2) Knowledge of network security architecture.
3) Knowledge of cyber security risks.
4) Professional network security technology.
d) Conduct training for cyber security auditors, the training content includes.
1) Basic knowledge training of network security and auditing.
2) Relevant cyber security laws and regulations.
3) Various network security policy requirements.
e) Carry out training for safety operators, the training content includes.
1) The hardware, software and required safety regulations of the business department.
2) Implementation of security architecture and programs.
3) Implement and maintain safety practices and procedures.
f) Carry out training for network security level protection personnel, the training content includes. technical standards and specifications, and level protection evaluation
Methods, procedures and work specifications.
8 Training implementation
Financial institutions should reasonably arrange training in accordance with the annual training plan formulated, and actively organize employees to participate in various forms of training.
The training organization department of financial institutions shall issue training notices in advance, hire lecturers, design courses, prepare teaching materials, and arrange training venues.
The training organization department of the financial institution or the personnel participating in the training should fill in the training record form carefully after the training, and submit it to the human resources department for deposit.
files.
There is no arrangement in the annual training plan of financial institutions. After evaluation, the training is urgently needed for the job. The network security department submits a training application.
Implemented after approval by the Human Resources Department.
9 Training and assessment
9.1 Training and assessment basis and requirements
The cyber security department of financial institutions shall put forward training evaluation requirements and make corresponding evaluations or assessments for various types of training.
For formal training, the assessment basis is generally based on the training certificate issued by the training party. If you do not have a training certificate, you should submit your personal training experience.
For informal training, there is generally no direct assessment, and the training effect evaluation is carried out at the same time as the personnel performance appraisal.
9.2 Implementation of training and assessment
The cyber security department of financial institutions is responsible for the implementation of training and assessment.
9.3 Training assessment results
Qualification of training and assessment should be an important part of the job skill assessment and performance assessment of financial institutions.
9.4 Treatment of unqualified training assessment
Those who fail the assessment of on-the-job training are specifically divided into the following two situations and dealt with separately.
a) Non-network security level protection direct job training, unqualified persons will receive re-training until they are qualified.
b) Job placement training for network security level protection work (Once the person passes the training and assessment, he will assume the target job position).
Those who are qualified will receive re-training; those who fail the two assessments will be treated as abandoning the target job.
10 Training file management
The training organization department of financial institutions shall manage various levels of protection training files. The contents of the training files include.
a) Training plan.
b) List of trainers.
c) Assessment standards and assessment results records.
references
[1] GB 17859 Classification criteria for security protection grades of computer information systems
[2] GB/T 22240 Information Security Technology Network Security Level Protection Rating Guidelines
|