GB/T 20269-2006 PDF EnglishUS$170.00 · In stock · Download in 9 seconds
GB/T 20269-2006: Information security technology -- Information system security management requirements Delivery: 9 seconds. True-PDF full-copy in English & invoice will be downloaded + auto-delivered via email. See step-by-step procedure Status: Valid
Similar standardsGB/T 20269-2006: Information security technology -- Information system security management requirements---This is an excerpt. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.), auto-downloaded/delivered in 9 seconds, can be purchased online: https://www.ChineseStandard.net/PDF.aspx/GBT20269-2006 GB NATIONAL STANDARD OF THE PEOPLE’S REPUBLIC OF CHINA ICS 35.040 L 80 Information security technology - Information system security management requirements Issued on May 31, 2006 Implemented on December 01, 2006 Issued by. General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China; Standardization Administration of the People's Republic of China. Table of ContentsForeword... 5 Introduction... 6 1 Scope... 8 2 Normative references... 8 3 Terms and definitions... 8 4 General requirements of information system security management... 10 5 Information system security management elements and the strength... 12 6 Information system security management graded requirements... 78 Annex A (Informative) Corresponding Relationship among Security Management Elements, Strength and Security Management Graded requirements... 107 Annex B (Informative) Information System Security Management Concept Description... 113 Bibliography... 124ForewordAnnex A and Annex B of this Standard are informative. This Standard was proposed by and shall be under the jurisdiction of National Information Security Standardization Technical Committee. Drafting organizations of this Standard. Beijing Siyuan Xinchuang Information Security Consulting Co., Ltd. AND Jiangnan Computing Technology Research Institute Technical Service Center. Main drafters of this Standard. Chen Guanzhi, Wang Zhiqing, Ji Zengrui, Jing Qianyuan and Song Jianping.1 ScopeThis Standard specifies management requirements of security levels required for information system security based on the division of security levels required by information system security. This Standard applies to information system security management based on graded requirements.2 Normative referencesThe articles contained in the following documents have become part of this document when they are quoted herein. For the dated documents so quoted, all subsequent modifications (excluding corrigendum) or revisions made thereafter do not apply to this Standard. However, the parties who reach an agreement according to this Standard are encouraged to study whether the latest versions of these documents may be used. For the undated documents so quoted, the latest versions (including all modification sheets) apply to this document. GB 17859-1999 Classified criteria for security protection of computer information system GB/T 20271-2006 Information security technology - Common security techniques requirement for information system3 Terms and definitionsThe following terms AND the definitions defined in GB 17859-1999 apply to this Standard. 3.1 Integrity It includes data security and system security. Data security represents all the characteristics of data, i.e. 3.2 Availability Security attribute that represents the extent of being accessed or used upon the request of authorized entity. 3.3 Access control Security mechanism that controls access activities between entities based on a specific rule and can prevent unauthorized use of resources. 3.4 Security audit Security mechanism that audits security-related event, records necessary information in the form of log, and properly processes according to the requirements of determined rules. 3.5 Authentication information Information that is used to confirm the authenticity of identity information. 3.6 Sensitivity Characteristics that represent resource value or importance and may also contain the vulnerability of these resources.4 General requirements of information system security management4.1Content of information system security management Information system security management refers to the management of conforming to responsibility requirements of security level for the whole process of life cycle of information system in an organization, including. 4.2 Information system security management principles5 Information system security management elements and the strength5.1 Policy and system 5.1.1 Information security management policy 5.1.1.1 Security management objectives and scope Information system security management shall define the security management objectives and scope of information system; different security levels shall selectively meet one of the following requirements. 5.1.2 Security management rules and regulations 5.1.2.1 Contents of security management rules and regulations Develop rules and systems on information system security management based on overall security policy of organization and business application requirement; contents of security management rules and regulations for different security levels shall selectively meet one of the following requirements. 5.1.3 Policy and system document management 5.1.3.1 Review and revision of policy and system document For review and revision of policy and system document, different security levels shall selectively meet one of following requirements. 5.2.1.2 Information security leading group Information system security leading group is responsible for information system security work of the organization; exercise at least one of following management functions. 5.2.1.3 Information security functional department Information security functional department is responsible for specific work of information system security of the organization under the guidance of information system security leading group and shall exercise at least one of following management functions. 5.2.2 Security mechanism centralized management organization 5.2.2.1 Setting centralized management organization Security mechanism centralized management organization of information system (hereinafter referred to as centralized management organization) is not only a technical entity but also a management entity and shall be set based on following mode. 5.2.2.2 Functions of centralized management agency 5.2.3 Personnel management 5.2.3.1 Allocation of security management personnel For management of security management personnel allocation, different security levels shall selectively meet one of following requirements. 5.2.3.2 Management of personnel at key posts For the management of personnel at key posts in information system, different security levels shall meet one or more of following requirements. 5.2.3.3 Personnel appointment management For personnel appointment management, different security levels shall selectively meet one of following requirements. 5.2.3.4 Personnel off-post For personnel off-post management, different security levels shall selectively meet one of following requirements. 5.2.3.5 Staff assessment and review For staff assessment and review management, different levels of security shall selectively meet one of following requirements. 5.2.3.6 Third-party personnel management For third-party personnel management, different security levels shall selectively meet one of following requirements. 5.2.4 Education and training 5.4 Environment and resource management 5.4.1 Environment security management 5.4.1.1 Environment security management requirements For environment security management, different security levels shall selectively meets one of following requirements. 5.8 Life cycle management 5.8.1 Plan and project approval management 5.8.1.1 System planning requirements For system planning requirements, different security shall at least meet one or more of the following requirements.6 Information system security management graded requirements6.1 Level-one. User discretionary protection level 6.1.1 Management objective and scope It is the level of user discretionary protection where basic management and discretionary protection is executed. It applies to general information and information system whose destruction may have a certain impact on the interests of citizens, legal persons and other organizations but will not endanger state security, social order, economic construction or public interests. 6.1.2 Policy and system requirements Requirements of this level are as follows. 6.1.3 Organization and personnel management requirements Requirements of this level are as follows. 6.1.4 Risk management requirements Requirement of this level are as follows. 6.1.5 Environment and resource management requirements Requirements of this level are as follows. 6.5 Level-five. Access verification protection level 6.5.1 Management objectives and scope This level is access verification protection level, implementing continuous improvement management and carrying out exclusive control protection, which is suitable for important information related to national security, social order, economic construction and public interests and core subsystems of information systems. 6.5.2 Policy and system requirements The requirements of this level are as follows based on that the management requirements of level-four are met. ......Source: Above contents are excerpted from the full-copy PDF -- translated/reviewed by: www.ChineseStandard.net / Wayne Zheng et al. Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of English version of GB/T 20269-2006 be delivered?Answer: The full copy PDF of English version of GB/T 20269-2006 can be downloaded in 9 seconds, and it will also be emailed to you in 9 seconds (double mechanisms to ensure the delivery reliably), with PDF-invoice.Question 2: Can I share the purchased PDF of GB/T 20269-2006_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20269-2006_English will be deemed to be sold to your employer/organization who actually paid for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. www.ChineseStandard.us -- GB/T 20269-2006 -- Click this link and select your country/currency to pay, the exact amount in your currency will be printed on the invoice. Full PDF will also be downloaded/emailed in 9 seconds.How to buy and download a true PDF of English version of GB/T 20269-2006?A step-by-step guide to download PDF of GB/T 20269-2006_EnglishStep 1: Visit website https://www.ChineseStandard.net (Pay in USD), or https://www.ChineseStandard.us (Pay in any currencies such as Euro, KRW, JPY, AUD).Step 2: Search keyword "GB/T 20269-2006". Step 3: Click "Add to Cart". If multiple PDFs are required, repeat steps 2 and 3 to add up to 12 PDFs to cart. Step 4: Select payment option (Via payment agents Stripe or PayPal). Step 5: Customize Tax Invoice -- Fill up your email etc. Step 6: Click "Checkout". Step 7: Make payment by credit card, PayPal, Google Pay etc. After the payment is completed and in 9 seconds, you will receive 2 emails attached with the purchased PDFs and PDF-invoice, respectively. Step 8: Optional -- Go to download PDF. Step 9: Optional -- Click Open/Download PDF to download PDFs and invoice. See screenshots for above steps: Steps 1~3 Steps 4~6 Step 7 Step 8 Step 9 |
