|
US$519.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 19668.4-2017: Information technology service -- Surveillance -- Part 4: Information security surveillance specification
Status: Valid GB/T 19668.4: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 19668.4-2017 | English | 519 |
Add to Cart
|
5 days [Need to translate]
|
Information technology service -- Surveillance -- Part 4: Information security surveillance specification
| Valid |
GB/T 19668.4-2017
|
| GB/T 19668.4-2007 | English | 559 |
Add to Cart
|
3 days [Need to translate]
|
Information system project surveillance specification -- Part 4: Computer network system project surveillance specification
| Obsolete |
GB/T 19668.4-2007
|
PDF similar to GB/T 19668.4-2017
Basic data | Standard ID | GB/T 19668.4-2017 (GB/T19668.4-2017) | | Description (Translated English) | Information technology service -- Surveillance -- Part 4: Information security surveillance specification | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L01 | | Classification of International Standard | 35.020 | | Word Count Estimation | 26,211 | | Date of Issue | 2017-07-31 | | Date of Implementation | 2018-02-01 | | Older Standard (superseded by this standard) | GB/T 19668.6-2007 | | Quoted Standard | GB/T 9361-2011; GB/T 19668.1-2014; GB/T 20984-2007 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China | | Summary | This standard stipulates the main objectives, contents and main points of information security supervision at all stages of information system engineering construction, upgrading and transformation. This standard applies to the information system engineering construction planning and design, bidding, design, implementation and acceptance phase to provide information security supervision and management. | GB/T 19668.4-2017: Information technology service -- Surveillance -- Part 4: Information security surveillance specification
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information technology service. Surveillance. Part 4. Information security surveillance specification
ICS 35.020
L01
National Standards of People's Republic of China
Replacing GB/T 19668.6-2007
Information Technology Services Supervision
Part 4. Information Security Supervision Specification
Part 4.Informationsecuritysurveilancespecification
2017-07-31 Posted
2018-02-01 implementation
General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
China National Standardization Administration released
Directory
Foreword Ⅲ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 General Requirements 2
5 Planning and Design Section 2
5.1 Goal 2
5.2 Content 2
5.3 Points 3
5.3.1 Risk Assessment 3
5.3.2 Determination of safety requirements 3
6 Deployment Implementation Section 3
6.1 bidding stage 3
6.1.1 Supervision goal 3
6.1.2 Supervision content 3
6.1.3 supervision points 4
6.1.3.1 Bidding Documents
6.1.3.2 Contract of Construction 4
6.2 Design Stage 4
6.2.1 Supervision objectives 4
6.2.2 Supervision content 4
6.2.3 supervision points 5
6.2.3.1 Architecture Design 5
6.2.3.2 Detailed Design 5
6.3 Implementation Phase 6
6.3.1 Supervision goal 6
6.3.2 Supervision content 6
6.3.3 supervision points 6
6.3.3.1 project implementation plan 6
6.3.3.2 Safety Control Measures 7
6.3.3.3 Acceptance of safety equipment 7
6.3.3.4 Safety Management in Project Implementation 7
6.4 Acceptance Stage 7
6.4.1 Supervision objectives 7
6.4.2 Supervision content 7
6.4.3 supervision points 8
6.4.3.1 Test 8
6.4.3.2 Project Acceptance Scheme
6.4.3.3 Project Acceptance Management 8
Appendix A (Normative) Information Systems Engineering Safety Compliance Requirements 9
Appendix B (Normative) Information Systems Engineering Safety Technical Requirements 11
Appendix C (Informative) Information Systems Engineering Safety Supervision Worksheet 18
References 21
Foreword
GB/T 19668 "Information Technology Services Supervision" is divided into six parts.
--- Part 1. General principles;
--- Part 2. Infrastructure project supervision norms;
--- Part 3. O & M supervision specification;
--- Part 4. Information security supervision norms;
--- Part 5. Software Engineering Supervision Specifications;
--- Part 6. Application system. Data center project supervision specification.
This section GB/T 19668 Part 4.
This section drafted in accordance with GB/T 1.1-2009 given rules.
This Part replaces GB/T 19668.6-2007 "Information Engineering Supervision Part 6. Information Engineering Safety Supervision Code,"
Compared with GB/T 19668.6-2007, the main technical changes are as follows.
--- Added "Information Security, Information Security Supervision", "Safety Engineering", "Risk Assessment", "Security Requirements", "Level Protection"
A total of 9 definitions of "safety control measures", "compliance" and "safety strategy" (see 3.2 ~ 3.9);
--- Removed the term of information engineering safety supervision;
--- New planning and design section, including goals, content, points (see Chapter 5);
--- The original standard project bidding stage, engineering design phase, project implementation phase and project acceptance phase into the deployment of the implementation of the part
(See Chapter 6);
--- Modify the project bidding stage supervision objectives, supervision content, supervision points (see 6.1.1, 6.1.2 and 6.1.3);
--- Modify the engineering design phase of the supervision objectives, supervision content, supervision points (see 6.2.1,6.2.2 and 6.2.3);
--- The original standard engineering design phase supervision points in the "security needs analysis" deleted, the original "engineering design scheme" is divided into "system
Structural Design "and" Detailed Design "(see 6.2.3.1 and 6.2.3.2);
--- Modify the project implementation phase supervision objectives, supervision content, supervision points (see 6.3.1, 6.3.2 and 6.3.3);
--- Project Implementation Stage Supervision points in the "project implementation plan and project implementation organization plan" to "project implementation plan" (see
6.3.3.1), addition of "safety control measures" (see 6.3.3.2), modification of "safety equipment acceptance" (see 6.3.3.3),
Modify "Engineering Experiment Management" to "Safety Management in Engineering Implementation" (see 6.3.3.4);
--- Modify the project acceptance stage supervision objectives, supervision content, supervision points (see 6.4.1,6.4.2 and 6.4.3);
--- Project acceptance phase of the supervision points deleted the "Information System Security Assessment" to increase the "project acceptance program" (see 6.4.3.2), will be
"Project Acceptance" was revised to "Project Acceptance Management" (see 6.4.3.3);
--- Removed the original standard "various types of information technology project safety supervision points";
--- Increased normative appendix Information Systems Engineering safety compliance requirements (see Appendix A);
--- Increased normative appendix information system engineering safety technical requirements (see appendix B);
--- Increased information appendix information system engineering safety supervision work form (see Appendix C).
Please note that some of the contents of this document may involve patents. The issuing agencies of this document bear no responsibility for identifying these patents.
This part of the National Information Technology Standardization Technical Committee (SAC/TC28) and focal point.
This part of the main drafting unit. China Electronics Standardization Institute, Shanghai Sanwei Guardian Information Security Co., Ltd., Beijing Jiaotong University
Learn, Chengdu Anqinqin Information Technology Co., Ltd., Shandong is in the computer network technology consulting Co., Ltd., Beijing Baixin Engineering Consulting
Co., Ltd., Wuhan real consulting and supervision Co., Ltd., Dalian Hongrun Information Systems Engineering Co., Ltd., Beijing Xida Construction Supervision Co., Ltd.
Responsible company, Huizhou City billion ICT Information Technology Services Ltd., Xinjiang Tianheng Information Systems Consulting Management Co., Ltd., Beijing Lianhai Information
Systems Co., Ltd., Beijing Zhongbao Tianhe Information Technology Co., Ltd., Beijing Acer letter Technology Co., Ltd., Shenzhen Yi Teike Engineering Consulting Supervisor
Limited.
The main drafters of this section. Wu Minhua, Zhu Weidong, Zhuo Lan, Cao Tie ship, in Jingtao, Li Yang, Guo Rui, Zou Xiaoguang, Yang Tao, Wang Li, Zhong Ping,
Wang Zhi-bin, Wang Ping, Li Qiang, Ge Wei, Wen Tingxiang, Zhou Xiao Lai, Li Xin Li, Zhang Shuo, Yu Feng, Du Xiaodong, Huang Hong, Qi Wenjun, Dong Xiaojie, Zhu Xiaojuan,
Jia Zhuosheng, Ge 迺 Kang.
This part replaces the standard version of the previous release.
--- GB/T 19668.6-2007.
Information Technology Services Supervision
Part 4. Information Security Supervision Specification
1 Scope
GB/T 19668 provisions of this part of the information systems engineering, construction, upgrading, transformation of the various stages of information security supervision of the main
To the goal, content and points.
This section applies to information systems engineering construction planning and design, bidding, design, implementation and acceptance of the stage of information security
Supervision and management.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version applies to this article
Pieces. For undated references, the latest edition (including all amendments) applies to this document.
Computerized site safety requirements GB/T 9361-2011
Information technology service supervisors Part 1. General principles
Information security technology Information security risk assessment code
3 Terms and definitions
GB/T 19668.1-2014 defined and the following terms and definitions apply to this document.
3.1
Information Security informationsecurity
Maintain the confidentiality, completeness and usability of the information, and may also include information such as authenticity, verifiability, non-repudiation and reliability.
[GB/T 22081-2008, Definition 2.5]
3.2
Information Security Supervision informationsecuritysurveilance
Based on the standards and requirements of information security, we provide relevant advice to the owner at each stage of construction and assist the owner
The contractor shall implement information security services in the project construction and implement a specialized service activity of control and management. Information Security Supervision
It may also include the supervision of other information security implementation services in the information system operation and maintenance phase.
[GB/T 30283-2013, Definition 6.13]
3.3
Safety engineering securityengineering
Systematic engineering process to ensure the confidentiality, integrity and availability of information systems.
[GB/T 20282-2006, Definition 3.1]
Note. Examples of security engineering include the secure integration of information systems engineering (information systems with cloud services) and the operation and maintenance phases.
3.4
Risk assessment riskassessment
Based on the relevant information security technology and management standards, the confidentiality and integrity of the information system and its handling, transmission and storage of information and
Usability and other security attributes of the process of evaluation. It assesses the threats to assets and the threats that exploit vulnerabilities can lead to security incidents
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 19668.4-2017_English be delivered?Answer: Upon your order, we will start to translate GB/T 19668.4-2017_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 19668.4-2017_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 19668.4-2017_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. Question 5: Should I purchase the latest version GB/T 19668.4-2017?Answer: Yes. Unless special scenarios such as technical constraints or academic study, you should always prioritize to purchase the latest version GB/T 19668.4-2017 even if the enforcement date is in future. Complying with the latest version means that, by default, it also complies with all the earlier versions, technically.
|