|
US$659.00 · In stock
Delivery: <= 5 days. True-PDF full-copy in English will be manually translated and delivered via email.
GBZ32906-2016: Information security technology -- Guide of construction for information security in small & medium E-commerce enterprises
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/Z 32906-2016 | English | 659 |
Add to Cart
|
5 days [Need to translate]
|
Information security technology -- Guide of construction for information security in small & medium E-commerce enterprises
| Valid |
GB/Z 32906-2016
|
PDF similar to GBZ32906-2016
Basic data | Standard ID | GB/Z 32906-2016 (GB/Z32906-2016) | | Description (Translated English) | Information security technology -- Guide of construction for information security in small & medium E-commerce enterprises | | Sector / Industry | National Standard | | Classification of Chinese Standard | L80 | | Word Count Estimation | 33,327 | | Date of Issue | 2016-08-29 | | Date of Implementation | 2017-03-01 | | Regulation (derived from) | National Standard Announcement 2016 No.14 | | Issuing agency(ies) | General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China | GBZ32906-2016: Information security technology -- Guide of construction for information security in small & medium E-commerce enterprises
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
(Information security technology - Guide to the construction of information security in small and medium - sized e - commerce enterprises)
ICS 35.040
L80
People's Republic of China national standardization of technical guidance documents
Information Security Technology
Small and medium e-commerce enterprise information security construction guide
insmal
2016-08-29 released
2017-03-01 Implementation
General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China
China National Standardization Administration released
Directory
Foreword Ⅲ
1 Scope 1
2 Normative references 1
3 Terms and definitions 1
4 Abbreviations 1
5 structure and mode 2
5.1 Application Structure 2
5.2 construction mode 3
5.2.1 Overview 3
5.2.2 self-built mode 3
5.2.3 resource rental mode 3
5.2.4 store rental model 3
5.3 Construction Process 4
6 Security Risk 4
6.1 Physical Risk 4
6.2 Network Risk 4
6.3 host risk 4
6.4 Data Risk 4
6.5 Application Risk 5
7 security needs 5
8 safety design 5
8.1 General principles 5
8.2 Safety Structure 5
8.3 Physical Security Design Requirements 5
8.4 Network Security Design Requirements 6
8.5 Host Security Design Requirements 6
8.6 Data Security Design Requirements 6
8.7 Application Security Design Requirements 6
Safety Implementation 6
9.1 Physical Security Implementation 6
9.1.1 Overview 6
9.1.2 Physical Security 7
9.2 Network Security Implementation 7
9.2.1 Overview 7
9.2.2 Access Control Implementation 7
9.2.3 Intrusion Prevention 7
9.2.4 Network Equipment Protection 8
9.2.5 Security Audit 8
9.3 Host Security Implementation 8
9.3.1 Overview 8
9.3.2 stand-alone firewall 8
9.3.3 Host Access Control 8
9.3.4 Host Identification 8
9.3.5 Host Intrusion Prevention 9
9.3.6 host malicious code to prevent 9
9.3.7 Host Security Audit 9
9.4 Data Security Implementation 9
9.4.1 General 9
9.4.2 Data integrity testing 9
9.4.3 Data Backup System 9
9.4.4 Disaster Recovery 10
9.5 Application Security 10
9.5.1 Overview 10
9.5.2 Identity Authentication Security Implementation 10
9.5.3 Transactional Security 11
10 deployment of transport management 11
10.1 Deployment and Installation 11
10.2 Document Evaluation Review 12
10.3 Safety Tests 12
10.3.1 Safety Test Requirements 12
10.3.2 Test Process Safety Management 12
10.4 Put into operation 12
10.5 Safety Management 12
10.5.1 General requirements 12
10.5.2 Security Policy 12
10.5.3 Institutional and Personnel Management 12
10.5.4 Safety Management System 12
10.5.5 Security Tracking Management 13
10.5.6 Information Security Audit Management 13
10.5.7 Emergency Management 13
10.6 Operational Risk Control Management 13
Appendix A (informative) typical model structure diagram 14
Appendix B (informative) small and medium e-commerce enterprise information security self-mode case 17
Appendix C (informative) project development process of self-construction or resource leasing mode of small and medium-sized e-commerce enterprises Security Management Case 27
References 29
Foreword
This instructional document has been drafted in accordance with the rules given in GB/T 1.1-2009.
Please note that some of this document may be patentable. The issuing agencies of this document do not bear the responsibility of identifying these patents.
This Guidance Document is proposed and managed by the National Technical Committee for Information Security Standardization (SAC/TC260).
The drafting of the guidance of technical documents. Zhejiang Institute of Standardization, Alibaba (China) Co., Ltd., Zhejiang Gongshang University, Zhejiang
Economic Information Center, Xiamen Institute of Standardization, Zhejiang University of Science and Technology, Zhejiang Fluttering Dragon Network Technology Co., Ltd., Zhejiang Fuchunjiang Telecom Mobile
Group Co., Ltd., Beijing Tian Rong Xin Technology Co., Ltd., Shanghai Tiantai Network Technology Co., Ltd., China Institute of Measurement.
The main drafters of this guidance document are Li Ning, Liu Xuan, Jiao Qingchun, Yan Ying, Zhou Guangping, Ma Jun, Xie Junjun, Hu Beizi, Shao Jun,
Liu Ruo Wei, Shen Xi 镛, Chen Yu, Xia Zu Jun, Ye Zhiqiang, Fan Binghua and so on.
Information Security Technology
Small and medium e-commerce enterprise information security construction guide
1 Scope
This guidance document gives the construction of small and medium-sized e-commerce enterprise information security structure and mode, security risk, security requirements, security
Design, implementation and deployment of safeguards and management of the guide.
The guidance of technical documents for small and medium-sized e-commerce business information security building for the development of e-commerce projects, operation and maintenance of
For technical reference.
2 Normative references
The following documents for the application of this document is essential. For dated references, only the dated version applies to this article
Pieces. For undated references, the latest edition (including all amendments) applies to this document.
Information Security Technology Information Systems Security Management Requirements
GB/T 20518 Information Security Technology Public Key Infrastructure Digital Certificate Format
GB/T 20988 Information security technology Information system disaster recovery specifications
Information technology - Security technology - Information security management - Practical rules
3 Terms and definitions
The following terms and definitions apply to this document.
3.1
Small and medium e-commerce business smal
The use of information network technology to achieve electronic trading business activities, the annual number of electronic transactions in the millions of companies below.
4 Abbreviations
The following abbreviations apply to this document.
CA. Certificate Authority (CertificateAuthority)
CPU. Central Processing Unit (CentralProcessingUnit)
DDoS. Distributed Denial of Service (DistributedDenialofservice)
DES. Data Encryption Standard (DataEncryptionStandard)
ERP. Enterprise Resource Planning (EnterpriseResourcePlanning)
HTTP. Hypertext Transfer Protocol (HyperTextTransferProtocol)
IDC. Internet Data Center (InternetDataCenter)
IP. Internet Protocol (InternetProtocol)
IPsec. Internet Security Protocol (InternetProtocolSecurity)
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GBZ32906-2016_English be delivered?Answer: Upon your order, we will start to translate GBZ32906-2016_English as soon as possible, and keep you informed of the progress. The lead time is typically 3 ~ 5 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GBZ32906-2016_English with my colleagues?Answer: Yes. The purchased PDF of GBZ32906-2016_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|