|
US$339.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
JR/T 0071.3-2020: Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 3: Post competency requirements and guideline for evaluation
Status: Valid
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| JR/T 0071.3-2020 | English | 339 |
Add to Cart
|
3 days [Need to translate]
|
Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 3: Post competency requirements and guideline for evaluation
| Valid |
JR/T 0071.3-2020
|
PDF similar to JR/T 0071.3-2020
Basic data | Standard ID | JR/T 0071.3-2020 (JR/T0071.3-2020) | | Description (Translated English) | Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 3: Post competency requirements and guideline for evaluation | | Sector / Industry | Finance Industry Standard (Recommended) | | Classification of Chinese Standard | A11 | | Classification of International Standard | 03.060 | | Word Count Estimation | 14,131 | | Date of Issue | 2020 | | Date of Implementation | 2020-11-11 | | Issuing agency(ies) | People's Bank of China | JR/T 0071.3-2020: Implementation guidelines for classified protection of cybersecurity of the financial industry - Part 3: Post competency requirements and guideline for evaluation
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Implementation guidelines for classified protection of cybersecurity of financial
industry-Part 3.Post competency requirements and guidelines for evaluation
People's Republic of China Financial Industry Standards
Guidelines for the Implementation of Levels of Cybersecurity Protection in the Financial Industry
2020-11-11 release
2020-11-11 implementation
Issued by the People's Bank of China
Table of contents
Foreword...II
Introduction...III
1 Scope...1
2 Normative references...1
3 Network Security Management Organizational Structure...1
4 Cybersecurity positions and responsibilities...2
5 Competence requirements for cybersecurity positions...5
6 Capability Evaluation of Cyber Security Personnel...6
References...8
Foreword
JR/T 0071 "Implementation Guidelines for Cyber Security Graded Protection in the Financial Industry" consists of the following 6 parts.
--Part 1.Basics and terminology;
--Part 2.Basic requirements;
--Part 3.Job ability requirements and evaluation guidelines;
--Part 4.Training Guidelines;
--Part 5.Audit requirements;
--Part 6.Audit Guidelines.
This part is part 3 of JR/T 0071.
This part was drafted in accordance with the rules given in GB/T 1.1-2009.
This part was proposed by the People's Bank of China.
This part is under the jurisdiction of the National Financial Standardization Technical Committee (SAC/TC 180).
Drafting organizations of this section. the Department of Science and Technology of the People’s Bank of China, the Statistical Information and Risk Monitoring Department of China Banking and Insurance Regulatory Commission, China
China Financial Electronics Corporation, Beijing Zhongjin Guosheng Certification Co., Ltd.
The main drafters of this section. Li Wei, Chen Liwu, Shen Xiaoyan, Che Zhen, Zan Xin, Xia Lei, Fang Yi, Zhang Haiyan, Tang Hui, Li Fan, Wang
Haitao, Zhang Lu, Pan Liyang, Deng Hao, Hou Manli, Sun Guodong, Liu Wenjuan, Qiao Yuan, Cui Ying, Chen Xuefeng, Ma Chenglong, Du Wei, Li Ruifeng,
Zhao Fangmeng.
Introduction
The level of cyber security protection is a basic system for the national cyber security assurance work. Important systems in the financial industry are related to the national economy and the people’s livelihood.
It is the key protection object of national network security, so it needs a series of grade protection standard systems suitable for the financial industry as the support to standardize and
Guide the implementation of hierarchical protection in the financial industry. With the widespread application of new technologies such as cloud computing, mobile internet, Internet of Things, and big data, the Golden
Financial institutions are continuing to promote the transformation of IT architecture in accordance with their own development needs. In order to adapt to the new technology, new application and new structure, the financial bank
For the development of industrial network security level protection, JR/T 0071 is now revised. The revised JR/T 0071 is based on the national cyber security level
Protect relevant requirements, provide methodology, specific construction measures and technical guidance for the financial industry’s network security construction, and improve the financial industry’s network
The network security level protection system is better adapted to the application of new technologies in the financial industry.
Guidelines for the Implementation of Levels of Cybersecurity Protection in the Financial Industry
Part 3.Job Ability Requirements and Evaluation Guidelines
1 Scope
This part specifies requirements for the establishment of cyber security positions in financial institutions, requirements for cyber security job capabilities, and evaluation of cyber security personnel capabilities
Claim.
This section is applicable to guide financial institutions to set up cyber security positions and develop cyber security job capabilities in accordance with the requirements of cyber security grade protection
Requirements and implementation of network security personnel competency evaluation.
2 Normative references
The following documents are indispensable for the application of this document. For dated reference documents, only the dated version applies to this document.
For undated reference documents, the latest version (including all amendments) is applicable to this document.
GB/T 20269 Information Security Technology Information System Security Management Requirements
GB/T 22239 Information Security Technology Network Security Level Protection Basic Requirements
GB/T 25058 Information Security Technology Network Security Level Protection Implementation Guide
GB/T 28448 Information Security Technology Network Security Level Protection Evaluation Requirements
3 Network Security Management Organizational Structure
According to the requirements of GB/T 20269, GB/T 22239, GB/T 25058, GB/T 28448, the network security management organization structure is shown in Figure 1.
Show.
Figure 1 Network security management organization chart
4 Cybersecurity positions and responsibilities
4.1 Positions and responsibilities
Financial institutions’ cybersecurity level protection work should follow relevant national standards and requirements, build a cybersecurity assurance system, and ensure that financial institutions
Confidentiality, integrity and availability of information assets of the organization; responsibilities should be divided and assigned to corresponding positions to ensure that all important work is done in an effective manner.
Execute and complete.
Cybersecurity jobs involve two types of personnel.
a) The original informatization staff who undertake the responsibility of network security.
b) Individuals in specific cybersecurity positions set up separately for cybersecurity work.
4.2 Network Security Management Committee (Leading Group)
Financial institutions should establish a cyber security management committee composed of senior management, information technology departments and representatives of major business departments
(Or known as the Information Security Leading Group).
The Cyber Security Management Committee shall be responsible for overseeing the implementation of various cyber security responsibilities, and regularly report to the board of directors and senior management of cyber security.
Implementation of the overall strategic plan, cyber security budget and actual expenditures, overall cyber security, etc. Specific responsibilities include but are not limited to the following
Content.
a) Review and approve the cyber security strategic plan of financial institutions.
b) Make decisions on major issues related to network security, including network security organizational structure adjustments and major network security strategic changes
Wait.
c) Responsible for commanding and coordinating the handling of major cybersecurity incidents in financial institutions.
d) Responsible for communicating and coordinating major issues in cyber security work.
e) Responsible for ensuring the funds, personnel, facilities and other resources required for the development of network security work.
4.3 Security Supervisor (Cyber Security Office)
Financial institutions should set up a security director (or set up a cyber security office, which can be located in the information technology department).
Security supervisors should have basic cybersecurity awareness, recognize the importance of cybersecurity work, and provide sufficient resources to support the financial
For the smooth development of financial institutions’ cybersecurity work, specific responsibilities include but are not limited to the following.
a) Organize and implement the decisions made by the Cyber Security Management Committee on cyber security management.
b) Responsible for organizing the establishment, implementation and daily operation of the network security assurance system.
c) Responsible for specific coordination and communication on matters related to cyber security work.
d) Responsible for the implementation and implementation of network security work, supervise and guide the development of network security work of various departments, and regularly report to network security
The management committee reports.
4.4 Security Administrator
Information technology departments of financial institutions should set up security administrators to be responsible for the formulation and implementation of various network security management strategies of financial institutions.
Body responsibilities include but are not limited to the following.
a) Organize the formulation of various network security management strategies and supervise their implementation.
b) Responsible for the selection, deployment and maintenance of security systems such as anti-virus and intrusion detection.
c) Responsible for the response and handling of network security incidents.
d) Organize the formulation of cybersecurity emergency plans, and organize regular drills.
e) Regularly organize personnel safety awareness training.
4.5 Computer Room Administrator
The information technology department of a financial institution shall set up a computer room administrator to be responsible for the formulation and implementation of the security management strategy of the computer room of the financial institution.
Responsibilities include but are not limited to the following.
a) Responsible for the overall management of the computer room, and other personnel are not allowed to enter without permission.
b) Responsible for the equipment management in the computer room. Other personnel are not allowed to use, move or exchange equipment without permission. Ensure that the equipment in the computer room is correct.
Work often, and deal with faults in time.
c) Establish an equipment ledger to record usage, maintenance, software and hardware upgrades and changes.
d) Responsible for the environmental safety management of the computer room, including anti-theft and anti-vandalism, anti-lightning, fire-proof, waterproof and moisture-proof, anti-static, temperature and humidity
Control etc.
e) Ensure that the equipment in the computer room is not turned off at will under no special circumstances, and all equipment is connected to the UPS power supply.
4.6 Network administrator
The information technology department of a financial institution should set up a network administrator to be responsible for the formulation and implementation of the financial institution’s network security management strategy.
Responsibilities include but are not limited to the following.
a) Responsible for the maintenance and management of network equipment, and equip the backbone equipment running the key business network with corresponding backup equipment.
b) Grasp the configuration of backbone network equipment and configuration parameter changes, and back up the configuration files of each device.
c) Grasp the status of the client device's access to the network so that it can be quickly located when a problem occurs.
d) Master the connection configuration with the external network and supervise the network communication status.
e) Real-time monitoring of the operation of the entire local area network and network communication traffic conditions, and timely detection of fault signs and processing.
4.7 Host Administrator
The information technology department of a financial institution shall set up a host administrator to be responsible for the formulation and implementation of the host security management strategy of the financial institution.
Responsibilities include but are not limited to the following.
a) Responsible for the maintenance and management of servers and terminal equipment.
b) Grasp the server configuration and configuration parameter changes, and back up the configuration files of important equipment.
c) Equipped with corresponding backup equipment for servers running critical services.
d) Real-time monitoring of the operation of the server, timely detection of fault signs and processing.
e) Responsible for the configuration, installation, management and maintenance of the operating system and basic applications of the host device.
4.8 System Administrator
The information technology department of a financial institution shall set up a system administrator to be responsible for the formulation and implementation of the financial institution’s system application security management strategy.
Body responsibilities include but are not limited to the following.
a) Responsible for the selection, installation and maintenance of each application system.
b) Responsible for the daily inspection of each application system, and report the system status according to the inspection results of each application system and the daily event handling.
c) Responsible for the use and maintenance training of the application system users, and provide daily use guidance.
d) Organize and coordinate the initialization of relevant personnel management system and the entry and update of basic data to ensure its accuracy and timeliness.
e) Responsible for the initialization of each user's password of the application system and the distribution and management of permissions.
4.9 Database Administrator
Information technology departments of financial institutions should set up database administrators to be responsible for the formulation and management of data security and backup and recovery management strategies of financial institutions.
Implementation, specific responsibilities include but are not limited to the following.
a) Check the operating status of the database, log files, backups, space usage, and system resource usage, and send them in time
Now and solve the problem.
b) Monitor the space expansion and data growth of database objects, and check regularly...
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of JR/T 0071.3-2020_English be delivered?Answer: Upon your order, we will start to translate JR/T 0071.3-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of JR/T 0071.3-2020_English with my colleagues?Answer: Yes. The purchased PDF of JR/T 0071.3-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay.
|