Shulou(Shulou.com)06/01 Report--

First, the basic concept of hierarchical protection:

The main contents are as follows: 1) Information system security level protection refers to the hierarchical protection and hierarchical management of information security.

2) according to the importance of information system application business and its actual security requirements, we should implement protection by classification, classification and stage by stage, so as to ensure the security of information and the safe and normal operation of the system, and safeguard the interests of the country, public interests and social stability.

3) the core of hierarchical protection is to classify, manage and supervise the security of information systems, especially business application systems, according to standards. The state shall use legal and technical norms to strengthen supervision over the level protection of information security. Highlight the key points and ensure the security of important information resources and important information systems.

II. General framework of graded protection standards:

Third, the structure of the basic requirements of hierarchical protection:

Fourth, the basic concepts of risk assessment:

1) risk assessment takes security construction as the starting point, and its significance lies in changing the traditional technology-driven security architecture design and detailed security scheme formulation. Through the classification of important assets concerned by users, the analysis of the possibility and severity of security threats, the analysis of system physical environment, hardware equipment, network platform, basic system platform, business application system, security management, operation measures, etc., and through the confirmation of existing security measures, with the help of quantitative and qualitative analysis methods Infer the current security risk of the important assets that users are concerned about, and formulate the risk disposal plan according to the severity level of the risk, and determine the direction of security requirements for the next step.

Fifth, risk assessment analysis:

Process:

Difference:

The purpose is different:

Grade evaluation: for the purpose of meeting the basic requirements of grade protection.

Risk assessment: for the purpose of continuously promoting risk management in the PDCA cycle.

The reference standard is different:

Difference:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.