How do users in the insurance upgrade industry choose?

The hierarchical protection system is in 1994 It was first proposed in .2007 Annual release warranty 1.0,2017 In published 《 Network security law 》.2019 In, etc. insurance was implemented 2.0 New standard of . From this process , We can judge that unequal warranty violates national laws to some extent .

In the process of waiting for insurance, the user involves some roles involved in the work . First of all, the operating unit decides how big the waiting insurance market is , Because almost all the websites that can provide external services 、 All the countries in the system stipulate that they should go through the waiting insurance , Therefore, most users will choose waiting insurance ; The second is GongAn office , The role of supervision and inspection ; besides , There are also two roles in the construction process , Large data center computer room is the construction party , Provide security equipment and capability and stable network environment , As well as relevant ISO assessment institutions , Undertake grading consulting services , And do evaluation , These four roles constitute the overall process of level protection .

The requirements of technical system and management system constitute the hierarchical protection system . The technical system requires five technical components . The management system also includes relevant management systems , Safety management organization , Identify safety management personnel , How to manage the safety construction in the future , Including how to operate and maintain after problems occur .

Relevant contents of grade protection are in this modification , The format of technical and evaluation documents has changed , Secondly, data assets must also be included in the evaluation object of level protection .

The revision of the technical scope completely changed the logic of the evaluation score , The formula is complicated . This is typical , It used to be a plus point system , Now it's the minus point system . before 60 A little bit ,70 One point is enough , Now it's point deduction . It is said that it is just a change of algorithm , The score reduction has changed a lot , The reducing force becomes larger , Defines the general 、 important 、 Important evaluation indicators , If important evaluation indicators are not met , Reduce... At one time 3 times , Important indicators are reduced at one time 2 times , If not satisfied 2 times 3 Times minus points , In the past, we could not reduce at most 2 times .

Including important data 、 Big data, etc , Summarize and evaluate different types of data , Appropriate data protection is required , Ensure data integrity and confidentiality . I think this is related to the previous data security law . This indicates that data security has ushered in a big gap , Exactly how long , I think the data security market will have a great development in oneortwo years .

wait for 2.0 The evaluation requires improvement , Increased strength of various departments in safety investment . If the previous scoring equipment can not wait , Now be sure to buy equipment , The budget will increase , The impact is the increase of industrial level .

Secondly, data security verification will become a hot spot in the future . But this time it didn't say clearly how to guarantee , But I guess , The most fundamental media for data is the database , At present, the database is not evaluated as an independent evaluation object , Will the future be evaluated by a database or a database set , Whether to add database audit 、 Firewall and encryption products .

The state establishes a data security classification and classification protection system . Will there be a hierarchical protection system for data security in the future , This may also have a large market . All in all , The security market is getting bigger , Data security has become the tuyere of the industry .

The security level protection has been implemented on 6 month 18 The new standards will be enforced , The project to be evaluated during construction shall comply with the requirements of the new standard . Many evaluation organizations used to wait for the guarantee meeting to recommend fortress machines 、 Log audit 、VPN、 Database audit and other basic products , After this change , Judge according to the new standard of waiting guarantee , The point that cannot be reached is APP Check 、 Advanced threat check 、 The future awaits assurance , I believe that the situation perception will come again . Data assets also become a separate evaluation object , Database products have also become an increase in level protection . According to my experience , Waiting for insurance level 3 may cost 50 Thousands of dollars , Plus situational awareness , The industry sales are 30 Around ten thousand dollars , The conservative estimate is the same .

The regulations on the system of hierarchical protection clearly stipulate , The level III system of ISO shall be re measured at least once a year , The secondary system shall be re measured at least once every two years , The four level system shall be re measured every six months . The re measurement must be carried out according to the new standard . Leading enterprises are also adding business systems , There is a need . All evaluation agencies in China should implement the new program .

Database audit 、 Database encryption 、 Database desensitization 、 Database firewall is the most basic 4 A product , What is related to listed companies is deep acceptance 、 Qianxin 、 Anheng 、 Green alliance, etc . Some leading banks and financial institutions have hired IBM do , It cost a lot of money , Label manually , Match to the corresponding person and authority , But the effect is not very good . It introduces a question , Whose products can help you do classification and grading work more efficiently , Future data flow , Transactions may all require such products .