What does grade evaluation mean? What is included in the workflow?

Equal insurance 2.0 The policy is in full swing , However, there are still many enterprises for waiting insurance 2.0 The policy is not well understood , For example, I don't know what grade evaluation means ？ What is included in the workflow, etc . Today we will give you a brief explanation .

What does grade evaluation mean ？

Grade evaluation refers to the evaluation of information security grade protection , Simply put, it is the evaluation of the protection of information and its carriers according to their importance . Specifically, it is a qualified evaluation institution certified by the Ministry of public security , According to the national code for classified protection of information security , Entrusted by relevant units , In accordance with the relevant management norms and technical standards , The activity of testing and evaluating the security level protection status of information system .

What does the rating evaluation workflow include ？

1、 System grading , For business 、 assets 、 Research on safety technology and safety management , Determine the grading system , Prepare the grading report , Provide assistance in grading service , Assist the user to complete the grading report , Organize expert review ;

2、 Equal warranty filing , Take the grading report and filing form to the local public security network supervisor for system filing ;

3、 Construction rectification , Refer to grading requirements and Standards , Rectify and reinforce the information system , Build a safety management system ;

4、 Rating , The evaluation organization evaluates the information system level , Form evaluation report ;

5、 Compliance supervision and inspection , Submit the evaluation report to the local public security network supervisor , The public security organ shall supervise and inspect the work of graded protection .

Knowledge development ： Description of basic evaluation activities of grade evaluation

1、 Evaluation preparation activities

This activity is the premise and foundation of grade evaluation , It is the guarantee of the effectiveness of the whole grade evaluation process . Whether the evaluation preparation is sufficient is directly related to whether the follow-up work can be carried out smoothly . The main task of this activity is to master the details of the tested system , Prepare test tools , Prepare for the preparation of evaluation scheme .

2、 Programming activities

This activity is the key activity to carry out grade evaluation , Provide the most basic documents and guidance scheme for on-site evaluation . The main task of this activity is to determine the evaluation object suitable for the tested information system 、 Evaluation index and evaluation content, etc , And reuse or develop evaluation instructions as needed , Form evaluation scheme .

3、 On site evaluation activities

This activity is the core activity of grade evaluation . The main task of this activity is to meet the overall requirements of the evaluation scheme , Strictly implement the evaluation instructions , Implement all evaluation items step by step , Including unit evaluation and overall evaluation , To understand the real protection of the system , Get enough evidence , Find security problems in the system .

4、 Analysis and report preparation activities

This activity is to give the results of grade evaluation , It is a comprehensive evaluation activity to summarize the overall safety protection capability of the tested system . The main task of this activity is based on the on-site evaluation results and the relevant requirements of the insurance policy , It is determined by the results of individual evaluation 、 Unit evaluation result judgment 、 Methods such as overall evaluation and risk analysis , Find out the gap between the safety protection status of the whole system and the protection requirements of the corresponding level , And analyze the risks faced by the tested system due to these gaps , So as to give the grade evaluation conclusion , Form the evaluation report text .