What is the ISO assessment? How to do the waiting insurance scheme

In the process of rapid development, some companies often only focus on business and ignore safety issues , Not only is there no security team , There are no measures to protect code and data .  Maybe the operation and maintenance personnel know the seriousness of this problem , However, due to different perspectives of managers, they often ignore the seriousness of this problem . If your enterprise , There is no record and evaluation of waiting Insurance , Then hurry up ！ Network information security is not only about enterprise security , It is more about national interests ！

What is the waiting guarantee evaluation ？

Equal protection refers to information security level protection , It refers to important information for the country 、 Proprietary information and public information of legal persons and other organizations and citizens are stored 、 transmission 、 Security protection shall be implemented in time and level when processing these information ; Manage the information security products used in the information system according to the level ; Respond to information security incidents in information system in different levels 、 Management .

Must we do the waiting insurance evaluation ？

《 Network security law of the people's Republic of China 》（ hereinafter referred to as 《 Network security law 》） On 2017 year 6 month 1 Day of formal implementation ： Article 21 ： The State implements the network security level protection system . Network operators shall comply with the requirements of network security level protection system , Fulfill the obligation of safety protection . Equal insurance 2.0 After implementation , Not carrying out level protection is tantamount to violating 《 Network security law 》, It can be punished according to laws and regulations .

No waiting Insurance , Equal to illegal ！

No waiting Insurance , Equal to illegal ！

No waiting Insurance , Equal to illegal ！

More waiting information , Welcome to join the insurance exchange group ：852146960

How to do the waiting insurance scheme ？

1. Website system grading

According to the relevant management documents of classified protection , The security protection level of classified protection objects is divided into five levels , From level one to level five . The level of classified protection objects is determined by two grading elements ：① The aggrieved object ;② The degree of infringement on the object . For critical information infrastructure ,“ In principle, the grading should not be lower than grade three ”, And the third level and above information system should be evaluated every year or half a year .

Grading process ： Determine the grading object → Preliminary determination of grade → Expert review → Approval by competent authorities → The public security organ records the examination → The final level .

2. Website system record

according to 《 Network security law 》 Regulations ：

① Already in operation （ function ） The second level and above information system of , After the safety protection level is determined 30 Intraday （ Equal insurance 2.0 The relevant standards have revised the filing time limit to 10 Intraday ）, Run by it 、 The user shall go to the local public security organ at or above the municipal level divided into districts to go through the filing procedures .

② Build a new information system above the second level , It should be after putting into operation 30 Intraday （ Equal insurance 2.0 The relevant standards have revised the filing time limit to 10 Intraday ）, Run by it 、 The user shall go to the local public security organ at or above the municipal level divided into districts to go through the filing procedures .

③ Units in Beijing under the central government , It is an information system that operates on a unified network across provinces or the whole country and is graded by the competent department , The competent department shall go through the filing procedures with the Ministry of public security .

④ Information systems that run across provinces or across the country are running all over the country 、 The branch system of application , It should be put on record with the local public security organs at or above the municipal level divided into districts .

After the enterprise finally determines the level of the website , You can go to the public security organ for the record . The main materials required for filing are 《 Information security level protection record form 》, Different levels of information systems require different filing materials . The information system above the third level needs to provide the following materials ：( One ) System topology and description ;( Two ) System security organization and management system ;( 3、 ... and ) Design implementation plan or reconstruction implementation plan of system security protection facilities ;( Four ) List of information security products used by the system and their certification 、 License to sell ;( 5、 ... and ) Technical test and evaluation report meeting the system security protection level after evaluation ;( 6、 ... and ) Information system security protection level expert review opinion ;( 7、 ... and ) The competent department shall review and approve the opinions of the information system security protection level .

3. Website system security construction （ Rectification ）

The rectification of classified protection is one of the links in the construction of equal protection , According to the construction requirements of classified protection , Network security upgrades to information and information systems , Including technical level rectification and management level rectification . The ultimate goal of rectification is to improve the security protection ability of enterprise information system , So that enterprises can successfully pass the grade evaluation .

There are no qualification requirements for level protection rectification , As long as the company can carry out relevant network security construction according to the requirements of classified protection , Who will implement , There is no requirement . However, due to the current shortage of enterprise network security talents , Enterprises often need to find professional network security service companies to carry out rectification .

Rectification is mainly divided into management rectification and technical rectification . Management rectification mainly includes : Make clear the leader in charge and responsible department , Implement safety posts and personnel , Analyze the current situation of safety management , Determine the security management strategy , Establish safety management system, etc . among , Safety management strategy and system also include personnel safety management and event handling 、 Emergency response 、 Daily operation and maintenance equipment 、 Media management, security monitoring, etc .

Technical rectification mainly refers to the enterprise's deployment and purchase of products that can meet the requirements of equal protection , For example, webpage tamper proof 、 Flow monitoring 、 Network intrusion monitoring products, etc .

4. Website system level evaluation

Grade evaluation refers to a qualified evaluation institution certified by the Ministry of public security , According to the national code for classified protection of information security , Entrusted by relevant units , In accordance with the relevant management norms and technical standards , The activity of testing and evaluating the security level protection status of information system . Internet of things enterprise level evaluation needs to find a suitable evaluation organization to conduct evaluation , Evaluation institutions need at least 《 Information security level evaluation recommendation certificate 》. Internet of things enterprises can log in to China network security protection network to check the list of qualified evaluation institutions recommended by the state .

In terms of fees charged by assessment institutions , The specific service charge will vary from province to province 、 The evaluation items are different 、 Different industries, etc . But generally speaking , The cost of secondary system evaluation 4 10000 yuan start , Three level system evaluation cost 7 10000 yuan start .

According to the regulation , The test of information system security level protection should include two aspects ： First, security control evaluation , It mainly evaluates the implementation and configuration of basic security control required by classified protection of information security in information system ; Second, the overall evaluation of the system , It mainly evaluates and analyzes the overall security of information system . among , Security control evaluation is the basis of information system security evaluation .

5. To supervise and inspect

Enterprises should accept the supervision and inspection of the public security organs from time to time , Improve the problems raised by the public security organs .