What exactly is waiting for insurance?
Equal protection, the full name is information security level protection. As the name implies, it refers to classifying information systems into different security protection levels according to their importance in national security, social stability, economic order and public interests, as well as risk threats, security requirements, security costs and other factors, and taking corresponding security protection technologies and management measures to ensure information system security and information safety.
To sum up, equal protection is a standard method system for protecting Internet data, which stipulates all aspects.
Why wait for insurance?
① Reduce information security risks and improve the security protection capability of information systems.
② Comply with the requirements of relevant national laws, regulations and systems.
③ Meet the requirements of relevant competent departments and industries.
④ Reasonably avoid or reduce risks.
How to wait for insurance?
1. What exactly does this insurance cover?
(1) classification: according to the relevant guidelines of Information Security Classification, combined with enterprise information systems, invite a number of network security experts to conduct evaluation and classification, and issue opinions of classification experts.
② Filing: Fill in the complete system form through the filing tool, and then send all the materials to the Netan detachment of the local public security bureau for filing. This process usually takes 10 working days to complete.
③ Rectification of safety construction: analyze the gap according to the actual situation of customers, and rectify the non-conformity with the characteristics of projects and industries.
④ Information security level assessment: Information system security level assessment is an assessment process to verify whether the information system has reached the corresponding security protection level.
⑤ Information security inspection: according to the self-inspection work that customers need to cooperate with, complete the self-inspection process according to the requirements of rules and regulations.
Second, for example, how many levels of insurance are there?
Level 1: Self-insurance, no evaluation.
Level 2: Guidance and protection level, recommended once every two years.
Level 3: supervision and protection level, at least once a year.
Level 4: compulsory protection level, once every six months.
Level 5: special control protection level, confidentiality, transcendence and other security categories.
Third, what groups/industries need such insurance?
① Government organs: e-government network.
② Financial industry: regulators, banks, insurance companies, etc.
③ Telecom industry: major operators.
④ Energy industry: electric power, petroleum, etc.
Internet units: major enterprises, listed companies, etc.
Iv. How long is the evaluation process of grade protection?
From the content point of view, it is divided into two parts: management level and technical level.
① Management level: safety policy and management system, safety management organization and personnel, safety construction management and safety operation and maintenance management.
② Technical aspects: physical and environmental security, network and communication security, equipment and computing security, application and data security.
According to the policy requirements, the three-level information system needs to be evaluated at least once a year; The secondary information system is generally recommended to be evaluated every two years, but some industries explicitly require it to be evaluated every two years.
The on-site evaluation cycle of secondary or tertiary systems is generally about one week, and the specific time will increase or decrease according to the number and scale of information systems. Small-scale safety rectification takes 2-3 weeks, the report is issued for one week, and the overall duration is 1-2 months, which may also be affected by other factors, but the overall requirement is to be completed within one year.