-
Anonymous users2024-02-12Classified protection. The assessment results include scores and conclusions; The score is on a 100-point scale, and the passing mark is 70 points; The evaluation of the conclusion was divided into four grades: excellent, good, medium and poor. A score of 90 or more is excellent, 80 or more is good, 70 or more is average, and 70 or less is poor.
-
Anonymous users2024-02-11After the official implementation of classified protection, there have been significant changes in the evaluation conclusions of classified protection. But there are still many people who are not clear, today we will talk about the level of classified protection assessment conclusions? What is the qualification?
What are the levels of classified protection assessment conclusions? What is the qualification?
At present, the evaluation conclusions of classified protection are divided into excellent, good, medium and poor levels, with a score of more than 70 to be considered a passing grade, and a score of more than 90 to be considered excellent. The specific basis for the judgment is as follows:
1. Excellent: There are security problems in the test object, but it will not cause the test object to face medium and high security risks, and the comprehensive score of the system is more than 90 points, including 90 points;
2. Good: There are security problems in the test object, but it will not cause the test object to face high-level security risks, and the system has a comprehensive score of more than 80 points, including 80 points;
3. Medium: There are security problems in the test object, but it will not cause the test object to face high-level security risks, and the system has a comprehensive score of more than 70 points, including 70 points;
4. Poor: There are security problems in the test object, and it will cause the test object to face a high level of security risk, or the comprehensive score of the test object is less than 70 points.
-
Anonymous users2024-02-10The MLPS assessment is based on the countryClassified information security protectionThe system stipulates that Zilu is entrusted by the relevant units to use scientific means and methods in accordance with the relevant management norms and technical standards
For the information system dealing with specific applications, the security technology evaluation and safety management evaluation methods are used to detect and evaluate the protection status, determine the degree of compliance between the technical and management level of the tested system and the requirements of the specified security level, give a conclusion on whether the specified security level is met based on the degree of compliance, and put forward safety rectification suggestions for the safety non-conformities.
Basic process of implementation:
In the stage of safe operation and maintenance, the information system is partially adjusted due to changes in requirements and other reasons, and the security protection level of the system has not changed, so it should enter the stage of design and implementation of the safety chain from the stage of safe operation and maintenance, and redesign, adjust and implement security measures to ensure that the requirements of graded protection are met.
However, major changes in the information system lead to system security.
When the protection level changes, it is necessary to enter the information system grading stage from the security operation and maintenance stage, and start the implementation process of a round of information security graded protection again.
-
Anonymous users2024-02-09The full name of "classified protection assessment" is information security level protection assessment. It is a qualified evaluation agency certified by the Ministry of Public Security, in accordance with the provisions of the national information security graded protection norms, entrusted by relevant units, in accordance with the relevant management norms and technical standards, to test and evaluate the security of information systems graded protection activities.
Classified protection assessment is the basic system, basic strategy and basic method of national information security assurance. The operating and using units of the information system shall select an evaluation agency that meets the requirements of the state, and carry out regular evaluation of the information system in accordance with the "Basic Requirements for Classified Protection of Network Security Technology" and other technical standards.
The DJCP assessment process is as follows:
3. Preliminary assessment: The evaluation agency conducts a preliminary assessment of the information provided to understand the basic situation and security issues of the network information system.
4. On-site assessment: The evaluation agency conducts on-site assessment of the hail-resistant network information system, including the evaluation of security management, network topology, security equipment, security reinforcement, security detection, security incident response, etc.
5. Result analysis: According to the evaluation results, the security level of the network information system is evaluated, and the security risk analysis and improvement suggestions are proposed.
6. Preparation of report: The evaluation agency prepares a detailed assessment report according to the assessment results, including assessment conclusions, assessment opinions, safety risk analysis, improvement suggestions, etc.
7. Customer confirmation: The entrusting party confirms the content of the assessment report, discusses and communicates the evaluation results and improvement suggestions.
8. Follow-up service: The evaluation agency provides follow-up security consulting and services to help the client solve security problems and improve the security performance of the network information system.
-
Anonymous users2024-02-08Summary. 1) The name has been changed from "classified protection of information system security" to "classified protection of network security". Article 21 of the Cybersecurity Law stipulates that "the State implements a classified cybersecurity protection system, requiring network operators to perform security protection obligations in accordance with the requirements of the classified cybersecurity protection system".
The implementation of the multi-level cybersecurity protection system has become a legal obligation. (3) The object of protection is the extended classified protection, mainly the information system. The classified protection includes network infrastructure (radio and power grids, telecommunication networks, private communication networks, etc.), cloud computing platform systems, systems using mobile Internet technology, Internet of Things, and industrial control systems into the scope of classified protection.
4) Different classifications of control measures.
Hello dear, glad to answer for you. Pro, the technology of graded protection should be required to seek and manage the requirements of the body brother only jujube system changes, compared with the other protection and dismantling the security area boundary) has become a technical rigid need.
1) The name has been changed from "classified protection of information system security" to "classified protection of network security". Article 21 of the Cybersecurity Law stipulates that "the state implements a classified network security protection system, requiring network operators to perform security protection obligations in accordance with the requirements of the network carrying security classified protection system". The implementation of the multi-level cybersecurity protection system has become a legal obligation.
(3) The object of protection is the extended classified protection, mainly the information system. The classified protection includes network infrastructure (radio and power grids, telecommunication networks, communication networks for special beams, etc.), cloud computing platform systems, systems using mobile Internet technology, Internet of Things, and industrial control systems into the scope of classified protection. 4) Different classifications of control measures.
The technical requirements are divided into physical security, network security, host security, application security, data security, and backup and recovery, and the management requirements are divided into security management system, security management organization, personnel security management, system construction management, and system operation and maintenance management. Classified protection has a great deal to do with liquefaction. The technical requirements are divided into a secure physical environment, a secure communication network, a secure area boundary, a secure computing environment, and a security management center, and the management requirements are divided into a security management system, a security management organization, a security personnel management, a security construction management, and a security operation and maintenance management.
In addition, the basic requirements, assessment requirements, and technical requirements for security design are consistent in the framework of "one center, three protections".
-
Anonymous users2024-02-07What is classified protection?
The full name of classified protection is information security graded protection assessment, which is a qualified evaluation institution certified by the Ministry of Public Security, in accordance with the provisions of the national information security graded protection norms, entrusted by relevant units, in accordance with the relevant management norms and technical standards, to test and evaluate the status of information system security graded protection.
What is included in the classified protection?
1. Security technology assessment: including physical security, network security, host system security, application security and data security;
2. Safety management evaluation: including safety management organization, safety management system, personnel safety management, system construction management and system operation and maintenance management.
Classified Protection Score
The results of the classified protection assessment are based on a 100-point scale, and an enterprise with a score of 70 points is qualified. According to the score, the conclusion evaluation is divided into four grades: excellent, good, medium and poor, and the higher the evaluation, the better the enterprise network security construction work.
According to the specific requirements of the Cybersecurity Law and the MLPS standard, Domain Shield has compiled a series of security lists, which can be taken a closer look if you want to understand the classified protection assessment.
1. Management of online behavior
It needs to have 8 functions, including Internet personnel management, Internet browsing management, Internet outgoing management, Internet application management, Internet traffic management, Internet behavior analysis, Internet privacy protection, and risk concentration alarm.
It requires three operations: keyword recognition, recording, and blocking of outgoing content from mainstream instant messaging software.
2. Host security audit
It needs to support the audit of important events in the system, such as important user behavior, abnormal use of system resources, and use of important system commands.
You need to support the date, event, type, and subject ID of the event.
3. O&M audit
It requires functions such as resource authorization, O&M monitoring, O&M operation audit, audit reports, real-time alerting and blocking of illegal operations, and session auditing and playback.
4. Database audit
It needs to have functions such as query, protection, backup, analysis, audit, real-time monitoring, risk warning, and operation process playback of database audit operation records.
5. Cybersecurity audit
It is necessary to log the operation of network equipment, network traffic, and user behavior of the network system.
6. Network firewall
It needs to have 9 functions, including access control and destruction system, intrusion prevention, virus prevention, application identification, web protection, load balancing, and traffic monitoring.
7. Dismantle the database firewall
It requires functions such as database auditing, database access control, database access check domain filtering, database service discovery, sensitive data discovery, and database status and performance monitoring.
-
Anonymous users2024-02-06What is MLPS Assessment? How? I don't know if you have ever encountered in your life that when applying for a value-added telecommunications license, some areas require the issuance of a graded protection evaluation report, what is graded protection?
What should I do with the MLP assessment report? Today, one point and one line will come to see what is the level protection with everyone.
Graded protection of information security refers to the hierarchical implementation of security protection for important national information, proprietary information of legal persons and other organizations and citizens, as well as information systems that disclose information and store, transmit and process such information, implement hierarchical management of information security products used next to information systems, and respond to and dispose of information security incidents in information systems at different levels.
Classified protection of information security is a kind of work that protects information and information carriers according to the level of importance, and it is a kind of work in the field of information security that exists in many countries such as China and the United States. In China, classified information security protection is broadly defined as the security work involving the standards, products, systems, and information of the work in accordance with the concept of hierarchical protection; In a narrow sense, it generally refers to the classified security protection of information systems.
To put it simply, according to the relevant systems involving the Internet, the rating is carried out in accordance with certain technical standards, and in accordance with the relevant requirements of the corresponding level, a comprehensive inspection and rectification of the system is carried out, so as to reduce the system risk as much as possible, enhance the protection ability and self-rescue ability to deal with foreign network viruses, hacker organizations, and hostile country attacks, and realize the protection and stability of the Internet system.
-
Anonymous users2024-02-05Conclusion of the evaluation of the classified protection level:
a) Compliant: No safety problems are found in the grading object, and the statistical results of some conformities and non-conformities in the individual assessment results of all assessment items in the rating evaluation results are all 0, and the comprehensive score is 100 points.
b) Basically compliant:
There are security problems in the graded objects, and the statistical results of some conformities and non-conformities are not all 0, but the existing security problems will not cause the graded objects to face high-level security risks, and the comprehensive score is not lower than the threshold.
c) Non-compliant:
There are security problems in the rated objects, and the statistical results of some conforming items and non-conforming items are not all 0, and the existing security problems will cause the rated objects to face high-level security risks, or the comprehensive score is lower than the threshold.
The individual assessment report form is generally shown in the following figure:
Individual Assessment Report Form.
An analysis of the overall security posture, as shown in the following figure:
Analysis of the overall security posture.
The MLP evaluation score is generally determined by the content of the above two parts, and by paying attention to the content of these two parts, you can know which network security protection is not good enough, and which is not bad, which is very meaningful for the improvement of the next MLP.
-
Anonymous users2024-02-04You can play A, B, C D, and the failing grade is 60 to 64 points, D 65 points to 74 points, C 75 points to 84 points, B
A score of 85 to 100 is A
-
Anonymous users2024-02-03The Ministry of Public Security has a unified evaluation guide for the MLP, which has three levels of weight according to the importance of the assessment items.
At present, there are three levels of classified protection test scores: below 60 points are non-compliant, 60-99 points are partially compliant, 100 points are compliant, and generally partial compliance is sufficient.
At the beginning of the classified protection, a score of less than 75 is not eligible, a score of 75-99 is partially eligible, and a score of 100 is eligible.
Methods and formulas for calculating the total score of the classified protection assessment.
To calculate the total score of the graded protection assessment, the scoring formula for each level is first calculated: score = the degree of compliance with the weight of the assessment item;
Dimension score = sum of scores and sum of weights;
Inapplicable items are not included in the calculation, including weights.
The compensation rates for the disability level are as follows: >>>More
The secondary leakage protection system means that the power system should be set up at least the secondary protection of the leakage protection of the main distribution box and the leakage protection of the switch box, and the rated leakage action current and rated leakage action time of the secondary leakage protector in the main distribution box and switch box should be reasonably matched to form a hierarchical and segmented protection; The leakage protector should be installed on the side of the main distribution box and the switch box close to the load, that is, the power line first passes through the power switch of the gate knife, and then to the leakage protector, and cannot be installed in reverse. >>>More
Primarily used to protect your system, the Shadow System builds a virtual image of your existing operating system (i.e., Shadow Mode), which is exactly the same as the real system, and the user can choose to enable or opt out of this virtual image at any time. Once the user enters shadow mode, all operations are virtual and have no impact on the real system, and all changes will disappear when exiting shadow mode. Therefore, all viruses, Trojans, and rogue software cannot infringe on the real operating system, and all their operations are just illusions. >>>More
It feels good to support it.
Ginkgo biloba, the most common national first-class protected plant.