Security evaluation for classified cybersecurity protection testing and evaluation is an important operation to ensure network security. We have previously shared a lot of knowledge about classified cybersecurity protection testing and evaluation, but when conducting the evaluation, there may still be some common questions. Here are some of them for your reference.
Question 1:
Q: When does the public security department require completion of classified cybersecurity protection testing and evaluation? How can we proceed with the work?
A: The evaluation work should be carried out according to the time requirements specified in the public security department's regulations. If the level has not been determined, you should first submit the level determination filing document to the public security department according to the level determination requirements and process. The budget should be included in the next year's work plan. Before the budget is secured, you can proceed with understanding the system and cooperating with system reinforcement work.
Expert review time: Quarterly, semi-annually (or irregularly), organized by the public security department for expert review.
Question 2:
Q: What is the scope of the evaluation objects? How is it generally defined? Do all systems need to be declared?
A: Scope of
the evaluation objects:
- Information networks that provide support and transmission functions (including dedicated networks, intranets, extranets, and network management systems). The network should be reasonably divided into zones.
- Various business systems used for production, dispatching, management, operations, command, and office purposes. Branch systems of information systems operating across provinces or nationwide should also be independently determined.
- Websites of various units.
Question 3:
Q: How is the evaluation in practical operations? What are the differences?
A: Level 2 information system: Applicable to important information systems in certain county-level units; general information systems within national government agencies and enterprise units at the city level and above. For example, office systems and management systems that do not involve work secrets, business secrets, or sensitive information.
Level 3 information system: Applicable to important information systems within national government agencies and enterprise units at the city level and above. This includes office systems and management systems that involve work secrets, business secrets, or sensitive information; important information systems used for production, dispatching, management, command, operations, control, etc., including branch systems of such systems at the provincial or city level; websites of central ministries and commissions, provincial (or regional, municipal) government portals, and important websites; interprovincial network systems, etc.
In practical operations, you can refer to the self-determination classification guidelines provided by the filing unit.
Click "Save" and make level protection easier. Shanghai InsightSec Network Technology Co., Ltd. is a technology service company specializing in providing information security solutions for enterprises. Follow us to learn more about information security knowledge.