
歡迎光臨中圖網 請 | 注冊
> >

包郵 網絡安全等級保護基本要求應用指南

開本: 16開 頁數: 276
中 圖 價:¥62.9(6.3折) 定價  ¥99.8 登錄后可看到會員價
加入購物車 收藏
開年大促, 全場包郵

網絡安全等級保護基本要求應用指南 版權信息

網絡安全等級保護基本要求應用指南 本書特色

市面僅有的全面解讀中國網絡安全等級保護標準體系及等級保護實施的讀本; 業內專家對中國網絡安全等級保護制度的深入闡釋; 來自官方團隊的中國網絡安全等級保護標準體系全面解讀; 切實指導中國網絡安全等級保護落地實施的指南; 助力一帶一路等國外組織和公司在中國做好信息安全合規,確保業務平順

網絡安全等級保護基本要求應用指南 內容簡介


網絡安全等級保護基本要求應用指南 目錄

Part 1 General Security Requirement

Chapter 1 Basic Concepts of Cybersecurity Classified Protection3

1.1General Security Requirements3

1.2Objects of Classified Protection4

1.3Security Protection Level5

1.4Security Protection Capability6

1.5Security Control Points and Security Requirements6Chapter 2General Introduction of the Baseline for Classified Protection of Cybersecurity

82.1Frame Structure8

2.2General Security Requirements and Extended Security Requirements8

2.2.1General Security Requirements9

2.2.2Extended Security Requirements10

2.3Differences and Key Points of Each Level11

2.3.1Security Physical Environment11

2.3.2Security Communication Network14

2.3.3Security Area Boundary15

2.3.4Security Computing Environment 17

2.3.5Security Management Center20

2.3.6Security Management System21

2.3.7Security Management Organization22

2.3.8Security Management Personnel24

2.3.9Security Development Management25

2.3.10Security Operation and Maintenance Management28Chapter 3Interpretation on the Security General Requirement of LevelⅠand LevelⅡ34

3.1Security Physical Environment34

3.1.1Physical Location Selection34

3.1.2Physical Access Control34

3.1.3Theft and Vandalism Protection35

3.1.4Lightning Protection35

3.1.5Fire Prevention36

3.1.6Water and Moisture Proof36


3.1.8Temperature and Moisture Control37

3.1.9Power Supply37

3.1.10Electromagnetic Protection38

3.2Security Communication Network38

3.2.1Network Architecture38

3.2.2Communication Transmission39

3.2.3Trusted Verification39

3.3Security Area Boundary40

3.3.1Border Protection40

3.3.2Access Control41

3.3.3Intrusion Prevention42

3.3.4Malicious Code Prevention42

3.3.5Security Audit42

3.3.6Trusted Verification43

3.4Security Computing Environment43

3.4.1Network Equipment43

3.4.2Security Equipment47

3.4.3Servers and Terminals50

3.4.4Business Application System54

3.4.5Data Security57

3.5Security Management Center60

3.5.1System Management60

3.5.2Audit Management60

3.6Security Management System61

3.6.1Security Policy61

3.6.2Management System62

3.6.3Development and Release62

3.6.4Review and Revision62

3.7Security Management Organization63

3.7.1Post Setting63


3.7.3Authorization and Approval64

3.7.4Communication and Cooperation64

3.7.5Audit and Inspection65

3.8Security Management Personnel66

3.8.1Personnel Recruitment66

3.8.2Personnel Departure66

3.8.3Security Awareness Education and Training66

3.8.4External Access Management67

3.9Security Construction Management68

3.9.1Classification and Filing68

3.9.2Security Scheme Design68

3.9.3Procurement and Use of Products69

3.9.4Independent Software Development69

3.9.5Outsourcing Software Development70

3.9.6Project Implementation70

3.9.7Acceptance Testing71

3.9.8System Delivery71

3.9.9Level Evaluation72

3.9.10Service Provider Selection72

3.10Security Operation and Maintenance Management73

3.10.1Environmental Management73

3.10.2Asset Management73

3.10.3Media Management74

3.10.4Equipment Maintenance Management74

3.10.5Vulnerability and Risk Management75

3.10.6Network and System Security Management75

3.10.7Prevention and Management of Malicious Code76

3.10.8Configuration Management76

3.10.9Cryptography Management77

3.10.10Change Management77

3.10.11Backup and Recovery Management77

3.10.12Security Incident Handling78

3.10.13Emergency Plan Management78

3.10.14Outsourcing Operation and Maintenance Management79Chapter 4Interpretation on the Security General Requirements of Level Ⅲ and Level Ⅳ80

4.1Security Physical Environment80

4.1.1Physical Location Selection80

4.1.2Physical Access Control80

4.1.3Theft and Vandalism Protection81

4.1.4Lightning Protection81

4.1.5Fire Prevention82

4.1.6Waterproof and Moisture Proof83


4.1.8Temperature and Moisture Control83

4.1.9Power Supply84

4.1.10Electromagnetic Protection84

4.2Security Communication Network85

4.2.1Network Architecture85

4.2.2Communication Transmission87

4.2.3Trusted Verification88

4.3Security Area Boundary89

4.3.1Border Protection89

4.3.2Access Control91

4.3.3Intrusion Prevention92

4.3.4Malicious Code and Spam Prevention93

4.3.5Security Audit93

4.3.6Trusted Verification94

4.4Security Computing Environment95

4.4.1Network Equipment95

4.4.2Security Equipment99

4.4.3Servers and Terminals104

4.4.4Business Application System110

4.5Security Management Center117

4.5.1System Management117

4.5.2Audit Management118

4.5.3Security Management119

4.5.4Centralized Control120

4.6Security Management System121

4.6.1Security Policy121

4.6.2Management System122

4.6.3Development and Release122

4.6.4Review and Revision123

4.7Security Management Organization123

4.7.1Post Setting123


4.7.3Authorization and Approval124

4.7.4Communication and Cooperation125

4.7.5Audit and Inspection126

4.8Security Management Personnel127

4.8.1Personnel Recruitment127

4.8.2Personnel Departure127

4.8.3Security Awareness Education and Training128

4.8.4External Access Management128

4.9Security Construction Management129

4.9.1Classification and Filing129

4.9.2Security Scheme Design130

4.9.3Procurement and Use of Products130

4.9.4Independent Software Development131

4.9.5Outsourcing Software Development132

4.9.6Project Implementation132

4.9.7Acceptance Testing133

4.9.8System Delivery133

4.9.9Level Evaluation134

4.9.10Service Provider Selection134

4.10Security Operation and Maintenance Management135

4.10.1Environmental Management135

4.10.2Asset Management135

4.10.3Media Management136

4.10.4Equipment Maintenance Management136

4.10.5Vulnerability and Risk Management137

4.10.6Network and System Security Management137

4.10.7Prevention and Management of Malicious Code139

4.10.8Configuration Management139

4.10.9Cryptography Management140

4.10.10Change Management140

4.10.11Backup and Recovery Management140

4.10.12Security Incident Handling141

4.10.13Emergency Plan Management142

4.10.14Outsourcing Operation and Maintenance Management142

Part 2Extended Security Requirement

Chapter 5Extended Requirements for Cloud Computing Security147

5.1Overview of Cloud Computing Security147

5.1.1Introduction of Cloud Computing147

5.1.2Objects of Cloud Computing Classified Protection152

5.1.3Extended Requirements for Cloud Computing Security153

5.1.4Cloud Computing Security Measures and Services156


9.1O verview of Big Data Security233

9.1.1Big Data233

9.1.2Big Data Deployment Model233

9.1.3Big Data Processing Model234

9.1.4Big Data Related Security Capabilities234

9.1.5Big Data Security240

9.1.6Patterns of Big Data Related Classification Objects241

9.1.7Security Requirements at All Levels243

9.2Interpretation of Security Requirements for Level Ⅰ and Level Ⅱ Big Data Systems 247

9.2.1Security Physical Environment247

9.2.2Security Communications Network248

9.2.3Security Computing Environment248

9.2.4Security Management Center250

9.2.5Security Development Management251

9.2.6Security Operations Management251

9.3Interpretation of Security Requirements for Level Ⅲ and Level Ⅳ Big Data Systems252

9.3.1Security Physical Environment252

9.3.2Security Communication Network252

9.3.3Security Computing Environment254

9.3.4Security Management Center257

9.3.5Security Development Management259

9.3.6Security Operations and Maintenance Management260


網絡安全等級保護基本要求應用指南 作者簡介

郭啟權,公安部網絡安全保護局總工程師。 劉建偉,北京航空航天大學網絡空間安全學院 院長,主要研究領域包括:密碼學、5G網絡安全、移動通信網絡安全、天空地一體化網絡安全、電子健康網絡安全、智能移動終端安全、星地數據鏈安全等。 王新杰,北京時代新威信息技術有限公司總經理。 2003年開始從事網絡安全行業,參與了“全國信息安全標準化”系列標準的研制。主要擔任:信息安全等級保護高級測評師 、全國信息安全標準化技術委員會(SAC/TC 260)委員、國際信息系統安全認證聯盟((ISC)2)中國顧問。
