What is the content of the graded protection evaluation? We believe that little is known about the evaluation of classified protection of information security, so at the beginning, we knew that we were at a loss when passing the waiting protection 2.0. So what is the content of the evaluation of classified protection? Today, Micronet, which focuses on the evaluation of waiting security, will take you to know. Micronet believes that the evaluation of information security level protection mainly tests the following ten levels:

Technical level: physical security, host security, network security, application security, data security and backup;

Management level: safety management system, safety management organization, personnel safety management, system construction management, system operation and maintenance management.

Specific objects of equal protection 2.0 evaluation technology:

1. For the computer room, the evaluation unit will evaluate the computer room, power distribution room, fire room and other relevant physical environments of the important information system of the information system operation and use unit, and analyze the problems and nonconformities.

2. For business application software, the evaluation unit will evaluate the important information systems of the information system operation and use unit, and analyze the security risks and problems in the application system from the direction of the security mechanism of the application software.

3. For the host operating system, the evaluation unit will evaluate the operating system of the server related to the important information system of the information system operation and use unit, and analyze the security risks and problems in the direction of access control, security audit, residual information protection, intrusion prevention, malicious code prevention, resource control, etc.

4. Database system, the evaluation unit will evaluate the database used by the important information system of the information system operation and use unit, and analyze the security risks and problems from the aspects of identity authentication, access control, security audit, and resource control.

5. For network equipment, the evaluation unit will evaluate the network equipment of the important information system of the information system operation and use unit, and analyze the security risks and problems from the aspects of access control, security audit, network equipment protection, etc.

Specific requirements for equal protection 2.0 evaluation management:

1. For the security management system, the evaluation unit will evaluate the network equipment of the graded information system of the information system operation and use unit, interview and consult the records from the aspects of security management strategy, system release, system release review and revision.

2. The security management organization and the evaluation unit will evaluate the network equipment of the graded information system of the information system operation and use unit, interview the personnel, post setting, review and inspection records, and consult the inspection records.

3. For system construction management, the evaluation unit will evaluate the network equipment of the graded information system of the information system operation and use unit, and review the system documents and records from the aspects of security scheme design, product procurement requirements, self software development, outsourcing software development, engineering supervision, test acceptance, system delivery, grade protection, service supplier selection, etc.

4. For system operation and maintenance management, the evaluation unit will evaluate the network equipment of the information system classified by the information system operation and use unit, from environmental management, asset management, media management, equipment maintenance, vulnerability and risk inspection, network and system security management, malicious code defense management, account password management, backup and recovery management, System document interviews were conducted in emergency security defense management and other aspects, with emphasis on record review.

The above is the content of the graded protection evaluation introduced by Micronet to you. I hope it will be helpful to you. Micronet focuses on the graded protection evaluation service of network security. At present, it has provided many enterprises with secondary and tertiary protection evaluation services. It is a professional network security graded protection evaluation service provider in Jiangsu Province, Professional services such as second level and third level guarantee evaluation services are provided, and professional security equipment provides one-stop convenient services for you, so that your evaluation of second level guarantee is unimpeded. If necessary, you can click online customer service to contact Micronet, and Micronet will serve you wholeheartedly.

Evaluation of three-level guarantee: hopechilam.com