About information security level protection evaluation, how much do you know?

近日,红岭创投互联网信息系统正式通过了公安部信息安全三级等级备案以及国家信息中心信息安全等级保护测评(www.my089.com以及相关子系统),其中测评报告由国家信息中心出具,测评结论为基本符合,评测得分为90分,满分为100分。

新兴铸管与北京格兰特合作 共同开发水务环保项目

Recently, Hongling venture Internet information system formally adopted by the Ministry of public security information security level for the record and the state information center, information security protection evaluation (www.my089.com and subsystem), the evaluation report issued by the National Information Center, is basically in accordance with the evaluation conclusion, the evaluation score of 90 out of 100 points.
红岭创投自2015年开始与阿里云展开合作,目前大部分业务系统均运行在阿里金融云平台上,其中基于互联网架构的全新业务系统采用了阿里金融云易扩展的分布式服务架构(阿里金融云互联网中间件Apsara Aliware产品),大大提升了网站的交易处理能力和稳定度,实现了董事长周世平的要求,“希望通过应用先进的云计算等技术,能将红岭的网站打造成像淘宝、天猫一样的平台,无论遇到如何巨大的流量峰值,都可以扛过去”。同时,阿里金融云作为国内首家也是唯一一家通过公安部云计算等保四级评测的云平台,在全国建起了四地九中心的容灾架构,通过输出一整套安全稳健合规的产品解决方案,来帮助金融行业客户提升安全合规能力。
Hongling venture began to cooperate with ALI cloud since 2015, most of the current business system are running in the cloud Ali financial platform, one of the new business system architecture of the Internet based on the distributed service architecture Ali financial cloud scalable (ALI cloud middleware Apsara Aliware Internet financial products), greatly enhance the ability of transaction processing and website stability, the chairman Zhou Shiping, I hope that through the application of advanced cloud computing technology, the Hongling website to build Taobao, Tmall imaging as a platform, no matter how great the peak flow, can carry the past. At the same time, Ali financial cloud as the first and only one through the Ministry of public security, cloud computing and other four security level evaluation of the cloud platform, built in the four to nine Disaster Tolerant Architecture Center, through a set of safe and steady output of product compliance program, to help the financial industry customers to improve safety compliance ability.
随着银监会《网络借贷信息中介机构业务活动管理暂行办法》的发布,网络安全已经上升为网贷平台合规的必要条件。《办法》明确指出网络借贷信息中介机构应按照国家网络安全相关规定和国家信息安全等级保护制度的要求,开展信息系统定级备案和等级测试,采取完善的管理控制措施和技术手段保障信息系统安全稳健运行,保护出借人与借款人的信息安全。
With the China Banking Regulatory Commission issued the Interim Measures for the management of network lending information intermediary business activities, the network security has risen to the necessary conditions for net loan platform compliance. The measures clearly pointed out that the network credit information intermediaries should be in accordance with the relevant provisions of national security and national information security protection system, to carry out the information system classification and grading test, take control measures and technical means to protect the information system safety and steady operation, the protection of the lender and the borrower’s information security.

供电安全 培训先行

对于本次测评,国家信息中心高级测评经理赵工介绍,公安部信息系统安全等级保护共划分为五级,级别越高则安全保护能力越强。非银行单位的最高评级为第三级,属于“监管级别”。其中第三级安全保护,一旦信息系统受到破坏,会对社会秩序和公共利益造成严重损害,或者对国家安全造成损害。因此,三级认证对于安全管控水平的要求非常严格,在技术标准上与商业银行系统等级要求一致。为了便于阿里云云上系统能够快速满足等保合规的要求,阿里云通过建立“等保合规生态”,联合阿里云合作咨询机构、各地测评机构和公安机关,提供一站式、全流程等保合规解决方案。
For this evaluation, the state information center, senior manager Zhao Gong introduction, the Ministry of public security information system security protection is divided into five levels, the higher the level of security protection ability is stronger. The highest rating for non bank units is third, which is the regulatory level. Among them, third levels of security protection, once the information system is damaged, will cause serious damage to social order and public interests, or damage to national security. Therefore, the three level of certification for the level of safety management requirements are very strict, in the technical standards and commercial bank system level requirements. In order to facilitate the system and so on Ali can quickly meet the requirements of security compliance, Ali cloud through the establishment of ecological insurance compliance, combined with ALI cloud cooperation consultation mechanism, evaluation mechanism and local public security organs, to provide a one-stop, full process and compliance solutions.
全国信息安全标准化技术委员会组织制定和批准发布了多项信息安全技术标准,这批标准的发布实施,对于完善我国信息安全标准体系,规范和指导我国信息安全保障体系建设具有重要意义。
信息安全等级保护的适用范围:中华人民共和国境内的计算机信息系统

Scope of application of information security protection: Computer Information System in People’s Republic of China
信息安全等级保护的主管单位:公安机关负责信息安全等级保护工作的监督、检查、指导监管力度:二级及以上系统均纳入公安机关监管范围,其中三级系统至少每年测评一次
The unit in charge of information security protection: public security organs responsible for information security protection work of supervision and inspection, supervision and guidance: grade two and above are included in the scope of supervision system of the public security organs, the three level evaluation system at least once a year
三级系统对安全产品主要要求:境内独立法人、自主知识产权、信息安全产品认证证书
Three levels of the main requirements for security products: independent legal entity, independent intellectual property rights, information security product certification
严重性:发现不符合信息安全等级保护有关管理规范和技术标准要求,公安机关应当通知其运营使用单位限期整改,并发送《信息系统安全等级保护限期整改通知书》,逾期不改正的,给予警告并向其上级主管部门通报;在限期内拒不改进的,由公安机关处以警告或者停机整顿
Serious: do not comply with the relevant management and technical standards for information security protection, the public security organ shall notify the operation unit for rectification, and send information system security protection rectification notice, overdue correction, given a warning and notification to the higher authorities; refusing improvement within the deadline by the public security organs, given a warning or shutdown rectification
一、系统定级阶段 
System grading stage
定级阶段由系统运营单位对运营系统进行自主定级并完成《定级报告》。对于三级以上系统,还需邀请行业专家和对定级情况进行评审。在该项工作中,阿里云的合作咨询厂商可协助准备相关材料以及协助邀请行业专家。
In the stage of grading, the operation units of the system operate the system independently and complete the rating report. For more than three levels of the system, also need to invite industry experts and grading evaluation. In this work, Ali cloud cooperation consulting firm can assist in the preparation of relevant materials and to help invite industry experts.
二、系统备案阶段 
Two, the system filing stage
根据系统定级的不同,备案阶段稍有区别。对于二级系统,填写完成《信息系统等级保护备案表》的表一二三,提交给对应的备案受理公安机关即可完成备案。对于三级以上系统,还需提交表四的相关内容(包括测评报告),因此一般可在测评完成后备案(各地情况可能略有不同)。相关材料的准备阿里云合作的咨询厂商亦可协助运营单位完成。
According to the different grades of the system, there is a slight difference between the filing stage. For the two level system, fill in the information system level protection filing form table 123, submitted to the corresponding record to accept the public security organs to complete the record. For more than three levels of the system, the table is also required to submit the relevant content of the table (including the assessment report), and therefore can generally be completed after the assessment of the record (around the situation may be slightly different) (four). Preparation of related materials Ali cloud consulting firms can also assist in the completion of the operation of the unit.
三、建设整改阶段
Three, the construction phase of rectification
 建设整改阶段主要工作包括安全管理与安全技术两大体系的建设。其中安全管理建设主要指安全运维、策略以及管理制度的建设,技术体系建设主要包括安全产品采购、系统配置加固和安全控制开发。针对该阶段,阿里云可以提供完整的安全产品方案,相关合作咨询厂商同时可以对信息系统进行安全加固以及控制措施的开发和整改。
The main work in the construction of the rectification stage includes the construction of two systems of safety management and safety technology. Among them, the construction of safety management mainly refers to the construction of safety operation and maintenance, strategy and management system. The construction of technical system mainly includes the procurement of security products, the strengthening of system configuration and the development of safety control. For this stage, Ali cloud can provide a complete program of security products, the relevant cooperative consulting firm can also be carried out on the security of information systems and control measures for the development and rectification.
四、等级测评阶段 
Four, the level of evaluation stage
本阶段主要由测评机构开展测评,运营单位负责配合参与访谈、技术验证、资料准备和问题整改。
This stage is mainly carried out by the evaluation agencies to carry out the assessment, the operating unit is responsible for participation in interviews, technical verification, data preparation and problem rectification.
五、监督检查阶段
Five, supervision and inspection phase
信息安全等级保护检查工作由市(地)级以上公安机关公共信息网络安全监察部门负责实施。每年 对第三级信息系统的运营使用单位信息安全等级保护工作检查一次,每半年对第四级信息系统的运 营使用单位信息安全等级保护工作检查一次。
Information security level protection inspection work by the city (prefecture) level public security organs of public information network security supervision department responsible for the implementation of. Every year the operation of the use of the third level of information systems to protect the level of information security checks once every six months on the operation of the use of the information system of the fourth level of information security level protection inspection work.

华夏卡余额查询短信通知功能为您的用卡安全保驾护航

(如有等级保护评测需求可发邮件至:[email protected]
(if there are levels of protection evaluation requirements can be sent to: [email protected])
该文章作者已设置需关注才可以留言
The author of the article has set up the need to be able to leave a message
微信扫一扫关注该公众号
Sweep the concern of the public, WeChat

保障信息安全要依常识行事
以前,在新员工入职培训中,信息安全的课程是比较粗糙乏味的。近来,我开始播放一些视频,以及让他们做些小问答,反馈很棒!

猜您喜欢

信息安全知识测验
保障移动设备安全的三大热点问题
适用于任何行业的EHS电子教学课程
锤子科技云平台研发总监池建强离职 将出任极客邦..
CFP SMALLGREENGARDEN
安全互动教学培训游戏设计制作服务