《Interpretation and Implementation of the Evaluation Requirements for Classified Protection of Cybersecurity》 - 郭启全主编 - 北京航空航天大学出版社 - 香港大書城 - Meg Book Store

	登入帳戶　 \|　訂單查詢　 \|　購物車/收銀台(0)　\|　在線留言板　 \|　付款方式　 \|　運費計算　 \|　聯絡我們　 \|　幫助中心　\|　加入書簽
		會員登入新用戶登記

HOME

新書上架

暢銷書架

好書推介

會員書架精選

2023年度TOP

臺灣用戶

品種：超過100萬種各類書籍/音像和精品，正品正價，放心網購，悭钱省心

服務：香港／台灣／澳門／海外

送貨：速遞／郵局／服務站

新書上架：簡體書繁體書
暢銷書架：簡體書繁體書
好書推介：簡體書繁體書

十月出版：大陸書台灣書
九月出版：大陸書台灣書
八月出版：大陸書台灣書
七月出版：大陸書台灣書
六月出版：大陸書台灣書
五月出版：大陸書台灣書
四月出版：大陸書台灣書
三月出版：大陸書台灣書
二月出版：大陸書台灣書
一月出版：大陸書台灣書
12月出版：大陸書台灣書
11月出版：大陸書台灣書
十月出版：大陸書台灣書
九月出版：大陸書台灣書
八月出版：大陸書台灣書

『簡體書』Interpretation and Implementation of the Evaluation Requirements for Classified Protection of Cybersecurity

書城自編碼： 3753677
分類：簡體書→大陸圖書→計算機/網絡→信息安全
作者：郭启全主编
國際書號(ISBN)： 9787512437746
出版社：北京航空航天大学出版社
出版日期： 2022-05-01

頁數/字數： /
書度/開本： 16开釘裝：平装

售價：HK$ 198.8

我要買件

** 我創建的書架 **
未登入.

新書推薦：

千万别喝南瓜汤（遵守规则绘本）

《千万别喝南瓜汤（遵守规则绘本）》
售價：HK$ 44.7

大模型启示录

《大模型启示录》
售價：HK$ 112.0

东法西渐：19世纪前西方对中国法的记述与评价

《东法西渐：19世纪前西方对中国法的记述与评价》
售價：HK$ 201.6

养育男孩：官方升级版

《养育男孩：官方升级版》
售價：HK$ 50.4

小原流花道技法教程

《小原流花道技法教程》
售價：HK$ 109.8

少女映像室唯美人像摄影从入门到实战

《少女映像室唯美人像摄影从入门到实战》
售價：HK$ 110.9

詹姆斯·伍德系列：不负责任的自我：论笑与小说（“美国图书评论奖”入围作品当代重要文学批评家詹姆斯·伍德对“文学中的笑与喜剧”的精湛研究）

《詹姆斯·伍德系列：不负责任的自我：论笑与小说（“美国图书评论奖”入围作品当代重要文学批评家詹姆斯·伍德对“文学中的笑与喜剧”的精湛研究）》
售價：HK$ 87.4

武当内家散手

《武当内家散手》
售價：HK$ 50.4

建議一齊購買：

+

HK$ 130.7
《Python安全攻防：渗透测试实战指南》

+

HK$ 112.2
《网络攻防技术与实战——深入理解信息安全防护体系》

+

HK$ 223.8
《最强iOS和macOS安全宝典》

+

HK$ 89.8
《网络安全防御实战——蓝军武器库》

+

HK$ 185.0
《ATT＆CK框架实践指南》

+

HK$ 146.9
《图解密码技术第3版》

編輯推薦：

市面仅有的全面解读中国网络安全等级保护标准体系及等级保护实施的读本；
业内专家对中国网络安全等级保护制度的深入阐释；
来自官方团队的中国网络安全等级保护标准体系全面解读；
切实指导中国网络安全等级保护落地实施的指南；
助力一带一路等国外组织和公司在中国做好信息安全合规，确保业务平顺

內容簡介：

为了更好地理解《信息安全技术网络安全等级保护评估要求》GB/T 28448-2019的相关内容，进一步提高测试评估机构的评估能力，国家相关部门和主要机构联合编写了本书。
对于评估要求中的每个评估单元，本书重点介绍了评估目标的确定、评估实施的要点和方法，以便更好地指导分类测试和评估机构，涉密保护对象的运行使用单位和主管部门开展网络安全涉密保护评估工作。
这本书分为八章。章是基本概念，阐述了网络安全保密评估的相关术语或概念，主要包括保密测试与评估、评估目标与选择、评估指标与选择、评估目标与评估指标的映射关系、非适用的评价指标、评价强度、评价方法、单项评价、整体评价和评价结论等。第二章是评价要求的总体介绍，阐述了安全评价一般要求和安全评价扩展要求的含义。第三章是三级和四级通用评估要求的应用解释。第四章是云计算安全评估扩展需求的应用和解释。第五章是移动互联网扩展安全评估要求的应用和解释。第六章是物联网扩展安全评估要求的应用和解释。第7章是工控系统扩展安全评估要求的应用和解释，第8章是大数据扩展安全评估要求的应用和解释。解释的内容包括评价目标、评价实施要点和方法等，评价指标的安全防护等级由评价单元编号确定。

關於作者：

郭启权，公安部网络安全保护局总工程师。
刘建伟，北京航空航天大学网络空间安全学院院长，主要研究领域包括：密码学、5G网络安全、移动通信网络安全、天空地一体化网络安全、电子健康网络安全、智能移动终端安全、星地数据链安全等。
王新杰，北京时代新威信息技术有限公司总经理。 2003年开始从事网络安全行业，参与了“全国信息安全标准化”系列标准的研制。主要担任：信息安全等级保护高级测评师、全国信息安全标准化技术委员会（SAC/TC 260）委员、国际信息系统安全认证联盟（(ISC)2）中国顾问。

目錄：

Chapter 1Basic Concepts 1
1.1Classified Evaluation1
1.2Evaluation Targets Selection1
1.3Evaluation Index Selection2
1.4The Mapping Relationship Between Evaluation Targets and Evaluation Index
3
1.5NonApplicable Evaluation Index4
1.6Evaluation Strength5
1.7Evaluation Method6
1.8Singular Evaluation6
1.9Overall Evaluation7
1.10Evaluation Conclusion7
Chapter 2General Introduction of the Evaluation Requirements9
2.1Relevant Description of the Evaluation Requirements9
2.2Text Structure of the Evaluation Requirements11
2.3General Requirements and Extended Requirements of Security Evaluation12
Chapter 3Application and Interpretation of the General Security Evaluation
Requirements at Level Ⅲ and Level Ⅳ13
3.1Security Physical Environment13
3.1.1Selection of Physical Location13
3.1.2Physical Access Control 14
3.1.3AntiTheft and AntiVandal15
3.1.4Lightning Prevention 16
3.1.5Fire Protection17
3.1.6Water Resistance and Moisture Resistance19
3.1.7Static Electricity Prevention20
3.1.8Temperature and Humidity Control20
3.1.9Power Supply21
3.1.10Electromagnetic Protection23
3.2Security Communication Network24
3.2.1Network Architecture24
3.2.2Communication Transmission27
3.2.3Trusted Verification29
3.3Security Area Boundary31
3.3.1Boundary Protection31
3.3.2Access Control34
3.3.3Intrusion Prevention37
3.3.4Malicious Code and Spam Prevention39
3.3.5Security Audit40
3.3.6Trusted Verification43
3.4Security Computing Environment44
3.4.1Network Device and Security Device 44
3.4.2Server and Terminal55
3.4.3Application System67
3.4.4Data Security79
3.5Security Management Center87
3.5.1System Management87
3.5.2Audit Management88
3.5.3Security Management89
3.5.4Centralized Management and Control90
3.6Security Management Systems94
3.6.1Security Strategy94
3.6.2Management Systems95
3.6.3Development and Release96
3.6.4Review and Revision97
3.7Security Management Organization98
3.7.1Post Setting98
3.7.2Staffing99
3.7.3Authorization and Approval101
3.7.4Communication and Cooperation102
3.7.5Review and Inspection104
3.8Security Management Personnel106
3.8.1Staff Recruitment106
3.8.2Staff Dismissal108
3.8.3Security Awareness Education and Training109
3.8.4External Visitor Access Management110
3.9Security Development Management113
3.9.1Grading and Filing113
3.9.2Security Scheme Design114
3.9.3Product Procurement and Usage116
3.9.4Software SelfDevelopment118
3.9.5Outsourcing Software Development122
3.9.6Security Engineering Implementation123
3.9.7Test and Acceptance125
3.9.8System Delivery126
3.9.9Classified Security Evaluation127
3.9.10Service Provider Management128
3.10Security Operation and Maintenance Management130
3.10.1Environment Management130
3.10.2Asset Management132
3.10.3Media Management133
3.10.4Device Maintenance Management134
3.10.5Vulnerability and Risk Management136
3.10.6Network and System Security Management137
3.10.7Malicious Code Prevention Management142
3.10.8Configuration Management143
3.10.9Password Management144
3.10.10Change Management145
3.10.11Backup and Recovery146
3.10.12Security Incident Handling148
3.10.13Contingency Plan Management150
3.10.14Outsourcing Operation and Maintenance Management152
Chapter 4Application and Interpretation of the Extended Security Evaluation
Requirements of Cloud Computing155
4.1Overview of Cloud Computing155
4.1.1Basic Concepts155
4.1.2Characteristics of Cloud Computing System156
4.1.3Deployment Model of Cloud Computing157
4.1.4Service Model of Cloud Computing157
4.1.5Cloud Computing Evaluation158

4.2Application and Interpretation of the Extended Security Evaluation
Requirements of Cloud Computing at Level Ⅲ and Level Ⅳ162
4.2.1Security Physical Environment162
4.2.2Security Communication Network163
4.2.3Security Area Boundary168
4.2.4Security Computing Environment175
4.2.5Security Management Center186
4.2.6Security Management System190
4.2.7Security Management Organization190
4.2.8Security Management Personnel190
4.2.9Security Development Management190
4.2.10Security Operation and Maintenance Management194
Chapter 5Application and Interpretation of the Extended Security Evaluation
Requirements of Mobile Internet196
5.1Basic Concepts196
5.1.1Mobile Interconnection196
5.1.2Mobile Terminals196
5.1.3Wireless Access Gateway196
5.1.4Mobile Application Software196
5.1.5Mobile Terminal Management System197
5.2Application Interpretation of Extended Security Evaluation
Requirements of Mobile Internet at Level Ⅲ and Level Ⅳ197
5.2.1Security Physical Environment197
5.2.2Security Communication Network198
5.2.3Security Area Boundary199
5.2.4Security Computing Environment206
5.2.5Security Management Center230
5.2.6Security Management System230
5.2.7Security Management Organization231
5.2.8Security Management Personnel231
5.2.9Security Development Management231
5.2.10Security Operation and Maintenance Management233
Chapter 6Application and Interpretation of the Extended Security Evaluation
Requirements of IoT235
6.1Overview of IoT System235
6.1.1Characteristics of IoT System235
6.1.2Composition of IoT System235
6.1.3Overview of Extended Requirements for IoT Security237
6.1.4Basic Concepts238
6.2Application and Interpretation of the Extended Security Evaluation
Requirements of IoT at Level Ⅲ and Level Ⅳ 239
6.2.1Security Physical Environment239
6.2.2Security Communication Network241
6.2.3Security Area Boundary245
6.2.4Security Computing Environment253
6.2.5Security Management Center268
6.2.6Security Management System277
6.2.7Security Management Organization277
6.2.8Security Management Personnel277
6.2.9Security Development Management277
6.2.10Security Operation and Maintenance Management277
Chapter 7Application and Interpretation of the Extended Security Evaluation
Requirements of Industrial Control System280
7.1Overview of Industrial Control System280
7.1.1Characteristics of Industrial Control System280
7.1.2Functional Hierarchy Model of Industrial Control System282
7.1.3Evaluation Target and Index of Industrial Control System284
7.1.4Typical Industrial Control System287
7.2Application and Interpretation of the Extended Security Evaluation
Requirements of Industrial Control System at Level Ⅲ and Level Ⅳ290
7.2.1Security Physical Environment290
7.2.2Security Communication Network291
7.2.3Security Area Boundary300
7.2.4Security Computing Environment317
7.2.5Security Management Center343
7.2.6Security Management System343
7.2.7Security Management Organization343
7.2.8Security Management Personnel344
7.2.9Security Development Management344
7.2.10Security Operation and Maintenance Management345
Chapter 8Application and Interpretation of the Extended Security Evaluation
Requirement of Big Data346
8.1Basic Concepts346
8.1.1Big Data346
8.1.2Targets of Big Data Classification Protection347
8.2Extended Security Requirements and Best Practices348
8.3Application and Interpretation of the Extended Security Evaluation
Requirements of Big Data at Level Ⅲ and Level Ⅳ358
8.3.1Security Physical Environment358
8.3.2Security Communication Network358
8.3.3Security Area Boundary363
8.3.4Security Computing Environment364
8.3.5Security Management Center382
8.3.6Security Management System385
8.3.7Security Management Organization387
8.3.8Security Management Personnel390
8.3.9Security Development Management392
8.3.10Security Operation and Maintenance Management396

內容試閱：

Foreword
The Cybersecurity Law of the People’s Republic of China was officially implemented on June 1， 2017. In this fundamental law in the field of cybersecurity， it is clearly stipulated that China implements the classified system of classified protection of cybersecurity. On December 1， 2019， Information Security Technology Network Security—Evaluation Requirements for Classified Protection of Cybersecurity GB/T 28448—2019 (hereinafter referred to as “Evaluation Requirements”)， the National Standard of the People’s Republic of China， was implemented.
The Evaluation Requirements is the core standard that guides the test and evaluation agencies to carry out the evaluation for the classified protection of cybersecurity. The correct understanding and use of this standard is the prerequisite for the smooth implementation for the classified protection of cybersecurity.
In order to better understand and comprehend the “Evaluation Requirements” and further improve the evaluation capabilities of test and evaluation agencies， the Cybersecurity Bureau under the Ministry of Public Security， the Zhong guan cun Information Security Evaluation Alliance， and the Information Security Rating Center of the Ministry of Public Security jointly organized and compiled the “Guidelines for the Application of Evaluation Requirements for Classified Protection of Cybersecurity”.
For each evaluation unit in the Evaluation Requirements， this book focuses on the determination of evaluation targets， the key points and methods of evaluation implementation， so as to better guide the classified test and evaluation agencies， the operation and using organizations of classified protection objects and the competent authorities to carry out the evaluation work for classified cybersecurity protection.
This book is divided into 8 chapters. Chapter 1 is the basic concept， which explains the terms or concepts related to the evaluation of classified cybersecurity protection， mainly including classified test and evaluation， evaluation targets and selection， evaluation index and selection， the mapping relationship between evaluation targets and evaluation indicators， and non applicable evaluation index， evaluation intensity， evaluation method， singular evaluation， overall evaluation and evaluation conclusion， etc. Chapter 2 is the general introduction of the Evaluation Requirements， elaborating on the meaning of general requirements for security evaluation and extended requirements for security evaluation. Chapter 3 is the application interpretation of the general evaluation requirements at Level Ⅲ and Level Ⅳ. Chapter 4 is the application and interpretation of the extended requirements of cloud computing security evaluation. Chapter 5 is the application and interpretation of the extended security evaluation requirements of mobile Internet. Chapter 6 is the application and interpretation of the extended security evaluation requirements of Internet of Things. Chapter 7 is the application and interpretation of the extended security evaluation requirements of industrial control systems， and Chapter 8 is the application and interpretation of the extended security evaluation requirements of big data. The content of interpretation includes the evaluation targets， the main points and methods of the evaluation implementation， etc.， and the security protection level of the evaluation metric is identified by the evaluation unit number.
The editor in chief of this book is Guo Qiquan， the associate editor in chief are Liu Jianwei and Wang Xinjie， and other main contributors are Zhu Guobang， Fan Chunling， Pan Wenbo， Wang Lianqiang， Yang Yuzhong.
Due to the limited knowledge of the authors， there are inevitably some inadequacies in this book. Please feel free to kindly provide your feedback and correction.

the Author
March，2022

書城介紹　 |　合作申請　|　索要書目　 |　新手入門　|　聯絡方式　 |　幫助中心　|　找書說明　 |　送貨方式　|　付款方式 香港用户　 |　台灣用户　|　大陸用户　|　海外用户

megBook.com.hk

Copyright © 2013 - 2024 （香港）大書城有限公司　 All Rights Reserved.