During major national events, the government, enterprises, universities, operators, finance and other various units need to deal with the impact of cybersecurity threats to the major protection, focusing on the target for the core business systems, sensitive information assets and other critical information infrastructure.
Therefore, each unit needs to make preparations for the heavy protection service, implement the corresponding network security responsibility system, establish a 7*24H monitoring and warning protection system, ensure timely disposal of network security risks, and fully prepare for the network emergency response and security work to avoid hacking and invasion as much as possible, tampering with the event, and being infected by ransomware virus and other security risks.
Multi-faceted cube security services team, since the Spring Festival before the deployment and service of a number of heavy insurance units, combined with the work experience of the security operation service content outlined for reference in the industry.
Reinsurance goals and targets
The key targets of the reinsurance scenario are critical information infrastructure and important information systems, such as: websites of party and government organizations, websites of enterprises and institutions, key news websites, and major platforms and production and business systems, and the core purpose is to ensure the stable operation of the critical information infrastructure and important information systems during the major events, and to avoid reactionary hackers and hostile forces' cybersecurity as much as possible. The core purpose is to ensure the stable operation of critical information infrastructure and important information systems during major events, and to avoid as much as possible reactionary hackers and hostile forces' network security attacks.
Scope of Reinsurance Services
The scope of reinsurance services is for the key protection units in the country, including: public security, education, electric power, municipal government, transportation, military, radio and television, medical care, railroads, banks, telecommunications, and mainstream media and other key infrastructures.
National Cyberspace Security Strategy December 2016
National critical information infrastructure refers to information facilities that are related to national security, national livelihood, and may seriously jeopardize national security and public **** interests in the event of data leakage, damage, or loss of functionality, including, but not limited to, the basic information network that provides services such as public **** communications, radio and television transmission, etc.,. Energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, health care, social security, public utilities and other areas and state organs of the important information systems, important Internet application systems.
Regulations on the Protection of Critical Information Infrastructure (Draft for Approval) December 2018
Article 18 The network facilities and information systems operated and managed by the following units shall be included in the scope of protection of critical information infrastructure in the event that they are damaged, lose their functions, or have data leakage, which may seriously jeopardize national security, the state's economy and people's livelihood, and public **** interests:
(a) financial, including banking, securities, insurance, etc.
(b) energy, including electric power, oil and gas, petrochemicals, etc.
(c) transportation, including civil aviation, railroads, etc.
(d) water conservancy;
(e) public **** services, including education, health care, social security, etc.;
(f) National Defense Science and Technology industry;
(vii) e-government.
Threats to the network security of major activities
Every year, heavy security network security network monitoring and other competent units, will be the key units of key information base set up for inspection, inspection of hidden problems notification and rectification, so the time is tight and the task is heavy is all heavy security units *** with the problems faced by the organization of the urgent need to carry out the business system of the hidden problems of the investigation, repair of vulnerabilities, system reinforcement, monitoring and watchdog work.
The new system is a new type of system that will be used in the future.
Reinsurance needs analysis
In the face of the complexity of the work, information security work will also face various aspects of the demand, in addition to the internal and external requirements, but also need to report to the leadership and the arrangement of specific work.
Reassurance core work
Vulnerability testing
Security vulnerability testing and assessment of important business systems and network/security equipment before reassurance:
Internet security risk assessment
Assessment of intranet security risk assessment
Baseline verification of equipment/terminal security
Security management system situation Assessment
......
Security Hardening and Rectification
Security rectification and hardening of business systems and equipment detected to be at risk:
Network Security Equipment Hardening
Terminal Equipment Hardening
Server Hardening
Backup of Business Systems
......
Notification and Early Warning
Notification (validation), disposal, and feedback processes for network security status, events, notifications, and warnings during the period of re-insurance:
Security Vulnerability Notification Process
Security Event Notification Process
Internet Asset Notification Process
Security Vulnerability Verification Process
Security Event Verification
Notification or warning process
Rapid disposal
In the re-insurance period of the network occurs in the emergency hidden disposal, website backdoor, web page tampering, anti-*** hacking and other types of network security events and rapid disposal action of a set of emergency disposal work.
Re-insurance solution framework and process
Re-insurance program decomposition: three stages
Re-insurance before - intranet security risk assessment (asset sorting)?
Identify high-probability attacks, safeguard target assets and associated assets and network equipment, and clarify the scope of objects to be included in the key reinsurance protection.
Target assets Hosts of important Internet-facing business systems (equal protection level 3 and above, critical information infrastructure systems), including management backend and middleware servers
Potential target assets Servers or proxy devices with Internet communication IPs and external ports
High-risk utilization of springboards Other systems that have direct interaction and communication with potential target systems. Business system hosts, servers, middleware, and fixed terminals
Critical devices Remote network access access devices and network boundary devices
Existing security devices Associated security protection devices within the scope of the system's network
High-risk assets Shadow assets (unknown assets) Devices with the ability to connect to communications outside of the network
Cybersecurity awareness starts from an organization's personnel and revolves around their ability to communicate with each other over the Internet. Cybersecurity awareness is an activity to strengthen and enhance the cybersecurity awareness of the organization's personnel by means of some publicity, training, education and other methods, starting from the personnel's knowledge, skills, behavioral activities and other weak links where cybersecurity vulnerabilities may occur.
Re-insurance period - security monitoring and real-time defense
Work objectives: 7 * 24-hour monitoring during the re-insurance period, real-time monitoring of the security situation, to find out the attack behavior, and emergency response to security events to ensure the safety of the entire re-insurance period.
The end of the re-warranty
1, the work summary
2, security planning recommendations
3, the list of programs
Our values and advantages