General user units have a lot of internal systems, large and small, different purposes, audience groups and users are not the same, then we need to go through the level of protection to sort out and analyze our existing information systems, different systems will be divided into different important levels of hierarchical protection, which is to wait for the protection of the leveling work, sorted out the different levels of the system, we need to carry out different levels of security protection construction of different systems, to ensure that important systems and the security of the information security of the system. After sorting out the different levels of systems, we have to carry out different levels of security protection construction for different systems to ensure that the important information systems can well resist the attack or quickly recover the application after being attacked in case of an attack, without causing significant loss or impact. Level protection work is the non-classified system network security grip, if everyone can be well in accordance with the requirements of equal protection to carry out network security work, then their own units of network security work will not be bad.
Second, level protection is the basic policy on network security in China, the "National Informatization Leading Group on strengthening information security protection views" (China Office of the [2003] No. 27, hereinafter referred to as "Document 27") clearly requires the implementation of China's information security security work level protection system, puts forward "To establish an information security level protection system, and to formulate management methods and technical guidelines for information security level protection".
The notice on the issuance of the Administrative Measures for Information Security Level Protection (Gongtong Zi [2007] No. 43, hereinafter referred to as "Document No. 43") issued in June 2007 stipulates the principles, contents, division of responsibilities, basic requirements and implementation plans for the implementation of the information security level protection system, and deploys operational methods for the implementation of the information security level protection work. The document sets out the principles, contents, division of responsibilities, basic requirements and implementation plan for the implementation of the information security level protection system, and deploys the operational methods for the implementation of the information security level protection.
Article 21 of the People's Republic of China*** and the State of China's Cybersecurity Law, which was formally implemented on June 1, 2017, clearly stipulates that the state implements a network security level protection system. Network operators shall, in accordance with the requirements of the network security level protection system, perform the following security protection obligations, safeguard the network from interference, damage or unauthorized access, and prevent network data from leaking or being stolen or tampered with.
We have seen the domestic public security departments, net information departments based on the "Network Security Law" on the relevant units to be punished in no less than 10 cases, which is alone for not timely start the level of protection work at least three. Simply summed up is the national laws and regulations, relevant policies and systems require us to carry out level protection work, do not do level protection work is non-compliant behavior, seriously, is in violation of the law, we must pay attention, can not be paralyzed.
Third, many industry authorities require industry customers to carry out level protection work, has issued industry requirements documents: financial, electric power, radio and television, medical, education, e-government and other industries, and some authorities have issued relevant documents or notices required to do. In addition, the information security authorities require us to carry out level protection work to carry out network security work, mainly: public security, net information office and other industry authorities. If you do not do so, you can not report to the relevant competent units and industry units in charge of their own units of network security work.
Fourth, reasonable risk avoidance. Every year there will be some big information security incidents, we often hear or see daily, so and so website pages were tampered with, the user sensitive information was leaked, more small-scale security incidents we do not know but in the occurrence.
For the occurrence of relatively large security incidents, first of all, the competent units to go to the scene of the investigation, if you do not carry out the level of protection work, the most direct conclusion is that your information security work is not carried out well, not carried out in place, the country's most basic level of protection work is not done, you said you bought a lot of firewalls, a lot of security equipment, that is not clear, not as good as you! The real take out the record to prove, take out the evaluation report persuasive strong.
Reasons analyzed, that is the meaning of the insurance also have:
One, to reduce the risk of information security, improve the security of information systems protection ability;
Two, to meet the relevant national laws and regulations and system requirements;
Three, to meet the relevant competent units and industry requirements;
Four, reasonably avoid or reduce the risk.
If you need the equalization assessment service, please contact us by private message. Lulu Information Technology, integrating the technical advantages of cloud security products, combined with high-quality equal protection consulting, equal protection assessment cooperation resources, to provide one-stop services for equal protection projects, comprehensive coverage of equal protection leveling, filing, construction and rectification, as well as the assessment stage, the high efficiency of the equal protection assessment, the implementation of network security level protection work.