Skip to product information
1 of 12

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 20274.3-2008 English PDF (GBT20274.3-2008)

GB/T 20274.3-2008 English PDF (GBT20274.3-2008)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 20274.3-2008 to get it for Purchase Approval, Bank TT...

GB/T 20274.3-2008: Information security technology -- Evaluation framework for information systems security assurance -- Part 3: Management assurance

This Part of GB/T 20274 establishes the framework for information systems security management assurance, and specifies the guideline general principle for the organization starting, implementing, maintaining, evaluating and improving information security management. This Part defines and explains the security management capability level that reflects the information security management assurance capability of the organization in the information system security management assurance work, and provides the security management assurance control class requirements of the organization information security management assurance contents.
GB/T 20274.3-2008
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Information Security Technology -
Evaluation Framework for Information Systems
Security Assurance - Part 3. Management Assurance
ISSUED ON. JULY 18, 2008
IMPLEMENTED ON. DECEMBER 1, 2008
Issued by. General Administration of Quality Supervision, Inspection
and Quarantine of the PEOPLE Republic of China;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 5
1 Scope ... 6
2 Normative References ... 6
3 Terms and Definitions ... 6
4 Structure of This Part ... 7
5 Framework for Information Systems Security Management Assurance ... 8 5.1 Overview of Information Management Assurance ... 8
5.2 Information Security Management Assurance Control ... 9
5.3 Information Security Assurance Management Capability Levels ... 11 6 Structure of Information Security Management Assurance Control Class ... 12 6.1 General... 12
6.2 Structure of Management Assurance Control Class ... 12
6.3 Structure of Management Assurance Control Subclass ... 13
6.4 Structure of Management Assurance Control Module ... 14
6.5 Allowable Operation ... 15
7 MRM Management Assurance Control Class. Management of Risk ... 16
7.1 Object Establishment (MRM_TEM) ... 16
7.2 Risk Assessment (MRM_RAM) ... 18
7.3 Risk Control (MRM_RCT) ... 20
7.4 Communication and Monitoring (MRM_CAM) ... 21
8 MSP Management Assurance Control Class. Information Security Policy ... 22 8.1 Information Security Policy (MSP_SPL) ... 23
9 MSO Management Assurance Control Class. Information Security Organization ... 26 9.1 Management Support of Information Security (MSO_SOM) ... 27
9.2 Information Security Organization Structure (MSO_ORG) ... 28
9.3 Responsibility of Information Security (MSO_RES) ... 29
9.4 Communication and Cooperation (MSO_CAC) ... 31
10 MSP Management Assurance Control Class. Management of Personal Security ... 33 10.1 Personnel Examination (MPS_PEC) ... 33
10.2 Security Awareness and Training (MPS_SAT)... 36
10.3 Examination and Reward and Punishment (MPS_CRP) ... 37
10.4 Management of Personnel Change (MPS_PCM) ... 38
11 MAM Management Assurance Control Class. Management of Asset ... 39
11.1 Asset Register Management (MAM_ARM) ... 39
11.2 Asset Management Responsibility (MAM_AMR) ... 40
11.3 Asset Classification Management (MAM_ACM) ... 41
12 MPE Management Assurance Control Class. Management of Physical and
Environmental Security ... 43
12.1 Management of Physical Security Area (MPE_PSA) ... 44
12.2 Supporting Infrastructure Security (MPE_SIS) ... 48
12.3 Equipment Security (MPE_EMS) ... 51
13 MCM Management Assurance Control Class. Management of Compliance ... 53 13.1 Laws and Regulations and Policy Compliance (MCM_LCP)... 53
13.2 Standard Compliance (MCM_STP) ... 57
13.3 Security Policy Compliance (MCM_PSP) ... 58
14 MSP Management Assurance Control Class. Management of Information Security Planning ... 59
14.1 Information Security Planning (MSP_ISP) ... 60
14.2 Investment and Budget (MSP_IAB) ... 62
15 MSD Management Assurance Control Class. Management of System Development ... 63
15.1 Security Requirement Management (MSD_SRM) ... 63
15.2 System Design Management (MSD_SDM) ... 65
15.3 Engineering Execution Management (MSD_ENM) ... 65
15.4 Delivery Management (MSD_IRM) ... 67
16 MOP Management Assurance Control Class. Management of Operation ... 68 16.1 System Vulnerability Management (MOP_TVM) ... 69
16.2 Management of Logic Access Control (MOP_LAC) ... 71
16.3 Audit and Monitoring Management (MOP_AMM) ... 76
16.4 Security Configuration Management (MOP_SSC) ... 79
16.5 System Change Management (MOP_SCM) ... 81
16.6 IT Management (MOP_ITM) ... 82
16.7 Information Transmission Security (MOP_IEX) ... 87
17 MBD Management Assurance Control Class. Management of Business Continuity and Disaster Recovery ... 89
17.1 Business Continuity Management (MBD_BCM) ... 90
18 MCM Management Assurance Control Class. Management of Emergency Response ... 96
18.1 Report Security Event and Security Vulnerability (MER_REW) ... 96 18.2 Management of Emergency Response (MER_IMI) ... 98
19 Description of Security Management Capability Levels ... 101
19.1 General ... 101
19.2 Description of Security Management Capability Levels ... 102
19.3 Application of Information System Security Assurance Management Capability Levels ... 106
Bibliography ... 108
Figure 1 Information System Security Management Assurance Control Class ... 10 Figure 2 Structure of Management Assurance Control Class ... 12
Figure 3 Structure of Management Assurance Control Subclass ... 13
Figure 4 Structure of Management Assurance Control Component ... 14
Figure 5 Structure of Management Assurance Control Class - Management of Risk (MRM) ... 17
Figure 6 Structure of Management Assurance Control Class - Information Security Policy (MSP) ... 23
Figure 7 Structure of Management Assurance Control Class - Information Security Organization (MSO)... 27
Figure 8 Structure of Management Assurance Control Class ?€? Management of Personal Security (MPS) ... 33
Figure 9 Structure of Management Assurance Control Class - Management of Asset (MAM) ... 39
Figure 10 Structure of Management Assurance Control Class - Management of Physical and Environmental Security (MPE) ... 44
Figure 11 Structure of Management Assurance Control Class - Management of Compliance ...

View full details