Skip to product information
1 of 5

PayPal, credit cards. Download editable-PDF and invoice in 1 second!

GB/T 32924-2016 English PDF (GBT32924-2016)

GB/T 32924-2016 English PDF (GBT32924-2016)

Regular price $145.00 USD
Regular price Sale price $145.00 USD
Sale Sold out
Shipping calculated at checkout.
Quotation: In 1-minute, 24-hr self-service. Click here GB/T 32924-2016 to get it for Purchase Approval, Bank TT...

GB/T 32924-2016: Information security technology -- Guideline for cyber security warning

This Standard gives classification guidelines and processing procedures for cyber security warning. This Standard provides guidance for timely and accurate understanding of the impact of cyber security incidents or threats, possible consequences, and effective measures. This Standard is also applicable to network and information system supervisors and operation departments referring to the handling of cyber security incidents or threats.
GB/T 32924-2016
GB
NATIONAL STANDARD OF THE
PEOPLE REPUBLIC OF CHINA
ICS 35.040
L 80
Information security technology - Guideline for cyber
security warning
ISSUED ON: AUGUST 29, 2016
IMPLEMENTED ON: MARCH 01, 2017
Issued by: General Administration of Quality Supervision, Inspection and Quarantine;
Standardization Administration of the People's Republic of
China.
Table of Contents
Foreword ... 3
Introduction ... 4
1 Scope ... 5
2 Normative references ... 5
3 Terms and definitions ... 5
4 Classification of cyber security warning ... 6
5 Cyber security warning process ... 11
Bibliography ... 13
Information security technology - Guideline for cyber
security warning
1 Scope
This Standard gives classification guidelines and processing procedures for cyber security warning.
This Standard provides guidance for timely and accurate understanding of the impact of cyber security incidents or threats, possible consequences, and effective measures. This Standard is also applicable to network and information system supervisors and operation departments referring to the handling of cyber security incidents or threats.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 22240-2008, Information security technology - Classification guide for classified protection of information systems security
GB/T 25069-2010, Information security technology - Glossary
3 Terms and definitions
For the purposes of this document, the terms and definitions defined in GB/T 25069-2010 as well as the followings apply. For ease of use, some terms and definitions in GB/T 25069-2010 are listed repeatedly below.
3.1 object of cyber security protection
It also refers to assets, information or resources that are valuable to the organization. It is the object of security policy protection.
NOTE: It mainly refers to the application, data, and equipment of important information systems.
[GB/T 20984-2007, definition 3.1]
protection
The degree to which the object of cyber security protection may be damaged refers to the damage to its software and hardware, functions and data by a cyber security incident or threat, the extent to which the system business is slow or interrupted, data leakage, tampering, loss or damage, and direct and indirect losses to the object of protection. Its size mainly considers the possible direct losses of the object of protection itself, as well as the cost of defending against attacks, restoring the normal operation of the system, and eliminating negative effects. It is classified into very severe, severe, large and general.
Specifically:
a) Very severe damage refers to the large-scale paralysis that may cause or has caused the network or information system to lose business processing capabilities, or the confidentiality, integrity, and availability of critical system data have been severely damaged; the cost of restoring the
normal operation of the system and eliminating the negative effects is
huge. For example:
- Large-scale and continuous cyber attacks may cause or have caused a
large-scale paralysis of the network or information system, causing it to lose business processing capabilities;
- Security vulnerabilities and vulnerability exploitation processes involving management permissions are disclosed, and automated attack tools
appear, which may cause or have caused large-scale personal
information leakage, including account password, bank card number and
other information that may affect property.
b) Severe damage refers that it may cause or has caused a long-term
interruption or partial paralysis of the network or information system, so that its business processing capabilities are greatly affected, or the
confidentiality, integrity, and availability of key system data are destroyed; the cost of restoring the system to normal operation and eliminating
negative effects is huge. For example:
- Organized and targeted attacks may cause or have caused a long-term
interruption or partial paralysis of the network or information system, which greatly affects its business processing capabilities;
- Security vulnerabilities and vulnerability exploitation processes involving remote command execution are disclosed, which may cause or have
caused large-scale personal information leakage but does not contain
financial information.
c) Large damage refers to the network or information system that may cause greatly threaten national security, cause social unrest, have extremely bad negative effects on economic construction, or seriously damage public interests, a red warning shall be issued. That is, it may cause particularly serious damage to very important object of cyber security protection.
4.2.3 Orange warning (level II warning)
When a serious cyber security incident or threat occurs, which may threaten national security, cause social panic, have a major negative impact on
economic construction, or harm the public interest, an orange warning shall be issued. Including the following:
a) It may cause serious damage to very important object of cyber security protection;
b) It may cause particularly serious damage to important object of cyber security protection.
4.2.4 Yellow warning (level III warning)
When a serious cyber security incident or threat occurs, which may affect national security, disrupt social order, have a certain negative impact on economic construction, or affect public interests, a yellow warning shall be issued. Including the following:
a) It may cause greater or general damage to very important object of cyber security protection;
b) It may cause serious or greater damage to important object of cyber
security protection;
c) It may cause very serious or serious damage to general cyber security protection.
4.2.5 Blue warning (level IV warning)
When a general cyber security incident or threat occurs, it has basically no impact on national security, social order, economic construction and public interests, but may cause damage to the interests of individual citizens, legal persons or other organizations, and a blue warning shall be issued. When it is especially mild, no warning can be issued. Including the following:
a) It may cause general damage to important object of cyber security
protection;
b) It may cause greater or general damage to general object of cyber security protection.

View full details