Ten Questions about the Level Protection of Cell Phone Signal Jammers
1. What is level protection?
Answer: Information security graded protection refers to the implementation of graded security protection for important national information, proprietary information of legal persons, other organizations and citizens, public information and information systems that store, transmit, and process such information. The security products are managed according to the level, and the information security incidents in the information system are responded to and handled by levels. signal jammer
2. What are the specific contents of the grade protection work?
Answer: According to the relevant standards for the level protection of information systems, the level protection work is divided into five stages, which are: 1) It is the classification of information systems. 2) is the information system filing. 3) is the system security construction. 4) is the information system start level assessment. 5) The competent unit conducts regular supervision and inspection.
3. Why carry out hierarchical protection work?
Answer: The main reasons are as follows: 1) The hidden security risks and deficiencies in the information system of the unit are discovered through the level protection work, and after the security rectification, the information security protection capability of the information system is improved, the risk of the system being attacked by various kinds is reduced, and the good security of the unit is maintained. image. 2) Hierarchical protection is my country's basic policy on information security. National laws, regulations, and relevant policies and systems require units to carry out hierarchical protection work. Such as the "Administrative Measures for the Level Protection of Information Security" and the "Network Security Law of the People's Republic of China". 3) Many industry authorities require industry customers to carry out level protection work. Currently, industry requirements documents have been issued: finance, electric power, radio and television, medical care, education and other industries, and some authorities have issued relevant documents or notices to do so . 4) Implement the network security protection obligations of individuals and units, and reasonably avoid risks.
4. Where to go for the grading and filing of the information system?
Answer: Most of the local regulations: the units in the prefecture-level cities will submit the grading information to the network security detachment of their respective prefecture-level cities, and the provincial-level units will submit the information to the provincial public security network security corps. In some places, the data is first handed over to the district/county network security brigade, and then the district/county network security brigade transfers it to the prefecture-level city network security detachment for filing.
5. What is the level protection assessment?
Answer: In accordance with the provisions of the national information security graded protection system, and in accordance with relevant management norms and technical standards, the evaluation agency conducts testing and evaluation activities on the security graded protection status of non-involving state secret information systems.
6. How long does it usually take to complete the level protection evaluation?
A: The on-site evaluation cycle of a Level 2 or Level 3 system is generally about a week, and the specific time will be increased or decreased according to the number of information systems and the scale of the information systems. Small-scale security rectification takes 2-3 weeks, the report is issued for one week, and the overall duration is 1-2 months. If the rectification is not timely or involves the purchase of equipment, the time is hard to say, but the general requirement should be completed within one year.
7. How often does the level protection assessment need to be tested?
A: The third-level information system requires at least one evaluation per year; the second-level information system recommends an evaluation every two years, and some industries explicitly require an evaluation every two years.
8. What is the cost of the level protection assessment?
Answer: The cost of the evaluation is first calculated according to the information system, not a unit. Second, the evaluation cost of different levels is different. The final evaluation cost is also related to the asset scale of the information system. The larger the scale, the higher the corresponding evaluation cost. some. The specific circumstances of each province and city are different. Usually, each province and city has its own price system. The evaluation fees of the secondary and tertiary systems are relatively fixed. For details, you can consult the local evaluation agency.
9. User units need to carry out graded protection assessment, who should they ask to do it?
Answer: Find an evaluation company with evaluation qualifications. The unit has at least the "Information Security Class Protection Evaluation Organization Recommendation Certificate" issued by the provincial and municipal Information Security Class Protection Coordination Group Office. At the same time, some provinces require evaluation organizations to be in the location of the user unit. The public security and network security department of the city-level city shall record it, and only after the recordation is successful can the local level protection evaluation work be carried out.
10. How much does it cost to carry out safety rectification after the evaluation is completed, and whether the rectification needs to be rectified at one time?
Answer: It needs to be analyzed according to the specific situation. Security rectification does not have to cost extra money. If the unit already has a firewall, IDS, and anti-virus software, the equipment basically meets the requirements of the third level and below. Of course, if you want to do better, you still need to add some other equipment. Safety rectification gives priority to rectification of high-risk risks and the most urgent need of rectification. It is not mandatory to make all rectifications in place at one time or within one year. Safety construction and rectification is a continuous work. In addition, safety construction and safety rectification are originally part of our daily work, not just because we have done a wait-and-see assessment. Don't make this misunderstanding.