There are relatively few contents and requirements of the second-class insurance assessment, so there are not so many required standards and relatively few corresponding assessment items, with a total of 135 items. Secondary security is one of the five levels in the network security system, which is higher than primary security and lower than other levels. The second type of insurance, after the information system is destroyed, will seriously damage the legitimate rights and interests of citizens, legal persons and other organizations, or damage social order and public interests, but will not endanger national security.
It is illegal to wait for insurance, and it is illegal to wait for insurance overdue. Now many people already know that it is illegal not to apply for this kind of insurance, and it is also illegal to wait for the insurance to expire. Waiting for insurance should not only be done, but also be done regularly. The second level evaluation of general equal insurance is once every two years, the third level is once every year/kloc-0, the fourth level is once every six months, and the fifth level can be randomly selected at any time. The second-class insurance needs to be re-graded. The specific operation process is as follows:
1 etc. Prepare for evaluation. First of all, we should sign a confidentiality agreement with the appraiser and prepare the classification report, filing form, evaluation plan, test form and other contents.
2. Organize research and plans. Relevant personnel go to the inspected unit for investigation, understand the system to be evaluated, and sort out relevant materials at the same time.
3. Conduct on-site assessment. Prepare the system topology diagram and asset list in advance, and determine the way to log in to the server to prepare for the on-site evaluation.
4. Rectify and retest. After the initial test is completed, the enterprise needs to rectify and reinspect the unqualified part of the test project according to the actual business needs.
5. Give the evaluation report. According to the actual situation of the final evaluation, the evaluation institution conducts comprehensive analysis and generates grade evaluation reports and safety suggestions.
legal ground
Measures for the administration of information security level protection
Article 7 The security protection levels of information systems are divided into the following five levels:
On the first level, after the information system is destroyed, it will harm the legitimate rights and interests of citizens, legal persons and other organizations, but it will not harm national security, social order and public interests.
On the second level, after the information system is destroyed, it will seriously damage the legitimate rights and interests of citizens, legal persons and other organizations, or damage social order and public interests, but it will not endanger national security.
At the third level, if the information system is destroyed, it will cause serious damage to social order and public interests, or damage to national security.
The fourth level, after the information system is destroyed, it will cause particularly serious damage to social order and public interests, or to national security.
The fifth level, after the information system is destroyed, it will cause particularly serious damage to national security.
Article 8 Operators and users of information systems shall protect information systems in accordance with these Measures and relevant technical standards, and the relevant information security supervision departments of the state shall supervise and manage their information security level protection.
The operating and using units of the first-level information system shall protect it in accordance with the relevant national management norms and technical standards.
The operating and using units of the secondary information system shall be protected in accordance with the relevant national management norms and technical standards. The national information security supervision department shall guide the information security level protection of the information system at the corresponding level.
Units that operate and use three-level information systems shall protect them in accordance with relevant national management norms and technical standards. The national information security supervision department shall supervise and inspect the information security level protection of the information system at the corresponding level.
Units that operate and use four-level information systems shall be protected in accordance with relevant national management norms, technical standards and special business requirements. The national information security supervision department shall conduct compulsory supervision and inspection on the information security level protection of the information system at the corresponding level.
Units operating and using Level 5 information systems shall protect them in accordance with national management norms, technical standards and special business security requirements. The state designates a special department to supervise and inspect the information security level protection of the information system at the corresponding level.