Current location - Training Enrollment Network - Education and training - Catalogue of training materials for basic requirements of information security level protection
Catalogue of training materials for basic requirements of information security level protection
Chapter 1 Overview of basic requirements for level protection 1

1. 1 protection background and basic requirements of function 2

1. 1. 1 Basic content 2 of information system security level protection

1. 1.2 Main functions and features 3

1.2 Safety protection capability of different safety levels 4

1.2. 1 countermeasure capability 5

1.2.2 Elasticity 7

1.2.3 protection capability requirements 8

1.3 the idea of basic requirement 9

1.3. 1 gradual enhancement principle 10

1.3.2 The control points increase step by step 1 1.

1.3.3 requires gradual increase 12.

1.3.4 control intensity is enhanced step by step 13

Relationship between 1.4 and other standards 14

1.4. 1 standard room 14

1.4.2 technical standard 16

Chapter 2 Basic Requirements and Safety Model 26

2. Relationship between1and PPDRR model 26

2. 1. 1 PPDRR model introduction 26

2. 1.2 Relationship between basic requirements of level protection and PPDRR model 30

2.2 the relationship between basic requirements and IATF 3 1

Introduction to IATF 3 1

2.2.2 Relationship between Basic Requirements of Grade Protection and IATF 36

2.3 Relationship between Basic Requirements and CMM 37

Chapter III Basic Requirements of Safety Technology and Safety Management 43

3. 1 Basic requirements of frame structure 43

3.2 Basic requirements of safety technology 45

3.2. 1 Basic requirements for Class III safety technology 45

Tag description 47

3.2.3 Hierarchy Description of Technical Requirements 48

3.3 Management Requirements 55

3.3. 1 safety management system 55

Safety management organization 56

3.3.3 Personnel safety management 57

3.3.4 System Construction Management 58

3.3.5 System Operation and Maintenance Management 60

Chapter 4 Identification 62

4. 1 authentication mechanism 62

4. 1. 1 the concept of identification and authentication 62

4. 1.2 identification technology 65

4. 1.3 Security mechanism related to authentication 68

4. 1.4 CC marking and marking requirements 70

4.2 Basic requirements for authentication in host and application security 72

4.2. 1 Host authentication requirements 72

4.2.2 Identification requirements in application 75

4.3 Identification requirements for network equipment 76

4.3. 1 protection requirements for primary network equipment (G 1) 76

4.3.2 Protection Requirements for Network Equipment of Secondary Information System (G2) 77

4.3.3 Three-level network equipment protection (G3) 77

4.3.4 Four-level network equipment protection (G4) 77

Chapter 5 Autonomous Access Control 78

5. 1 General concept of access control 78

5. 1. 1 general principles of access control 82

5. 1.2 access control flow 87

5. 1.3 access control type 90

5. 1.4 Access control information 92

5. 1.5 access control model 95

5.2 discretionary access control 100

5.2. 1 protection bit mechanism 10 1

5.2.2 Access Control List Mechanism 102

5.2.3 Access Authority and Access Operation Authority 103

5.3 Independent Access Control Requirements 105

5.3. 1 access control requirements for primary and secondary hosts (S 1)(S2) 105.

5.3.2 Access Control Requirements for Level 1 and Level 2 Application Security (S 1)(S2) 106.

5.3.3 Network Access Control (G 1)(G2) 107

Chapter 6 Marking and Mandatory Access Control (MAC) 1 10

6. 1 mark 1 10

6. Functions and requirements of1.1tag 1 10

6. The marking requirement in1.2cc is 1 12.

6.2 Mandatory access control 1 16

6.2. Implementation method of1MAC mechanism 1 17

Measures to support MAC 1 18

6.3 Role-based Access Control (RBAC) 120

6. 3. 1 RBAC RBAC concept 12 1

6.3.2 RBAC 96 122

6.3.3 RBAC 97 model (administrative RBAC model) 124.

6.3.4 NIST RBAC recommended standard 124.

6.3.5 Characteristics of RBAC125

6.4 New Access Control 127

6. 4. 1 task-based access control (TBAC) 128

6.4.2 Object-based Access Control (OBAC) 129

6.5 Mandatory Access Control Requirements for Advanced Information Systems 130

6.5. 1 Mandatory access control requirements for the third and fourth levels of host and application security 130

6.5.2 Network access control 13 1

Chapter VII Safety Audit 134

7. 1 the concept of safety audit 134

7. 1. 1 definition 135

7. 1.2 audit purpose and basic requirements 136

7. 1.3 audit events 138

7.2 Implementation of Audit System 139

7.2. 1 General method of audit implementation 139

7.2.2 Implementing Audit in Host Environment 145

7.2.3 Audit in Distributed Environment 149

7.3 Audit information browsing 150

7.3. 1 audit information browsing technology 15 1

7.3.2 Harmless Treatment of Audit Information 152

7.4 Basic requirements of audit 153

7.4. 1 Audit requirements for hosts and applications 154

7.4.2 Network Security Audit 156

Chapter VIII Intrusion Prevention 158

8. 1 Overview of Invasion 158

Classification 8. 1. 1 attack 159

8. 1.2 attack steps 160

8. 1.3 Common means of hacker attack 162

Develop 8. 1.4 attack 5438+064

8.2 Defects of IPv4 Protocol and Attacks Caused by it 165

8.2. 1 Defects and possible attacks of network layer protocols 165

8.2.2 Transport layer security issues 172

8.2.3 Security Issues of High-level Protocol 177

8.3 Vulnerabilities of host system and application software 18 1

8.3. 1 introduction to system vulnerabilities 182

8.3.2 Examples of some vulnerabilities in the operating system 183

8.3.3 Examples of some vulnerabilities in the database 19 1

8.3.4 Vulnerability of application 192

8.4 Basic requirements of intrusion prevention 196

8.4. 1 network intrusion prevention 196

8.4.2 Basic requirements for host intrusion protection 198

Chapter 9 Prevention of Malicious Code 199

9. 1 introduction of malicious code 199

Computer virus 20 1

9. 1.2 Worm 205

9. 1.3 trap door 207

9. 1.4 Trojan horse 2 10

9. 1.5 Logic Bomb 2 13

9. 1.6 rogue software 2 14

9. 1.7 Botnet 2 15

9.2 Basic requirements for malicious code prevention 2 16

9.2. 1 Preventing malicious code in the network 2 16

9.2.2 Basic Requirements for Preventing Malicious Code of Host 2 17

Chapter 10 Data Protection 2 19

Protection of user data 220

10. 1. 1 privacy protection of user data 46438

Integrity protection of user data 229

10.2 TSF data protection 23 1

10.3 Basic requirements for data protection 233

10.3. 1 data confidentiality protection requirements 234

10.3.2 data integrity requirements

10.3.3 Significance and requirements of trusted path 238

10.4 Denying resistance 24 1

10. 4. 1 denial function 24 1

10.4.2 non-repudiation requirements 243

Chapter 1 1 Network Structure Security and Boundary Integrity 244

1 1. 1 network structure security 244

11.1.1security domain division 245

1 1. 1.2 subsystem partition 249

1 1. 1.3 Basic requirements for network structure security 256

1 1.2 network boundary integrity protection 258

1 1.2. 1 requirements for protection of boundary integrity.50000.000000000605

1 1.2.2 Introduction of boundary integrity checking methods and techniques 259

Chapter 12 Basic requirements for system service function protection 26 1

12. 1 Fault-tolerant backup and recovery technology 26 1

12. 1. 1 inspection technology principle 263

12.10.2 introduction of hardware fault-tolerant system 266

12.10.3 introduction of software fault-tolerant system 269

12. 1.4 data fault tolerance 270

12. 1.5 Trusted recovery 273

12. 1.6 Basic requirements for fault tolerance, backup and recovery 276

12.2 resource control 277

Basic requirements for controlling host resources 278

12.2.2 Basic requirements for resource control in application security 279

Chapter 13 Information Security Management System 28 1

13. 1 Overview of information security management system 282

13.2 principles of information security management system 283

13.3 information security management system standard 295

Chapter 14 Management Requirements 300

14. 1 safety management system 300

14. 1. 1 management system 30 1

14. 1.2 formula and version 302

14. 1.3 review and revision 303

14.2 safety management organization 304

14.2. 1 post setting 305

Staffing 306

Authorization and approval 307

Communication and cooperation

14.2.5 audit and inspection

14.3 personnel safety management 309

14.3. 1 employment 3 1 1

14.3.2 resigned personnel 3 1 1

14.3.3 personnel identification 3 12

Safety awareness education and training 3 13

External personnel access management 3 14

14.4 system construction management 3 15

14.4. 1 system classification 3 16

14.4.2 security scheme design 3 17

14.4.3 product procurement 3 18

14.4.4 Software developed by ourselves 3 18

14.4.5 outsourcing software development 3 19

14.4.6 project implementation

14.4.7 test acceptance

14.4.8 system delivery

14.4.9 system archiving 322

14.4. 10 rating 322

Security Service Provider Selection 323

14.5 system operation and maintenance management 323

Environmental management 325

14.5.2 asset management 326

Media management 327

14.5.4 equipment management 328

14.5.5 Monitoring Management and Safety Management Center 328

14.5.6 Network Security Management 329

14.5.7 system security management

14.5.8 malicious code management 33 1

Password management 33 1

Change management 332

14. 5. 1 1 backup and recovery management 333

Security event handling 333

Emergency plan management 334

Related articles
  • What are the top ten online education in China?
  • What are the classic poems recited by China?
  • How to Cultivate Chinese Superstars by Life Simulator
  • Training content daquan [10]
  • What is the prospect of developing into an education and training institution?
  • What jobs are veterans suitable for?
  • The latest charging standard for re-reading in Mianyang experimental middle school
  • Strengthen technical training
  • Xi. How does Anqian Island Education reach children?
  • How do hydroponic plants prevent mosquitoes?

    • copyright 2024 Training Enrollment Network All rights reserved