A lot of users will ask: Why do you want to do level protection? Yes, why? Today we will briefly analyze the reasons why we should wait for the protection and the level protection work.
Why do you want to carry out level protection work? There are several main reasons:
First, the most important reason for carrying out the protection is to find the gap between the unit information system and the national security standards through the level protection work, identify the hidden dangers and deficiencies in the current system, and improve the information system after the security rectification. Information security protection capabilities reduce the risk of various attacks on the system. The internal system of the general user unit is large and small, the use is different, and the audience is different from the user. Then we need to sort and analyze our existing information system through hierarchical protection, and divide the different systems into different important levels. Hierarchical protection, this is the rating of the security, after sorting out the different levels of the system, we must carry out different levels of security protection for different systems, to ensure that important information systems can be good in the case of attacks Resilience to attacks or attacks can quickly restore applications without causing major losses or impacts. Level protection work is the catcher of non-confidential system network security. If everyone can carry out network security work in accordance with the requirements of security, then the network security work of their own units will not be bad.
Second, the level of protection is China’s basic policy on cybersecurity, and the “Opinions of the National Information Leading Group on Strengthening Information Security Work clearly requires . The information security protection system implements a level protection system, and proposes “management methods and technical guidelines for establishing an information security level protection system and establishing information security level protection”. The notice issued in June 2007 on the issuance of the Measures for the Protection of Information Security Levels (Jongtongzi  No. 43, hereinafter referred to as “Document No. 43”) stipulates the principles, contents and duties of implementing the information security level protection system. The division of labor, basic requirements and implementation plans have deployed operational methods for implementing information security level protection. Article 21 of the “Network Security Law of the People’s Republic of China” officially implemented on June 1, 2017 clearly stipulates that the state implements a network security level protection system. The network operator shall perform the following security protection obligations in accordance with the requirements of the network security level protection system to protect the network from interference, destruction or unauthorized access, and prevent network data from being leaked or stolen or tampered with. At present, we have seen that there are no fewer than 10 cases in which the public security departments and the network information departments in China have imposed penalties on relevant units in accordance with the Cyber Security Law. Among them, there are at least three cases in which the level protection work has not been started in time. In brief summary, the national laws and regulations, relevant policies and systems require us to carry out the level of protection work, not to do the level of protection work is non-compliance, seriously speaking, it is illegal, everyone must pay attention to, can not be careless.
Third, many industry authorities require industry customers to carry out level protection work. At present, the industry has issued the required documents: finance, power, radio and television, medical, education, e-government and other industries, and some competent authorities have issued relevant documents or The notice asks to do it. In addition, the information security supervisory unit asked us to carry out the level protection work to carry out network security work, mainly including: public security, network information office and other industry authorities. If you do not wait for the insurance, you will not be able to report the cyber security work of your own unit to the relevant competent authorities and industry authorities.
Fourth, rationally avoid risks. Every year, there are some big information security incidents. What we often hear or see every day is that the website of a certain website has been tampered with, the sensitive information of the user has been leaked, and some small-scale security incidents are not clear, but in occur. Then, when a relatively large security incident occurs, the competent authorities will go to the site for investigation. First, we will see if we have carried out level protection work. If you don’t, the most straightforward conclusion is that your information security work has not been carried out well. Did not carry out the place, the country’s most basic level of protection work has not done, you said that you bought a lot of firewalls, a lot of security equipment, it is not clear, it is not clear, you are really taking out the record certificate, come up with a test report Persuasive. Some time ago, Sichuan violated the first case of the “Network Security Law” because the user did not carry out the security work, resulting in the website being attacked, the unit was fined, and the relevant security owner was fined. If a problem arises, it will inevitably be criticized and notified, and it will be ordered to rectify the line. Then the content of the level protection work and the work of not being level-protected are obviously different. It will not be carried out here, but it can only be said that it cannot be said. The simplest example: a subjective emphasis on security work, but because the technology is not good enough to be attacked and destroyed, and a subjective failure to pay attention to the security work is attacked and destroyed, it is light and heavy, at a glance. But how do you call subjective attention? Whether or not the work is carried out is an important criterion for measurement, because the level protection is a national basic information security system.
The reasons are analyzed, and the meaning of such guarantees will be: First, reduce information security risks and improve the security protection capabilities of information systems; 2. Satisfy the requirements of relevant national laws, regulations and systems; 3. Meet relevant competent authorities and industry requirements. Fourth, reasonably avoid or reduce risks.
Recently, the Law Enforcement Inspection Team of the Standing Committee of the National People’s Congress is conducting law enforcement inspections on the implementation of the “Network Security Law” and the “Decision on Strengthening Network Information Protection” throughout the country. Among them, the conditions to be checked are: the implementation of the network security level protection system, the removal of illegal and harmful information, and the user’s personal information security work. Therefore, we need to do a good job in time to create a good safe network environment for the victory of the 19th National Congress. A recent news broke out that the founder of WePhone was forced to commit suicide by his ex-wife, exposing some problems existing in the personal information management of Internet companies, such as the authenticity of information, and now various applications require real-name system, plus the group mainly The safety of the group, and so on, all indicate that the state pays more and more attention to network security and information security. It is only how to manage and how to control it. It also requires everyone to work together and constantly improve and create the Chinese dream for everyone. A more harmonious and secure network environment. (Source: Level Protection Assessment WeChat Public Number)