信息安全管理體系制度匯編(技術(shù)標(biāo))

上傳人：金*** IP屬地：湖南上傳時(shí)間：2024-10-15 格式：PDF 頁(yè)數(shù)：164 大小：1.27MB 積分：50 舉報(bào) 版權(quán)申訴

已閱讀5頁(yè)，還剩159頁(yè)未讀，繼續(xù)免費(fèi)閱讀

版權(quán)說明：本文檔由用戶提供并上傳，收益歸屬內(nèi)容提供方，若內(nèi)容存在侵權(quán)，請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

信息安全管理體系匯編

（第一版）

網(wǎng)絡(luò)運(yùn)營(yíng)中心監(jiān)制

2015年3月

信息安全工作指導(dǎo)方針...................................................................................................................I

信息安全工作流程圖......................................................................................................................II

信息安全工作示意圖.....................................................................................................................III

信息安全管理體系框架.................................................................................................................IV

信息安全工作總體方針..................................................................................................................1

第一章總則..................................................................................................................1

第二章總體安全方針...................................................................................................1

第三章總體安全目標(biāo)...................................................................................................1

第四章安全工作原則...................................................................................................1

第五章安全工作要求...................................................................................................2

第六章安全組織保障...................................................................................................3

第七章附則..................................................................................................................4

架構(gòu)與安全委員會(huì)章程..................................................................................................................5

第一章總則..................................................................................................................5

第二章組織結(jié)構(gòu)..........................................................................................................5

第三章架構(gòu)與安全委員會(huì)...........................................................................................6

第四章信息安全實(shí)施小組...........................................................................................7

第五章例會(huì)制度..........................................................................................................9

第六章附則................................................................................................................10

附件........................................................................................................................................11

附件1：架構(gòu)與安全委員會(huì)名單..................................................................................11

附件2：架構(gòu)與安全委員會(huì)例會(huì)紀(jì)要..........................................................................12

信息系統(tǒng)安全管理制度................................................................................................................13

第一章總則................................................................................................................13

第二章信息系統(tǒng)安全管理.........................................................................................13

第三章數(shù)據(jù)中心機(jī)房安全管理.................................................................................14

第四章網(wǎng)絡(luò)安全管理.................................................................................................14

第五章系統(tǒng)安全管理.................................................................................................15

第六章應(yīng)用安全管理.................................................................................................15

第七章數(shù)據(jù)安全管理.................................................................................................15

第八章信息系統(tǒng)建設(shè)安全管理.................................................................................15

第九章信息系統(tǒng)變更安全管理.................................................................................16

第十章信息系統(tǒng)運(yùn)維安全管理.................................................................................16

第十一章信息系統(tǒng)安全事件管理.................................................................................16

第十二章信息安全檢查與審計(jì)管理.............................................................................17

第十三章信息系統(tǒng)風(fēng)險(xiǎn)評(píng)估管理.................................................................................17

第十四章信息系統(tǒng)安全應(yīng)急預(yù)案.................................................................................17

第十五章業(yè)務(wù)連續(xù)性與災(zāi)難恢復(fù)管理.........................................................................17

第十六章信息系統(tǒng)安全值守巡檢規(guī)范.........................................................................18

第十七章附則................................................................................................................18

信息系統(tǒng)日常安全管理規(guī)范........................................................................................................19

第一章總則................................................................................................................19

網(wǎng)絡(luò)運(yùn)營(yíng)中心監(jiān)制

第二章信息系統(tǒng)日常管理.........................................................................................19

第三章人員安全管理.................................................................................................20

第四章第三方人員安全管理制度.............................................................................20

第五章信息資產(chǎn)安全管理制度.................................................................................20

第六章辦公設(shè)備安全管理制度.................................................................................20

第七章桌面終端安全管理.........................................................................................21

第八章介質(zhì)安全管理.................................................................................................21

第九章附則................................................................................................................21

數(shù)據(jù)中心機(jī)房管理制度................................................................................................................22

第一章總則................................................................................................................22

第二章機(jī)房出入管理.................................................................................................22

第三章機(jī)房操作管理.................................................................................................24

第四章機(jī)房設(shè)備管理.................................................................................................24

第五章附則................................................................................................................25

附件........................................................................................................................................26

附件1：機(jī)房人員、設(shè)備進(jìn)出申請(qǐng)表..........................................................................26

附件2：數(shù)據(jù)中心維護(hù)工作登記表..............................................................................27

網(wǎng)絡(luò)安全管理制度........................................................................................................................29

第一章總則............................................................................................................29

第二章管理職責(zé)........................................................................................................29

第三章網(wǎng)絡(luò)架構(gòu)安全.................................................................................................29

第四章網(wǎng)絡(luò)配置安全.................................................................................................30

第五章網(wǎng)絡(luò)運(yùn)維安全.................................................................................................31

第六章附則............................................................................................................34

系統(tǒng)安全管理制度........................................................................................................................35

第一章總則............................................................................................................35

第二章管理職責(zé)........................................................................................................35

第三章系統(tǒng)配置安全.................................................................................................35

第四章系統(tǒng)運(yùn)維安全.................................................................................................36

第五章附則............................................................................................................37

應(yīng)用安全管理制度........................................................................................................................38

第一章總則............................................................................................................38

第二章身份鑒別........................................................................................................38

第三章WEB頁(yè)面安全.................................................................................................39

第四章訪問控制........................................................................................................39

第五章安全審計(jì)........................................................................................................39

第六章過期信息、文檔處理.....................................................................................40

第七章資源控制........................................................................................................40

第八章應(yīng)用容錯(cuò)........................................................................................................40

第九章報(bào)文完整性....................................................................................................41

第十章報(bào)文保密性....................................................................................................41

第十一章抗抵賴............................................................................................................41

第十二章編碼安全........................................................................................................41

第十三章電子認(rèn)證應(yīng)用.................................................................................................41

網(wǎng)絡(luò)運(yùn)營(yíng)中心監(jiān)制

第十四章附則............................................................................................................42

數(shù)據(jù)安全管理制度........................................................................................................................43

第一章總則................................................................................................................43

第二章數(shù)據(jù)分級(jí)........................................................................................................43

第三章數(shù)據(jù)傳輸安全.................................................................................................44

第四章數(shù)據(jù)存儲(chǔ)安全.................................................................................................44

第五章數(shù)據(jù)變更安全.................................................................................................45

第六章數(shù)據(jù)訪問安全.................................................................................................46

第七章數(shù)據(jù)備份安全.................................................................................................46

第八章數(shù)據(jù)恢復(fù)安全.................................................................................................47

第九章數(shù)據(jù)銷毀安全.................................................................................................48

第十章密碼和密鑰安全.............................................................................................48

第十一章附則................................................................................................................50

附件........................................................................................................................................51

附件1：備份記錄.........................................................................................................51

附件2：備份計(jì)劃表.....................................................................................................52

附件3：備份數(shù)據(jù)可用性測(cè)試申請(qǐng)表..........................................................................53

附件4：備份數(shù)據(jù)可用性測(cè)試記錄..............................................................................54

附件5：數(shù)據(jù)恢復(fù)申請(qǐng)表..............................................................................................55

業(yè)務(wù)系統(tǒng)建設(shè)安全管理制度........................................................................................................56

第一章總則............................................................................................................56

第二章總體安全要求.................................................................................................56

第三章業(yè)務(wù)系統(tǒng)研發(fā)、測(cè)試.....................................................................................56

第四章業(yè)務(wù)系統(tǒng)上線.................................................................................................57

第五章附則............................................................................................................58

附件........................................................................................................................................59

附件1：新業(yè)務(wù)上線申請(qǐng)表..........................................................................................59

信息系統(tǒng)變更安全管理制度........................................................................................................60

第一章總則............................................................................................................60

第二章變更分類........................................................................................................60

第三章變更管理流程.................................................................................................60

第四章附則............................................................................................................63

附件........................................................................................................................................64

附件1：變更申請(qǐng)表.....................................................................................................64

附件2：變更記錄表.....................................................................................................65

信息系統(tǒng)運(yùn)維安全管理制度........................................................................................................66

第一章總則............................................................................................................66

第二章日常巡檢........................................................................................................66

第三章信息系統(tǒng)運(yùn)維賬號(hào)管理.................................................................................67

第四章安全監(jiān)控與入侵防范管理.............................................................................69

第五章惡意代碼防范.................................................................................................69

第六章附則............................................................................................................70

附件........................................................................................................................................71

附件1：信息系統(tǒng)運(yùn)維賬號(hào)申請(qǐng)表..............................................................................71

網(wǎng)絡(luò)運(yùn)營(yíng)中心監(jiān)制

信息系統(tǒng)安全事件管理制度........................................................................................................72

第一章總則............................................................................................................72

第二章安全事件定義.................................................................................................72

第三章安全事件分級(jí).................................................................................................76

第四章安全事件處理.................................................................................................78

第五章附則............................................................................................................79

附件........................................................................................................................................80

附件1：故障記錄登記表..............................................................................................80

附件2：故障記錄匯總審批表......................................................................................81

信息安全檢查與審計(jì)管理制度....................................................................................................82

第一章總則............................................................................................................82

第二章安全檢查與審計(jì)內(nèi)容.....................................................................................82

第三章全面安全檢查與審計(jì)流程.............................................................................84

第四章附則............................................................................................................86

突發(fā)業(yè)務(wù)高可用性管理制度........................................................................................................87

第一章總則................................................................................................................87

第二章管理職責(zé)........................................................................................................87

第三章技術(shù)保障........................................................................................................87

第四章突發(fā)業(yè)務(wù)高可用性管理.................................................................................88

第五章附則................................................................................................................90

附件........................................................................................................................................92

附件1：突發(fā)業(yè)務(wù)高可用性影響分析報(bào)告..................................................................92

附件2：突發(fā)業(yè)務(wù)高可用性實(shí)施計(jì)劃..........................................................................93

附件3：突發(fā)業(yè)務(wù)高可用性實(shí)施計(jì)劃測(cè)試報(bào)告..........................................................94

附件4：突發(fā)業(yè)務(wù)高可用性實(shí)施計(jì)劃評(píng)審報(bào)告.............Error!Bookmarknotdefined.

信息系統(tǒng)安全應(yīng)急預(yù)案................................................................................................................95

第一章總則............................................................................................................95

第二章組織和職責(zé)....................................................................................................95

第三章事件分類........................................................................................................95

第四章機(jī)房故障應(yīng)急預(yù)案.........................................................................................96

第五章業(yè)務(wù)系統(tǒng)故障應(yīng)急預(yù)案.................................................................................97

第六章應(yīng)急處理保障.................................................................................................98

第七章應(yīng)急處理培訓(xùn)及演練.....................................................................................98

第八章附則............................................................................................................98

信息系統(tǒng)風(fēng)險(xiǎn)評(píng)估管理規(guī)范........................................................................................................99

第一章總則................................................................................................................99

第二章風(fēng)險(xiǎn)的概念....................................................................................................99

第三章風(fēng)險(xiǎn)評(píng)估職責(zé)..............................................................................................100

第四章風(fēng)險(xiǎn)評(píng)估過程..............................................................................................100

第五章附則..............................................................................................................103

信息系統(tǒng)安全值守巡檢規(guī)范......................................................................................................104

第一章總則..........................................................................................................104

第二章組織和職責(zé)..................................................................................................104

第三章機(jī)房安全值守..............................................................................................104

網(wǎng)絡(luò)運(yùn)營(yíng)中心監(jiān)制

第四章辦公室安全值守...........................................................................................105

第五章附則..........................................................................................................106

人員安全管理制度......................................................................................................................107

第一章總則..........................................................................................................107

第二章人員錄用......................................................................................................107

第三章人員調(diào)/離崗................................................................................................108

第四章信息安全意識(shí)教育.......................................................................................108

第五章人員考核......................................................................................................108

第六章附則..........................................................................................................109

附件......................................................................................................................................110

附件1：保密協(xié)議書...................................................................................................110

附件2：培訓(xùn)記錄單...................................................................................................115

第三方人員安全管理制度..........................................................................................................116

第一章總則..............................................................................................................116

第二章第三方人員安全管理...................................................................................116

第三章第三方人員安全操作...................................................................................116

第四章附則..............................................................................................................117

附件......................................................................................................................................118

附件1：第三方人員訪問申請(qǐng)流程............................................................................118

附件2：第三方人員入網(wǎng)申請(qǐng)表................................................................................119

信息資產(chǎn)安全管理制度..............................................................................................................120

第一章總則..........................................................................................................120

第二章信息資產(chǎn)分類..............................................................................................120

第三章信息資產(chǎn)分級(jí)..............................................................................................120

第四章信息資產(chǎn)管理..............................................................................................121

第五章信息資產(chǎn)盤點(diǎn)..............................................................................................122

第六章附則..........................................................................................................122

附件......................................................................................................................................123

附件1：信息資產(chǎn)保密性賦值定義............................................................................123

附件2：信息資產(chǎn)完整性賦值定義............................................................................124

附件3：信息資產(chǎn)可用性賦值定義............................................................................125

附件4：信息資產(chǎn)清單...............................................................................................126

辦公設(shè)備安全管理制度..............................................................................................................127

第一章總則..............................................................................................................127

第二章管理職責(zé)......................................................................................................127

第三章設(shè)備申請(qǐng)采購(gòu)管理.......................................................................................127

第四章設(shè)備使用維護(hù)管理.......................................................................................128

第五章設(shè)備維修報(bào)廢管理.......................................................................................131

第六章附則...........

人人文庫(kù)> 全部分類> 應(yīng)用文書 > 項(xiàng)目管理

溫馨提示

1. 本站所有資源如無特殊說明，都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
2. 本站的文檔不包含任何第三方提供的附件圖紙等，如果需要附件，請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
3. 本站RAR壓縮包中若帶圖紙，網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽，若沒有圖紙預(yù)覽就沒有圖紙。
4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間，僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理，對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯，并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容，請(qǐng)與我們聯(lián)系，我們立即糾正。
7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

信息安全管理體系制度匯編(技術(shù)標(biāo))

文檔簡(jiǎn)介

溫馨提示

最新文檔

評(píng)論

信息安全管理體系制度匯編(技術(shù)標(biāo))

文檔簡(jiǎn)介

溫馨提示

最新文檔

評(píng)論

相關(guān)文檔