Secret-related information system refers to an information system consisting of computers and related facilities and equipment, which stores, processes and transmits state secrets according to certain application purposes.
The hierarchical protection of classified information systems means that the construction and use units of classified information systems implement hierarchical protection of classified information systems in accordance with the measures for the management of classified protection and relevant standards, and the secrecy departments at all levels implement supervision and management according to the protection level of classified information systems to ensure the safety of systems and information.
The implementation process of classified information system protection includes eight links: system grading, scheme design, project implementation, system evaluation, system approval, daily management, evaluation and inspection, and system abolition, which is the whole process of classified information system security management.
The security risk assessment of classified information system, that is, the security monitoring assessment of classified information system, is based on national security standards. From the perspective of risk management, it uses scientific analysis methods and means to analyze the threats and loopholes faced by classified information systems, and puts forward targeted protective countermeasures and rectification measures to provide scientific basis for ensuring the security and confidentiality of classified information systems.
Handling methods of major changes in matters related to the use license of classified information systems:
1. Major changes in the matters involved in the license for the use of classified information systems are mainly cases that have a significant impact on the security of the entire classified information system.
For example, the whole system moves or extends to a new building, the system architecture or topological structure or the division of security domain changes, the network scale (wiring points and user terminals) increases or decreases by more than 30%, the access of special equipment or information systems, the interconnection with other information systems, and the adoption of virtualization technology or wireless technology.
2. If there is any major change, it shall be reported to the superior competent unit (if there is no superior competent unit, it shall be reported to the local secrecy administrative department) and the evaluation institution established or authorized by the state secrecy administrative department.
Conduct a system-wide reassessment or risk assessment immediately. After passing, it will continue to obtain the license for the use of information systems involving state secrets renewed by the state secrecy management department.