1, level protection
The full name of classified protection is classified protection of information security, which refers to classified security protection of state secret information, proprietary information of legal persons, other organizations and citizens, public information and information systems that store, transmit and process these information, classified management of information security products used in information systems, and classified response and disposal of information security incidents in information systems. Grade protection adheres to the principle of independent grading and independent protection.
Classified protection is divided into five levels (from low to high): level 1 (independent protection level), level 2 (guiding protection level), level 3 (supervision protection level), level 4 (compulsory protection level) and level 5 (special control protection level).
2. Classified protection
The full name of level protection is the level protection of classified information systems, which means that the construction and use units of classified information systems implement level protection on classified information systems according to the Measures for the Administration of Level Protection and related standards, and the security departments at all levels implement supervision and management according to the protection level of classified information systems to ensure the system and information security.
Grade protection is divided into three levels: secret level, secret level and top secret level (from low to high).
Special attention should be paid to: there is a corresponding relationship between the level of hierarchical protection and the level of hierarchical protection;
Second, the different applicable objects of hierarchical protection and hierarchical protection
The essential difference between grade protection and grade protection lies in their different applicable objects:
(1) Level protection is a legal system to implement information security management. The key protection objects are important information systems and communication basic information systems that are not classified and involve the national economy and people's livelihood.
② Level protection is an important part of national information security level protection, and it is the concrete embodiment of level protection in the field of classified information.
Three, different departments and departments in charge of the level of protection and classification protection.
1, level protection
Grade protection is initiated by the State Secrecy Bureau, and its competent units and corresponding management responsibilities are as follows:
① State Secrecy Bureau and local secrecy bureaus at all levels: supervision, inspection and guidance;
② Central and state organs (departments): responsible and guiding;
③ Construction users: specific implementation.
2. Grade protection
Grade protection is initiated by the public security department, and its competent units and corresponding management responsibilities are as follows:
(1) Public security organs: the competent department of level protection, responsible for the supervision, inspection and guidance of information security level protection;
(2) National secrecy department and national password management department: responsible for the supervision, inspection and guidance of secrecy and password work in the level protection work;
(3) The State Information Office and the office of the local informatization leading group: responsible for the coordination among the grade protection departments, and the supervision and management of the grade protection involving the state secret information system shall be the responsibility of the state secret department.
Four, the different policy basis of hierarchical protection and hierarchical protection
1, policy basis for grade protection
Regulations on Security Protection of Computer Information System in People's Republic of China (PRC) (the State Council DecreeNo. 147 andNo. 1994);
Opinions of the National Leading Group for Strengthening Information Security (No.27 [2003] of our Office);
Opinions on the Implementation of Information Security Level Protection (Gong Tong Zi [2004] No.66);
Management Measures for Information Security Level Protection (G.T.Z. [2007] No.43);
Notice on Carrying out the Classification Work of National Important Information System Security Level Protection (Gong Xin 'an [2007] No.861);
Notice on Strengthening Information Security Risk Assessment of National E-government Construction Projects (No.[2008]207 1 of Development and Reform High Technology).
2, classified protection policy basis
Opinions on Strengthening the Management of Information Security (No.7 [2004] of China Insurance Regulatory Commission);
Measures for the Administration of Hierarchical Protection of Information Systems Involving State Secrets (Bao Guofa [2005] 16).
Five, the work content and evaluation frequency of grade protection and classification protection are different.
Grade protection includes five links: system classification, system filing, safety construction rectification, grade evaluation and supervision and inspection.
Grade protection includes eight links: system classification, scheme design, project implementation, system evaluation, system approval, daily management, evaluation and inspection, and system abolition.
Evaluation frequency of different levels of protection:
(1) secondary information system: grade evaluation shall be conducted at least once every two years;
② Three-level information system: grade evaluation shall be conducted at least once a year;
③ Four-level information system: grade evaluation shall be conducted at least once every six months.
Level 1 information systems do not need to be evaluated. The fifth-level information system is generally applicable to extremely important systems in important national fields and departments, and has special requirements of special industries, which are not within the scope of evaluation by evaluation agencies.
The qualification of the rating protection assessment institution is awarded by the Office of the National Information Security Rating Protection Coordination Group.
Evaluation frequency of different levels of protection:
(1) Confidential and confidential information system: conduct safety assessment or safety inspection at least once every two years;
② Top secret information system: conduct safety assessment or safety inspection at least once a year.
The qualification of the rating protection assessment institution shall be awarded by the state secrecy department.