location:Index > ISO > Basic content of Evaluation

Basic content of Evaluation

Source:YueFei Business consulting     Date:2022/1/6 11:28:03   |    Share    Collection   
To test and evaluate the security level protection status of information system,


It should include two aspects:


One is security control evaluation, mainly evaluates the information security level protection requirements of the basic security control in the information system implementation configuration;


The second is the overall evaluation of the system, which mainly evaluates and analyzes the overall security of the information system. Among them, security control assessment is the basis of the overall security assessment of information system.


The description of safety control evaluation shall be organized by evaluation unit. The evaluation unit is divided into two categories: safety technology evaluation and safety management evaluation.


Security technology assessment: including physical security, network security, host system security, application security and data security and other five levels of security control assessment.


Safety management evaluation: including safety management organization, safety management system, personnel safety management, system construction management and system operation and maintenance management and other five aspects of safety control evaluation.

 

【Related reading】:

Editor in charge:Shanghai Yue Fei Enterprise Management Consulting Co., Ltd.
Copyright:http://www.yf-iso.com/ Please indicate the source of the reprint

Tel:021-62201932   Phone:18916381081   
Add:Room 201, Ming Hui building, 442 Hami Road, Changning District, Shanghai

Shanghai Yue Fei Enterprise Management Consulting Co., Ltd. all rights reserved.  © All rights reserved.
yf-iso.com ICP:10202224