Security service item
Security reinforcement services mainly include enterprise security baseline design, database security rectification, website system security reinforcement and system level protection security rectification.
Content description
Security baseline design: Based on information security evaluation standards, combined with best practice experience, mainstream enterprise security standards and level protection requirements in the industry, and according to the actual business system situation of the enterprise, develop the software development security red line, network computing equipment security configuration baseline, system online standard and system rectification and reinforcement baseline.
Database security rectification: Based on the safety standard baseline and industry best practice, adjust the software configuration of the database, optimize the safety protection measures, reach a certain security level or put forward a safety reinforcement proposal.
Website security reinforcement: provide rectification for vulnerability repair, patch reinforcement, port service list sorting and other security policy optimization of the operating system host, web application system and database of portal level important websites and business systems.
Level protection safety rectification: conduct compliance safety inspection on the system with level protection, understand the compliance degree at the current stage, and provide level protection safety rectification services to meet the corresponding protection requirements; The cooperative qualification evaluation unit shall conduct evaluation and provide a one-year rectification and construction plan.
Output results
《系統信息安全整改方案》
System information security rectification plan
《主機(jī)安全配置基線》
Host security configuration baseline
《網絡安全配置基線》
Network security configuration baseline
《應用安全配置基線》
Application security configuration baseline
《軟件(jiàn)安全開(kāi)發基線》
Software security development baseline
《數據庫安全配置基線》
Database security configuration baseline
《數據庫/網站/系統安全加固報(bào)告》
Database / website / system security reinforcement Report
Reference standard
《信息技(jì)術(shù) 安全技(jì)術(shù) 信息安全管理實施指南(nán)》(ISO/IEC 27002:2013)
Implementation Guide for information technology security management (ISO / IEC 27002:2013)
《信息技(jì)術(shù) 安全技(jì)術(shù) IT安全管理指南(nán)》(ISO/IEC 13335)
Information technology Safety technology It security management guide (ISO / IEC 13335)
《信息安全技(jì)術(shù) 信息系統安全等級保護基本要求》(GB/T 22239-2008)
Information security technology - basic requirements for security level protection of information systems (GB / T 22239-2008)
《信息安全技(jì)術(shù) 信息系統安全管理要求》(GB/T 20269-2006)
Information security technology - information system security management requirements (GB / T 20269-2006)
《信息安全技(jì)術(shù) 信息系統安全通(tōng)用技(jì)術(shù)要求》(GB/T 20271-2006)
Information security technology - General technical requirements for information system security (GB / T 20271-2006)
《信息安全技(jì)術(shù) 信息安全風險管理指南(nán)》(GB/Z 24364-2009)
Information security technology - Guidelines for information security risk management (GB / Z 24364-2009)
《信息安全技(jì)術(shù) 信息安全風險評估規範》(GB/T 20984-2007)
Information security technology - Code for information security risk assessment (GB / T 20984-2007)
《信息安全技(jì)術(shù) 信息安全事(shì)件(jiàn)管理指南(nán)》(GB/T 20985-2007)
Information security technology - Guidelines for information security incident management (GB / T 20985-2007)
《信息安全技(jì)術(shù) 網絡基礎安全技(jì)術(shù)要求》(GB/T 20270-2006)
Information security technology - technical requirements for basic network security (GB / T 20270-2006)
《信息安全技(jì)術(shù) 信息系統物(wù)理安全技(jì)術(shù)要求》(GB/T 21052-2007)
Information security technology - technical requirements for physical security of information systems (GB / T 21052-2007)