Security services

Safety inspection service


Security service item


It mainly includes regulatory and standard compliance inspection services, security baseline inspection services and network security inspection services (the same as risk assessment services).


Content description

For enterprise organizations with compliance requirements of laws and regulations, provide compliance testing services for standards and regulations such as hierarchical protection (network security, etc. / telecom network, etc.), ISO / IEC27001, PCI-DSS and secondary protection of industrial control system; Provide security baseline inspection service, reasonably adjust based on the existing security baseline of the enterprise, or conduct baseline inspection on physical environment, network communication, host system, application and data, security operation and maintenance management according to industry practical experience and standards; Provide enterprise safety status self-assessment services (the same as risk assessment services), safety self-examination or gap analysis, enterprise personnel safety awareness assessment and other safety inspection services.


Deliverables

《企業(yè)安全檢查報(bào)告》

Enterprise safety inspection report


Reference standard

《信息技(jì)術(shù) 安全技(jì)術(shù) 信息安全管理實施指南(nán)》(ISO/IEC 27002:2013)

Implementation Guide for information technology security management (ISO / IEC 27002:2013)

《信息技(jì)術(shù) 安全技(jì)術(shù) IT安全管理指南(nán)》(ISO/IEC 13335)

Information technology   Safety technology   It security management guide (ISO / IEC 13335)

《信息安全技(jì)術(shù) 信息系統安全等級保護基本要求》(GB/T 22239-2008)

Information security technology - basic requirements for security level protection of information systems (GB / T 22239-2008)

《信息安全技(jì)術(shù) 信息系統安全管理要求》(GB/T 20269-2006)

Information security technology - information system security management requirements (GB / T 20269-2006)

《信息安全技(jì)術(shù) 信息安全風險管理指南(nán)》(GB/Z 24364-2009)

Information security technology - Guidelines for information security risk management (GB / Z 24364-2009)

《信息安全技(jì)術(shù) 信息安全風險評估規範》(GB/T 20984-2007)

Information security technology - Code for information security risk assessment (GB / T 20984-2007)

《NIST-SP800-30 Guide for Conducting Risk Assessments風險評估指南(nán)》

Nist-sp800-30 guide for conducting risk assessments

《信息安全技(jì)術(shù) 信息安全事(shì)件(jiàn)管理指南(nán)》(GB/T 20985-2007)

Information security technology - Guidelines for information security incident management (GB / T 20985-2007)

 

 










Copyright © 2019 All Rights Reserved Designed
Hangzhou pldsec Network Technology Co