1
/
/
12
PayPal, credit cards. Download editable-PDF & invoice in 1 second!
YD/T 1730-2008 English PDF (YDT1730-2008)
YD/T 1730-2008 English PDF (YDT1730-2008)
Normaalihinta
$310.00 USD
Normaalihinta
Alennushinta
$310.00 USD
Yksikköhinta
/
kohti
Toimituskulut lasketaan kassalla.
Noudon saatavuutta ei voitu ladata
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click YD/T 1730-2008
Historical versions: YD/T 1730-2008
Preview True-PDF (Reload/Scroll if blank)
YD/T 1730-2008: Implementation Guide for Security Risk Assessment of Telecom Network and Internet
YD/T 1730-2008
COMMUNICATION INDUSTRY STANDARD
OF THEPEOPLE’S REPUBLIC OF CHINA
Implementation guide for security risk assessment of
telecom network and internet
ISSUED ON. JANUARY 14, 2008
IMPLEMENTED ON. JANUARY 14, 2008
Issued by. Ministry of Information Industry of PRC
Table of Contents
Foreword... 3
1 Scope... 6
2 Normative references... 6
3 Terms and definitions... 7
4 Risk assessment framework and process... 10
4.1 Relationship of risk factors... 10
4.2 Implementation process... 12
4.3 Form of work... 12
4.4 Principles to follow... 13
5 Implementation of risk assessment... 14
5.1 Preparation for risk assessment... 14
5.2 Asset identification... 16
5.3 Threat identification... 19
5.4 Vulnerability identification... 21
5.5 Relationship of threat exploitability vulnerabilities... 24
5.6 Confirmation of existing security measures... 25
5.7 Risk analysis... 25
5.8 Risk assessment documents... 28
6 Different requirements for risk assessment in the life cycle of system of telecom
network and internet... 30
6.1 Overview of the life cycle of system of telecom network and internet... 30
6.2 Risk assessment of startup stage... 31
6.3 Risk assessment of design stage... 32
6.4 Risk assessment of implementation stage... 33
6.5 Risk assessment of operation and maintenance stage... 34
6.6 Risk assessment of discarding stage... 35
Appendix A (Normative) Calculation method of asset value... 36
Appendix B (Normative) Calculation method of risk value... 38
References... 40
Implementation guide for security risk assessment of
telecom network and internet
1 Scope
This standard specifies the elements of risk assessment for telecom network and internet
security, the relationship between the elements, the implementation process, the form
of work, the principles to be followed, the different requirements and implementation
points at different stages of the life cycle of telecom network and internet.
This standard applies to the risk assessment work of the telecom networks and the
internet.
This standard can be used as an overall guidance document for the security risk
assessment of telecom network and internet. For the security risk assessment of specific
networks, please refer to the security protection requirements and security protection
testing requirements of specific networks.
2 Normative references
The provisions in following documents become the provisions of this Standard through
reference in this Standard. For the dated references, the subsequent amendments
(excluding corrections) or revisions do not apply to this Standard; however, parties who
reach an agreement based on this Standard are encouraged to study if the latest versions
of these documents are applicable. For undated references, the latest edition of the
referenced document applies.
GB/T 5271.8-2001 Information technology - Vocabulary - Part 8.Security
GB/T 9361-2000 Security requirements for computer field
GB/T 19716-2005 Information technology - Code of practice for information
security management
YD/T 754-95 General rules for electrostatic protection of communication rooms
YD/T 5026-2005 Installation and design standard for cabling duct in the room of
telecommunication
YD 5002-94 Design standard for fire protection of posts and communications building
YD 5098-2005 Specifications of engineering design for lightning protection and
4.4.5 Confidentiality principle
The assessor shall sign relevant non-disclosure agreements and non-invasive
agreements with the assessed network and service operators, so as to protect the
interests of the assessed party.
5 Implementation of risk assessment
5.1 Preparation for risk assessment
The preparation of the risk assessment is the guarantee of the effectiveness of the whole
risk assessment process. Implementing a risk assessment is a strategic consideration;
the results will be affected by the organization's business strategy, business processes,
security requirements, system size, structure, etc. Therefore, before the implementation
of a risk assessment, the following preparations shall be made.
a) Obtain support and cooperation;
b) Determine the objectives of the risk assessment;
c) Determine the content of the risk assessment;
d) Form a risk assessment team;
e) Conduct research on the assessed subject;
f) Determine the assessment basis and method.
5.1.1 Get support and cooperation
The self-assessment shall be approved by the managing-personnel who are responsible
for the relevant work of the organization. The tasks of the relevant management and
technical personnel in the risk assessment work shall be clarified. For the inspection
assessment, the network and service operators under assessment have the responsibility
and obligation to support and cooperate, so as to ensure the smooth progress of the
inspection assessment.
5.1.2 Determine objectives
The preparation stage of risk assessment shall clarify the objectives of risk assessment,
and provide guidance for the process of risk assessment.
The goal of risk assessment for system of telecom network and internet is to identify
the technical and management vulnerabilities, threats faced, possible risks of system of
telecom network and internet; be clear with the objective risks; propose and implement
appropriate security protection measures in a targeted manner; thereby reducing the
occurrence of security events; meeting the security requirements of the sustainable
development of the organization's business; maintaining and improving the
organization's competitive advantage, profitability and corporate image; meeting the
requirements of the country and industry for system of telecom network and internet.
5.1.3 Determine the content
Determining the risk assessment content, based on the risk assessment objective, is the
premise of completing the risk assessment. The content of the security risk assessment
of the system of telecom network and internet can be all the assets and management
institutions in the entire system of telecom network and internet, OR it can be the
independent assets and related departments of a certain part of the system of telecom
network and internet. The content of risk assessment includes management security
risks and technical security risks. The risk assessment content of management security
includes security management organization, security management system, personnel
security management, system building management, system operation and maintenance
management, etc. The risk assessment content of technical security includes
business/application security, network security, equipment security, physical
environment security, etc.
5.1.4 Form a team
Appropriate risk assessment management and implementation teams shall be formed to
support the advancement of the entire risk assessment process. The risk assessment
team for self-assessment can be formed by the relevant business key-personnel,
technical personnel and management personnel of the development, maintenance and
management of the network and service operators. The risk assessment team for
inspection assessment may consist of a competent authority and assessment agency.
The assessment team shall be able to ensure that the risk assessment work is carried out
effectively.
5.1.5 Research the assessed object
The risk assessment team shall conduct sufficient research on the assessment objects,
...
Get QUOTATION in 1-minute: Click YD/T 1730-2008
Historical versions: YD/T 1730-2008
Preview True-PDF (Reload/Scroll if blank)
YD/T 1730-2008: Implementation Guide for Security Risk Assessment of Telecom Network and Internet
YD/T 1730-2008
COMMUNICATION INDUSTRY STANDARD
OF THEPEOPLE’S REPUBLIC OF CHINA
Implementation guide for security risk assessment of
telecom network and internet
ISSUED ON. JANUARY 14, 2008
IMPLEMENTED ON. JANUARY 14, 2008
Issued by. Ministry of Information Industry of PRC
Table of Contents
Foreword... 3
1 Scope... 6
2 Normative references... 6
3 Terms and definitions... 7
4 Risk assessment framework and process... 10
4.1 Relationship of risk factors... 10
4.2 Implementation process... 12
4.3 Form of work... 12
4.4 Principles to follow... 13
5 Implementation of risk assessment... 14
5.1 Preparation for risk assessment... 14
5.2 Asset identification... 16
5.3 Threat identification... 19
5.4 Vulnerability identification... 21
5.5 Relationship of threat exploitability vulnerabilities... 24
5.6 Confirmation of existing security measures... 25
5.7 Risk analysis... 25
5.8 Risk assessment documents... 28
6 Different requirements for risk assessment in the life cycle of system of telecom
network and internet... 30
6.1 Overview of the life cycle of system of telecom network and internet... 30
6.2 Risk assessment of startup stage... 31
6.3 Risk assessment of design stage... 32
6.4 Risk assessment of implementation stage... 33
6.5 Risk assessment of operation and maintenance stage... 34
6.6 Risk assessment of discarding stage... 35
Appendix A (Normative) Calculation method of asset value... 36
Appendix B (Normative) Calculation method of risk value... 38
References... 40
Implementation guide for security risk assessment of
telecom network and internet
1 Scope
This standard specifies the elements of risk assessment for telecom network and internet
security, the relationship between the elements, the implementation process, the form
of work, the principles to be followed, the different requirements and implementation
points at different stages of the life cycle of telecom network and internet.
This standard applies to the risk assessment work of the telecom networks and the
internet.
This standard can be used as an overall guidance document for the security risk
assessment of telecom network and internet. For the security risk assessment of specific
networks, please refer to the security protection requirements and security protection
testing requirements of specific networks.
2 Normative references
The provisions in following documents become the provisions of this Standard through
reference in this Standard. For the dated references, the subsequent amendments
(excluding corrections) or revisions do not apply to this Standard; however, parties who
reach an agreement based on this Standard are encouraged to study if the latest versions
of these documents are applicable. For undated references, the latest edition of the
referenced document applies.
GB/T 5271.8-2001 Information technology - Vocabulary - Part 8.Security
GB/T 9361-2000 Security requirements for computer field
GB/T 19716-2005 Information technology - Code of practice for information
security management
YD/T 754-95 General rules for electrostatic protection of communication rooms
YD/T 5026-2005 Installation and design standard for cabling duct in the room of
telecommunication
YD 5002-94 Design standard for fire protection of posts and communications building
YD 5098-2005 Specifications of engineering design for lightning protection and
4.4.5 Confidentiality principle
The assessor shall sign relevant non-disclosure agreements and non-invasive
agreements with the assessed network and service operators, so as to protect the
interests of the assessed party.
5 Implementation of risk assessment
5.1 Preparation for risk assessment
The preparation of the risk assessment is the guarantee of the effectiveness of the whole
risk assessment process. Implementing a risk assessment is a strategic consideration;
the results will be affected by the organization's business strategy, business processes,
security requirements, system size, structure, etc. Therefore, before the implementation
of a risk assessment, the following preparations shall be made.
a) Obtain support and cooperation;
b) Determine the objectives of the risk assessment;
c) Determine the content of the risk assessment;
d) Form a risk assessment team;
e) Conduct research on the assessed subject;
f) Determine the assessment basis and method.
5.1.1 Get support and cooperation
The self-assessment shall be approved by the managing-personnel who are responsible
for the relevant work of the organization. The tasks of the relevant management and
technical personnel in the risk assessment work shall be clarified. For the inspection
assessment, the network and service operators under assessment have the responsibility
and obligation to support and cooperate, so as to ensure the smooth progress of the
inspection assessment.
5.1.2 Determine objectives
The preparation stage of risk assessment shall clarify the objectives of risk assessment,
and provide guidance for the process of risk assessment.
The goal of risk assessment for system of telecom network and internet is to identify
the technical and management vulnerabilities, threats faced, possible risks of system of
telecom network and internet; be clear with the objective risks; propose and implement
appropriate security protection measures in a targeted manner; thereby reducing the
occurrence of security events; meeting the security requirements of the sustainable
development of the organization's business; maintaining and improving the
organization's competitive advantage, profitability and corporate image; meeting the
requirements of the country and industry for system of telecom network and internet.
5.1.3 Determine the content
Determining the risk assessment content, based on the risk assessment objective, is the
premise of completing the risk assessment. The content of the security risk assessment
of the system of telecom network and internet can be all the assets and management
institutions in the entire system of telecom network and internet, OR it can be the
independent assets and related departments of a certain part of the system of telecom
network and internet. The content of risk assessment includes management security
risks and technical security risks. The risk assessment content of management security
includes security management organization, security management system, personnel
security management, system building management, system operation and maintenance
management, etc. The risk assessment content of technical security includes
business/application security, network security, equipment security, physical
environment security, etc.
5.1.4 Form a team
Appropriate risk assessment management and implementation teams shall be formed to
support the advancement of the entire risk assessment process. The risk assessment
team for self-assessment can be formed by the relevant business key-personnel,
technical personnel and management personnel of the development, maintenance and
management of the network and service operators. The risk assessment team for
inspection assessment may consist of a competent authority and assessment agency.
The assessment team shall be able to ensure that the risk assessment work is carried out
effectively.
5.1.5 Research the assessed object
The risk assessment team shall conduct sufficient research on the assessment objects,
...
Share
