Security service item

According to different target ranges, it is divided into database special risk assessment, business system risk assessment and comprehensive information security risk assessment.

Deliverables

《企業(yè)信息安全風(fēng)險評估報告》

Enterprise information security risk assessment report

《企業(yè)業(yè)務(wù)數(shù)據(jù)庫風(fēng)險評估報告》

Enterprise business database risk assessment report

Reference standard

《信息技術(shù) 安全技術(shù) 信息安全管理實(shí)施指南》（ISO/IEC 27002:2013） 

Implementation Guide for information technology security management (ISO / IEC 27002:2013)  

《信息安全技術(shù) 信息系統(tǒng)安全等級保護(hù)基本要求》（GB/T 22239-2008）

Information security technology - basic requirements for security level protection of information systems (GB / T 22239-2008)

《信息安全技術(shù) 信息安全風(fēng)險管理指南》（GB/Z 24364-2009） 

Information security technology - Guidelines for information security risk management (GB / Z 24364-2009)  

《信息安全技術(shù) 信息安全風(fēng)險評估規(guī)范》（GB/T 20984-2007） 

Information security technology - Code for information security risk assessment (GB / T 20984-2007)  

《信息安全技術(shù) 信息安全風(fēng)險評估實(shí)施指南》（GB/T 31509-2015） 

Information security technology - Guidelines for the implementation of information security risk assessment (GB / T 31509-2015)  

《NIST-SP800-30 Guide for Conducting Risk Assessments風(fēng)險評估指南》

Nist-sp800-30 guide for conducting risk assessments

《NIST-SP800-26 Security Self-Assessment Guide for Information Technology Systems》

《NIST-SP800-26 Security Self-Assessment Guide for Information Technology Systems》

（NIST-SP800 信息技術(shù)系統(tǒng)安全自我評估指南）

(nist-sp800 information technology system security Self Assessment Guide)

《信息安全技術(shù) 信息安全事件管理指南》（GB/T 20985-2007）

Information security technology - Guidelines for information security incident management (GB / T 20985-2007)