DB2101/T 0080-2023 企业商业秘密信息化安全防护规范

ICS03.100.01

CCSA01

沈阳市地方标准

DB2101/T0080—2023

企业商业秘密信息化安全防护规范

SpecificationforInformationSecurityProtectionofEnterpriseTradeSecrets

2023-08-28发布2023-09-28实施

沈阳市市场监督管理局发布

DB2101/T0080—2023

目次

前言.............................................................................................................................................................................II

1范围...........................................................................................................................................................................1

2规范性引用文件......................................................................................................................................................1

3术语和定义..............................................................................................................................................................1

4机构与职责..............................................................................................................................................................2

4.1安全防护管理机构..........................................................................................................................................2

4.2信息安全保密管理人员..................................................................................................................................3

5策略与制度..............................................................................................................................................................4

6技术要求..................................................................................................................................................................4

6.1物理环境安全..................................................................................................................................................4

6.2网络及边界安全..............................................................................................................................................5

6.3主机、应用、数据安全..................................................................................................................................6

7建设管理..................................................................................................................................................................8

7.1安全方案设计..................................................................................................................................................8

7.2产品或服务的选择..........................................................................................................................................8

7.3软件开发..........................................................................................................................................................8

7.4工程实施..........................................................................................................................................................8

7.5系统交付与验收..............................................................................................................................................8

8运维管理..................................................................................................................................................................9

8.1环境管理..........................................................................................................................................................9

8.2资产管理..........................................................................................................................................................9

8.3存储载体管理..................................................................................................................................................9

8.4维护管理..........................................................................................................................................................9

8.5漏洞与隐患管理..............................................................................................................................................9

8.6升级管理........................................................................................................................................................10

8.7配置管理........................................................................................................................................................10

8.8变更管理........................................................................................................................................................10

8.9备份与恢复管理............................................................................................................................................10

8.10外包运维管理..............................................................................................................................................10

9风险监测与评估....................................................................................................................................................10

9.1风险监测........................................................................................................................................................10

9.2风险评估........................................................................................................................................................10

10安全事件处置与应急管理..................................................................................................................................10

10.1安全事件处置...................