English
Chinese English
One-stop MLPS expert
POWERTIME
1、What is Classified protection?

Cybersecurity classified protection refers to carrying out multilevel protection and supervision over network system (including information systems, data, applications, services), and implementing level-to-level administration for the network security products used in network, and responding to and resolving network security events and incidents.


Cybersecurity classified protection refers to carrying out multilevel protection and supervision over network system (including information systems, data, applications, services), and implementing level-to-level administration for the network security products used in network, and responding to and resolving network security events and incidents.


2、Why we do classified protection in education industry?

Required by regulatory authorities, driven by laws

Cybersecurity Law of the People's Republic of China stipulates that classified protection is the basic system for information security. Article 21 puts forward that the state implements cybersecurity classified protection system. Network operators shall, in accordance with the classified protection system requirements, protect network from being interrupted, damaged or accessed without authorization, and guard network data against being leaked, stolen or tampered with.

Notice on Comprehensively Strengthening Information Security Classified Protection in Education Industry No.2, Ministry of Education and Ministry of Public Security) stipulates that all organizations of education industry is the main liable body for information security practices, and shall be responsible for itself classified protection practices according to the principle of "self-grading, self-protection"

Opinion on Regulating Extramural Online Training aims to complete registration investigation of national extramural online training organization before Dec. 2019, to implement CCPS (Cybersecurity Classified Protection System), carry out cybersecurity early-warning system and user information protection system, and develop perfect technical measures for security protection, authenticate real identity information of training object with the permission of training object and his/her custodians, protect training object information and data from being leaked, sold, or provided to other parties illegally. The user's behavior log shall be retained over one year.

Required by regulatory authorities, driven by laws

Cybersecurity Law of the People's Republic of China stipulates that classified protection is the basic system for information security. Article 21 puts forward that the state implements cybersecurity classified protection system. Network operators shall, in accordance with the classified protection system requirements, protect network from being interrupted, damaged or accessed without authorization, and guard network data against being leaked, stolen or tampered with.

Notice on Comprehensively Strengthening Information Security Classified Protection in Education Industry No.2, Ministry of Education and Ministry of Public Security) stipulates that all organizations of education industry is the main liable body for information security practices, and shall be responsible for itself classified protection practices according to the principle of "self-grading, self-protection"

Opinion on Regulating Extramural Online Training aims to complete registration investigation of national extramural online training organization before Dec. 2019, to implement CCPS (Cybersecurity Classified Protection System), carry out cybersecurity early-warning system and user information protection system, and develop perfect technical measures for security protection, authenticate real identity information of training object with the permission of training object and his/her custodians, protect training object information and data from being leaked, sold, or provided to other parties illegally. The user's behavior log shall be retained over one year.

More:

No classified protection is illegal

Cybersecurity classified protection system is an important system in network security field of our country. It is illegal not to carry out classified protection.

  • 55%

    Order rectification:

    Main punishment measure is to order rectification. Of the 60 cases we settled, 33 cases are ordered for rectification.

  • 24%

    Penalty:

    Penalties for organization range from 10,000 to 500,000, and two "maximum fines" of 500,000 and one" heavy penalty ", respectively, are imposed on several technology companies that fail to manage users' release of information as required.

  • 17%

    Interview

    For those having great security risks, but not 

Business requirement, security incident

Strengthening cybersecurity protection of education industry is an important work for developing education informationization. Educational websites and APP store a large amount of students, parents and teachers' information, which, once being leaked, may cause great damage to enterprise itself and educational users. Therefore, education enterprises should carry out the classified protection, discover hidden danger and deficiency in system in time, and improve system's security protection ability through security rectification, and reduce the risk of being attacked.


Strengthening cybersecurity protection of education industry is an important work for developing education informationization. Educational websites and APP store a large amount of students, parents and teachers' information, which, once being leaked, may cause great damage to enterprise itself and educational users. Therefore, education enterprises should carry out the classified protection, discover hidden danger and deficiency in system in time, and improve system's security protection ability through security rectification, and reduce the risk of being attacked.


3、Powertime classified protection service
Help educational enterprises to go through classified protection evaluation quickly.
Work content of insurance
Prepare materialExpert reviewDoc. FillingGap analysisSecurity        improvementLevel evaluationEvaluation report
lassification report, Doc. Filing paper, registration information table of information security department and technical department organization structure, relevant document original copy and scanning copyOrganize level review meeting based on information system grading, and demonstraterationality ofinformation system grading .District cybersecurity group accepts and review filling materials, and issue information system filling certificate.Carry out classified protection according to evaluation requirement, and put forward gap analysis report and improvement opinion,Based on improvement opinion and actual situation of enterprise itself, improve information system.Carry out evaluation according to the requirementprepare level evaluation report, and submit the report to cybersecurity unit
10-15  working days1 working day15  working days40  working daysTBD10-20  working days10  working days
Prepare materialExpert reviewDoc. FillingGap analysisSecurity        improvementLevel evaluationEvaluation report
lassification report, Doc. Filing paper, registration information table of information security department and technical department organization structure, relevant document original copy and scanning copyOrganize level review meeting based on information system grading, and demonstraterationality ofinformation system grading .District cybersecurity group accepts and review filling materials, and issue information system filling certificate.Carry out classified protection according to evaluation requirement, and put forward gap analysis report and improvement opinion,Based on improvement opinion and actual situation of enterprise itself, improve information system.Carry out evaluation according to the requirementprepare level evaluation report, and submit the report to cybersecurity unit
10-15  working days1 working day15  working days40  working daysTBD10-20  working days10  working days

Grading and Doc. Filling of education industry

Due to various competent department of information system, information system is categorized into two: information system of administrative department for education and units directly subordinated to it, and school information system.

How to grade information system of administrative department

Information system of  administrative department is graded on the basis of its damage degree when security incidents occurred from the perspective of administration level, deployment mode and business type.

How to grade school information system 

Information system of  school is graded on the basis of its damage degree when security incidents occurred from the perspective of school size, social influence and business type.

How to grade the information system of extramural training organization

Information system of extramural training organization is graded when security incidents occurred from the perspective of school size, social influence and business type

Grading and Doc. Filling of education industry

Due to various competent department of information system, information system is categorized into two: information system of administrative department for education and units directly subordinated to it, and school information system.

How to grade information system of administrative department

Information system of  administrative department is graded on the basis of its damage degree when security incidents occurred from the perspective of administration level, deployment mode and business type.

How to grade school information system 

Information system of  school is graded on the basis of its damage degree when security incidents occurred from the perspective of school size, social influence and business type.

How to grade the information system of extramural training organization

Information system of extramural training organization is graded when security incidents occurred from the perspective of school size, social influence and business type

Opinions on the grading of information system of extramural training organization

Online education platform is on top priority, it is advised to be graded as Level III according to its damage degree to citizens, legal person, other organizations, social order, public interests, national security when security incidents occurred from th

  No.  Type   Information system Protection level
advised
1Education & ResearchEducational teaching management  Level II
2Educational resource management  Level III
3Educational quality assessment and guarantee  Level II
4Science & research management  Level III
5Comprehensive serviceExternal portal  Level III
6Online education platform  Level III
7Operation & maintenance management  Level III
  No.  Type   Information system Protection level
advised
1Education & ResearchEducational teaching management  Level II
2Educational resource management  Level III
3Educational quality assessment and guarantee  Level II
4Science & research management  Level III
5Comprehensive serviceExternal portal  Level III
6Online education platform  Level III
7Operation & maintenance management  Level III
POWERTIME

  • 15-year experience in cybersecurity industry

  • Participating in the establishment and implementation of China classified protection system

  • Preparation unit of national cybersecurity standard

  • Choice of 500 top-class clients

  • Official recommended evaluation organization of national cybersecurity office

Classified protection

IT Audit Service

Security Service

About us

  • QQ: 3471814603
  • Tel: 010 58732083
  • Phone: 13601264474
  • Email: service@powertime.cn
  • Address: 15F, Bldg B, In-Do Mansion, No. 48. Zhichun Rd, Haidian Dist, Beijing
POWERTIME-MLPS and IT Audit All rights reserved ICP:13008575
Free calls

返回
顶部