From: ISACA
ISACA has taken a proactive approach to help enterprises with the Cybersecurity Law of the People’s Republic of China, known popularly as the National Cybersecurity Law, by publishing the Guide to China’s Regulatory Cybersecurity Implementation Framework. The guide provides understanding to fulfill the National Cybersecurity Law and recommends use of the US National Institute of Standards and Technology (NIST)’s Cybersecurity Framework (CSF).
China’s National Cybersecurity Law, which took effect on 1 June 2017, prompts cybersecurity requirements to be legally documented for practitioners and enterprises in China, and defines the responsibilities of government authorities, network owners, operators and ordinary users, as well as potential penalties due to negligence. The ISACA publication offers advice to meet security requirements and enhance IT risk control by discussing six key areas:
1. Cybersecurity Implementation Methodology
2. Gap Analysis Required by the Law
3. Identifying Critical Network Information Infrastructure
4. Necessary Cybersecurity Control Measures for General Network
5. Necessary Security Controls in Critical Information Infrastructure
6. Cybersecurity Systems Implementation Procedures with Reference to NIST Cybersecurity Framework
Leave a Reply