Introduction to the Basics of Data Security Maturity Assessment and Analysis

News 2023-06-12 02:42:50 views: null

1. Assess the background

       Driven by the development of the digital economy, scenarios such as data aggregation, fusion, flow, and application have increased significantly. The complexity of data application technology, the risk of massive data aggregation, and the privacy and security of deep data mining all pose new challenges to network data security protection. challenge. The construction under the core idea of ​​two wings driven by two wheels integrating security and informatization has gradually become necessary and normalized. In recent years, most organizations have focused on building business around data, ensuring data to promote operations, using technology as the starting point, and solving short-term target problems (external compliance requirements, internal security requirements) as the basic principle to carry out data security construction. It was quite effective, solving certain data security problems of the organization and improving the overall protection capabilities of the organization. However, in the process, it gradually revealed that the security construction was not sustainable, the security planning was not targeted, and the overall capabilities were not quantifiable, etc. question.

       In order to effectively solve the problems of continuity, pertinence, and quantification in the process of data security construction, the organization should conduct maturity assessment and analysis from two aspects of management and technology, realize the visualization of the organization's existing security status and risks, and use the maturity assessment baseline to quantify Internal security capabilities, clarify the content and objectives of organizational security construction planning, and ensure the sustainability of overall security construction.

2. Evaluation Basis

       Refer to the "Information Security Technology Information Security Risk Assessment Specification" and "Information Security Technology Information System Security Management Assessment Requirements" as the basis for information security risk assessment.
       Refer to the "Information Security Technology Personal Information Security Specifications" and "Definition and Classification of Personal Information Protection of Telecommunications and Internet Service Users" as the basis for identifying and grading personal information and sensitive information.
       Refer to the "Information Security Technology Personal Information De-identification Guide" as the basis for personal information de-identification.
       Refer to "Technical Requirements for the Protection of Personal Information of Telecommunications and Internet Service Users E-Commerce Services", "Technical Requirements for the Protection of Personal Information of Telecommunications and Internet Service Users Mobile Application Stores", "Technical Requirements for the Protection of Personal Information of Telecommunications and Internet Service Users Instant Messaging Services" as electronic Technical requirements for the protection of users' personal information for business services, mobile application stores, and instant messaging services.
       Refer to the "Information Security Technology Information Security Emergency Response Plan Specification", "Information Security Technology Disaster Recovery Service Requirements", "Information Security Technology Storage Media Data Recovery Service Requirements" as the basis for emergency response and disaster backup evaluation.
       Refer to the "Information Security Technology Big Data Service Security Capability Requirements" and "Information Security Technology Disaster Recovery Service Capability Evaluation Criteria" as the basis for security capability certification.
       Refer to the "Information Security Technology Technical Requirements for Personal Information Protection of Mobile Smart Terminals" and "Technical Requirements for Personal Information Protection on Mobile Smart Terminals" as the basis for smart terminal evaluation.
       Refer to the "Information Security Technology Data Security Capability Maturity Model" as the basis for evaluating data security capability building.

3. Evaluation ideas

       Use the idea of ​​" check, compare, divide, and build " to conduct an overall assessment of the organization's internal data security maturity.
       " Investigate ", use the assessment baseline to investigate the construction of the organization's internal management, technology, and general aspects, and consult the specific content in different dimensions to achieve the purpose of comprehensively and deeply clarifying the current status of the organization.
       " Split ", according to the current situation, deeply analyze the security risks under different data life cycles, visualize the risks, and prepare for the next construction planning.
       " Comparison ", by comparing with the capability baseline, quantifies the security capability, understands the current construction level, and clarifies the direction of data security construction in the next step.
       " Construction " comprehensively considers external requirements, internal risks, organizational development strategies and other factors, plans and builds a data security system, and improves the organization's ability to guarantee data.
       Through the assessment and analysis of the maturity of the organization, the visualization of the status quo, risk visualization and capability visualization of the internal data security construction is realized, and the security construction planning is carried out on the basis of the assessment and analysis, so that the overall security strategy and implementation are more sustainable and targeted.
       Visualization of construction status. Present the original opaque and invisible security status from multiple dimensions of management, technology, and personnel, so that the organization can fully understand the security status of each dimension and each link.
       Risk visualization. Analyze the current security situation, combine external requirements, clarify security risks, visualize specific threats, and the urgency of security construction.
       Ability to visualize. Measure the current security capabilities, understand the current level of security protection capabilities, and provide a clear direction for the organization's next data security development.

 

Guess you like

Origin blog.csdn.net/a59a59/article/details/108419527
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com