In recent years, data leakage incidents in various industries have occurred frequently, and there is a trend of intensification, which has brought huge economic losses to enterprises and seriously affected the normal life of the public. Data security issues have become the most concerned by society, enterprises and users. hotspots. The state and relevant ministries and commissions continue to strengthen the protection of sensitive data through legislation, industry supervision and other means, including the "Network Security Law", "Data Security Law", "Personal Information Protection Law" (draft), etc.
The Data Security Law clearly stipulates the data security protection obligations and corresponding responsibilities that all types of data processors should undertake, establish and improve the whole-process data security management system, data classification and classification protection system, emergency response mechanism, data security risk assessment and monitoring and early warning mechanism, regularly Conduct risk assessments of data processing activities and submit risk assessment reports to relevant authorities. In order to meet laws, regulations and regulatory requirements and improve enterprise data security protection capabilities, data risk assessments need to be carried out regularly, but in the actual data security risk assessment process, there are many challenges:
-
Unclear data usage: The enterprise does not know what data is used by the business system, whether these data security protection measures are in place, where these data are transferred, and whether there is any export situation, which makes it impossible to carry out targeted risk assessment.
-
Lack of risk assessment means: At present, data security risk assessment is mainly carried out through manual research, document review, etc., with a heavy workload and incomplete assessment and detection; it cannot effectively support a large number of data security risk assessments in a short period of time, and lacks effective risk assessment methods.
-
Evaluation process and irregularities: risk evaluators have strong subjective consciousness, not objective and fair enough; evaluation methods and processes are not uniform, and the evaluation effect depends on the materials prepared by the inspected party and the experience of the inspecting party;
In response to the above problems, enterprises need a flexible, portable, intelligent, and easy-to-expand data security risk assessment tool to assist in data security risk assessment and make up for the shortcomings of existing risk assessment methods; to adapt to different data security inspections, risk assessments, etc. Different security risk detection scenarios. The evaluation tool is based on network traffic, based on data classification and grading, focusing on risk detection of "account risk, exposure risk, authority risk, transmission risk, abnormal behavior" and using technologies such as traffic protocol restoration, data identification, and machine learning to help evaluators understand Clear the use of sensitive data in the assessed system and automatically identify data security risks. The tool adopts a three-layer separation architecture of basic capabilities, risk analysis, and visualization, and reconstructs the risk analysis layer through SDK plug-ins to support iterative updates of risk models.
The tool is deployed on the business system side nearby to realize traffic collection, log restoration, sensitive data identification, data flow audit, and abnormal behavior analysis, discover sensitive data leakage channels, risk events, and non-compliant operations, and conduct traceability and evidence collection for security events. Risk early warning to realize sensitive data flow inspection and violation inspection in key business scenarios.
