01 Overview of Data Classification and Grading
Article 21 of the "Data Security Law" "The state establishes a data classification and grading protection system, based on the importance of data in economic and social development, and once it is tampered with, destroyed, leaked or illegally acquired or used, it will affect national security. , public interest, or the degree of harm caused by the legitimate rights and interests of individuals and organizations, implement classified and graded protection for data.”
Data classification and classification related concepts:
1) Classification and grading objects : The objects of data classification and grading are usually data items and data sets , such as data collected in the process of providing financial products or services, business data, business management data, etc.
2) Data classification : It has multiple perspectives and dimensions, and its main purpose is to facilitate data management and use .
3) Data classification : In order to protect data security, different protection measures should be taken for different levels of data .
4) Data classification and grading list : The results of data classification and grading provide precise measures for financial data security governance and protection.
5) Regularly carried out : The category level of financial data may change due to time changes, policy changes, security incidents, sensitivity changes in different business scenarios, or differences in relevant industry rules. Therefore, it is necessary to regularly review the classification and classification of financial data and timely Adjustment.
02 Business process of financial data security classification and grading
First step top-level design
Develop data classification and grading standards. Formulate financial industry data security classification and classification according to relevant national standards, relevant financial industry standards, and in combination with financial business characteristics