Abstract: insured, 2.0 pairs of data security requirements, and the current state of technology, etc. This paper describes how the data security, meet compliance requirements.
And other insurance 2.0 development
2.0 overall security, etc.
First of all, the biggest change, the standard name from the original "information security technology information system security protection essential requirements" to "information security technology to protect the basic level of network security requirements" in keeping with the name "××× Network Security Act" .
Information security protection technology main emphasis on physical host version 1.0, applications, data, transmission, and other security protection target from the original 2.0 "information system" to "Level protected object (network and system information)." Compared to version 1.0, 2.0 pairs such as insurance and other insurance 10 1.0 Classification old standard re-do the adjustment, namely:
Technical section 4 categories: secure physical environment, the secure communication network (original network security classification 1.0 Paul et split), safety zone boundaries (such as the original guarantee network security classification 1.0 resolution), a secure computing environment (such as the original host security 1.0 Paul, application security, data backup and recovery and other three categories merger);
Management section 6 categories: Security Management Center (new), safety management systems, safety administration, security management, construction safety management, safe operation and maintenance management.
2.0 and other new security requirements based on the original security extensions General safety requirements, based on changes to general safety requirements + extended security requirements items. Level of protection based on the traditional system, the object range on the expanded cloud computing, mobile Internet, networking, and other large data, a total of 10 chapters 8 Appendix. Chapter 6,7,8,9,10 section which requires five security levels for the safety, Appendix 8 are: Selection and use of safety requirements, requirements regarding the protection of objects overall security level of protection, the protection level security framework and key technology requirements, described cloud computing scenarios, scenario described mobile Internet applications, networking applications described scenario, an industrial control system and large data application scenario description described scenarios.
And other insurance 2.0 overall data security
Data security is one of the building's construction to protect 2.0 core level, such as in the case of the original warranty 1.0 pairs of data security requirements basically unchanged, according to the new computing environment and business scenarios for data security protection to make a more fit the actual specifically required under the circumstances. Data security evaluation index mainly from the general requirements of "safe computing environment" section, where the auditing of data access, access control, encryption has specific requirements, and in the appendix Big Data scenarios and descriptions of desensitization traceability also the relevant regulations.
General requirements for safety in data security requirements and to respond
1, General Requirements for Safety
2, extended cloud security requirements
3, Big Data scenarios
What can be done in ANVIZ and other insurance for 2.0?
In ANVIZ (Beijing) Technology Co., Ltd. as the Electric Division (China Network Security) 's data security specialist, focused on data security for 15 years, focusing on landing provides data security. The whole life cycle of data, stored useful data (storage, management, use) to achieve security of the whole scene. Protection and control capabilities are divided into classes based detection. Detection category includes data access behavior of the traces, control, risk warning, control class includes field-level encryption of sensitive data, such as desensitization. Products include data relational databases and big data platform. The latest products are safe direction HADOOP big data platform, data security situational awareness. Also we developed a high-quality database auditing, database firewall, database desensitization, database encryption product. Functionality, security and performance around data security product family, the industry's premier. 2018 assumed the State Information Center, China Construction Bank and other enterprise data security construction tasks, and the introduction of nearly billion in CETC (China Network Security) investment fund, officially became a member of the national team of network security.
At present, ANVIZ databases and big data security standard, such as insurance products to 2.0, can offer a range of features to meet the compliance requirements of data security.
In ANVIZ: core data protection, safeguard network security
Source: ANVIZ