《電子技術(shù)應用》
您所在的位置:首頁 > 通信與網(wǎng)絡 > 設計應用 > 金融領(lǐng)域數(shù)據(jù)安全能力體系構(gòu)建方法研究
金融領(lǐng)域數(shù)據(jù)安全能力體系構(gòu)建方法研究
網(wǎng)絡安全與數(shù)據(jù)治理
趙曉令,白惠文,李安倫
中國軟件評測中心
摘要: 《中華人民共和國數(shù)據(jù)安全法》要求建立健全全流程數(shù)據(jù)安全管理制度,依照法律、法規(guī)開展數(shù)據(jù)處理活動?!吨袊嗣胥y行業(yè)務領(lǐng)域數(shù)據(jù)安全管理辦法(征求意見稿)》提出了金融領(lǐng)域的數(shù)據(jù)安全保護總體要求、數(shù)據(jù)分類分級、數(shù)據(jù)安全保護措施等方面的要求。為了幫助金融機構(gòu)落實相關(guān)國家、行業(yè)數(shù)據(jù)安全要求,提出一種基于數(shù)據(jù)安全能力成熟度模型的數(shù)據(jù)安全能力體系構(gòu)建方法,從組織建設、制度流程、技術(shù)工具和人員能力四個維度分別建設數(shù)據(jù)安全能力。所提方法可以幫助金融機構(gòu)全面提升數(shù)據(jù)安全防護能力,從而滿足合規(guī)需求以及自身發(fā)展需要。
中圖分類號:TP309-2文獻標識碼:ADOI:10-19358/j-issn-2097-1788-2024-05-004
引用格式:趙曉令,白惠文,李安倫.金融領(lǐng)域數(shù)據(jù)安全能力體系構(gòu)建方法研究[J].網(wǎng)絡安全與數(shù)據(jù)治理,2024,43(5):27-34.
Research on the construction method of data security capability system for financial domain
Zhao Xiaoling,Bai Huiwen,Li Anlun
China Software Test Center(CSTC)
Abstract: The Data Security Law of the People′s Republic of China requires that institutions should establish and improve a whole-process data security management system and carry out data-processing activities in accordance with the provisions of laws and regulations. The Measures for the Management of Data Security in the Business Field of the People′s Bank of China (Draft for Public Comments) puts forward the general requirements for data security protection in the financial field, data classification and grading, and data security protection measures. In order to help financial institutions implement relevant national and industry data security requirements, this paper proposes a data security capability system construction method based on Data Security Capability Maturity Model(DSMM). Building data security capabilities is carried out in four dimensions, such as organizational construction, institutional processes, technical tools and personnel capabilities, respectively. The proposed method can help financial institutions comprehensively improve their data security protection capabilities, so as to meet compliance requirements as well as their own development needs.
Key words : The Data Security Law; Data Security Capability Maturity Model; data security capability system; data security protection capabilities

引言

《中華人民共和國數(shù)據(jù)安全法》(以下簡稱《數(shù)據(jù)安全法》)要求建立健全全流程數(shù)據(jù)安全管理制度,依照法律、法規(guī)的規(guī)定開展數(shù)據(jù)處理活動。為貫徹落實《數(shù)據(jù)安全法》等國家法律、行政法規(guī)要求,加快推動自身業(yè)務監(jiān)督管理職責范圍內(nèi)數(shù)據(jù)安全管理的法治化建設,2023年7月《中國人民銀行業(yè)務領(lǐng)域數(shù)據(jù)安全管理辦法(征求意見稿)》發(fā)布,為金融領(lǐng)域提供了數(shù)據(jù)安全保護總體要求、數(shù)據(jù)分類分級、數(shù)據(jù)安全保護管理措施、數(shù)據(jù)安全保護技術(shù)措施、風險監(jiān)測、評估審計與事件處置措施等方面的要求。

隨著數(shù)字金融的迅猛發(fā)展、金融數(shù)據(jù)的共享開發(fā)利用不斷深化,金融數(shù)據(jù)安全治理面臨巨大挑戰(zhàn),數(shù)據(jù)非法采集、數(shù)據(jù)販賣、數(shù)據(jù)篡改、數(shù)據(jù)攻擊、數(shù)據(jù)權(quán)限濫用等安全問題層出不窮[1-3]。當前金融機構(gòu)的數(shù)據(jù)安全能力尚處于參差不齊的狀態(tài)[4],存在內(nèi)部竊取、外部遭受網(wǎng)絡攻擊等各種數(shù)據(jù)安全風險,因此金融領(lǐng)域亟需建立健全數(shù)據(jù)安全能力體系,從而合法合規(guī)地開展數(shù)據(jù)處理活動,抵御各種潛在的網(wǎng)絡威脅。


本文詳細內(nèi)容請下載:

http://theprogrammingfactory.com/resource/share/2000006012


作者信息:

趙曉令,白惠文,李安倫

(中國軟件評測中心,北京100048)


Magazine.Subscription.jpg

此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。