Research on the construction method of data security capability system for financial domain
Zhao Xiaoling,Bai Huiwen,Li Anlun
China Software Test Center(CSTC)
Abstract: The Data Security Law of the People′s Republic of China requires that institutions should establish and improve a whole-process data security management system and carry out data-processing activities in accordance with the provisions of laws and regulations. The Measures for the Management of Data Security in the Business Field of the People′s Bank of China (Draft for Public Comments) puts forward the general requirements for data security protection in the financial field, data classification and grading, and data security protection measures. In order to help financial institutions implement relevant national and industry data security requirements, this paper proposes a data security capability system construction method based on Data Security Capability Maturity Model(DSMM). Building data security capabilities is carried out in four dimensions, such as organizational construction, institutional processes, technical tools and personnel capabilities, respectively. The proposed method can help financial institutions comprehensively improve their data security protection capabilities, so as to meet compliance requirements as well as their own development needs.
Key words : The Data Security Law; Data Security Capability Maturity Model; data security capability system; data security protection capabilities