摘要
《中华人民共和国数据安全法》的颁布为进一步维护我国网络安全提供了重要法律保障,对提升国家数据安全保障能力具有重大意义。网络安全漏洞关系国家安全与经济社会发展,应按照数据安全法的要求,在漏洞全生命周期中加强管理,全方位构建漏洞管理体系。第一,要对漏洞信息进行分类分级,将重要漏洞信息列入重要数据目录,将关键信息基础设施漏洞信息作为国家核心数据进行专门保护。第二,要按照数据安全风险评估、报告、信息共享、监测预警机制和应急处置机制,加强漏洞管控。第三,要把包括漏洞信息处理在内的数据处理活动纳入数据安全审查范围。此外,还要对漏洞信息出口进行必要管制。
The enactment of Data Security Law is of great significance for strengthening the safeguard ability of national data security,and it will provide important legal basis to maintain China's cyber security.Since vulnerability relates to national security and social development,the management of vulnerability should follow the Data Security Law,take active measures in the whole life cycle of vulnerability to establish an overall management system.Firstly,the vulnerability information should be rated to different categories,and the important vulnerability information should be listed in important data directory,while the information of vulnerability in critical information infrastructure should be under special protection.Secondly,the vulnerability management should be reinforced according to data risk assessment,report,information sharing,monitoring and early warning mechanism and emergency response mechanism.Thirdly,the data security review should cover the data processing of vulnerability.In addition,the export of vulnerability information should be controlled if necessary.
作者
朱莉欣
陈伟
ZHU Lixin;CHEN Wei(Suzhou Information Security Law Institute XJTU,Suzhou Jiangsu 215123,China;Naval Aviation University,Yantai Shandong 264001,China)
出处
《信息安全与通信保密》
2021年第8期1-8,共8页
Information Security and Communications Privacy
关键词
数据安全
漏洞管理
网络安全
关键信息基础设施
data security
vulnerability management
cyber security
critical information infrastructure
