摘要
2021年9月1日起,《中华人民共和国数据安全法》正式实施,其中明确要求,国家建立数据分类分级保护制度,根据数据在经济社会发展中的重要程度,以及一旦遭到篡改、破坏、泄露或者非法获取、非法利用,对国家安全、公共利益或者个人、组织合法权益造成的危害程度,对数据实行分类分级保护。目前,数据分级分类在金融、通信等领域已开展试点,但都存在同样的共性问题,即在实践层面,“静态”的数据分级分类规则与实时变化的网络安全新威胁无法匹配,导致数据分级分类仅停留在标准规范,而无法落地。根据现有的研究成果,总结了数据分级分类的理论及工作流程,给出了企业数据分级分类的工作思路,能在满足网络安全等级保护等合规的前提下,构建企业数据安全治理体系。
On September 1,2021,the data security law of the People’s Republic of China,the data security law clear requirements,the state establish data classification protection system,according to the importance of the data in economic and social development,and once tampering,damage,leakage,illegal access,illegal use,to national security,public interests or legitimate rights and interests of individuals,organizations,classification protection of data.At present,data classification has been carried out in finance,communication and other fields,but there are the same common problems,that is,at the practical level,"static"data classification rules cannot match the new real-time changing network security threat,leading to data classification only stays in the standard norms,but cannot be implemented.Based on the existing research results,this paper summarizes the theory and working flow of data classification,gives the working ideas of enterprise data classification,and can build the enterprise data security governance system on the premise of meeting the compliance such as network security level protection.
作者
张琼丽
陈翼
ZHANG Qiongli;CHEN Yi(Patent Examination Cooperation Sichuan Center of the Patent Office,CNIPA,Chengdu 610000,China;Institute of Computer Science of Sichuan Province,Chengdu 610041,China)
出处
《技术与市场》
2022年第8期150-153,共4页
Technology and Market
