摘要
为加强铁路数据安全管理,提高数据安全防护能力,通过对数据安全相关法律法规、标准规范以及实践推进态势等进行研究,发现部分标准存在关键定义内涵模糊,安全要求宏观性强、可操作性弱等问题。基于各行业对同类数据的保护要求具有一致性,研究建议铁路部门在制定数据分类分级安全保护方案时,在遵从国家法律法规、标准规范的基础上,可参考各行业对同类数据的共性要求,并结合自身实际增加个性化特点,使企业能够兼顾自身权益、数据使用和流通效率,平衡好数据安全保护与开放共享的关系。
In order to strengthen the safety management of railway data and improve data safety protection capabilities,research is conducted on the promotion situation of data safety related laws,regulations,standard specifications,and practical progress trends.It is found that some standards have issues such as unclear key definitions and connotations,strong macro level safety requirements,and weak operability.Based on the consistent protection requirements for similar data in various industries,it suggests that when formulating data safety protection schemes,railways can refer to the common requirements of different industries for similar data while complying with national laws,regulations,and standards,and add personalized requirements based on their own actual situation,so that enterprises can balance their own rights,efficiency of data usage and circulation,and the relationship between data safety protection and open sharing.
作者
饶伟
李碧秋
任宸莹
谢玉霞
RAO Wei;LI Biqiu;REN Chenying;XIE Yuxia
出处
《铁道通信信号》
2023年第11期49-54,共6页
Railway Signalling & Communication
基金
中国国家铁路集团有限公司科技研究开发计划系统性重大课题(P2021S012)。
关键词
数据安全
数据分类分级
数据生命周期
数据加密
访问控制
动态调整
Data safety
Data classification and grading
Data lifecycle
Data encryption
Access control
Dynamic adjustment
