摘要
《中华人民共和国数据安全法》要求建立健全全流程数据安全管理制度,依照法律、法规开展数据处理活动。《中国人民银行业务领域数据安全管理办法(征求意见稿)》提出了金融领域的数据安全保护总体要求、数据分类分级、数据安全保护措施等方面的要求。为了帮助金融机构落实相关国家、行业数据安全要求,提出一种基于数据安全能力成熟度模型的数据安全能力体系构建方法,从组织建设、制度流程、技术工具和人员能力四个维度分别建设数据安全能力。所提方法可以帮助金融机构全面提升数据安全防护能力,从而满足合规需求以及自身发展需要。
The Data Security Law of the People′s Republic of China requires that institutions should establish and improve a whole-process data security management system and carry out data-processing activities in accordance with the provisions of laws and regulations.The Measures for the Management of Data Security in the Business Field of the People′s Bank of China(Draft for Public Comments)puts forward the general requirements for data security protection in the financial field,data classification and grading,and data security protection measures.In order to help financial institutions implement relevant national and industry data security requirements,this paper proposes a data security capability system construction method based on Data Security Capability Maturity Model(DSMM).Building data security capabilities is carried out in four dimensions,such as organizational construction,institutional processes,technical tools and personnel capabilities,respectively.The proposed method can help financial institutions comprehensively improve their data security protection capabilities,so as to meet compliance requirements as well as their own development needs.
作者
赵晓令
白惠文
李安伦
Zhao Xiaoling;Bai Huiwen;Li Anlun(China Software Test Center(CSTC),Beijing 100048,China)
出处
《网络安全与数据治理》
2024年第5期27-34,共8页
CYBER SECURITY AND DATA GOVERNANCE
关键词
数据安全法
数据安全能力成熟度模型
数据安全能力体系
数据安全防护能力
The Data Security Law
Data Security Capability Maturity Model
data security capability system
data security protection capabilities
