Data is a symbol or a combination of symbols that records the nature and state of objective things based on their relationship. The essence of data is to complete records through production, processing, transmission and other links in the continuous activity process, and continuously guide the continuous development of business activities. Therefore, the value of data is fully reflected in the secondary process, and the transmission interaction and Use is a concentrated expression of the value of data. Data security is built on the basis of value, achieving accurate data recording while completing secure interaction and processing and accessing the designated objects, preventing data from being destroyed, misappropriated and unauthorized access. Data security capability refers to a series of activities taken by organizations in security planning, security management, security technology, and security operations in order to ensure the confidentiality, integrity, and availability of data during the flow of data.
2. The driving force of data security capacity building
2.1 Compliance Drive
The EU officially implemented the “General Data Protection Regulation” (GDPR), setting off a wave of reforms in personal data protection legislation.
2.2 Business Drive
With the rapid development of emerging technologies such as cloud computing, big data, and artificial intelligence, data, as the means of production that supports the existence and development of these cutting-edge technologies, has become the core asset of the organization and has received unprecedented attention and protection. Data becomes an asset and infrastructure, and data-driven business becomes the biggest source of innovation for new business development. Data-centric security governance needs to focus on the security of the data itself, and build security capabilities around the life cycle of the data, including the security status of related systems in each link, specific data security products and strategies for each link, security operations, systems and Management system design, professional capacity building, etc.
The data life cycle refers to the entire process of data from creation to destruction, including collection, storage, processing, application, flow, and destruction. Through targeted risk analysis at each stage of the data life cycle, we can get:
The main risks in the collection phase are concentrated in the collection source, collection terminal, and collection process, including unauthorized collection in the collection phase, unclear data classification and classification, unclear identification of sensitive data, lack of fine-grained access control during collection, and inability to track data. This traceability, the risk of leakage of collected sensitive data, the security of the collection terminal, and the post-audit of the collection process, etc.
The storage stage is faced with the requirements of unclear data classification and classification, the confidentiality of important data, and the lack of fine-grained access control for important data.
The transmission phase mainly refers to the data transmission between various business platforms, between various nodes, between various components, and across organizations. The main risk is that there is a leakage problem during transmission.
The security risks faced by the processing brief include the lack of access control during data processing, the lack of control over the access interface of data results, the lack of sensitive data protection measures for data processing results, and the lack of security audit and data traceability capabilities.
The data exchange stage mainly refers to the data that is finally provided to other business systems and users for use. At this time, data security risks mainly include data exchange and unauthorized output and exchange during data output, and the output data may be leaked safely in the application or terminal.
The destruction phase mainly refers to the clearing or destruction of user data after obtaining the user’s authorization or request.
3. Thoughts on data security capability building
3.1 Data security capacity building goals
After analyzing the challenges faced by data security at the compliance level, business level, and risk level, combining the organization’s data security goals and vision, and integrating the needs of business, management, technology, and operations, we focus on data security with data as the core Life cycle, plan and design a global and open data security system, improve data security management integration capabilities, consolidate the data security technology chassis, build data security operation scenarios, and realize the visibility of organizational data assets, traceability of data, and data risk. Control and data threats can be managed.
3.2 Thoughts on Data Security Capacity Building
With the enrichment and expansion of the organization’s business, the data becomes more diverse and larger, and the corresponding data security issues become more and more complex. It is difficult to use one or two technologies alone; in addition, data security is not only a technical issue, but also involves laws and regulations, standard procedures, personnel management and other issues. Therefore, a scientific data security practice system is very necessary for organizations. In recent years, some security-related organizations have put forward data security practices, methodology, and solutions. It is mainly divided into two categories: one is the “top-down” data security governance system; the other is the data security capability maturity model system.
Data Security Governance (DSG) was first proposed by Gartner at the 2017 Security and Risk Management Summit. It is further improved at GartnerSummit2019. Gartner believes that data security governance is a complete chain that runs through the entire organizational structure from top to bottom, from the decision-making level to the technical level, from the management system to the tool support. All levels of the organization need to reach a consensus on the goals of data security governance, and ensure that reasonable and appropriate measures are taken to protect digital assets in the most effective way. Its security governance framework is shown in the figure below, which is divided into 5 steps, “from top to bottom”, from balancing business needs, risks, compliance, and threats to implementing security products, and configuring strategies for product protection.
The Data Security Maturity Model (DSMM) is a systematic framework in the construction of data security. It focuses on the life cycle of data, and combines business needs and regulatory requirements. Improve the overall data security capabilities of the organization to form a data-centric security framework.
3.3 Data Security Capacity Building Framework
Data security capacity building is not the construction of a single product or platform, but the construction of a data security system that covers all data usage scenarios. Therefore, it needs to be gradually completed step by step. Data security capacity building is not a project, but more like a project. In order to effectively practice data security capabilities and form a closed loop of data security, we need a systematic data security capability building framework.
On the whole, the data security capability building framework is based on the regulatory requirements of laws and regulations and business development needs as input. On the basis of fully identifying the organization’s business scenarios and risk status, the organization data classification and grading standards are formulated, and the organization data security is in the management. The capability requirements of, technology and operation dimensions meet the security of each process area of the data life cycle. The following outlines the framework design of the four capacity dimensions:
Planning capability dimension
Data security ultimately serves the business development of the organization and cannot be separated from the business or exist independently. On the premise of meeting the requirements of laws and regulations, data security capacity building must be carried out in line with the needs of business development. At the same time, combined with risk management, data classification and classification standards must be formulated to provide guidance for management, technical, and operational capacity building.
Management capability dimension
Organizational construction: refers to the establishment of a data security organization’s structure, assignment of responsibilities, and communication and collaboration. The organization can be divided into three layers: decision-making layer, management layer and executive layer. Among them, the decision-making layer is composed of executives and data security officers who participate in business development decisions, formulating data security goals and visions, and making a good balance between business development and data security; management is the core entity department and business of data security The department management team is responsible for formulating data security strategies and plans, as well as specific management specifications; the executive layer is composed of data security-related operations, technology, and various business department interface personnel, responsible for ensuring the implementation of data security work.
System process: refers to the construction and implementation of specific data security management systems, including data security policies and general guidelines, data security management specifications, data security operation guidelines and work instructions, and related templates and forms.
Personnel ability: refers to the ability of personnel to realize the construction and implementation of the above organization, system and technical tools. Core capabilities include data security management capabilities, data security operations capabilities, data security technical capabilities, and data security compliance capabilities. According to different data security capacity building dimensions, different personnel ability requirements are matched.
Technical capability dimension
Data security technical capacity building work does not start from scratch, but is based on the organization’s infrastructure security construction, focusing on the various requirements of data security lifecycle security, and establishing technologies and tools that are compatible with the system and process and ensure effective implementation. It is recommended to use standard data security products or platforms, or self-developed components or tools. All life cycle process areas need to be integrated for overall planning and implementation, and must be connected with the organization’s business systems and information systems. At the same time, data security technical capabilities need to support the execution and monitoring of operational capabilities to ensure data security requirements in various scenarios covering data usage.
Operational capability dimension
Data security capacity building is a long-term continuous process. It is necessary to continuously implement data security related systems and processes within the organization, and continuously adjust and optimize based on the organization’s business changes and technological development. Security is also a continuous spiral process. , Through continuous monitoring of security risks in the data life cycle, assess the effectiveness of the organization’s existing data security control measures for identification and judgment, and implement data security strategies, regulations and technical tools within the organization through the promotion of security operations capabilities .
4. Data security planning capacity building
4.1 Business scenario recognition
Identifying business data usage scenarios is the starting point for data security capability building. Business data scenario identification is based on the data life cycle, through data collection scenarios, data storage scenarios, data transmission scenarios, data processing scenarios, data usage scenarios, and data destruction Scenario analysis, sorting out requirements for assets, data, users, and permissions, and guiding the construction of various capacity dimensions. Realize the implementation of the safety technology, management, and operation capabilities in a scenario-based way.
4.2 Data risk assessment
Data security risk assessment starts from the identification results of business scenarios, with sensitive data as the center, data life cycle as the main line, and sensitive data scenarios as the focus, focusing on sensitive data scenarios, business processes that carry sensitive data, sensitive data circulation, and corresponding businesses All types of business executives and permissions involved in the activities analyze and evaluate data security threats and risks such as elevation of permissions, information leakage, fraudulent use of users, data tampering, and behavioral denial in related business processing activities.
Data security risk assessment process:
Background establishment stage: Determine the object and scope of data security risk assessment, conduct investigation and analysis of relevant information on databases, servers, and documents involving business data, and prepare for the implementation of data risk management.
Risk assessment stage: Identify data assets according to the scope of data security risk assessment, analyze the threats and vulnerabilities faced by business system data, and use data security control measures to conduct technical, management and operational aspects of the risks faced by business system data Comprehensive judgment, and rank the risk assessment results.
Risk processing stage: Comprehensively consider the cost of risk control and the impact of risks, analyze the security requirements of business system data from the technical, management, and operation and maintenance levels, and propose practical data security measures. Clarify the acceptable risk level of business system data, and adopt control measures such as acceptance, reduction, evasion, or transfer.
Approval and supervision stage: including decision-making and continuous supervision. Based on the evaluation results and processing measures, it is judged whether the data security requirements can be met, the decision-making level decides whether to recognize the risk, and continuously monitors changes in the business data-related environment.
Monitoring, auditing, communication and consultation run through the above basic steps to track changes in the security requirements of business systems and business data, and effectively control the process and cost of data security risk management activities.
4.3 Data classification and classification
The data classification level is a key part of data security capacity building. It is the basis for establishing a unified, accurate, and complete data architecture, and the basis for achieving centralized, professional, and standardized data management. Data classification and classification can clarify data assets comprehensively and clearly, determine the data security protection strategies and control measures that should be adopted, and promote open data sharing on the basis of ensuring data security.
Data classification is to merge data with a certain common attribute or characteristic, and distinguish the data through the attribute or characteristic of its category. In other words, the information of the same content, the same nature, and the information that requires unified management are combined, and the different and the information that needs to be managed separately are distinguished, and then the relationship between the various modules is determined to form an orderly Classification system. Data classification should be based on the principles of systemicity, normativeness, stability, clarity, and scalability, and comprehensively consider the attributes and category characteristics of the data in each business scenario. For example, the organization’s various data are divided into organization management data, business operation data, network and IT system operation and maintenance data, and partner data.
After the classification of the data is completed, the sensitivity of the data is required to classify the data. The data classification should comply with the principle of compliance, enforceability, timeliness, autonomy, rationality, and objectivity. For example, based on data Sensitivity level, data can be divided into four levels: extremely sensitive, sensitive, relatively sensitive, and low sensitive.
Corresponding to data classification, it can form an organization’s data classification and grading standard, combining various scenarios in the data life cycle, sorting out data assets, discovering and sorting out sensitive data, fully understanding the data distribution base, formulating corresponding system specifications and adopting technical tools to match The security management and control of the organization’s data is carried out to achieve the goal of data security capacity building.
[wc_pay_can_read id=’2026,2029,2030′ tishi=’You do not have permission to read this content, click here to become a member and refresh this page to read it’]
5. Data security management capacity building
5.1 Building an organization
Since data security is inseparable from business, in the process of building a data security capability system, from decision-making to management, the participation and cooperation of business departments are inseparable. When designing the organizational structure of data security, it can be designed in accordance with the organizational structure of decision-making, management, executive, employees and partners, and supervision. In the specific implementation process, the organization can also give the existing security team and other relevant departments the data security work function, or seek a third-party professional team to carry out the work.
The decision-making layer is the decision-making body for data security management. It is recommended to be composed of the person in charge of data security and other senior management personnel. The person in charge of data security is the ultimate person in charge of data security in the organization.
The management layer is the second layer of the data security organization. Based on the strategy given by the decision-making layer of the organization, it formulates detailed plans for the actual work of data security, and makes a good balance between business development and data security.
The executive layer and the management layer are closely coordinated, and their responsibilities mainly focus on each data security scenario and implement the set procedures one by one.
Employees and partners
The scope includes the internal personnel of the organization and the personnel of the third party with cooperation. They must comply with and implement the data security requirements of the organization, especially the third party sharing sensitive data, and do a good job of restraint and management in terms of agreements, office environment, and technical tools. .
5.2 Building human capacity
The capabilities of data security personnel mainly include several dimensions, including data security management capabilities, data security operations capabilities, data security technical capabilities, and data security compliance capabilities.
Data security management capabilities
At present, most organizations have not yet formally developed a data security system, and there are few full-time functional positions for data security. The training of personnel capabilities is also in its infancy. However, as organizations pay more attention to data security, the demands for system construction are getting stronger and stronger. Therefore, how to build a complete data security system and do a good job in data security management is the number one issue facing organizations.
Data security operation capability
Data security construction is a long-term continuous process. It is necessary to continuously implement data security related systems and processes within the organization, and continuously adjust and optimize based on the organization’s business changes and technological development. Security is also a continuous spiral process. Therefore, data security operations need to be done well.
Data security technical capabilities
The realization of data security requires the support of technology and tool platforms to complete the construction of security control measures, so as to achieve the construction of data security capabilities.
Data security compliance capabilities
In the field of data security, more and more laws, regulations and standards at home and abroad are gradually introduced, and compliance work has become the bottom line of the field of data security.
5.3 Develop system process
The system process needs to be considered and designed from the organizational level as a whole, and form a system framework. The system needs to be layered, and between layers, and between different modules of the same layer, there must be associated logic, and there must be no duplication or contradiction in content.
Level 1 file
The policy and general outline are the top-level policies, strategies, basic principles and general management requirements for data security management at the organizational level.
Data security management systems and methods refer to the general data security and the regulatory requirements of a security domain or multiple security domains in each life cycle stage.
Level 3 file
The operation procedures and specifications of each life cycle of data security and a specific security domain, as well as corresponding work instructions or guidelines, supporting template files, etc.
Level 4 file
The corresponding plans, forms, reports, various operation/inspection records, log files, etc., generated by the implementation of the data security management system, if automated, can be collected through technical tools to form the corresponding quantitative analysis results, which are also part of the data.
6. Data security technology capacity building
6.1 Data security collection
The main risks in the data collection phase are concentrated in the collection source, collection terminal, and collection process, including unauthorized collection in the collection phase, unclear data classification and classification, unclear identification of sensitive data, lack of fine-grained access control during collection, and data inability Tracing back to the source, the risk of leakage of sensitive data collected, the security of the collection terminal, and the post-audit of the collection process. In view of the risks faced in the acquisition phase, the following security technical countermeasures are added based on the basic security capabilities.
Security verification includes two meanings: acquisition object verification and data source verification. Collection object verification refers to the authentication of the collected objects (including equipment, applications, and systems) to ensure that the collected objects are reliable and there are no counterfeit objects. The management of the collection objects can be realized through the authentication system. Data source verification refers to ensuring that the data source is credible and that the data source is not tampered with or destroyed during the collection and transmission process.
Data cleaning is a process of discovering and correcting identifiable errors in data files. This technology selects appropriate methods to “clean” the obvious error values, missing values, abnormal values, and suspicious data found in the data review process, so that “dirty” data becomes “clean” data, which is conducive to the subsequent processing stage to obtain reliable The conclusion. Data cleaning also includes deleting duplicate records and checking data consistency. How to effectively clean and convert data to make it a data source that meets the requirements of data processing is a key factor affecting the accuracy of data processing. In addition, from the perspective of data security, the collected data may have hidden security risks such as malicious code and viruses. The introduction of such data will bring serious security threats to the organization’s data platform. Therefore, in the cleaning phase, suspicious data needs to be cleaned safely, and security risks are removed through virus filtering, sandbox verification and other means.
In order to organize the effective management of the data platform, data needs to be planned as a whole, and stored according to factors such as data content and format. Therefore, in the data collection stage, data identification is very necessary. Combined with organization classification and grading standards, a variety of data identification methods are used, such as based on the collection object, based on the data format, etc., to automatically identify the data content.
In order to implement the subsequent security management of data, the identified data can be labeled with a security data label, and then security policies such as storage, authorization, and control can be implemented according to the data label. There are many types of data tags. According to the format of the embedded object, they can be divided into structured data tags and unstructured data tags; according to the format of the tags, they can be divided into embedded file format tags and digital watermarks.
6.2 Data security encryption
In the data storage and transmission stage, relevant encryption measures need to be established to ensure the confidentiality, integrity and trustworthiness of the data during storage and transmission.
Data storage isolation and encryption
Front proxy and encryption gateway technology
Application layer transformation encryption technology
File-level encryption and decryption technology
Post proxy technology based on view and trigger
Data transmission encryption
Organizations should first clarify the scenarios in which encrypted transmission is required. Not all data needs to be encrypted for transmission. Usually, data that needs to be encrypted for transmission includes but not limited to system management data, authentication information, important business data, and important personal information. And data with high integrity requirements. After defining the scenarios that need to be encrypted, the organization should select an appropriate encryption algorithm to encrypt the data for transmission. As the current implementation of encryption technology all relies on keys, the security management of keys is a very important link.
6.3 Data access control
In order to ensure the confidentiality and integrity of data in various stages and different scenarios of the data life cycle, allow legitimate users to access data assets, prevent illegal users from accessing data assets, and prevent legitimate users from unauthorized operations on data assets Access often requires control and management of data access permissions.
In view of the diversity of users’ requirements for the safe use of data access services, combined with data lifecycle access requirements and characteristics, technologies such as role-based access control, risk-based access control, and attribute-based access control can be adopted, and by formulating technologies based on subject attributes and objects The attribute fine-grained access control authorization strategy can flexibly set the user’s permission to use the data, so as to realize the fine-grained access control of the data.
Role-based access control (RBAC)
Roles are based on the core concept of the role access control model. Role mining is mainly used to solve the problem of how to generate roles and to establish user-role, role-permission mapping. Compared with the “top-down” artificial role design, role mining is “bottom-up” from the existing user-authority assignment relationship to automatically realize the role definition and management work to reduce management Dependency of the staff. Therefore, it can effectively alleviate the phenomenon of over-authorization and insufficient authorization in data applications using RBAC.
Risk-based access control (BARAC)
When the data-carrying system is in a relatively stable environment, it is only necessary to locally adjust the access control strategy according to the needs to ensure the safety of the data life cycle. However, for organizations that have dynamic adjustment requirements for the data-carrying system, it is more Evaluate the risk-use balance well, and need to adjust the access control according to actual needs to adapt to the new environment, the workload is heavy and it is not easy to try. And risk-based access control can help organizations better address this type of risk. Risk-based access control is based on data classification and classification and the risks faced by data assets. According to the visitor’s access requirements for different types and levels of data assets, comprehensive analysis of the visitor’s role and access behavior may cause risks, and then judge the access Allow or deny behaviors to dynamically adjust access control policies to achieve safe and efficient access control.
Attribute-based access control (ABAC)
Attribute-based access control ABAC is a “next generation” authorization model. Attributes are used as a building block in a structured language to define and implement access control, and provide context-dependent fine-grained dynamic access control services. Attribute-based access control integrates the concept of entity attributes or entity attribute groups throughout the entire process of access control, and treats all information related to access control, such as the operation behavior of the entity, the time node of the access request and response, and the geographic location of the entity. Model the attributes of the subject, object, and environment in a unified manner, and describe complex authorization and access control constraints by defining the relationship between attributes. When formulating access control policies, you do not need to formulate one by one according to the needs of users, but can Authorization is determined by the matching of the attributes of the subject, resource, environment, and action, which has great flexibility and solves the problem of fine-grained access control and large-scale user expansion in complex environments.
6.4 Data leakage prevention
Data leakage is a gradual process, gradually spreading outward from the source of information data generation, and usually eventually spread by unauthorized users through different boundary channels to the external environment beyond the organization’s control, through the data -> people -> boundary transmission path The analysis of data originates from the business system, and the downloading and dissemination of data are all human operations, which need to be leaked through boundaries (physical and logical boundaries such as network, terminal, virtualization, etc.). Therefore, the core idea of data leakage prevention is The protection is carried out level by level in the direction of data transmission, thereby achieving the effect of reducing risks.
Data leakage prevention is based on the classification of data assets, combined with the organization’s business processes and data flow, to build a complete security for all aspects of data leakage, provide unified solutions, and promote the continuous and safe operation of core businesses. In order to ensure the data leakage prevention effect during the life cycle, there are three main data leakage prevention technologies that can be adopted:
Data encryption technology
Data encryption is one of the basic technologies for data leakage prevention in China in the past ten years, including disk encryption, file encryption, and transparent document encryption and decryption. At present, transparent document encryption and decryption are the most common. The transparent document encryption and decryption technology uses the filter driver to set the corresponding parameters of the protected sensitive data content, thereby selectively protecting the specific files generated by the specific process, encrypting and storing when writing, and automatically decrypting when reading the file. The whole process is not Affect other protected content. Encryption technology protects data from the source of data leakage and prevents data leakage after it leaves the enterprise. However, the secret key management of encryption technology is very complicated. Once the secret key is lost or the encrypted data is damaged, the original data will be unrecoverable. For transparent document encryption and decryption, if the data is not in the form of a document, it cannot be controlled.
Permission control technology
Digital Right Management (DRM) is to set up specific security policies to realize automatic protection in the transient state of sensitive data file generation, storage and transmission, and to prevent illegal copying, leakage and spread of sensitive data through conditional access control policies. operating. DRM technology usually does not perform encryption and decryption operations on data, but implements data authority control through fine-grained operation control and identity control strategies. The closer integration of authority management and control strategies with business has an impact on the organization’s existing business processes.
Channel protection technology based on content depth recognition
The concept of content-based Data Loss Prevention (DLP) originated from abroad. It is a technical method for comprehensive protection of sensitive data within the organization for the purpose of not affecting the normal business of the organization. DLP takes in-depth content recognition as the core, based on the definition of sensitive data content strategy, monitors data transmission channels, and audits or controls the transmission of sensitive data. DLP does not change the normal business process, and has rich audit capabilities, which facilitates the post-mortem location and timely traceability of data leakage incidents.
6.5 Data security desensitization
There are security risks in the use of sensitive data such as illegal disclosure, unauthorized tampering, counterfeiting, and illegal use. Data desensitization means that while retaining the original characteristics of the data, some of its values are changed to prevent unauthorized persons from illegally obtaining sensitive data from the organization, to achieve protection of sensitive data, and to ensure system testing, business supervision, etc. The processing is unaffected, that is, maintaining data security and complying with data privacy regulations while retaining the meaning and validity of the data. With the help of data desensitization, the information can still be used and associated with the business without violating relevant regulations and avoiding the risk of data leakage.
Currently, there are three main technologies for data desensitization: data-based distortion/scrambling technology, data encryption technology, and data restricted release technology.
Data desensitization technology based on data distortion/disturbance
That is, through data cleaning, data shielding, data exchange and other means to modify or convert the data to make sensitive data distortion. Data distortion/disturbance technology is different from data encryption technology. It is for certain calculation, analysis and testing purposes. It is necessary to preserve the correlation between some characteristic data attributes of the original data, while data encryption is to keep the data confidential. Encryption processing, data encryption is reversible, while data desensitization does not have reversible properties. The characteristic of data distortion/disturbance technology is to hide sensitive information of the original data through partial or global modification of the original data.
Technology based on data encryption
That is, the use of encryption technology to hide sensitive information during the data release process. It is mainly to encrypt the data value through the public key password security mechanism to prevent data privacy leakage. Since the public key cryptography mechanism realizes the invisibility of other parties to the original data, it can ensure the losslessness of data information, so it can ensure the accurate mining results of the data, but compared with the data distortion/disturbance method, the calculation and communication costs are higher . The public key encryption mechanism has the characteristics of data authenticity, no defect, high privacy protection, and is reversible and repeatable, but the cost is high.
Technology released based on data restrictions
That is, conditionally release data based on specific circumstances. This technology is mainly used in situations where data accuracy is not high, that is, data is classified according to the sensitivity of the original data before release, and data access rights are controlled according to the principle of least authorization, such as restricting the release of some fields and allowing only partial permissions for some fields Higher user access, thereby reducing the risk of data leakage. This technology has strong applicability, guarantees the authenticity of the data, and is simple to implement, but there is a certain degree of data loss and leakage risks.
The core of data desensitization is to achieve a balance between data availability and security. It is necessary to consider system overhead to meet the needs of business systems, but also to take into account the principle of minimum availability and maximize the leakage of sensitive information. The above three technologies are suitable for different data desensitization scenarios. In actual applications, suitable data desensitization technologies can be selected according to different applications and environments to form effective sensitive data protection measures.
6.6 Data Security Audit
With the surge in demand for data sharing and exchange services, the number of data security responsible entities increases, management complexity is high, and data rights and responsibilities have become more difficult. The transfer of data control rights brings new audit issues. Because all parties to the data processing have access rights to the data, and the data itself is easy to replicate and spread, it is often difficult to define security incidents such as data leakage. Safety responsibility. In addition, the complex data flow, cross-system and cross-organization exchange and sharing make it difficult to define normal access behavior, and the more data flows through the links, the more difficult it is to trace the source and control the data. Therefore, data security auditing needs to be transformed from system-centric to data-centric.
Data collection stage
The data collection stage is at the upstream of the data value chain and usually involves metadata operations and data classification and classification processes. This process will have an important impact on subsequent data processing. Therefore, the security audit during the data collection phase revolves around this process. By collecting metadata operation logs, the retrospective audit of metadata operations can be realized to ensure the traceability of metadata operations. Through the log recording and analysis of the operation and change process of data classification and classification, and the periodic audit of the change operation through technical means such as log analysis, the traceability of the data classification and classification process is ensured.
Data transfer phase
The data transmission phase is faced with security risks such as data theft and data monitoring, and belongs to the frequent occurrence of security incidents. Especially when the transmission process involves sensitive data, if the security control measures are taken improperly, it is likely to cause data leakage incidents. Therefore, data transmission audits need to focus on the implementation of the transmission security strategy, and timely discover possible sensitive data leakage incidents during the transmission process
Data storage stage
Data storage is usually implemented using distributed technology. Therefore, the security audit in the data storage phase requires the ability to audit distributed storage access security. At the same time, the security audit in the data storage phase also needs to solve the problem of data integrity protection and support dynamic changes of data and batch audits.
Data processing stage
Data desensitization is usually involved in the data processing stage. Sensitive data can be effectively protected by deforming the data in accordance with the desensitization rules. The desensitized data will be further applied to all stages of data processing. The effect of desensitization will have a greater impact on the value of the entire data. Therefore, the security audit in the data processing stage focuses on the desensitization process, and records the data desensitization strategy and related operations.
Data exchange stage
The data exchange process is the focus of the data security audit process. During the data sharing stage, security audits need to formulate data import, export, and sharing audit strategies, continuously monitor high-risk data sharing operations, and form audit logs. Provide assistance for security incident handling, emergency response, and post-mortem that may be triggered during the data sharing phase, and ensure that the shared data does not exceed the authorized scope.
Data destruction stage
In the data destruction phase, security audits focus on recording and auditing the access and use behavior of storage media. Monitor the registration and handover process of the destroyed media, and form audit records for analysis. At the same time, the data destruction strategy is audited, and the operation time, operator, operation method, data content, operation result and other related information of data deletion are recorded.
Data security audits need to cover all parties involved in data processing and the entire data life cycle, formulate security audit policies and procedures covering system behaviors and data activities, and clarify audit objects, audit objectives, audit content, audit methods, audit frequency, relevant roles and Responsibilities, management commitments, coordination of all parties in the supply chain, compliance analysis, etc., establish data security audit procedures and coordination mechanisms to ensure the traceability of audit events.
6.8 Data security destruction
Data destruction mainly refers to the removal or destruction of data after obtaining the authorization or request of the organization or user. Use the technology and methods authorized by the organization to clear or destroy sensitive information, ensure that it cannot be restored, and have security audit capabilities. Data security destruction can provide a security audit function for the data destruction process. The audit covers every user of each system. The audit log is kept and audited for important user behaviors and important security events in the data destruction process. It shall be ensured that the storage space of important data including identification information, sensitive information, personal information, etc. is completely cleared before being released or reallocated.
7. Data security operation capacity building
7.1 Data asset management and control
Combining the identification results of business scenarios, and through data asset management and control technology, establish a unified data scheduling method, form a benign data sharing mechanism, improve data confidence, optimize model rationality, clear data flow, clear management rights and responsibilities, and improve results Under the oriented value standard, data asset management and control will undoubtedly become the core fulcrum of the organization’s data security capacity building.
Data asset mapping and identification
Use automated technical tools to survey and map the organization’s data assets or real-time data streams, and establish a panoramic view of the organization’s data assets. Based on the organization’s data asset classification standards, using the data of each business system as the source, and sorting out the organization’s business planning The physical, business, management, and asset attribute information of the class data, as well as the corresponding informatization description, are displayed in multiple perspectives and visualizations. At the same time, through the construction of a panoramic view of the organization data, the data classification and classification standards are improved, the attributes of the data assets are described, and the data assets are managed. Quality provides technical support for data security capacity building.
Sensitive data tag monitoring
According to data classification standards, sensitively identify all types of data identified in the organization’s data asset surveying and mapping, and apply system operation, development and testing, external data transmission, front-end and back-end operations and other data lifecycle links, according to defined sensitive data usage rules Monitor the circulation, storage, and use of data, detect violations in time and proceed with the next step.
Data asset blood traceability
For each data asset selected in accordance with data security management requirements, following the principles of data asset life cycle management, the business department establishes a business model of the entire process formed by the data asset, and conducts standardized description of data flow nodes to organize each A standardized node’s initial data input, processing process, storage process and transmission process and other information, and use the blood traceability support tool to maintain the traceability information, to provide traceability query and subsequent data verification services.
Data asset risk management
Data asset risk assessment management can comprehensively detect data security issues and data platform vulnerabilities, combining data asset surveying and mapping, data circulation testing, data platform vulnerabilities, security configuration verification and multiple scanning and testing results to conduct risk assessment and analysis. Discover data classification and classification problems, sensitive data storage distribution problems, abnormal use of sensitive data, data component security vulnerabilities, security configuration problems, etc. Enable organizations to quickly discover security risks, make security plans early, and make data risks quantifiable.
7.2 Security policy enforcement
On the basis of adopting appropriate technical means, the organization establishes a security protection mechanism consistent with the organization’s data security strategy, and implements various processes and procedures to maintain and manage data assets.
Access control strategy
According to the organization’s data authority management system, based on the organization’s data classification and grading standards and norms, using a unified identity and access management platform, establish different categories and levels of data access authorization rules and authorization procedures, and achieve unified account management for data access personnel. Unified authentication, unified authorization, and unified audit ensure the effective implementation of the organization’s data authority management system.
Data encryption strategy
According to the organization’s data encryption management system, determine the encryption scheme for the scenarios that require encryption, and implement the encryption algorithm requirements and key management requirements agreed by the system specifications through encryption products or tools to ensure the confidentiality and integrity of the data transmission and storage process At the same time, the operation process of encryption algorithm configuration, change, and key management should have audit mechanism and monitoring means.
Leak protection strategy
Based on the organization’s data leakage prevention strategy, with sensitive data as the object of protection, active protection based on data content, monitoring of all sensitive data input and output channels such as mail, network, terminals, etc., and early warning according to the requirements of strategic management and control. Prompt, intercept, block, control and alert, etc., and strengthen the sensitive data review and control mechanism to reduce the probability of sensitive data leakage and improve traceability.
Security desensitization strategy
According to the organization’s establishment of a unified data desensitization system, specifications and procedures, clarify data desensitization business scenarios, as well as data desensitization rules and methods in different business application scenarios, and use a unified static desensitization and dynamic desensitization function Data desensitization tools, dynamically adjust desensitization rules according to the user’s responsibility and authority or business processing activities, and keep log records of the data desensitization operation process to review illegal use and malicious behavior, and prevent accidental sensitivity Data breach.
Security audit strategy
According to the data security monitoring and auditing strategy, use data security audit tools to log and audit the data flow in all core assets such as networks, systems, applications, and data platforms in the organization, and conduct risk identification and early warning to achieve coverage data collection , Data transmission, data storage, data processing, data exchange, and data destruction.
Backup and recovery strategy
According to data service reliability and availability security protection goals, guided by data backup and recovery strategies, use data backup and recovery technical tools to establish and implement data replication, backup and recovery operating procedures, such as the scope of data replication, backup and recovery , Frequency, tools, procedures, log record specifications, data retention time, etc., and ensure the validity of data copies or backup data in accordance with regular inspection and update work requirements, such as data copy update frequency, retention period, etc.
7.3 Continuous security monitoring
The organization formulates appropriate activities to implement continuous security monitoring of risks faced by internal data assets and threat intelligence outside the organization to ensure that anomalies and events can be accurately detected, understand their potential impact, and verify the effectiveness of protection measures in a timely manner.
Log security monitoring
Through the collection of log information of various network devices, security devices, servers, hosts, and business systems, as well as the behavior mining, attack path analysis, and traceability of the log, the organization’s security status can be visualized and trend forecasted. Follow-up security policy adjustments and linkage responses provide necessary technical support.
Traffic safety monitoring
Traffic security monitoring is traffic analysis in multiple dimensions, such as users, services, critical links, and network access. It can realize accurate analysis of user and business access, discover various abnormal events and behaviors, and establish multiple traffic baselines for traffic. , To provide necessary technical support for subsequent security policy adjustments and linkage responses.
Behavioral safety monitoring
Behavioral safety monitoring is the behavioral safety analysis of internal and external users of the organization, such as logging in to non-authorized systems at abnormal times, abnormal authorization operations, account expiration unchanged, resigning personnel copying large amounts of data, etc., by monitoring various user behaviors, accurately finding user behavior Analyze the access trajectory, access content, and focus of attention, etc., to ensure that user behavior meets the relevant requirements of security management.
Threat intelligence monitoring
The organization cooperates with external organizations to obtain threat intelligence, which includes knowledge aggregation of a series of evidence such as vulnerabilities, threats, characteristics, behaviors, and operational recommendations. Threat intelligence brings effective supplements to the organization’s defense methods. Based on the perspective of the attacker, it relies on its extensive visibility and a comprehensive understanding of organizational risks and threats to help organizations better understand threats and enable organizations to be accurate and efficient Take action to avoid or reduce the loss of data assets caused by cyber attacks.
7.4 Emergency response recovery
The organization formulates and implements appropriate activities to take action on detected data security incidents and restore any functions or services damaged due to the incident to reduce the impact of data security incidents.
According to the risks faced by different business scenarios, the organization formulates targeted incident response plans, clarifies the responsibilities of emergency response organizations and personnel, establishes a communication mechanism in the incident response process, coordinates internal and external resources, and performs and maintains response when an incident occurs Processes and procedures to ensure timely implementation of response plans to prevent the expansion of the incident, reduce its impact, and ultimately eliminate the incident, and improve the organization’s security strategy to prevent the incident from recurring by learning lessons from it.
After the completion of the organization’s various response activities, it is necessary to assess the scope of the incident, follow the pre-established maintenance and recovery procedures and procedures, coordinate internal and external related party resources, and carry out recovery activities to ensure the timely recovery of systems or assets affected by the incident. And by incorporating the lessons learned into future activities, the restoration planning and process have been improved.
7.5 Personnel Ability Development
The organization’s data security management capabilities, technical capabilities, and operational capabilities are ultimately inseparable from human execution. Employees from different departments, levels, and sources within the organization directly and indirectly contact data assets in different scenarios. Therefore, risks always lie in people, and it is necessary to gradually improve the safety awareness of personnel and strengthen their data security management capabilities, data security operations capabilities, data security technical capabilities, and data security compliance capabilities.
Analyzing the needs of organizational personnel capacity development from different perspectives can be carried out from three aspects:
Improve the security awareness of organizational personnel, establish a long-term mechanism for personnel security awareness training, and gradually improve personnel’s ability to identify data security threats, truly understand the value of the data being used, and fully realize their important roles and responsibilities in organizational data security , And combine the results of various forms of inspection personnel safety awareness training.
According to the comprehensive analysis of the capabilities of the personnel required in all aspects of the organization’s data security, clarify the objectives of the organization’s personnel skills training, formulate a scientific and reasonable training plan, and fully reflect the progressive relationship of first basic, then professional, first comprehensive, and then ability. The focus of skill training is to comprehensively improve the professional capabilities of personnel.
In order to meet the organization’s requirements for various personnel capabilities, it is necessary to carry out various practical simulation exercises with the theme of the organization’s actual business scenarios and the security risks faced by the data. Through effective identification, analysis and control of risks in the data life cycle, it is necessary to improve Safety awareness of personnel and ability to handle incidents safely.
Organizational business development is increasingly dependent on data assets. While effectively using data and maximizing the value of big data, it also faces many security risks brought by data, such as privacy leakage, data management, data availability and integrity Destruction, etc., to ensure the security of data assets is currently a key concern. By carrying out data security planning activities, the organization starts with compliance requirements, business security requirements and risk control requirements, and identifies various scenarios and risk assessment results based on business characteristics, formulates organizational data classification and classification standards, and Through the construction of three dimensions: data security management capabilities, data security technical capabilities, and data security operation capabilities, a self-optimizing closed-loop control system for data security protection is established, and data security protection mechanisms and methods are continuously optimized to reduce the risk of data assets and guarantee The security of the data life cycle is manageable and controllable.