With the formulation of the Data Security Law and the data security hot discussion on the overseas listing of large platform companies,Data security review is attracted much attention。Article 24 of the "Data Security Law" implemented on September 1 this year requires establishing a data security review system、Article 31 requirements Establish an important data security outbound management system,The recent focus events such as Didi Overseas Listing make the needs of data security assessment and review more urgent。But,Compared with network security,Data security assessment and review are more complicated,Data security issues in cross -border flow scenarios are particularly difficult。
bet365 best casino games
Data security is more richer in network security than network security。The main consideration of the network security is the orientation of "为",Is the network behavior normal、Can it avoid or prevent various destruction or invasion of the network; data security must not only consider the orientation of the "for" (behavioral direction),Also consider the direction of "knowledge" (information direction),Is the information implied in the data from being informed by the subject outside the scope。Data cross -border flow especially needs to consider the orientation of "knowledge" more。The dual direction of data security determines what mechanisms and standards need for data security censorship。Examination standards and mechanisms in behavioral orientation can basically learn from network security review practice,According to the provisions of Article 27 of the Data Security Law,Data security protection Bet365 app download obligations on the basis of the protection system of network security level。The review of the information direction is a new challenge。
Data security risks to the information direction,Except for data that may directly from sensitive data or secret data, etc.,It mainly comes from two aspects: correlation analysis and causal inference。A correlation analysis can be based on the correlation of past data and important public events or sensitive information that has been published,The possibility of inferring a certain situation from existing data; causal inference can further combine causal models to infer the mechanism of facts from timing data,It is estimated that the key information hidden deeper。Although this speculation can sometimes only be concluded that the correlation conclusion of passing the Cracks causality test rather than the real cause and effect,It will also give data flow and utilization hidden dangers that cause security。So,An important dimension of data security is the security of derivative data (closely related to the so -called "data analysis security"),This kind of security is almost completely based on the information direction。The key to affecting derivative data security is the technical development of statistical analysis and causal inference。Even the standards of network security level protection and data classification and classification protection are fully met,Based on in -depth correlation analysis and causal inference,Based on the low -sensitivity data of sufficient volume and dimension,Analysts are still likely to get special sensitive information behind it,And its analytical ability will also develop in depth with the increasing deepening of cause and effect.。
Real challenges of the information direction
The important source of risk of data cross -border flow security is the network platform,The huge volume and rich dimension of the platform Bet365 lotto review data have caused significant challenges to data security review。As early as 2016,The data stored in Tencent exceeds 1000pb,Now,The total amount of data of many large platform companies has entered EB level,The work burden of data security review is increasing day by day。Not only that,The threat of data security is not exactly from the platform data itself。Many public source data itself has certain security risks,When relying on the platform data itself cannot reason, key information,Combination of platform data and public source data Inference is more likely to threaten the security of key information。It is not easy to find all potential risks from the platform data of the EB level,It is even more difficult to combine the accurate security judgment of accurate security with the same amount of public source data。
Data security protection requirements are more stringent than network security protection,The latter can urgently cut off the network or shield the visits of a specific range when all technical protection measures fail,Obtain time and space to recover order by forcibly separating the attack;,Data once it starts to flow out, it means fundamentally out of control,Data security protectors have lost the foundation of the bottom of the pocket。Organization and individual who obtain data can carry out data mining at any time、Data analysis and even cracking encryption measures and other activities,You can even wait for the breakthrough of mathematical principles and the development of information technology.。So,Data security review must fully estimate whether the data may occur within a period of time after the data flow out. At the same time,,The risk consideration in the information direction needs to be avoided.,Excessive adverse effects on normal economic exchanges and even scientific and technological development。
Data security protection system response
First, the effective retention mechanism of data samples。Under the conditions of the increasing understanding of the data security review work mechanism in the future,Unless the enterprise is ordered to suspend business and immediately seizes or fully take over,It will be difficult to ensure prevention from fabrication、Tampered with or destroy key data and operating logs to avoid review,But this method obviously does not meet the proportion principle,Non -very urgent and unnecessary to mention it before。If you can ensure the truth、Effective regular (normal) or data sample of the section of the section at a certain time under specific conditions,You can focus on data security review for section data,Ensure that sufficient analysis and judgment time and working conditions,Also avoid the normal operation of over -interfere with the enterprise as much as possible。but but,Due to the huge data volume of platform companies,Real and effectively retain such a large amount of data samples is not only difficult and cost -high,It is also difficult to guarantee its authenticity。To prevent the enterprise from building a "yin and yang data source" without leaving or incompletely retaining real cross -section data samples,Based on the requirements of "Data Copy" in the current data security capacity maturity standard,Flexible comprehensive use of construction data security management platform、Data security officer、Implement monitoring audit、Save the operation log and the abstract will be on the chain、Carrying "Double Random One Open" assault inspection、Application supervision sandbox and other measures,Combined with the setting and implementation of relevant administrative and criminal punishment,Form a targeted regulatory plan。
Second is the data security standard based on the information direction。bet365 live casino games Current,Data processing security requirements in the relevant standards of data security include identity identity、Access control、Authorized Management、Data desensitization、Data encryption、Data anti -leakage, etc.,Actually, they all focus on the behavior of behavior。The two standards that are more dependent on the current data security assessment field- "Data Security Capability Mature Model" (DSMM,The latest version is GB/T 37988-2019) and "Data Management Capability Evaluation Model" (DCMM,The latest version is GB/T36073-2018) Also focuses on the safety problem of behavioral orientation。DCMM's large number of evaluation indicators Although there are related parts of derivative data security,But the consideration of the security of derivative data is not prominent。in DSMM,Only in the data processing security part is quite limited to consider data analysis security issues (the proportion of the entire evaluation model is quite limited),Once the company itself intentionally relaxs control or falsifies in the operation log,This data analysis security requirement is also difficult to play a substantial role,and the data processing activities of the enterprise are closely monitored everywhere by the administrative organs.。but but,Data scanning and blocking measures in DSMM、The security risk monitoring platform of the data analysis process、Complete recording access log、Data permissions such as data permissions access control and other existing security mechanisms,It can still analyze the security of data、Make sure that data is used in proper use and plays a certain positive role。Future compilation and revision of the national standards of data security,Based on correlation analysis and causal inferring the forefront practice that has been proven to be feasible,Fully consider bet365 best casino games the data security requirements of the information direction,It can be refined and enriched the data analysis and enriched it as a separate standard,Adopt the method of "basic requirements+conditional addition modules",Perform targeted precision supervision of data processing activities of different types of enterprises。The formulation and continuous update of data security standards containing information direction,The latest technical progress that can continue to absorb statistical analysis and causal inference,It can also provide accurate technical guidance for corporate data compliance,Effectively balanced data security protection and data development and utilization needs,To prevent the nominal of data security intervention in normal data processing activities。
Third, the important data and data classification grading directory containing key reasoning data。Although the "Data Security Law" mentioned "important data",But its directory has not been formally formed,It should formulate important data catalogs or lists in time。"Important Data" should not only include data that records sensitive information,It should also include key reasoning data。The so -called key reasoning data,refers to inferring the infer of national security in statistical analysis or causal reasoning、Important sensitive information of major public interests or large -scale personal privacy has a large potential threatening data。For this,It should be based on various important sensitive information that has been disclosed in accordance with the law,Timely estimate and verify the correlation between different types of data (especially timing data) and important sensitive information,and its role in causal models that can derive important sensitive information,And the need for the protection of such data according to the reality of data security protection is required to be included in the bet365 Play online games protection scope of important data directory。Similarly,For key reasoning data that has been confirmed in several important causal models or correlation analysis,It should also be handled in the data classification hierarchical directory。
(The author is the Dean of the School of Data Law of the People's Public Security University of China、Associate Professor)
Friendship link: Official website of the Chinese Academy of Social Sciences |
Website filing number: Jinggong.com Anmi 11010502030146 Ministry of Industry and Information Technology:
All rights reserved by China Social Sciences Magazine shall not be reprinted and used without permission
General Editor Email: zzszbj@126.com This website contact information: 010-85886809 Address: 11-12, Building 1, Building 1, No. 15, Guanghua Road, Chaoyang District, Beijing: 100026
>