foreword
Background of the new situation of data security
Data is defined as an important factor of production in the new era, and is a national basic strategic resource. The value of data is a new driving force for the transformation and development of my country’s social economy.
Since 2021, my country has successively released important national data strategies such as the “14th Five-Year Plan for National Informatization Development” and the “14th Five-Year Plan for Digital Economy Development”, emphasizing the construction of digital China and accelerating the market-based circulation of data elements. Innovate the mechanism for the development and utilization of data elements. In order to promote data sharing and data transactions, more than ten provinces and cities including Shanghai and Shenzhen have also intensively issued data regulations. With the development of the marketization of data elements, the huge value and significance of data have been emphasized and highlighted, but the development and utilization of data is also a double-edged sword. Abuse and other risks, causing serious threats and damage to individuals, organizations, social public interests and even national interests. In order to regulate data processing activities, ensure data security, and promote data development and utilization, the “Data Security Law of the People’s Republic of China” (hereinafter referred to as the “Data Security Law”) and the “Personal Information Protection Law of the People’s Republic of China” (hereinafter referred to as the “Personal Information Protection Law”) were officially released , emphasizing the overall planning of data development and security protection, and promoting the rational and effective use of data in accordance with the law on the premise of ensuring security and privacy.
write target
In the context of the above situation, in the process of data collection, storage, use, processing, transmission, provision, disclosure and other data processing activities, enterprises or organizations inevitably need to face more and more threats to data security and regulatory compliance requirements. The more severe and urgent data security challenges: how to properly balance the development and utilization of data assets, value realization and security protection, and fulfillment of compliance obligations? How to formulate a reasonable management system and select appropriate technical solutions for data security?
Facing the increasingly severe data security situation, in order to help enterprises or organizations deal with the above-mentioned confusions and difficulties in data security, and achieve the goal of integrating data utilization and security protection into two wings and developing in a balanced manner, this white paper is before the “Data Security Governance White Paper 3.0”. On the basis of the pre-order version, further study and judge the current data security situation and trends, interpret the intensively promulgated laws, regulations and regulatory requirements, sort out the pain points and problems faced by data security governance, improve the data security governance framework system and related technologies, and summarize the data security under the new situation. Governance practice cases and typical data security incidents, and put forward future prospects and proposals, try to sort out and summarize the current various data and latest progress related to data security governance as comprehensively and systematically as possible, and explore “making data use free and safe” The management plan of the company adheres to the bottom line of security while releasing the value of data elements. Provide guidance and reference for relevant personnel of data security governance, and hope to further promote, popularize and improve the concepts, methods, systems and practices of data security governance and contribute.
audience
This white paper is mainly aimed at the following types of readers:
Personnel related to data security governance within the organization: for decision makers, program planners and implementers, security managers, and technical trainers related to data security governance within an enterprise or organization, hoping to help them gain a more in-depth and comprehensive understanding of how the enterprise or organization works Data security threats, risks and compliance requirements that are and will be faced in the process of digital transformation, as well as scenario-based governance practices in the industry, so as to more proactively plan and carry out systematic data security governance to ensure that enterprises or organizations can effectively Cope with various data security challenges in the new situation.
Data security governance related product/service providers: plan and product planners for the data security industry, security governance consulting service personnel and project implementers, expect to introduce the governance framework, technical applications and practical cases in the white paper as products /Service providers provide inspiration and reference for the preparation of governance plans, product development and implementation services to better serve users.
Legal workers related to data security governance: For legal workers such as organizational compliance departments and lawyers, it is expected that through the introduction of actual data security related use cases and data security technologies, they will be given data security compliance requirements and suggestions in their work. Provide some reference.
Other relevant readers: In addition, this white paper also has certain reference value for compilers of data security-related policies, regulations and standards, and researchers in the field of data security.
Guided reading
The entire white paper is divided into six main body chapters and one appendix chapter. in:
Chapter 1: Data Security Situation and Challenges: Since 2021, the data security situation has undergone great changes, sort out and analyze domestic and foreign data security strategies, data security risk situations and new national and industry supervision situations, and guide data security by analyzing the new situation governance needs.
Chapter 2: The main pain points and problems faced by data security governance: facing the severe situation of data security risks and regulatory compliance requirements, sort out the main pain points, problems and key requirements of data security governance.
Chapter 3: Data Security Governance Concept and Framework: Focusing on data security risks and compliance-driven needs, sort out data security governance ideas, put forward governance visions, build governance concepts, and form governance frameworks covering management, technology, and operating systems, and give Develop the implementation path of governance planning and construction.
Chapter 4: Interpretation of laws and regulations related to data security: In the process of data security governance, meeting regulatory compliance requirements is one of the important driving forces. Systematically interpret the regulatory compliance requirements of important laws and regulations related to data security at home and abroad.
Chapter 5: Data Security Governance Practice Case Collection: Guided by the data security governance framework, it provides a wealth of practical scenario-based data security governance practice cases for many data processing activity scenarios in industries such as finance, government affairs, energy, education, and medical care. It provides reference and reference for relevant parties to carry out data security governance construction.
Chapter 6: Future Prospects and Initiatives: In the face of problems that cannot be effectively solved in the short term in the management, technology, and operational processes involved in data security governance practices, they are expressed in the form of prospects and initiatives for people in the industry to discuss.
Appendix: Try to interpret the relationship and difference of similar concepts, introduce key data security technologies, relevant governance theories at home and abroad, and data security-related standards, and analyze major data security incidents and legal cases since 2020 to provide reference for business professionals.
Data Security Governance White Paper History
Beijing Anhua Jinhe Technology Co., Ltd. is the initiator and pioneer in advocating the concept of data security governance in China. It is also a practical leader in promoting the application and implementation of the concept of data security governance in various industries in my country for many years. In 2017, with the support and advocacy of the China Cyber Security Industry Alliance, the first “Data Security Governance Working Group” was formally established in China. Governance Summit Forum.
In 2018, with the support and guidance of the Zhongguancun Network Security and Information Industry Alliance, the country’s first special committee in the field of data security, the Data Security Governance Professional Committee, was established, and Anhua Jinhe was successfully elected as the director unit of the committee. Actively promote the promotion and popularization of the concept of data security governance in my country, and provide a resource-rich exchange and support platform for academic research, technological innovation, industrial development and personnel training in the field of data security in my country. In the year of its establishment, it organized the second China Data Security Governance Summit, and organized the compilation of the “Data Security Governance White Paper”, which first proposed the conceptual definition, governance concept and governance framework of data security governance, emphasizing the balance between business needs and data security. , published to the public on the forum.
In 2019, the 3rd China Data Security Governance Summit Forum was held, and the “Data Security Governance White Paper ⒉.0” and “Data Security Governance Construction Guide” were publicly released. Under the background that the country and the industry attach great importance to data security and personal privacy security, the list of relevant regulations and standards for data security has been added; the interpretation of personal information collection and privacy policy evaluation reports has been supplemented, and the data security governance practices of various industries have been expanded. Introduces data security-related hot technologies such as database anti-ransomware, transparent encryption and decryption, and updates important data security events in 2019.
In 2021, the 4th China Data Security Governance Summit Forum will be held, and the “Data Security Governance White Paper 3.0” will be released. It further explained the governance concept of “allowing data to be used freely and safely”, analyzed the similarities and differences between concepts such as data security and network security that the industry is concerned about, brought together key data security technologies and cutting-edge technologies, and interpreted relevant laws, regulations and standards. , which has compiled a wealth of governance cases covering government affairs, finance, energy, education, telecommunications and medical industries, and has become a more comprehensive and influential data security governance reference book in the data security industry.
To view the full report click here
Note: The articles on this site have not been posted and shared by netizens or institutions unless they are marked as original. If there is any need for publicity or infringement, please contact [email protected].
This article is reprinted from: https://www.dx2025.com/archives/170165.html
This site is for inclusion only, and the copyright belongs to the original author.