Research and Design of Data Security Evaluation Model Based on DSMM Model

doi:10.3969/j.issn.1671-1122.2021.09.013

Abstract

Abstract:

From the perspective of data security assessment, based on data security governance framework and data security capability maturity model, and combined with system for classified protection of cybersecurity 2.0, this paper studies and analyzes data security related technologies and assessment methods, and proposes a “management + technology” data security assessment model. The model takes data as the center, which can meet the security requirements reflected by the development of all kinds of data business of organizations. The evaluation items have good universality, and can be applied to the evaluation of organizations with information systems to carry out data security work.

Key words: data security, data security capability maturity model, classified protection 2.0, evaluation model

CLC Number:

TP309

YANG Xiaoqi, BAI Lifang, TANG Gang. Research and Design of Data Security Evaluation Model Based on DSMM Model[J]. Netinfo Security, 2021, 21(9): 90-95.

Figures/Tables 4

References 10

[1]	JIN Xiaolong, RUAN Tong. Special Topic: Big Data Based Knowledge Graph and Its Applications[J]. Big Data, 2021, 7(3): 1-2. doi: 10.1089/big.2019.29029.edi URL
	靳小龙, 阮彤 .专题: 基于大数据的知识图谱及其应用[J]. 大数据, 2021, 7(3): 1-2.
[2]	LIU Guifeng, RUAN Bingying, LIU Qiong. Enhance Data Security Governance Capability: Interpretation of Data Security Law of the People's Republic of China (Draft)[J]. Journal of Library and Information Science in Agriculture, 2021, 33(4): 4-13.
	刘桂锋, 阮冰颖, 刘琼. 加强数据安全防护提升数据治理能力——《中华人民共和国数据安全法(草案)》解读[J]. 农业图书情报学报, 2021, 33(4): 4-13.
[3]	Ponemon Institute, IBM Security. Cost of a Data Breach Report 2020[EB/OL]. https://www.capita.com/sites/g/files/nginej291/files/2020-08/Ponemon-Global-Cost-of-Data-Breach-Study-2020.pdf, 2021-06-15.
[4]	Gartner. How to Use the Data Security Governance Framework[EB/OL]. https://www.gartner.com/en/documents/3873369-how-to-use-the-data-security-governance-framework, 2018-04-27.
[5]	CSTC. White Paper of Data Security Governance in Telecom and Internet Industries[EB/OL]. https://www.baidu.com/link?url=Nx8Eid7Lu_SHAkv1N9zBF5S9Ixy2lAmFka1gRBkZfd7kaeV2Cc4bSU8LNrzUqdvcPUuubc6ETYT_x4J1PHd1-q&wd=&eqid=a6f9545200295fec0000000360c8008d, 2021-05-15.
	中国软件评测中心. 电信和互联网行业数据安全治理白皮书[EB/OL]. https://www.baidu.com/link?url=Nx8Eid7Lu_SHAkv1N9zBF5S9Ixy2lAmFka1gRBkZfd7kaeV2Cc4bSU8LNrzUqdvcPUuubc6ETYT_x4J1PHd1-q&wd=&eqid=a6f9545200295fec0000000360c8008d, 2021-05-15.
[6]	GB/T 37988-2019 Information Security Technology—data Security Capability Maturity Model[S]. Beijing: Standards Press of China, 2019.
	GB/T 37988-2019 信息安全技术数据安全能力成熟度模型[S]. 北京: 中国标准出版社, 2019.
[7]	TONG Hua, YANG Haocheng, LI Huaiyi. Do a Good Job for Classified Protection 2.0 of Network Information Security Work Some Thinking[J]. Network Security Technology and Application, 2021, 21(1): 167-168.
	童话, 杨浩程, 李怀义. 做好等保2.0网络信息安全工作的一些思考[J]. 网络安全技术与应用, 2021, 21(1): 167-168.
[8]	LI Weiyue, LENG Hao, YANG Shengming, et al. Network Security Requirements and Solutions of Classified Protection of Cybersecurity 2.0[J]. Electronics Quality, 2021, 42(4): 8-11.
	李炜玥, 冷昊, 杨盛明, 等. 网络安全等级保护2.0之常见安全要点及应对方法[J]. 电子质量, 2021, 42(4): 8-11.
[9]	GB/T22239-2019 Information Security Technology—baseline for Classified Protection of Cybersecurity[S]. Beijing: Standards Press of China, 2019.
	GB/T22239-2019 信息安全技术网络安全等级保护基本要求[S]. 北京: 中国标准出版社, 2019.
[10]	CHEN Guangyong, ZHU Guobang, FAN Chunling. Information Security Technology—Evaluation Requirement for Classified Protection of Cybersecurity(GB/T 28448-2019) Standard Interpretation[J]. Netinfo Security, 2019, 19(7): 1-8.
	陈广勇, 祝国邦, 范春玲. 《信息安全技术网络安全等级保护测评要求》(GB/T 28448-2019)标准解读[J]. 信息网络安全, 2019, 19(7): 1-8.