What are the cases of data security?

“In the era of big data, while fully exploring and leveraging the value of big data, it is urgent to solve issues such as data security and personal information protection.” Shi Xiansheng, deputy secretary-general of the Internet Society of China, pointed out when attending the meeting in Guiyang.

Employees stole hundreds of millions of user information

Earlier this year, the Ministry of Public Security uncovered a major case of stealing and selling citizens’ personal information.

The stolen user information mainly involves hundreds of millions of pieces of information in the fields of transportation, logistics, medical care, social networking, and banking. Subsequently, these users' personal information is sold in various ways on the Internet black market. The police found that the main suspect behind the scenes was an employee of the company where the information leaked.

Industry data security experts commented that this case leaked hundreds of millions of citizens’ personal information, and the main problem lies in internal data security management flaws.

The situation abroad is not optimistic either. On September 22, 2016, the global Internet giant Yahoo confirmed that the account information of at least 500 million users was stolen in 2014. The stolen content included user names, email addresses, phone numbers, dates of birth and partial login passwords.

After corporate data information is leaked, it can easily be used by criminals to make profits in the operation of black and gray online industries. The harm ranges from stealing property to killing people. In August last year, Xu Yuyu, a college entrance examination student in Shandong, was defrauded by telecommunications. This is evident in data security incidents such as the 9,900 yuan tuition fee death case.

In July last year, Microsoft Windows 10 also received a warning letter from the French data protection regulator CNIL for failing to comply with the EU's "safe harbor" regulations and excessively collecting user data.

The "Report" released by the Internet Research Center of the Shanghai Academy of Social Sciences points out that as the commercial value of data resources becomes more prominent, activities such as attacks, theft, abuse and hijacking of data continue to proliferate, showing industrialization, high Characteristics such as technologicalization and transnationalization have posed new challenges to the level of national and data ecological governance, as well as the organization's data security capabilities.

Currently, massive user data on important commercial websites is the core asset of enterprises, and is also an important target of private hackers and even state-level attacks. Data security management of key enterprises is facing severe pressure.

How can enterprises and organizations improve their data security capabilities?

Enterprises and organizations urgently need to improve their data security management capabilities

“Big data security threats penetrate into all aspects of the big data industry such as data production, circulation and consumption, including data sources, big data processing All types of entities in the platform and big data analysis services are sources of threats. Hui Zhibin, director of the Information Institute of the Shanghai Academy of Social Sciences, told reporters that the causes of big data security incident risks are complex and intertwined, including both external attacks and internal leaks. , there are both technical loopholes and management flaws, new risks triggered by new technologies and new models, and the continued triggering of traditional security issues.

On May 27, Shi Xiansheng, deputy secretary-general of the Internet Society of China, said that the Internet has increasingly become the basis for economic and social operations, and network data security awareness, capabilities and protection methods are facing new challenges.

The "Cybersecurity Law" that will be implemented on June 1 this year focuses on issues related to data leakage by corporate organizations. The bill requires various organizations to effectively assume the responsibility for ensuring data security, that is, confidentiality, integrity and availability. In addition, individuals need to ensure the security and controllability of their personal information.

Shi Xiansheng introduced that in fact, as early as 2015, the State Council issued the "Action Outline to Promote the Development of Big Data", which clearly stated the need to "improve the big data security system", "strengthen security support, and upgrade key infrastructure equipment" safety and reliability level”.

“Currently, many companies and institutions still don’t know how to improve their data security management capabilities, nor do they know what standards to measure them against.” An industry insider analyzed that the crux of the problem lies in domestic Data security management is still in its infancy, and many corporate organizations have not established a data security assessment system or have complete assessment reference standards.

The "Big Data Security Capability Maturity Model" has submitted a national standard application

During the Digital Expo, the reporter learned from the "Big Data Security Industry Practice Summit Forum" that in order to solve this problem In order to solve the problem, functional departments such as the National Information Security Standardization Technical Committee collaborated with standardization experts, scholars and industry representative enterprises in the field of data security to formulate a set of evaluation standards for organizational data security capabilities - the "Big Data Security Capability Maturity Model". The standard is formulated based on the Data Security Maturity Model (DSMM) proposed by Alibaba.

Zheng Bin, Director of Security Department of Alibaba Group, introduced DSMM.

As the lead drafter of this standard project, Zheng Bin, Director of Security Department of Alibaba Group, said that this standard is the first draft of Alibaba’s DSMM based on its own practical experience in data security management and is intended to be shared with the industry. Alibaba’s experience improves the industry’s overall security capabilities.

“The information security of Internet users has never been the business of a single company.” Zheng Bin said that the formulation of the “Big Data Security Capability Maturity Model” was also developed by the China Electronics Technology Standardization Institute and the National Information Authoritative data security institutions, academic institutions and enterprises such as the Security Engineering Technology Research Center, China Information Security Evaluation Center, the Third Institute of Public Security, Tsinghua University and Alibaba Cloud Computing Co., Ltd. collaborated to provide opinions.