CN115456317A

CN115456317A - Minimum admission verification method and equipment for data center

Info

Publication number: CN115456317A
Application number: CN202110628466.6A
Authority: CN
Inventors: 王鹏达; 焦秀珍; 钟晓睿; 王玉; 王倩; 李习睿
Original assignee: Diankeyun Beijing Technology Co ltd
Current assignee: Diankeyun Beijing Technology Co ltd
Priority date: 2021-06-07
Filing date: 2021-06-07
Publication date: 2022-12-09

Abstract

The invention provides a minimum admission verification method and equipment for a data center, which comprise the following steps: providing a work preparation table downloading port for downloading the work preparation table so as to upload enterprise information of the evaluated data center; providing a receiving inlet of system information and safety requirement information of the evaluated data center for uploading corresponding information; outputting first system prompt information for uploading asset information and network boundary information of the evaluated data center; outputting a second system prompt message for selecting a reference standard and a rule corresponding to the evaluated center; and selecting a corresponding evaluation strategy containing the minimum authentication requirement from a pre-established evaluation strategy knowledge base according to the information of the evaluation background and the selected reference standard and regulation, receiving evaluation data corresponding to the information of the evaluation background, and performing minimum admission verification. By the scheme, unreasonable conditions on authentication management caused by data center service requirements can be reduced.

Description

Minimum admission verification method and equipment for data center

Technical Field

The invention relates to the technical field of data evaluation, in particular to a minimum admission verification method and equipment for a data center.

Background

The data file is intelligently identified by using an artificial intelligent identification technology, so that the data can be accurately and automatically subjected to compliance inspection, manpower and time are saved, and the efficiency of the data compliance inspection is improved. However, it is administratively unreasonable to use the same authentication requirements for different data centers when assessing whether the data centers meet the admission requirements and compliance levels. The method is not beneficial to promoting data transaction and circulation among all departments, promoting data open sharing and cultivating a new cross-fused big data application state.

Disclosure of Invention

In view of this, the present invention provides a method and a device for verifying minimum admission of a data center, so as to reduce unreasonable situations in authentication management caused by data center service requirements.

In order to achieve the purpose, the invention is realized by adopting the following scheme:

according to an aspect of the embodiments of the present invention, a method for verifying minimum admission of a data center is provided, including:

providing a work preparation table downloading port for downloading the work preparation table and uploading enterprise information in the evaluation background of the evaluated data center based on the work preparation table;

providing a receiving inlet of the system information and the safety requirement information of the evaluated data center for uploading the system information and the safety requirement information in the evaluation background;

after enterprise information, system information and safety requirement information in an evaluation background of an evaluated data center are received, outputting first system prompt information for uploading asset information and network boundary information of the evaluated data center in the evaluation background;

after receiving the asset information and the network boundary information of the evaluated data center, outputting second system prompt information for selecting the reference standard and the regulation corresponding to the evaluated data center from the displayed information of the plurality of reference standards and regulations;

selecting a corresponding evaluation strategy containing a minimum authentication requirement from a pre-established evaluation strategy knowledge base according to an evaluation background containing enterprise information, system information, safety requirement information, asset information and network boundary information and a selected reference standard and a rule;

and receiving evaluation data of the evaluated data center corresponding to the information uploaded to the evaluation background based on the selected evaluation strategy, and performing minimum admission verification on the evaluation data according to the selected evaluation strategy to generate an evaluation report.

In some embodiments, the enterprise information in the assessment context includes one or more of enterprise nature information, capital construction information, business decision rights information, personnel management information, business situation information, qualification situation information, and credit level situation information; the enterprise property information comprises an enterprise name and enterprise properties, the capital constitution information comprises stockholder constitution and a corresponding stock control proportion, the operation decision right information comprises an enterprise organization architecture and a corresponding operation decision right, the personnel management information comprises a board of directors setting condition, a board of intelligibility condition and a data center personnel allocation condition, the operation condition information comprises an enterprise total asset condition, a debt condition, a profit condition and a debt rate, the qualification condition information comprises an IDC license plate and a cloud service license plate, and the credit grade condition information comprises a credit grade condition and an illegal violation condition;

the system information comprises equipment information, service information and network connection information; the safety requirement information comprises industry requirements and management requirements;

the asset information comprises an asset list, asset belongingrights and data center access assets; the network boundary information comprises network topology, network boundary, boundary protection and management boundary;

the reference standards and regulations include network security laws, network security level protection requirements, and network security audit requirements.

In some embodiments, the management requirements include exogenous data management related organizations, the principle of using exogenous data by business departments, service provider qualification review, and exogenous data approval process.

In some embodiments, receiving, based on the selected evaluation policy, evaluation data of an evaluated data center corresponding to the information of the upload evaluation context includes:

and receiving evaluation data of the evaluated data center corresponding to the information of the uploaded evaluation background through an OCR technology based on the selected evaluation strategy.

In some embodiments, the evaluation policy includes data normalization requirements, data integrity, data accuracy, data consistency, data effectiveness, and data accessibility;

wherein:

the data normalization requirements comprise data standards, data models, business rules, metadata, reference data and safety specifications;

the data integrity comprises data element integrity and data record integrity;

the data accuracy comprises data content correctness, data format compliance, data repetition rate, data uniqueness and dirty data occurrence rate;

the data consistency comprises identical data consistency and associated data consistency;

the data effectiveness comprises correctness based on a time period, timeliness based on a time point and timeliness;

data accessibility includes availability and availability.

In some embodiments, receiving, based on the selected evaluation policy, evaluation data of an evaluated data center corresponding to the information of the upload evaluation context to perform minimum admission verification on the evaluation data according to the selected evaluation policy includes:

receiving an editing instruction of the selected evaluation strategy, and adjusting the selected evaluation strategy according to the editing instruction;

and receiving the evaluation data of the evaluated data center corresponding to the information uploaded to the evaluation background according to the adjusted evaluation strategy, and performing minimum admission verification on the evaluation data according to the adjusted evaluation strategy.

In some embodiments, the editing content in the editing instruction comprises network security level protection requirements, network security review requirements, and security risk assessment requirements;

the network security level protection requirements comprise one or more of information system quantity, rating record, level protection evaluation state and level evaluation conclusion;

the network security examination requirement comprises one or more of network security examination application condition, network security examination development condition and network security examination passing condition;

the security risk assessment requirements include risk assessment development and risk modification.

In some embodiments, the evaluation method in the evaluation strategy comprises a data quality direct evaluation method and/or a data quality indirect evaluation method, and the data quality direct evaluation method uses a higher priority than the data quality indirect evaluation method;

the data quality direct evaluation method is to determine the quality of the data center by comparing the data of the data center with internal or external reference information; the external reference information comprises data quality non-quantitative elements, other existing quality reports of the evaluated data set, and quality reports of the data generating the evaluated data set;

the indirect evaluation method of the data quality is to deduce or evaluate the quality of the data center by using the information related to the data of the data center;

the data quality direct evaluation method comprises a complete inspection method and a sampling inspection method; the sampling inspection method comprises a sampling inspection process and a reliability analysis process of data quality inspection results.

In some embodiments, the assessment report includes one or more of the identified available data quality quantitative elements, the newly created accessory data quality quantitative elements if the data quality quantitative elements do not adequately describe the set quality part, the identified available data quality quantitative sub-elements from the reference dataset product specification, the newly created additional data quality quantitative sub-elements if the available data quality quantitative sub-elements do not adequately describe the data quality setting, and the used data quality quantitative sub-element descriptors;

the used data quality quantitative sub-element descriptors comprise one or more of a data quality range, data quality measurement, a data quality evaluation process, a data quality value type of a data quality evaluation result, a data quality value unit and a data quality date;

the data quality range comprises one or more of a data range hierarchy, a data item type, a geographic range, and a time range;

the data quality measure includes a test type and a boundary or test parameter specified by the data quality range.

According to another aspect of the embodiments of the present invention, there is provided a computer device, including a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method according to any of the above embodiments when executing the program.

According to another aspect of the embodiments of the present invention, there is provided a computer-readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the method of any of the above embodiments.

The minimum admission verification method of the data center, the computer equipment and the computer readable storage medium select the corresponding evaluation strategy from the knowledge base for evaluation according to various information, can evaluate different data centers in a corresponding mode, and therefore unreasonable conditions of authentication management caused by service requirements of the data center can be reduced.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts. In the drawings:

fig. 1 is a flowchart illustrating a method for minimum admission verification in a data center according to an embodiment of the present invention;

fig. 2 is a functional structure diagram of a data center minimum admission verification method according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the embodiments of the present invention are further described in detail below with reference to the accompanying drawings. The exemplary embodiments and descriptions of the present invention are provided to explain the present invention, but not to limit the present invention.

The main technology of the data center admission verification mechanism is that aiming at the characteristics of different operation scales of data center constructors and different technology strengths and weaknesses with different attention degrees on network safety work, the verification mechanism of the data center infrastructure compliance admission is made according to the needs in a targeted manner. The technology mainly aims to realize a platform for customizing evaluation contents of a data center, so that unreasonable situations in authentication management caused by data center service requirements are reduced, data transaction circulation among departments is promoted, data opening and sharing are promoted, a new cross-fused big data application mode is cultivated, and a professional data center check team is cultivated.

Fig. 1 is a flowchart illustrating a data center minimum admission verification method according to an embodiment of the present invention, and referring to fig. 1, the data center minimum admission verification method according to the embodiments may include the following steps S110 to S160.

A detailed description will be given of specific embodiments of steps S110 to S160.

Step S110: and providing a work preparation table downloading port for downloading the work preparation table and uploading enterprise information in the evaluation background of the evaluated data center based on the work preparation table.

In step S110, a work preparation table may be downloaded from the platform of the present embodiment, so as to fill in the evaluation background, evaluation basis, evaluation purpose, evaluation principle, and the like related to the evaluated data center, and upload the result to the platform of the present embodiment. The evaluation context information may refer to admission context requirements of an entity, organization, or enterprise to which the data center belongs. The evaluation basis can be determined according to a set standard (such as the national standard of national data center construction), and the evaluation purpose and the evaluation principle can be determined according to the condition of the data center.

The enterprise information in the assessment context may include one or more of enterprise nature information, capital construction information, business decision rights information, personnel management information, business situation information, qualification situation information, and credit rating situation information.

The business property information may include, among other things, the name of the business and the property of the business. The enterprise property information can be mainly used for observing the enterprise property of the unit (responsibility main body) to which the data center belongs. The target name of the business property information may include a business name and a business property. The index description of the enterprise name can refer to the enterprise full name recorded by the industry and commerce; the index descriptions of enterprise properties may refer to enterprise property conditions, such as national enterprise, civil enterprise, foreign enterprise, joint venture enterprise, and the like.

Capital constitution information may include stockholder constitution and corresponding stock control proportions. The capital constitution information can be mainly used for investigating the capital constitution situation of the enterprise. The index designation of the capital constitution information may include stockholder constitution and stock control proportion. The index description of shareholder composition may include a fixed listing of the enterprise; the stock control ratio may include a detailed list of stock control ratios of the shareholders.

The business decision rights information may include the enterprise organizational architecture and corresponding business decision rights. The operation decision right can be mainly used for inspecting the operation decision right of the enterprise. The index description of the business decision rights information may include enterprise organizational structure and business decision rights. The index description of the enterprise organizational structure may include a detailed description of the enterprise organizational structure and the index description of the business decision-making rights may include a detailed description of the business decision-making rights of the enterprise.

The personnel management information may include one or more of a board of directors setup, an intelligibility, and a data center staffing. Personnel management can be mainly used for inspecting the background, the capability and the like of management layer personnel and data center personnel of an enterprise. The index name of the personnel management information may include a board of board setup, a board of intelligibility, and a data center staffing. The index description of the board of directors setup condition may include a detailed description of the board of directors setup condition; the indicator description of the intelligibility situation may include a person background situation, whether a foreign person is present; the index description of the staffing situation of the data center can comprise the number of staffing, the background situation of staffing, the staffing capacity and the like.

The business situation information may include one or more of a total assets condition, a liabilities condition, a profitability condition, and a liabilities rate of the enterprise. The operation condition can be mainly used for investigating the operation condition of the enterprise, and the index name of the operation condition can comprise the total asset condition, the liability condition, the profit condition, the liability ratio and the like of the enterprise. The index description of the total assets condition of the enterprise can comprise providing financial audit report and explaining the total assets condition; the indicator description of liability conditions may include providing a description of liability conditions for the enterprise; the index description of profitability may include providing an enterprise profitability description; the index description of liability rates may include accounting for changes in liability rates over the last few years.

The qualification information may include IDC (Internet Data Center) license plates and cloud service license plates. The qualification condition can be mainly used for inspecting the qualification condition obtained by an enterprise, and the index name of the qualification condition can comprise IDC license plate, cloud service license plate, other license plates and the like. The index description of the IDC license plate may include providing the IDC license plate; the index description of the cloud service license plate may include providing the cloud service license plate; other indicia descriptions of license plates may include qualifications, license plates, etc. that provide other provable capabilities.

The credit-level situation information may include credit-level situations and violation situations. The credit rating condition can be mainly used for inspecting the credit rating condition of the enterprise and the like. The index name of the credit level case may include the credit level case and violation cases. The metric description of the credit rating condition may include providing an indication of the credit rating condition of the enterprise; the index description of the violation violations may include the behavior of whether a violation has historically been present.

Each index name herein may be used to prompt evaluation context information that needs to be provided, and the index description may be used to indicate an action or process that needs to be taken with respect to the corresponding evaluation context information.

Step S120: and providing a receiving inlet of the system information and the safety requirement information of the evaluated data center for uploading the system information and the safety requirement information in the evaluation background.

In step S120, from the perspective of the application system and the security information of the data center, if the evaluated data center system information and the security requirement information do not satisfy the requirements, it can be considered that no evaluation is necessary.

The system information in the evaluation context may include one or more of device information, service information, and network connection information. The security requirement information includes one or more of industry requirements and regulatory requirements.

More specifically, the administrative requirements may include one or more of exogenous data management-related organizations, business sector principals using exogenous data, facilitator qualification review, exogenous data approval process. The external source data management related mechanism can be used for cooperation evaluation, can be formed by personnel in an enterprise, and can be divided into a plurality of unit departments according to the access verification requirement, so that the access can be provided for each department in the external source data management related mechanism to upload corresponding data or evaluate.

The external source data management related organization can be composed of various units (external source data use and application departments), a data safety compliance department (external source data approval department), a purchasing department (external source data purchasing department) and an information management department (external source data use auditing department).

(1) Each unit business department is a use department and an application department of external source data, and the main responsibilities include:

a) The system is used as an external data application flow initiating end and is responsible for preparation and application initiation of external access data materials;

b) Implementing specific responsibility of single use of the exogenous data to an exogenous data application initiator;

c) Filling in an exogenous data application form and an exogenous data approval form as required, and submitting a data safety compliance department to evaluate the data safety compliance;

d) After being evaluated by a data safety compliance department, submitting an external source data approval table for approval;

e) The system is responsible for receiving, verifying, maintaining and managing the external source data;

f) The system is responsible for verifying the quality of the data of the external source, mainly comprising integrity and validity;

g) The system is responsible for using safety of external source data and preventing internal data of a company from being polluted;

h) In the use process of the external source data, the security of sensitive information in the external source data is ensured;

i) The information management unit is responsible for the storage management of the external source data, and the storage mode, format, position, path, storage time and the like of the information management unit are matched with the company data storage regulation.

(2) The data security compliance department, as a compliance assessment department for use of exogenous data, may have major responsibilities including:

a) Receiving an external source data application of an application department;

b) Evaluating the compliance of the exogenous data according to relevant laws, regulations, regulatory requirements and the regulation of the company;

c) And monitoring and managing data output for acquiring the external source data.

(3) The purchasing department, as the purchasing department of the external source data, can include the main duties:

a) The system is responsible for carrying out qualification examination on the external data service provider;

b) And the system is responsible for purchasing and managing the use of the external source data.

c) And the system is responsible for checking the contract execution condition of the external data service provider.

(4) The information management unit, as a management unit for external source data, may have main responsibilities including:

a) The management system is responsible for formulating a data supply chain safety management method and determining the management flow of external source data access;

b) The method is responsible for review and revision of the data supply chain safety management method;

c) And filing the exogenous data application form and the approval form.

The service department uses the external source data and can follow the following principles:

a) The principle of consistence of authority and responsibility is adopted, technology and other necessary measures are adopted to ensure the safety of data, and responsibility is taken for the damage of external data processing activities to companies;

b) The clear principle of the purpose has the purposes of legally, rightly, essentially and clearly using the external source data;

c) According to the approval agreement principle, before using the external source data, the business department shall pass the approval of the relevant department;

d) The least-sufficient principle is adopted, and only the type and the quantity of the least external source data required by meeting the service purpose are processed;

e) The security principle is ensured, the security capability matched with the security risk is provided, and sufficient management measures and technical means are adopted to protect the confidentiality, integrity and usability of the internal data.

The facilitator qualification review may include the following:

1) The foreign data facilitator admission rules are enforced according to corporate foreign service provider-related specifications.

2) Before contracting with the service provider, the qualification must be conducted deeply:

a) With a focus on the technical and industrial experience of the foreign data facilitator, including but not limited to: service capability and support technology, service experience, service personnel skills, market evaluation, supervision evaluation and the like;

b) The internal control and management capabilities of the foreign data service providers are of great interest, including but not limited to: the perfection of an internal control mechanism and a management flow, an internal control technology, a tool and the like;

c) The continuous operation status of the exogenous data service provider is focused on, including but not limited to: time of employment, market status and development trend, safety of capital, recent profitability, etc.

3) The data provided by the external source data service provider must not contain the information and content which are prohibited by the national laws and regulations and are in line with the national laws and regulations related to the network data information.

4) The service provider must have a self-built data platform and must have strong data acquisition, mining and analysis capabilities.

5) The data provided by the service provider is data which is required to be used by the external data service provider or authorized by a third party.

6) Exogenous data providers have provided data services to businesses of comparable or greater size to companies.

7) The service provider must have a mature and reliable secure docking mechanism.

8) The foreign data service provider must be a vendor without a communication background.

The exogenous data approval process may include the following:

1) The external source data approval process refers to management activities for standardizing external source data access management of a company.

2) And the external source data application department provides external source data application for business needs, daily operation promotion, industry analysis comparison or other reasons.

3) The exogenous data application department fills in an exogenous data application form and an exogenous data approval form:

a) Filling an 'external source data application form' to require detailed information of an applicant, application date, data type, application purpose and the like;

b) The type of data in the exogenous data application form needs to be described in detail.

4) And the external source data application department fills in an external source data approval form in detail and submits the approval of a responsible person of the department, and the approval is passed and then the data safety compliance department is sent.

5) The data safety compliance department receives the exogenous data application form and the exogenous data approval form and carries out compliance evaluation on the use of the exogenous data.

6) And after the evaluation of the data safety compliance part is passed, the external source data application department is sent to complete the follow-up approval process, the external source data application department submits a company two-layer leader for approval, and the purchasing part is applied for external source data purchase after the approval is passed. And sending the exogenous data application form and the exogenous data approval form to an information management department for filing.

7) And the purchasing department receives the approved exogenous data application form and the exogenous data approval form and initiates exogenous data purchase.

8) After the purchase is completed, the external source data application department must complete the data transfer.

9) The information management department organizes and files the exogenous data application form and the exogenous data approval form and finishes the process.

Step S130: after enterprise information, system information and safety requirement information in an evaluation background of an evaluated data center are received, outputting first system prompt information for uploading asset information and network boundary information of the evaluated data center in the evaluation background;

in this step S130, the asset information may include one or more of an asset list, an asset right to belong to, and a data center access asset. The asset information of the data center is mainly used for investigating and investigating the asset condition of the data center, and can comprise the asset scale, the asset ownership, the asset access condition of the data center and the like. The index name of the asset information may include an asset list, an asset ownership, and a data center access asset. The metric description of the inventory may include providing a data center inventory; the index description of the property right may include an explicit data center property right; the metric description of the data center access asset may include an explicit listing of data center access related asset conditions.

Network boundary trust includes one or more of network topology, network boundaries, boundary protection, and administrative boundaries. The network boundary condition can be mainly used for inspecting whether the network boundary of the data center is clear, whether the network boundary protection is strict and whether the management boundary is clear. The indicator names for network boundary conditions may include network topology, network boundaries, boundary protection, and management boundaries. The metric description of the network topology may include providing a data center network topology; the metric description of the network boundary may include whether the network boundary is explicit in the network topology; the index description of the boundary protection may include whether the boundary protection condition is strict; the index description of the management boundary may include whether the network management boundary is clear or not and whether the responsibility division is reasonable or not.

Step S140: and after receiving the asset information and the network boundary information of the evaluated data center, outputting second system prompt information for selecting the reference standard and the regulation corresponding to the evaluated data center from the displayed information of the plurality of reference standards and regulations.

In step S140, various reference standards and regulations may be used as compliance requirements for data security. And selecting and submitting the data center to be evaluated according to the system prompt and the reference standard and the regulation. The reference standards and regulations may include one or more of network security laws, network security level protection requirements, and network security audit requirements.

The compliance requirements of data security mainly comprise:

1) A network security method: the data center and the operation side thereof which are allowed to access should comply with the legal requirements of network security laws of the people's republic of China.

2) Network security level protection requirements: the implementation requirements of the grade protection evaluation are researched, such as whether a cloud computing platform and an information system deployed in the data center perform network security grade protection grading and filing, whether grading is judged by experts (whether the grading is reasonable or not), whether grade protection evaluation work is performed, whether a grade protection evaluation conclusion is basically met or not, and the like.

3) Network security audit requirements: according to the requirement of network security examination proposed by 'opinion on strengthening the security management of cloud computing service network of party administration' of central network letter: for a service provider who provides cloud computing services for a party administration department, referring to national standards related to network security, a third party organization is organized to perform network security examination, the security and the controllability of the cloud computing services are mainly examined, and in combination with requirements of network products and service security examination methods (trial implementation), a cloud computing platform which provides services for the party administration department is required to pass the network security examination.

Step S150: selecting a corresponding evaluation strategy containing a minimum authentication requirement from a pre-established evaluation strategy knowledge base according to an evaluation background containing enterprise information, system information, safety requirement information, asset information and network boundary information and a selected reference standard and a rule;

in step S150, evaluating the policy repository may include: a standard knowledge base, an index knowledge base, a data dictionary knowledge base, a configuration item knowledge base and the like. The respective knowledge bases may be modified by configuration. The standard knowledge base can be formed by national standards corresponding to the data center admission verification; the index knowledge base can be formed by providing corresponding indexes and algorithms according to various requirements of the data center; the data dictionary knowledge base can be composed of general data dictionaries applied in a platform; the configuration item repository may include various parameter configurations as well as other configurations.

Each evaluation strategy can have corresponding indexes, each index can be judged according to the evaluated factors and qualitative data, then the score is calculated according to a corresponding algorithm, and some indexes can be set as necessary options.

The evaluation policy may include one or more of data regulatory requirements, data integrity, data accuracy, data consistency, data effectiveness, and data accessibility.

The data normalization requirements may include one or more of data standards, data models, business rules, metadata, reference data, and security specifications. Data normalization requirements may refer to the degree to which data conforms to a data standard, a data model, a business rule, metadata, or authoritative reference data. The index names of the data normalization requirements may include data standards, data models, business rules, metadata, reference data (authoritative reference data), and security specifications.

The metric description of the data standard may include a measure of compliance of the data with the data standard. Standards, including international, national, industry, local, or related standards, may be collected to which data may be subject at the time of naming, creation, definition, update, and archiving when evaluating the quality of the data. As with data archiving, and even more importantly, there is also generally a more detailed and performable provision for the destruction of old data in a complete data rule.

The metric description of the data model may include a measure of data conformance to the data model. The data model is a means for visually describing and organizing a data structure and is a specification of data expression. Evaluating the quality of data requires checking whether there is a clearly understandable definition of the data model and the organization of the data.

The metric description of the metadata may include a measure of compliance of the data with the metadata definition. Metadata labels, describes, or characterizes other data to make it easier to retrieve, or use the information. Evaluating the quality of data requires checking whether or not an interpretable metadata document is provided. For example, a data dictionary containing the contents of each field name, description, type value field, and the like is a kind of metadata document.

The metric description of the business rule may include a measure of compliance of the data with the business rule. A business rule is an authoritative principle or guideline used to describe business interactions and establish rules for action and data behavior results and integrity. When evaluating the data quality, it is necessary to check whether there are good archived business rules.

The metric description of the authoritative reference data may include a set of values or a classification table to which the reference data is referenced by the system, application, database, process, report and transaction records and master records. A reference data list needs to be collected when evaluating the data quality. For example, a list of valid values for a particular field is a reference data type. The index description of the security specification may include that the security specification is a rule in terms of security and privacy, including data rights management, data desensitization processing, and the like.

Data integrity may include data element integrity and data record integrity. Data integrity may refer to the degree to which data elements are assigned numerical values as required by the data rules. The indicator name of data integrity may include data element integrity and data record integrity. The index description of the integrity of the data elements may include the assignment degree of the data elements to be assigned in the data set according to the requirements of the business rules; the indicator of data record integrity may include the degree of assignment of data records in the data set that should be assigned according to business rule requirements.

Data accuracy may include one or more of data content correctness, data format compliance, data repetition rate, data uniqueness, and dirty data occurrence rate. Data accuracy may refer to the degree to which it provides the true value of the data. Index names for data accuracy may include data content correctness, data format compliance, data repetition rate, data uniqueness, and dirty data occurrence rate. The indicator description of the correctness of the data content may include whether the data content is expected data; the metric description of data format compliance may include a measure of uniqueness of a particular field, record, file, or data set.

The indicator description of dirty data occurrence may include a measure of invalid data outside of the correct field, record, file, or data set. For example, dirty data may occur when a transaction rolls back due to an imperfect or imperfect rollback mechanism.

The data consistency may include one or more of a same data consistency and an associated data consistency. Data consistency may refer to the degree to which data is not inconsistent with data used in other specific contexts. The index name of data consistency may include the same data consistency and associated data consistency. The index description of the consistency of the same data can comprise the consistency of the data when the same data is stored in different positions or used by different applications or users; when data changes, the same data stored in different positions is synchronously modified. The index describing the consistency of the associated data may include checking the consistency of the associated data according to a consistency constraint rule.

The data validity may include one or more of correctness based on time period, timeliness based on time point, and timeliness. Effectiveness may refer to how accurate the data is over time. The index name of the data effectiveness can include correctness based on a time period, timeliness based on a time point and timeliness. The indicator description based on the correctness of the time period may include the degree to which the number of records or the frequency distribution based on the date range meets the traffic demand; the index description based on the timeliness of the time point may include the number of records based on the time stamp, the degree to which the frequency distribution or the delay time meets the traffic demand. The chronological metrics describe relative chronological relationships between data elements of the same entity in the data set.

Data accessibility may include one or more of availability and availability. Data accessibility may refer to the extent to which data can be accessed. The indicator name of data accessibility may include availability (accessibility) and availability. The indicator description of accessibility may include the availability of data when needed. The indicator of availability may include the availability of data within a set effective life cycle.

Step S160: and receiving evaluation data of the evaluated data center corresponding to the information of the uploaded evaluation background based on the selected evaluation strategy, and performing minimum admission verification on the evaluation data according to the selected evaluation strategy to generate an evaluation report.

In step S160, the evaluation data may include the evaluation background (enterprise information, etc.). The assessment material can be saved to a designated file server. The minimum admission is a quantitative index, and can be determined according to the size of the data center, for example, if the data center is small, only data can be evaluated, and if the data center is large, data, application systems and servers, safety protection and the like can be evaluated. The size of the data center may be determined according to whether it is larger than a set size.

In specific implementation, the receiving of the evaluation data of the evaluated data center corresponding to the information of the uploaded evaluation background based on the selected evaluation policy may specifically include the steps of: and receiving evaluation data of the evaluated data center corresponding to the information of the evaluation background based on the selected evaluation strategy through an OCR technology. The data uploading efficiency can be improved by the OCR recognition technology. The uploaded data can be stored in a file server.

In a further embodiment, a new strategy or an evaluation strategy can be manually established or modified according to the actual requirement of the data center. For example, in the step S160, the evaluation data of the evaluated data center corresponding to the information of the uploaded evaluation context is received based on the selected evaluation policy, so as to perform minimum admission verification on the evaluation data according to the selected evaluation policy, which may specifically include the steps of: s161, receiving an edit instruction of the selected evaluation strategy, and adjusting the selected evaluation strategy according to the edit instruction; and S162, receiving the evaluation data of the evaluated data center corresponding to the information uploaded to the evaluation background according to the adjusted evaluation strategy, and performing minimum admission verification on the evaluation data according to the adjusted evaluation strategy. Editing functions may be provided for manually adjusting (e.g., adding, deleting, changing) the evaluation strategy.

In this embodiment, the evaluation data may further include evaluation data before the last editing (last corresponding data center evaluation data of the data center minimum access platform data maintenance module).

In step S160, the editing content in the editing instruction may include one or more of a network security level protection requirement, a network security review requirement, and a security risk assessment requirement. Data center security compliance requirements (editable content) may include network security level protection requirements, network security review requirements, and security risk assessment requirements.

Data center security compliance requirements may be set based on national standards and national guidelines, such as a national standard revision 5 years, which may be revised year after year, and if there is a change, an assessment policy revision may be manually made on the platform.

The network security level protection requirements may include one or more of information system quantity, rating dockets, level protection assessment status, and level assessment conclusions. The implementation situation of the data center level protection work is mainly investigated. The network security level protection requirement is mainly used for inspecting the implementation situation of data center level protection work. The index name of the network security level protection requirement can comprise the number of information systems, rating records, level protection evaluation and level evaluation conclusion. The index description of the number of information systems may include a total number of information systems of the data center; the index description of the grading record can include whether the data center and the information system are subjected to network security level protection grading and record; the index description of the rating protection evaluation may include whether the rating protection evaluation work has been performed; the indicator description of the rating assessment conclusion may include whether the rating protection assessment conclusion is substantially in compliance or is in compliance.

The network security audit requirements may include one or more of a network security audit application scenario, a network security audit development scenario, and a network security audit pass scenario. The requirements of network security examination can be provided according to the opinion on strengthening the security management of the cloud computing service network of the party administration department: the method comprises the steps of organizing a third party organization to perform network security examination according to national standards related to network security, and emphatically examining the security and controllability of the cloud computing service, and performing network security examination on a cloud computing platform according to requirements of network product and service security examination methods (trial). The index name of the network security examination requirement can comprise the network security examination application condition, the network security examination development condition and the network security examination passing condition. The index description of the network security audit application situation can comprise whether a relevant department cloud service network security audit is applied or not; the index description of the network security audit development may include whether the audit work has been performed; the index description of the network security review pass condition may include whether the review has passed.

The security risk assessment requirements may include one or more of a risk assessment development scenario and a risk modification scenario. The safety risk assessment requirement is mainly used for investigating the development condition of data center risk assessment work. The index name of the security risk assessment requirement can comprise a risk assessment development condition and a risk rectification condition. The index description of the risk assessment development condition can include whether the risk assessment work is regularly developed aiming at the data center information system; the index description of the risk modification situation may include whether the vulnerability found in the risk assessment effort has been modified.

In the step S160, after the evaluation strategy is formulated, the relevant corresponding evaluation data can be uploaded according to the evaluation strategy.

In other embodiments, the evaluation method in the evaluation strategy may include a data quality direct evaluation method and/or a data quality indirect evaluation method, and the data quality direct evaluation method uses a higher priority than the data quality indirect evaluation method.

The data quality evaluation process may employ one or more data quality evaluation methods. Data quality evaluation methods can be divided into two categories: direct methods and indirect methods. The direct method decides the data quality by comparing the data with internal or external reference information. Indirect methods use information related to the data to infer or estimate the quality of the data, such as: data log information is used.

The data quality direct evaluation method (direct method) may be to determine the quality of data of the data center by comparing the data of the data center with internal or external reference information. The internal or external reference information has a measurement index, the evaluated data of the data center is compared with the index of the internal or external reference information, and whether the coincidence rate is above a set proportion (such as 60%) is judged, if the coincidence rate is above the set proportion, the data can be considered to be up to the standard, and if the coincidence rate is not above the set proportion, the data can be considered to be not up to the standard. The external reference information may include one or more of non-quantitative elements of data quality (such as data elements of provinces, beginning of telephone, province city and county corresponding to each province, etc.), other existing quality reports of the evaluated data set (which may be quality reports obtained by other methods), and quality reports of data generating the evaluated data set. The internal or external reference information may specifically refer to data rule information, for example, a database table, which requires the necessary use of a primary key, a key field, a reserved field, and the like, which are indicators that may be defined as data evaluation.

The data quality direct evaluation method may include a full inspection method and a sampling inspection method. The sampling inspection method may include a sampling inspection process and a reliability analysis process of data quality inspection results. Direct evaluation methods can be classified as either automated or manual evaluation methods, as well as complete inspection or sampling methods. All data items within the testable data quality range are fully checked. Enough data items within the test data quality range may be sampled to obtain data quality results. Wherein, the sampling can be automatically carried out by setting rules; the data items may be sampled based on data sampling that is automatically performed after the data source is configured according to the data evaluation requirements. The type of sampling method, sampling rate, and detailed process description of the sampling may be reported in a quality assessment report. When sampling is used, the reliability of the data quality results should be analyzed, especially when small samples are used or the sampling method is not random sampling.

An indirect evaluation method of data quality may be to infer or evaluate the quality of data of a data center by using information related to the data of the data center, for example, defining a string type, and an oracle database of up to 4096, which if exceeded is considered unsatisfactory. The indirect evaluation method may evaluate the quality of the data set based on external knowledge. External knowledge may include, but may not be limited to, data quality non-quantitative elements, other quality reports for a data set, or quality reports on the data from which the data set was generated. The indirect evaluation method may be used only when the direct evaluation method is not available.

In step S160, an intelligent recognition technology may be used to perform the evaluation of the evaluated data center, and an evaluation report may be generated. The description identifies quantitative quality information in which appropriate sub-terms may be selected for a particular situation. Among them, the smart Recognition technology may refer to OCR (Optical Character Recognition), which refers to a process in which an electronic device (e.g., a scanner or a digital camera) inspects characters printed on paper, determines the shape thereof by detecting dark and light patterns, and then translates the shape into computer words by a Character Recognition method.

Fig. 2 is a functional structure diagram of a data center minimum admission verification method according to an embodiment of the present invention, and referring to fig. 2, data can be uploaded to a server, an application system, and a network device through asset scanning. Attribute assignments may be made, such as industry attributes, management attributes, other attributes, and the like. And (4) performing rule set reasoning based on asset scanning, attribute assignment and a knowledge base to obtain and output an authentication requirement set (comprising general requirements, level requirements, industry requirements and the like).

In some embodiments, the assessment report may include one or more of the identified available data quality quantifying elements, the newly created accessory data quality quantifying elements if the data quality quantifying elements do not adequately describe the set quality component, the identified available data quality quantifying sub-elements specified by the reference dataset product, the newly created additional data quality quantifying sub-elements if the available data quality quantifying sub-elements do not adequately describe the data quality setting, and the used data quality quantifying sub-element descriptors.

For identifying available data quality quantitative elements, all data quality quantitative elements available to the data set may be identified. Some data quality quantification elements may not be used for a particular type of data set. Data quality quantitative element availability may be determined by reference to a data set product specification.

For newly created additional data quality quantifying elements, if the data quality quantifying elements listed in the standard do not adequately describe a certain quality part, the additional data quality quantifying elements may be named and defined. The naming and definition of the additional data quality quantifying elements may be included as part of the data set quality information.

For identifying available data quality quantifying sub-elements, all available data quality quantifying sub-elements for each available data quality quantifying element may be identified (each available data quality quantifying element may have at least one available data quality quantifying sub-element). Some data quality quantification sub-elements that may be used may also be unavailable for a particular type of data set. The availability of data quality determinants should be determined by reference to the dataset product specification.

For newly created additional data quality quantum elements, if the data quality quantum elements listed in the standard do not sufficiently describe a certain aspect of data quality, the additional data quality quantum elements may be named and defined. The naming and definition of the additional data quality quanta sub-elements may be included as part of the data set quality information.

The data quality quantitative sub-element descriptor used includes one or more of a data quality range, a data quality measure, a data quality evaluation process, a data quality evaluation result data quality value type, a data quality value unit, and a data quality date.

The data quality range may include one or more of a data range hierarchy, a data item type, a geographic range, and a time range. For each available data quality quantifying sub-element, at least one data quality range may have to be identified. A dataset scope may be a series of datasets to which the dataset belongs, the dataset, or a fraction of the datasets having some of the same characteristics. If the data quality range cannot be identified, its data quality range is the data set. The data quality range should be determined with reference to the product specification of the data set and the non-quantitative quality information provided by the data quality non-quantitative element. The quality may also vary within the same data set. Multiple data quality ranges can be identified for each available data quality quanta element to more fully describe the quantitative quality information. The data quality range should be fully described. Information that may be used to describe a range of data quality may include: data range hierarchy (the series of datasets to which a dataset belongs, the datasets, or a small portion of a dataset having some of the same characteristics), data item type (e.g., characteristic type, characteristic attribute, and interrelationship between characteristics), or specific data item (e.g., characteristic instance, attribute value, and relational instance between characteristics), geographic range, temporal range (e.g., temporal frame accuracy).

The data quality measure may include test types and boundaries or test parameters specified by the data quality range. For data quality measurements, there may be one data quality measurement per data quality range. The data quality measure may be briefly described and named (if a name exists) as applied to the type of test specified by the data quality range, and may contain boundary or limiting parameters. The criterion may consider that the quality of the data set should be measured by a number of tests. A single data quality measure may not adequately assess the data quality of data defined by a certain data quality range or may not provide one measure for all possible applications of the data set. Multiple data quality measurements may be utilized in combination to provide useful information. Multiple data quality measurements may be provided for data defined by a certain data quality range.

For a data quality evaluation process, there may be one data quality evaluation process for each data quality measurement. The data quality evaluation process may describe (or refer to a document describing) a method of applying a data quality measurement to data defined by a data quality range, and may include a report reporting the method.

For data quality results, there may be one data quality result per data quality measurement. The data quality result may be one of the following: a value or set of values obtained by applying a data quality measurement to data defined by a data quality range; and applying the data quality measurement to data defined by the data quality range to obtain a value or set of values, and evaluating the value or set of values with a specified acceptable level of consistency quality. The data quality result may be "pass" or "fail". Both types of data quality results may be provided.

For data quality value types, there may be one data quality value type per data quality result. The type of data quality of "pass" or "fail" may be a "boolean variable".

For a data quality value unit, there may be one data quality value unit (if any) per data quality result.

For a data quality date, there may be one data quality date for each data quality measurement.

The minimum admission verification mechanism of the data center mainly comprises the steps of collecting system information of the evaluated data center, reasoning and screening evaluation contents which accord with the actual situation of the evaluation system from a knowledge base according to the actual situation (comprising different equipment, different services, different network connections and the like) and the actual safety requirements (comprising industry requirements, management requirements and other personalized requirements) of the data center system according to a rule set, customizing the evaluation contents, namely reducing to generate the minimum authentication requirement suitable for the evaluation system, providing a function of editing the evaluation scheme for an evaluator, and ensuring the evaluation accuracy and the applicability of the information system.

According to the characteristics of the data center, the system information of the evaluated data center is collected before evaluation, a platform for customizing evaluation contents is required to be implemented by an intelligent generation technology through reasonable evaluation of different data centers according to the actual condition and the actual safety requirement of the data center, so that unreasonable conditions on authentication management caused by the business requirement of the data center are reduced, data transaction circulation among government departments, public institutions and industry enterprises is promoted, data open sharing is promoted, a new application state of cross-fused big data is cultivated, and a professional data center inspection team is cultivated.

The minimum admission verification mechanism platform of the data center refers to national and industrial safety standards according to national relevant laws and regulations, carries out risk assessment on the safety condition of infrastructure of the data center aiming at the safety requirements of a user data center, and finally outputs an overall assessment report of an inspection and assessment unit. The main functions of the platform are information collection of a data center operation unit, compliance inspection of the data center and output of an evaluation report after the inspection.

According to the concept of the minimum security access authentication requirement set, relevant system information and actual security requirements of the evaluated data center are collected, and through an intelligent generation technology, evaluation contents which meet the actual conditions of the evaluation system are screened out from a knowledge base according to rule set reasoning, so that the evaluation contents are customized, and unreasonable conditions on authentication management caused by data center service requirements are reduced.

Compared with the prior art, the minimum access verification platform of the data center meets the access authentication requirement of an intelligent generation tool through an intelligent generation technology according to the characteristics of the data center and the concept of a minimum safety access authentication requirement set, provides an editing function of an evaluation scheme for an evaluator at the same time, ensures the evaluation accuracy and applicability of an information system, and realizes a platform for customizing evaluation contents, so that unreasonable conditions on authentication management caused by the business requirements of the data center are reduced, data transaction circulation among all departments is promoted, data is promoted to be opened and shared, a cross-fused big data application new state is cultivated, and a professional data center inspection team is cultivated.

In addition, an embodiment of the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method according to any of the above embodiments when executing the program.

Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the method according to any of the above embodiments.

In summary, the data center minimum admission verification method, the computer device, and the computer readable storage medium according to the embodiments of the present invention select a corresponding evaluation policy from the knowledge base for evaluation according to various information, and can perform evaluation in a corresponding manner for different data centers, so that unreasonable situations in authentication management due to data center service requirements can be reduced.

In the description herein, reference to the description of the terms "one embodiment," "a particular embodiment," "some embodiments," "for example," "an example," "a particular example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. The sequence of steps involved in the various embodiments is provided to illustrate the practice of the invention, and the sequence of steps is not limited thereto and can be adjusted as desired.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims

1. A minimum admission verification method for a data center is characterized by comprising the following steps:

and receiving evaluation data of the evaluated data center corresponding to the information of the uploaded evaluation background based on the selected evaluation strategy, and performing minimum admission verification on the evaluation data according to the selected evaluation strategy to generate an evaluation report.

2. The data center minimum admission verification method of claim 1,

the enterprise information in the evaluation background comprises one or more of enterprise property information, capital constitution information, operation decision right information, personnel management information, operation condition information, qualification condition information and credit grade condition information; the enterprise property information comprises an enterprise name and enterprise properties, the capital constitution information comprises shareholder constitution and a corresponding stock control proportion, the operation decision right information comprises an enterprise organization architecture and a corresponding operation decision right, the personnel management information comprises a board of president setting condition, a board of intelligibility and a data center personnel allocation condition, the operation condition information comprises an enterprise total asset condition, a negative debt condition, a profit condition and a negative debt rate, the qualification condition information comprises an IDC license plate and a cloud service license plate, and the credit grade condition information comprises a credit grade condition and an illegal condition;

the reference standard and regulation comprise network security law, network security level protection requirement and network security examination requirement;

the management requirements comprise the principles of using the external source data by the external source data management related organization and the business department, the qualification examination of the service provider and the approval process of the external source data.

3. The method as claimed in claim 1, wherein receiving evaluation data of the evaluated data center corresponding to the information of the upload evaluation context based on the selected evaluation policy comprises:

4. The data center minimum admission verification method of claim 1,

the evaluation strategy comprises data normalization requirement, data integrity, data accuracy, data consistency, data effectiveness and data accessibility;

wherein:

the data normative requirements comprise data standards, data models, business rules, metadata, reference data and safety specifications;

the data integrity comprises data element integrity and data record integrity;

data accessibility includes availability and availability.

5. The method for minimum admission verification of a data center according to claim 1, wherein the receiving of the evaluation data of the evaluated data center corresponding to the information uploaded to the evaluation context based on the selected evaluation policy for minimum admission verification of the evaluation data according to the selected evaluation policy comprises:

6. The data center minimum admission verification method of claim 5,

editing contents in the editing instruction comprise a network security level protection requirement, a network security review requirement and a security risk evaluation requirement;

the network security examination requirements comprise one or more of network security examination application conditions, network security examination development conditions and network security examination passing conditions;

7. The data center minimum admission verification method according to any of claims 1 to 6,

the evaluation method in the evaluation strategy comprises a data quality direct evaluation method and/or a data quality indirect evaluation method, and the data quality direct evaluation method is higher in priority than the data quality indirect evaluation method;

the indirect evaluation method of the data quality is to infer or evaluate the quality of the data center by using the information related to the data of the data center;

8. The data center minimum admission verification method according to any one of claims 1 to 6,

the assessment report includes one or more of the identified available data quality quantifying elements, the newly created accessory data quality quantifying elements if the data quality quantifying elements do not adequately describe the set quality part, the identified available data quality quantifying sub-elements from the reference dataset product specification, the newly created additional data quality quantifying sub-elements if the available data quality quantifying sub-elements do not adequately describe the data quality setting aspect, and the used data quality quantifying sub-element descriptors;

9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any one of claims 1 to 8 when executing the program.

10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.