CN116886335A - Data security management system - Google Patents
Data security management system Download PDFInfo
- Publication number
- CN116886335A CN116886335A CN202310685180.0A CN202310685180A CN116886335A CN 116886335 A CN116886335 A CN 116886335A CN 202310685180 A CN202310685180 A CN 202310685180A CN 116886335 A CN116886335 A CN 116886335A
- Authority
- CN
- China
- Prior art keywords
- data
- unit
- module
- data information
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 claims abstract description 59
- 238000001514 detection method Methods 0.000 claims abstract description 26
- 238000012544 monitoring process Methods 0.000 claims abstract description 25
- 230000005540 biological transmission Effects 0.000 claims abstract description 23
- 238000006243 chemical reaction Methods 0.000 claims abstract description 23
- 238000003860 storage Methods 0.000 claims abstract description 20
- 238000012217 deletion Methods 0.000 claims abstract description 16
- 230000037430 deletion Effects 0.000 claims abstract description 16
- 238000012800 visualization Methods 0.000 claims abstract description 5
- 230000006399 behavior Effects 0.000 claims description 22
- 238000012216 screening Methods 0.000 claims description 18
- 238000012502 risk assessment Methods 0.000 claims description 14
- 238000011084 recovery Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 11
- 230000002159 abnormal effect Effects 0.000 claims description 9
- 238000004458 analytical method Methods 0.000 claims description 6
- 238000004364 calculation method Methods 0.000 claims description 5
- 238000013500 data storage Methods 0.000 claims description 4
- 238000002347 injection Methods 0.000 claims description 4
- 239000007924 injection Substances 0.000 claims description 4
- 230000007246 mechanism Effects 0.000 claims description 4
- 230000005856 abnormality Effects 0.000 claims description 3
- 238000003339 best practice Methods 0.000 claims description 3
- 238000009826 distribution Methods 0.000 claims description 3
- 238000011835 investigation Methods 0.000 claims description 3
- 230000035945 sensitivity Effects 0.000 claims description 3
- 238000000034 method Methods 0.000 abstract description 4
- 238000013523 data management Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses a data security management system, which relates to the technical field of data management and comprises a data security overview unit, a data security detection unit, a data security early warning unit, a data information display unit, a data classification and classification unit, a data asset identification unit, a sensitive data dynamic monitoring unit, a behavior prediction judging unit and a data exception evidence obtaining unit, wherein the data security overview unit is used for realizing security visualization of a data security life cycle and comprehensively monitoring security risks of user asset data in each stage of acquisition, transmission, storage, use, conversion and deletion; according to the method and the system, the influence degree of the vulnerability on the network can be calculated through the vulnerability risk management and control unit on the network security situation value, and meanwhile, the recovered security network data information is subjected to double encryption protection through the data encryption unit, so that the security of the data security management system on the data security management is effectively guaranteed.
Description
Technical Field
The application relates to a data management technology, in particular to a data security management system.
Background
With the advent of the digital economic age, data is taken as new production data, which becomes the key of continuous competitiveness of enterprises, production and operation of the enterprises are further standardized through the export of related laws and regulations, and the healthy industrial innovation environment is protected, under the background, how the enterprises legally and successfully process, use and share the data, the maximum value of the discovered data becomes important challenges and opportunities for the enterprises, daily data comprises various information of individuals or the enterprises, such as account passwords of the individuals or the enterprises, consumption records of the individuals or the enterprises, interest records of the individuals or the enterprises, and the like, and loss of the data easily causes property, image and the like loss to the individuals or the enterprises, so that data security management is very necessary, but the encryption mode of the data security management in the prior art is always only one, and the data security management system is easy to be attacked and leaked.
Disclosure of Invention
The object of the present application is to provide a data security management system, which solves the above-mentioned drawbacks in the prior art.
In order to achieve the above object, the present application provides the following technical solutions: a data security management system comprises a data security overview unit, a data security detection unit, a data security early warning unit, a data information display unit, a data classification and classification unit, a data asset identification unit, a sensitive data dynamic monitoring unit, a behavior prediction judging unit and a data exception evidence obtaining unit;
the data security overview unit is used for realizing security visualization of a data security life cycle and comprehensively monitoring security risks of user asset data in various stages of acquisition, transmission, storage, use, conversion and deletion;
the data security detection unit is used for carrying out real-time security detection and investigation on network data information of enterprises or users;
the data safety early warning unit is used for carrying out early warning analysis on the calculation processing data, the data to be approved and the IP data, so as to carry out safety comparison on the cache data and generate a safety abnormal signal, a safety stable signal and a safety deviation signal;
the data information display unit is used for visually displaying data asset distribution, data sensitivity and current risk level of the network data security information, and establishing a panoramic view of the data asset for enterprises;
the data classification and grading unit assists the industry to establish a formal data classification and grading management mechanism based on industry best practices, so that the data security management and control requirements are met;
the data asset identification unit is used for identifying data asset information for network data and establishing a data asset ledger;
the sensitive data dynamic monitoring unit is used for automatically identifying the type of the sensitive data and analyzing the map of the network data;
the behavior prediction judging unit is used for carrying out safe prediction judgment and analysis on the instruction behavior for carrying out network operation, protecting data from leakage, tampering and misuse, carrying out real-time prediction judgment on the behavior, and providing alarm and risk detection by an intelligent means once the abnormal behavior of a user is monitored;
the data abnormal evidence obtaining unit is used for carrying out real-time continuous monitoring on abnormal data operation to identify and obtain evidence for high-risk behaviors.
Further, the system also comprises a data risk assessment unit, a vulnerability risk management and control unit, a data watermark tracing unit, a database auditing unit, a data recovery unit and a data encryption unit;
the data risk assessment unit is used for carrying out data storage on network security data information, detecting using compliance and finding dark data;
the data watermark tracing unit is used for analyzing and identifying bright and dark watermarks on the network data page and tracing the origin of the data watermark;
the database auditing unit is used for auditing and comparing the monitored data information with the data information stored in the database so as to implement auditing, form auditing data and store the auditing data in the database;
the vulnerability risk management and control unit is used for preventing external hacking, stealing data, preventing SQL injection, buffer overflow, authority application risk management and control, and calculating the influence of the vulnerability on the network through the network security situation value;
the method comprises the steps that (1-A) is carried out on a plurality of attack scenes, wherein (I) is an attack scene, (v) =10 [1- (1-C) (1-I) (1-A) ], C represents confidentiality, I represents integrity, A represents threat Impact scores of three indexes of availability, each attack scene needs to utilize a plurality of system vulnerabilities, the probability p(s) realized in an attack stage, the single vulnerability threat score (v) utilized in the attack stage and the node Weight value Weight generated in the attack stage are comprehensively quantized, and the Impact sa (path) of each attack scene on the network security situation, namely the Impact value of multiple vulnerabilities on the system security situation can be obtained;
where m is attack scene path i An attack phase that has been implemented;
pj(s) is less than or equal to 1, impact (v) is less than or equal to 10, Σweight=1, so sa (path) i ) Less than or equal to 10 according to CVSS
Threat degree definition of the score;
when sa (path) i )∈[0,4.0]When the attacker causes low risk to the network;
when sa (path) i )∈[4.0,7.0]When the attack is in a moderate risk, the harm to the network caused by the attacker is;
when sa (path) i )∈[7.0,10]When the attack is in a high risk, the harm to the network caused by the attacker is high;
finally the overall security situation isWhere n is the sum of all attack scenarios detected;
the data recovery unit is used for carrying out security recovery on the network data information after the risk assessment and vulnerability risk management and control processing;
the data encryption unit is used for performing double encryption protection on the recovered safety network data information, and performing encryption processing through a computer safety encryption algorithm RSA, wherein an RSA encryption calculation formula is de=1 mod phi (n);
in the RSA algorithm, de=1 mod Φ (n) means that de is congruent with 1 with respect to Φ (n), that is, the remainder of 1 divided by Φ (n) is the same as the remainder of 1 divided by de;
for example: p=3, q=11, d=7;
φ(n)=(p-1)(q-1);
n=pq=3×11=33;
φ(n)=(p-1)(q-1)=2*10=20;
from de=1 mod Φ (n);
7e=1mod20;
i.e., 7e and 1 are congruent with respect to 20, i.e., the remainder is the same, and 1 divided by 20 remainder is 1;
then 7e=20k+1, where k is an integer, for example k takes 1, then e=3.
Further, the data security overview unit comprises a data information acquisition module, a data information transmission module, a data information conversion module, a data information storage module, a data information use module and a data information deletion module;
the data information acquisition module is used for carrying out real-time monitoring acquisition on real-time network data information in the computer and sending the acquired network security data information to the data information transmission module;
the data information transmission module is used for carrying out data transmission on the acquired network data information to the data information conversion module;
the data information conversion module is used for carrying out format conversion on the received data information and sending the converted network data information to the data information storage module;
the data information storage module is used for storing the converted network data information, establishing a network data information database and sending the network data information to the data information use module;
the data information using module is used for carrying out normal operation and use on the safe network data information and sending the unused network data information to the data information deleting module;
the data information deleting module is used for deleting the useless network data information rapidly and sending the network data information to the data security detecting unit for data security detection.
Further, the output end of the data safety overview unit is connected with the output end of the data safety detection unit, the output end of the data safety detection unit is respectively connected with the input ends of the data safety early warning unit and the data classification grading unit, the output end of the data safety early warning unit is connected with the input end of the data information display unit, the output end of the data classification grading unit is connected with the input end of the data asset identification unit, the output end of the data asset identification unit is connected with the input end of the sensitive data dynamic monitoring unit, and the output end of the sensitive data dynamic monitoring unit is respectively connected with the input ends of the data abnormality evidence obtaining unit and the data risk assessment unit.
Further, the output end of the data risk assessment unit is connected with the input ends of the vulnerability risk management and control unit and the data watermark tracing unit respectively, the output end of the data recovery unit is connected with the input end of the data encryption unit, the output end of the data watermark tracing unit is connected with the input end of the database auditing unit, the output end of the database auditing unit is connected with the input end of the data encryption unit, and the output end of the data encryption unit is connected with the input end of the sensitive data dynamic monitoring unit.
Further, the output end of the data information acquisition module is connected with the input end of the data information transmission module, the output end of the data information transmission module is connected with the input end of the data information conversion module, the output end of the data information conversion module is connected with the input end of the data information storage module, the output end of the data information storage module is connected with the input end of the data information use module, the output end of the data information use module is connected with the input end of the data information deletion module, and the output end of the data information deletion module is connected with the input end of the data safety detection unit.
Further, the risk assessment unit comprises a data calling module, a risk comparison module, a risk screening module and a risk classification module, wherein the data calling module calls the network data information predicted and judged by the behavior prediction judging unit through a system, and sends the called network data information to the risk comparison module;
the risk comparison module is used for performing risk comparison processing on the network security data information which is called by the data calling module, and sending a comparison result to the risk screening module;
the risk screening module is used for screening and distinguishing the compared network risk data information and sending the screened risk data information to the risk classification module;
the risk classification module is used for classifying and storing the screened risk network data information, and simultaneously, respectively transmitting the classified risk data information to the vulnerability risk management and control unit and the data watermark tracing unit.
Further, the output end of the behavior prediction judging unit is connected with the input end of the data calling module, the output end of the data calling module is connected with the input end of the risk comparison module, the output end of the risk comparison module is connected with the input end of the risk screening module, the output end of the risk screening module is connected with the input end of the risk classification module, and the output end of the risk classification module is respectively connected with the input ends of the vulnerability risk management and control unit and the data watermark tracing unit.
Compared with the prior art, the data security management system provided by the application realizes the security visualization of the data security life cycle through the data security overview unit, comprehensively monitors the security risks of user asset data in all stages of acquisition, transmission, storage, use, conversion and deletion, assists industries to establish formal data classification hierarchical management mechanisms through the data classification hierarchical units, meets the requirement of data security management and control, simultaneously carries out security prediction judgment and analysis on the instruction behaviors of network operation through the behavior prediction judgment unit, protects the data from leakage, tampering and misuse, carries out real-time prediction judgment on the protection data, is used for carrying out data storage on network security data information through the data risk evaluation unit, uses compliance detection and discovery of hidden data, carries out double encryption protection on the recovered security network data information through the data encryption unit, simultaneously prevents external hacking attack, steals data, prevents SQL injection and buffer zone overflow through the permission application risk management and control, so that the system can not only calculate the influence degree of network security situation values on the network through the vulnerability management and control unit, but also effectively guarantee the double encryption management and security management of the recovered security network data through the data security management and security management.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required for the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present application, and other drawings may be obtained according to these drawings for a person having ordinary skill in the art.
FIG. 1 is a block diagram of an overall system of a data security management system according to an embodiment of the present application;
FIG. 2 is a block diagram of a data security overview unit of a data security management system according to an embodiment of the present application;
fig. 3 is a block diagram of a risk assessment unit of a data security management system according to an embodiment of the present application.
Detailed Description
In order to make the technical scheme of the present application better understood by those skilled in the art, the present application will be further described in detail with reference to the accompanying drawings.
Embodiment one:
referring to fig. 1-3, a data security management system includes a data security overview unit, a data security detection unit, a data security early warning unit, a data information display unit, a data classification unit, a data asset identification unit, a sensitive data dynamic monitoring unit, a behavior prediction judgment unit and a data exception evidence obtaining unit, wherein the data security overview unit is used for realizing security visualization of a data security life cycle, comprehensively monitoring security risks of user asset data in each stage of collection, transmission, storage, use, conversion and deletion, the data security detection unit is used for conducting real-time security detection and investigation on network data information of enterprises or users, the data security early warning unit is used for conducting early warning analysis on calculation processing data and data to be approved and IP data, thereby conducting security comparison on cache data, generating security exception signals, security stability signals and security deviation signals, the data information display unit is used for visually displaying data asset distribution, data sensitivity and current risk level, establishing panoramic view of data assets for enterprises, the data classification unit is based on best practices, the data classification management mechanism is assisted in the establishment of industry, the data classification unit is satisfied, the data security classification unit is used for meeting security management requirements, the data security classification unit is used for conducting security classification and security protection, the data security protection information is used for conducting dynamic prediction on the data prediction information, the data classification information is used for conducting real-time security judgment on the network data prediction data has been carried out, the network data security classification information is used for carrying out security prediction, and has been judged, and is used for carrying out security prediction, and has been misused for carrying out data security prediction, and has been predicted, and has been used for has been predicted, once the abnormal behavior of the user is monitored, warning and risk detection are provided by an intelligent means, and the data abnormal evidence obtaining unit carries out real-time continuous monitoring on abnormal data operation to identify and obtain evidence for the high-risk behavior.
The system comprises a network security data page, a database management and control unit, a vulnerability risk tracing unit, a database auditing unit, a data recovery unit and a data encryption unit, wherein the data risk management and control unit is used for carrying out data storage on the network security data information, detecting compliance and finding dark data, the data watermark tracing unit is used for analyzing and identifying the bright and dark watermarks on the network data page and tracing the origins of the data watermarks, the database auditing unit is used for auditing and comparing the monitored data information with the data information stored in the database so as to implement auditing and form auditing data and store the auditing data in the database, the vulnerability risk management and control unit is used for preventing external hacking, stealing the data, preventing SQL injection and buffer overflow, and managing and controlling the authority application risk, and the vulnerability management and control unit calculates the influence of the vulnerability on the network through the network security situation value;
the method comprises the steps that (1-A) is carried out on a plurality of attack scenes, wherein (I) is an attack scene, (v) =10 [1- (1-C) (1-I) (1-A) ], C represents confidentiality, I represents integrity, A represents threat Impact scores of three indexes of availability, each attack scene needs to utilize a plurality of system vulnerabilities, the probability p(s) realized in an attack stage, the single vulnerability threat score (v) utilized in the attack stage and the node Weight value Weight generated in the attack stage are comprehensively quantized, and the Impact sa (path) of each attack scene on the network security situation, namely the Impact value of multiple vulnerabilities on the system security situation can be obtained;
where m is attack scene path i An attack phase that has been implemented;
pj(s) is less than or equal to 1, impact (v) is less than or equal to 10, Σweight=1, so sa (path) i ) Less than or equal to 10, defined according to the threat level to the score in the CVSS;
when sa (path) i )∈[0,4.0]When the attacker causes low risk to the network;
when sa (path) i )∈[4.0,7.0]When the attack is in a moderate risk, the harm to the network caused by the attacker is;
when sa (path) i )∈[7.0,10]When the attack is in a high risk, the harm to the network caused by the attacker is high;
finally the overall security situation isWherein n is the detectionThe sum of all attack scenarios arrived;
the data recovery unit is used for carrying out security recovery on the network data information subjected to risk assessment and vulnerability risk management and control processing, the data encryption unit is used for carrying out double encryption protection on the recovered security network data information, encryption processing is carried out through a computer security encryption algorithm RSA, and an RSA encryption calculation formula is de=1 mod phi (n);
in the RSA algorithm, de=1 mod Φ (n) means that de is congruent with 1 with respect to Φ (n), that is, the remainder of 1 divided by Φ (n) is the same as the remainder of 1 divided by de;
for example: p=3, q=11, d=7;
φ(n)=(p-1)(q-1);
n=pq=3×11=33;
φ(n)=(p-1)(q-1)=2*10=20;
from de=1 mod Φ (n);
7e=1mod20;
i.e., 7e and 1 are congruent with respect to 20, i.e., the remainder is the same, and 1 divided by 20 remainder is 1;
then 7e=20k+1, where k is an integer, for example k takes 1, then e=3.
The data security overview unit comprises a data information acquisition module, a data information transmission module, a data information conversion module, a data information storage module, a data information use module and a data information deletion module, wherein the data information acquisition module is used for carrying out real-time monitoring acquisition on real-time network data information in a computer and sending the acquired network security data information to the data information transmission module, the data information transmission module is used for carrying out data transmission on the acquired network data information to the data information conversion module, the data information conversion module is used for carrying out format conversion on the received data information and sending the converted network data information to the data information storage module, the data information storage module is used for storing the converted network data information, a network data information database is built, meanwhile, the network data information is sent to the data information use module, the data information use module is used for carrying out normal operation on the safe network data information, and meanwhile, the data information deletion module is used for carrying out quick deletion on the unused network data information and sending the network data information to the data security detection unit for carrying out data security detection.
In the application, the output end of the data safety overview unit is connected with the output end of the data safety detection unit, the output end of the data safety detection unit is respectively connected with the input ends of the data safety early warning unit and the data classifying and grading unit, the output end of the data safety early warning unit is connected with the input end of the data information display unit, the output end of the data classifying and grading unit is connected with the input end of the data asset identification unit, the output end of the data asset identification unit is connected with the input end of the sensitive data dynamic monitoring unit, and the output end of the sensitive data dynamic monitoring unit and the output end of the behavior prediction judging unit are respectively connected with the input ends of the data abnormality evidence obtaining unit and the data risk evaluating unit.
In the application, the output end of the data risk assessment unit is respectively connected with the input ends of the vulnerability risk management and control unit and the data watermark tracing unit, the output end of the data recovery unit is connected with the input end of the data encryption unit, the output end of the data watermark tracing unit is connected with the input end of the database auditing unit, the output end of the database auditing unit is connected with the input end of the data encryption unit, and the output end of the data encryption unit is connected with the input end of the sensitive data dynamic monitoring unit.
In the application, the output end of the data information acquisition module is connected with the input end of the data information transmission module, the output end of the data information transmission module is connected with the input end of the data information conversion module, the output end of the data information conversion module is connected with the input end of the data information storage module, the output end of the data information storage module is connected with the input end of the data information use module, the output end of the data information use module is connected with the input end of the data information deletion module, and the output end of the data information deletion module is connected with the input end of the data safety detection unit.
The risk evaluation unit comprises a data calling module, a risk comparison module, a risk screening module and a risk classification module, wherein the data calling module calls the network security data information in the database through the system according to the network security data information predicted and judged by the behavior prediction judging unit, the called network security data information is sent to the risk comparison module, the risk comparison module is used for carrying out risk comparison processing on the network security data information called by the data calling module, meanwhile, a comparison result is sent to the risk screening module, the risk screening module is used for screening and distinguishing the compared network security data information, the screened risk data information is sent to the risk classification module, and the risk classification module is used for classifying and storing the screened risk network data information and simultaneously respectively sending the classified risk data information to the vulnerability risk management and control unit and the data watermark tracing unit.
In the application, the output end of the behavior prediction judging unit is connected with the input end of the data calling module, the output end of the data calling module is connected with the input end of the risk comparison module, the output end of the risk comparison module is connected with the input end of the risk screening module, the output end of the risk screening module is connected with the input end of the risk classification module, and the output end of the risk classification module is respectively connected with the input ends of the vulnerability risk management and control unit and the data watermark tracing unit.
While certain exemplary embodiments of the present application have been described above by way of illustration only, it will be apparent to those of ordinary skill in the art that modifications may be made to the described embodiments in various different ways without departing from the spirit and scope of the application. Accordingly, the drawings and description are to be regarded as illustrative in nature and not as restrictive of the scope of the application, which is defined by the appended claims.
Claims (8)
1. The data safety management system is characterized by comprising a data safety overview unit, a data safety detection unit, a data safety early warning unit, a data information display unit, a data classification and classification unit, a data asset identification unit, a sensitive data dynamic monitoring unit, a behavior prediction judging unit and a data abnormal evidence obtaining unit;
the data security overview unit is used for realizing security visualization of a data security life cycle and comprehensively monitoring security risks of user asset data in various stages of acquisition, transmission, storage, use, conversion and deletion;
the data security detection unit is used for carrying out real-time security detection and investigation on network data information of enterprises or users;
the data safety early warning unit is used for carrying out early warning analysis on the calculation processing data, the data to be approved and the IP data, so as to carry out safety comparison on the cache data and generate a safety abnormal signal, a safety stable signal and a safety deviation signal;
the data information display unit is used for visually displaying data asset distribution, data sensitivity and current risk level of the network data security information, and establishing a panoramic view of the data asset for enterprises;
the data classification and grading unit assists the industry to establish a formal data classification and grading management mechanism based on industry best practices, so that the data security management and control requirements are met;
the data asset identification unit is used for identifying data asset information for network data and establishing a data asset ledger;
the sensitive data dynamic monitoring unit is used for automatically identifying the type of the sensitive data and analyzing the map of the network data;
the behavior prediction judging unit is used for carrying out safety prediction judgment and analysis on the instruction behavior for carrying out network operation, protecting data from leakage, tampering and misuse, and carrying out real-time prediction judgment on the behavior;
the data abnormal evidence obtaining unit is used for carrying out real-time continuous monitoring on abnormal data operation to identify and obtain evidence for high-risk behaviors.
2. The data security management system according to claim 1, further comprising a data risk assessment unit, a vulnerability risk management and control unit, a data watermark tracing unit, a database auditing unit, a data recovery unit, and a data encryption unit;
the data risk assessment unit is used for carrying out data storage on network security data information, detecting using compliance and finding dark data;
the data watermark tracing unit is used for analyzing and identifying bright and dark watermarks on the network data page and tracing the origin of the data watermark;
the database auditing unit is used for auditing and comparing the monitored data information with the data information stored in the database so as to implement auditing, form auditing data and store the auditing data in the database;
the vulnerability risk management and control unit is used for preventing external hacking, stealing data, preventing SQL injection, overflowing a buffer zone and managing and controlling authority application risks;
the data recovery unit is used for carrying out security recovery on the network data information after the risk assessment and vulnerability risk management and control processing;
the data encryption unit is used for carrying out double encryption protection on the recovered safety network data information.
3. The data security management system according to claim 1, wherein the data security overview unit comprises a data information acquisition module, a data information transmission module, a data information conversion module, a data information storage module, a data information use module, and a data information deletion module;
the data information acquisition module is used for carrying out real-time monitoring acquisition on real-time network data information in the computer and sending the acquired network security data information to the data information transmission module;
the data information transmission module is used for carrying out data transmission on the acquired network data information to the data information conversion module;
the data information conversion module is used for carrying out format conversion on the received data information and sending the converted network data information to the data information storage module;
the data information storage module is used for storing the converted network data information, establishing a network data information database and sending the network data information to the data information use module;
the data information using module is used for carrying out normal operation and use on the safe network data information and sending the unused network data information to the data information deleting module;
the data information deleting module is used for deleting the useless network data information rapidly and sending the network data information to the data security detecting unit for data security detection.
4. The data security management system according to claim 1, wherein an output end of the data security overview unit is connected to an output end of the data security detection unit, an output end of the data security detection unit is connected to an input end of the data security early warning unit and the data classification and classification unit, an output end of the data security early warning unit is connected to an input end of the data information display unit, an output end of the data classification and classification unit is connected to an input end of the data asset identification unit, an output end of the data asset identification unit is connected to an input end of the sensitive data dynamic monitoring unit, and an output end of the sensitive data dynamic monitoring unit is connected to an output end of the behavior prediction judging unit and an input end of the data abnormality evidence obtaining unit and the data risk evaluating unit, respectively.
5. The data security management system according to claim 2, wherein the output end of the data risk assessment unit is connected with the input ends of the vulnerability risk management and control unit and the data watermark tracing unit respectively, the output end of the data recovery unit is connected with the input end of the data encryption unit, the output end of the data watermark tracing unit is connected with the input end of the database auditing unit, the output end of the database auditing unit is connected with the input end of the data encryption unit, and the output end of the data encryption unit is connected with the input end of the sensitive data dynamic monitoring unit.
6. A data security management system according to claim 3, wherein the output end of the data information acquisition module is connected to the input end of the data information transmission module, the output end of the data information transmission module is connected to the input end of the data information conversion module, the output end of the data information conversion module is connected to the input end of the data information storage module, the output end of the data information storage module is connected to the input end of the data information usage module, the output end of the data information usage module is connected to the input end of the data information deletion module, and the output end of the data information deletion module is connected to the input end of the data security detection unit.
7. A data security management system according to claim 3, wherein the risk assessment unit includes a data retrieval module, a risk comparison module, a risk screening module and a risk classification module, the data retrieval module retrieves the network data information predicted and judged by the behavior prediction judgment unit through the system, and sends the retrieved network data information to the risk comparison module;
the risk comparison module is used for performing risk comparison processing on the network security data information which is called by the data calling module, and sending a comparison result to the risk screening module;
the risk screening module is used for screening and distinguishing the compared network risk data information and sending the screened risk data information to the risk classification module;
the risk classification module is used for classifying and storing the screened risk network data information, and simultaneously, respectively transmitting the classified risk data information to the vulnerability risk management and control unit and the data watermark tracing unit.
8. The data security management system according to claim 7, wherein the output end of the behavior prediction judging unit is connected with the input end of the data retrieving module, the output end of the data retrieving module is connected with the input end of the risk comparing module, the output end of the risk comparing module is connected with the input end of the risk screening module, the output end of the risk screening module is connected with the input end of the risk classifying module, and the output end of the risk classifying module is connected with the input ends of the vulnerability risk management and control unit and the data watermark tracing unit respectively.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310685180.0A CN116886335A (en) | 2023-06-12 | 2023-06-12 | Data security management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310685180.0A CN116886335A (en) | 2023-06-12 | 2023-06-12 | Data security management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116886335A true CN116886335A (en) | 2023-10-13 |
Family
ID=88263339
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310685180.0A Pending CN116886335A (en) | 2023-06-12 | 2023-06-12 | Data security management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116886335A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117473527A (en) * | 2023-11-07 | 2024-01-30 | 新华三网络信息安全软件有限公司 | Data security risk analysis method, device, equipment and storage medium |
-
2023
- 2023-06-12 CN CN202310685180.0A patent/CN116886335A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117473527A (en) * | 2023-11-07 | 2024-01-30 | 新华三网络信息安全软件有限公司 | Data security risk analysis method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI573036B (en) | Risk scoring for threat assessment | |
| CN108092985B (en) | Network security situation analysis method, device, equipment and computer storage medium | |
| CN116886335A (en) | Data security management system | |
| Kim et al. | Cost-effective valuable data detection based on the reliability of artificial intelligence | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN117478433B (en) | Network and information security dynamic early warning system | |
| CN117501658A (en) | Evaluation of likelihood of security event alarms | |
| US10454959B2 (en) | Importance-level calculation device, output device, and recording medium in which computer program is stored | |
| Lee et al. | A study on efficient log visualization using d3 component against apt: How to visualize security logs efficiently? | |
| Ehis | Optimization of Security Information and Event Management (SIEM) Infrastructures, and Events Correlation/Regression Analysis for Optimal Cyber Security Posture | |
| CN116248406B (en) | Information security storage method and information security device thereof | |
| CN115659351B (en) | Information security analysis method, system and equipment based on big data office | |
| CN111709021A (en) | Attack event identification method based on mass alarms and electronic device | |
| CN116707927A (en) | Situation awareness method, system, computer equipment and storage medium | |
| US11575702B2 (en) | Systems, devices, and methods for observing and/or securing data access to a computer network | |
| KR20110101436A (en) | Total analysis system of network risk and method thereof | |
| CN114584358A (en) | Intelligent network security system, device and storage medium based on Bayesian regularization | |
| Lu et al. | One intrusion detection method based on uniformed conditional dynamic mutual information | |
| Pournouri et al. | Improving cyber situational awareness through data mining and predictive analytic techniques | |
| CN113141274A (en) | Method, system and storage medium for detecting sensitive data leakage in real time based on network hologram | |
| Baravati et al. | A new data mining-based approach to improving the quality of alerts in intrusion detection systems | |
| Xu et al. | Method of cumulative anomaly identification for security database based on discrete markov chain | |
| WO2023175953A1 (en) | Information processing device, information processing method, and computer-readable recording medium | |
| Dezfouli et al. | Digital forensics trends and future | |
| CN113449328B (en) | Financial internet user data security processing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |