CN111444529A - Confidential data security management system and method - Google Patents
Confidential data security management system and method Download PDFInfo
- Publication number
- CN111444529A CN111444529A CN202010331648.2A CN202010331648A CN111444529A CN 111444529 A CN111444529 A CN 111444529A CN 202010331648 A CN202010331648 A CN 202010331648A CN 111444529 A CN111444529 A CN 111444529A
- Authority
- CN
- China
- Prior art keywords
- data
- confidential
- storage medium
- module
- data storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1448—Management of the data involved in backup or backup restore
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
- G06F11/1469—Backup restoration techniques
Abstract
The invention discloses a confidential data security management system and a method thereof, wherein the system comprises a security system, a data storage medium, an internal and external network server and a shielding machine room; the security system comprises a security USB flash disk, a data import device and a security platform; the data storage medium comprises a data collection module, a browsing and downloading module, a log management module and a data backup module; the data storage medium and the computer are connected through the intranet and intranet servers to form a local area network, and the computer in the local area network can access the data storage medium; the internal and external network servers, the data storage medium and the internal and external network servers are installed in the shielding machine room. The method comprises data collection, data backup, online browsing and downloading, and operation log management. The invention manages the collection, backup, online browsing and operation records of the confidential data, and uses the internal and external network servers and the shielding machine room, thereby greatly reducing the leakage risk of the confidential data and providing a powerful guarantee for the data safety.
Description
Technical Field
The invention relates to the technical field of data management, in particular to a confidential data security management system and method.
Background
With the rapid development of internet technology, computers and networks have been advanced into various fields of work and life, and professionals such as hydroelectric survey design gradually throw away the drawing board, and adopt automatic office work and computer networking work. The computer network system has the advantages of incredible transmission speed and strong functions of information storage, sharing, transmission, file management and the like, and the drawing and design data between an upper sequence and a lower sequence and between a department and a construction site are transmitted by network transmission, so that the efficiency is high, the manpower and the material resources are saved, the working efficiency and the quality of designed products are improved to a greater extent, and the management difficulty of confidential data is increased. In such environments, the task of securing computer material is increasingly challenging.
In water conservancy production, a large amount of data of national and provincial key projects are often involved, and the data are usually high in confidentiality. Once leaked, irreparable economic losses will result, and both businesses and individuals will be covered accordingly. The key difficulty of confidential data lies in: the related specialties are more, and the secret-related personnel are wider; lack of standardized management processes and systems; the security awareness of the confidential personnel is low, and the like. If the confidential data can be protected in all directions through complete confidential management measures, the method has important significance for the credit and property safety of enterprises.
Disclosure of Invention
The invention aims to provide a security management system and a method for security-related data, which are used for solving the problems in the prior art and greatly improving the security degree of the security-related data management.
In order to achieve the purpose, the invention provides the following scheme: the invention provides a confidential data security management system and a method thereof, wherein the confidential data security management system comprises a security system, a data storage medium, an internal and external network server and a shielding machine room; the data security system comprises a security USB flash disk, a data importing device and a security platform; the data storage medium comprises a data collection module, a browsing and downloading module, a log management module and a data backup module; the data storage medium is connected with a computer through an intranet server and an intranet server to form a local area network, and the computer in the local area network accesses the data storage medium; the internal and external network servers, the data storage medium and the internal and external network servers are installed in the shielding machine room.
Preferably, the data import device imports and copies data according to authority through a specific confidential U disk, the confidential U disk comprises a regular automatic elimination module and a connection module, and the confidential platform is used for monitoring that the data storage medium is illegally connected with the Internet.
Preferably, the information collected by the data collecting module comprises basic information of projects, text data and data results.
Preferably, the browsing and downloading module comprises an inquiry submodule, a security submodule, a downloading application submodule and a state monitoring submodule, wherein the inquiry submodule is used for inquiring stored data; the safety sub-module is used for generating a user watermark for the browsed data and acquiring a browsing interface image; the download application sub-module is used for downloading data application; the state monitoring submodule is used for monitoring whether the data storage medium operates at set time.
Preferably, the log management module records the operation records of the material storage medium according to a time sequence.
Preferably, the data backup module performs backup in a master-slave mode to realize local and remote dual backup.
Preferably, the intranet and extranet servers are enterprise-level servers.
Preferably, the shield room comprises: the system comprises a shielding system, a decoration and decoration system, a fire fighting and alarming system, a video monitoring system, an access control management system, a machine room environment and equipment operation monitoring system, a cabinet system, a UPS system, an air conditioning system, a lightning protection grounding system and an electrical system.
A secret-related data security management method comprises the following steps:
collecting confidential data: collecting various confidential data including basic information, text data and data results of projects;
and (3) secret-related data backup: the collected confidential data is sorted and backed up, the backed-up data is stored on another carrier device, and the other carrier device is safely stored;
and (3) browsing and downloading the data on line: inquiring the confidential data, generating a user watermark by the inquired data, realizing online browsing of the data, and collecting browsing interface images of the data storage medium; stopping browsing if no operation is performed within a specified time; downloading the data according to the data downloading application;
managing the operation log: and recording the operation of the confidential data storage medium according to the time sequence.
The invention discloses the following technical effects:
(1) the multiple protection system realizes high secrecy of confidential data and prevents the result from leaking;
(2) unified management of data is realized, so that the lookup is more convenient, and information resource sharing is promoted;
(3) the major economic loss caused by the accidental disaster is effectively avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a schematic diagram of a security management system for confidential data;
FIG. 2 is a flow chart of security management for confidential data.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
The invention provides a confidential data security management system and a method thereof.
The data storage medium in the confidential data security management system can not identify a common mobile storage medium, if data needs to be transmitted, data import and copy are carried out through a specific confidential USB disk, the data in the confidential USB disk can only be operated in the confidential USB disk and can not be stored in a computer outside a local area network, the data in the confidential USB disk has a service life and can not be opened after expiration, therefore, the confidential data is stored in the specific confidential USB disk, the confidential USB disk is inserted into a special data interface of a data import device, and the confidential data is imported into the data storage medium.
The data storage medium comprises a data collection module, a browsing and downloading module, a log management module and a data backup module.
The project responsible person arranges, uploads and files the project results, a system administrator needs to check the result data uploaded by the project responsible person, and a data party with accurate check can upload the result data. The data collection module collects and summarizes the uploaded data. The project basic information comprises project names, project types, project leader information, project examiner information, project start and stop time, project classification and the like; the text data comprises project task books, technical design books, technical summaries, confidential product inspection reports, acceptance records, quality evaluation tables, adjustment result reports and the like; the data results include topographic maps, cross-sectional maps, control point information, etc.
The browsing and downloading module comprises an inquiry submodule, a safety submodule, a downloading application submodule and a state monitoring submodule. All users can directly inquire and browse all data on line through the inquiry entrance of the inquiry submodule, and the inquiry modes of fuzzy search, screening, sequencing and the like are carried out on the input item name, the year, the responsible person and other related keywords. The system supports a plurality of file formats such as common text, table, photo, CAD, database file and the like, and simultaneously supports the online playing of multimedia documents. All uploaded data only support online browsing, the security sub-module can automatically generate watermarks of related users when the data are browsed, and the browsing interface is captured every 5 minutes, so that operation leakage such as photographing is prevented. If the download is needed, the application is made to the administrator, the download application submodule generates a download application, and the download application can be downloaded after the download application is approved. And the state monitoring submodule monitors the non-operation time of the system, and if the user does not operate the data storage medium for more than 30 minutes, the system automatically quits and needs to log in again.
The log management module carries out comprehensive recording on the system operation condition, and can carry out complete system operation recording according to the time sequence, such as: logging in the system, uploading data, inquiring and browsing, and the like. Meanwhile, the detailed information of the operator can be recorded. The log management can record all operations of the data management system, provide functions of log printing, log backup and the like, and provide basis for accident diagnosis and responsibility judgment.
The data backup module backs up the collected confidential data. The invention provides a good local backup function by using a dual-computer hot backup mode, and the backup is carried out by adopting a master-slave mode, namely two computers are connected with each other and are respectively set as a host computer and a backup computer. When the host system fails or the standby system cannot receive signals of the host system, the high-availability management software of the system considers that the host system fails, the host stops working, system resources are transferred to the standby system, and the standby system can replace the host to play a role so as to ensure that network service operation is uninterrupted.
When a fire disaster or other serious conditions happen, the local backup is difficult to ensure the safety of the data, and the importance of the remote backup is shown. The remote backup is based on the cloud computing technology, a uniform and automatic data storage mirror image mechanism is established, the data storage safety can be improved, and the maintenance workload is reduced. When the application system databases are out of service due to failure caused by unexpected faults, the standby database can be used for replacing the source database to provide service support, and the continuous operation of the service is ensured. The function can back up any document information in the system into files with uniform format, the back-up mode is flexible, the whole or part of document information can be backed up, the document information can be manually backed up by an administrator or automatically and periodically backed up by the system, and the storage and the transfer of the document information are effectively realized. The user can restore the data information through the backup file when needed, and provide a backup/recovery log to record each backup and recovery operation in detail for inquiry. The local and remote dual backup functions are combined, and the safety of data information can be guaranteed no matter what the situation happens.
The security device consists of a special security USB flash disk, a multifunctional lead-in device and a security platform, and aims to prevent a security computer from illegally accessing the Internet and prevent a common USB flash disk from illegally accessing the security computer. The system administrator can realize the import and export of data materials; the project principal can import data, but cannot export data; the ordinary user cannot perform any data transmission operation.
And the internal and external network servers are used, the data storage medium is connected with other computers through the internal and external network servers to form a local area network, and the computers in the local area network access the data storage medium. The server level used by the invention is an enterprise-level server, supports a symmetrical processor structure with more than two CPUs, has complete hardware configuration and comprehensive server management capability, and has high fault tolerance capability, excellent expansion performance, a fault pre-alarm function, online diagnosis and hot plug performance of RAM, PCI, CPU and the like. By means of combination of the internal network and the external network, the enterprise high management can be connected with the external network, other personnel can only operate in the local area network, data information can be downloaded to the in-hospital local area network after permission is granted by an administrator, all operation on the data needs to be performed in the local area network, if the internet is illegally connected, the system can timely block and send alarm information, and confidentiality of the data is greatly improved.
A shielding machine room is built, and an energy-saving, environment-friendly and safe distribution environment is provided for a server, a storage device, a safety device and a network device. The system mainly comprises a shielding system, a decoration and decoration system, a fire fighting and alarming system, a video monitoring system, an access control management system, a machine room environment and equipment operation monitoring system, a cabinet system, a UPS system, an air conditioning system, a lightning protection grounding system and an electrical system.
The shielding system surrounds a signal source by using a metal net or a metal plate, prevents internal signals from being emitted outwards by using a metal layer, and can prevent external signals from entering the inside of the metal layer, so that the shielding effect is realized; the decoration system achieves the effects of fire prevention, dust prevention, static prevention, noise reduction, sound insulation, heat preservation, energy conservation, environmental protection, attractive appearance and the like according to the technical requirements of relevant national standards; the fire-fighting and alarming system realizes the functions of automatic fire alarming, very early detection, gas fire extinguishing and the like by utilizing a 'big black bird' alarming system and a 'normal day' gas fire extinguishing system; the video monitoring system utilizes a hemispherical high-definition color camera in the machine room to monitor the interior of the machine room without dead angles; the access control management system adopts a password card swiping access control management system, and an access control card has strong confidentiality and cannot be cracked; the monitoring objects of the machine room environment and equipment operation monitoring system are a power supply system, an environment adjusting system, an alarm management system and the like, so that the real-time operation parameters of each intelligent equipment or subsystem are acquired and processed, including UPS monitoring, power distribution monitoring, precise air conditioner monitoring, temperature and humidity monitoring, water leakage monitoring, entrance guard monitoring and the like, and the normal operation of the equipment is ensured; the cabinet system selects a product of 'Costda' brand IDM micro-module system, provides physical space for equipment such as a server and the like, and has high reliability, strong bearing capacity, high heat dissipation, high practicability and high safety; the UPS system is an uninterruptible power supply system, is based on the principles of safety, economy and energy conservation, adopts a modular UPS, and has the advantages of strong load adaptability, energy conservation, environmental protection, parallel redundancy and the like; the air conditioning system adopts an air-cooled refrigeration system, and achieves effective refrigeration and air circulation by utilizing the forms of upper air supply, lower air supply and horizontal air supply; the lightning protection grounding system can effectively ensure images of various electromagnetic interference phenomena such as lightning, electromagnetic pulse, static electricity, power supply zero potential drift and the like in the data center and even destroy the normal operation of various precise electronic equipment in the data center; the electric system is constructed by adopting 380/220V voltage, 50HZ frequency and three-five-wire wiring mode to supply power, so that the power supply requirement of the machine room is guaranteed.
The confidential data security management method comprises the following steps:
collecting confidential data: collecting various secret-related data including basic project information, character data and data results, and summarizing after the data collection is finished;
and (3) secret-related data backup: the collected confidential data is sorted and backed up, the backed-up data is stored on another carrier device, and the other carrier device is safely stored;
and (3) browsing and downloading the data on line: inquiring the confidential data, generating user watermarks from the inquired data, playing the data online to realize online browsing, and downloading the data according to a data downloading application;
managing the operation log: recording the operation of the confidential data storage medium according to the time sequence, and collecting the browsing interface image of the data storage medium.
In the description of the present invention, it is to be understood that the terms "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, are merely for convenience of description of the present invention, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention.
The above-described embodiments are merely illustrative of the preferred embodiments of the present invention, and do not limit the scope of the present invention, and various modifications and improvements of the technical solutions of the present invention can be made by those skilled in the art without departing from the spirit of the present invention, and the technical solutions of the present invention are within the scope of the present invention defined by the claims.
Claims (9)
1. A confidential data security management system is characterized in that: comprises a security system, a data storage medium, an internal and external network server and a shielding machine room; the security system comprises a security USB flash disk, a data import device and a security platform; the data storage medium comprises a data collection module, a browsing and downloading module, a log management module and a data backup module; the data storage medium is connected with a computer through an intranet server and an intranet server to form a local area network, and the computer in the local area network accesses the data storage medium; the internal and external network servers, the data storage medium and the internal and external network servers are installed in the shielding machine room.
2. A confidential document security management system according to claim 1, wherein: the data import device imports and copies data according to authority through the confidential USB flash disk, the confidential USB flash disk comprises a regular automatic elimination module and a connection module, and the confidential platform is used for monitoring the illegal connection of the data storage medium to the Internet.
3. A confidential document security management system according to claim 1, wherein: the information collected by the data collecting module comprises project basic information, text data and data results.
4. A confidential document security management system according to claim 1, wherein: the browsing and downloading module comprises an inquiry submodule, a safety submodule, a downloading application submodule and a state monitoring submodule, wherein the inquiry submodule is used for inquiring stored data; the safety sub-module is used for generating a user watermark for the browsed data and collecting a browsing interface image; the download application sub-module is used for downloading data application; the state monitoring submodule is used for monitoring whether the data storage medium operates at set time.
5. A confidential document security management system according to claim 1, wherein: and the log management module records the operation records of the data storage medium according to the time sequence.
6. A confidential document security management system according to claim 1, wherein: the data backup module performs backup in a master-slave mode to realize local and remote double backup.
7. A confidential document security management system according to claim 1, wherein: the internal and external network servers are enterprise-level servers.
8. A confidential document security management system according to claim 1, wherein: the shielding computer lab includes: the system comprises a shielding system, a decoration and decoration system, a fire fighting and alarming system, a video monitoring system, an access control management system, a machine room environment and equipment operation monitoring system, a cabinet system, a UPS system, an air conditioning system, a lightning protection grounding system and an electrical system.
9. A secret-related data security management method is characterized by comprising the following steps:
collecting confidential data: collecting various confidential data including basic information, text data and data results of projects;
and (3) secret-related data backup: the collected confidential data is sorted and backed up, the backed-up data is stored on another carrier device, and the other carrier device is safely stored;
and (3) browsing and downloading the data on line: inquiring the confidential data, generating a user watermark by the inquired data, realizing online browsing of the data, and collecting a browsing interface image; if no operation is performed within the set time, stopping browsing and applying for downloading the data;
managing the operation log: and recording the operation of the confidential data storage medium according to the time sequence.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010331648.2A CN111444529A (en) | 2020-04-24 | 2020-04-24 | Confidential data security management system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010331648.2A CN111444529A (en) | 2020-04-24 | 2020-04-24 | Confidential data security management system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111444529A true CN111444529A (en) | 2020-07-24 |
Family
ID=71654451
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010331648.2A Pending CN111444529A (en) | 2020-04-24 | 2020-04-24 | Confidential data security management system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111444529A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101154251A (en) * | 2006-09-27 | 2008-04-02 | 中国科学院自动化研究所 | Information privacy management system based on radio frequency recognition and method thereof |
| CN201369745Y (en) * | 2008-12-18 | 2009-12-23 | 成都立鑫新技术科技有限公司 | Party and government network secrete information remote monitoring inspection system |
| CN104809585A (en) * | 2015-05-07 | 2015-07-29 | 苏州首旗信息科技有限公司 | Office document management system |
| WO2015182436A1 (en) * | 2014-05-29 | 2015-12-03 | 京セラドキュメントソリューションズ株式会社 | Security management system, security management device, and image processing device |
-
2020
- 2020-04-24 CN CN202010331648.2A patent/CN111444529A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101154251A (en) * | 2006-09-27 | 2008-04-02 | 中国科学院自动化研究所 | Information privacy management system based on radio frequency recognition and method thereof |
| CN201369745Y (en) * | 2008-12-18 | 2009-12-23 | 成都立鑫新技术科技有限公司 | Party and government network secrete information remote monitoring inspection system |
| WO2015182436A1 (en) * | 2014-05-29 | 2015-12-03 | 京セラドキュメントソリューションズ株式会社 | Security management system, security management device, and image processing device |
| CN104809585A (en) * | 2015-05-07 | 2015-07-29 | 苏州首旗信息科技有限公司 | Office document management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106650855B (en) | A kind of fire-fighting equipment total management system | |
| CN103632080B (en) | A kind of mobile data applications method for security protection based on USBKey | |
| CN103595131B (en) | On-line monitoring system of transformer device of transformer substation | |
| CN109768889A (en) | A kind of visualization safety management wisdom operation platform | |
| CN104252485B (en) | A kind of database management platform | |
| CN201887888U (en) | Network video monitor system | |
| CN102708152A (en) | Integrated management method for electronic evidence | |
| CN108810150B (en) | Data replication method of application-level disaster recovery backup system of cooperative office system | |
| CN2917099Y (en) | 'Three-tolerant' digital black box for mission-critical computer system | |
| CN104851222A (en) | NVSG nuclear-involved unit comprehensive security management system and management method thereof | |
| CN111444529A (en) | Confidential data security management system and method | |
| US20040107114A1 (en) | System and method for processing, organizing and accessing mission critical facilities information and intellectual capital | |
| CN103617099A (en) | Method and system for auditing user file content in real time | |
| CN109345114A (en) | A kind of E-government affairs service system | |
| CN205068480U (en) | On --spot management and control of transformer substation's construction operation system for electric power system | |
| CN108471452A (en) | A kind of Single Cabinet data center monitoring method, system and device | |
| CN210142288U (en) | Data acquisition management system for power system | |
| CN205230237U (en) | Campus security protection system based on cloud storage | |
| Cisco | Index | |
| CN203206283U (en) | IDC information monitor system based on data transparent scan | |
| CN111461678A (en) | Public security related property management and collection platform | |
| CN206236239U (en) | Based on internet Temperature and Humidity Control auto-power-off system | |
| CN108712304A (en) | Enterprise server monitors system | |
| Hussein et al. | Data centre infrastructure: power efficiency and protection | |
| CN113709140B (en) | Cloud big data intelligent safety management and control system based on comprehensive audit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200724 |