CN113839956A - Data security evaluation method, device, equipment and storage medium - Google Patents

Data security evaluation method, device, equipment and storage medium Download PDF

Info

Publication number
CN113839956A
CN113839956A CN202111139795.0A CN202111139795A CN113839956A CN 113839956 A CN113839956 A CN 113839956A CN 202111139795 A CN202111139795 A CN 202111139795A CN 113839956 A CN113839956 A CN 113839956A
Authority
CN
China
Prior art keywords
data
information
database
field
sensitive
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111139795.0A
Other languages
Chinese (zh)
Other versions
CN113839956B (en
Inventor
王清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Ping An Medical Health Technology Service Co Ltd
Original Assignee
Ping An Medical and Healthcare Management Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Medical and Healthcare Management Co Ltd filed Critical Ping An Medical and Healthcare Management Co Ltd
Priority to CN202111139795.0A priority Critical patent/CN113839956B/en
Publication of CN113839956A publication Critical patent/CN113839956A/en
Application granted granted Critical
Publication of CN113839956B publication Critical patent/CN113839956B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the field of artificial intelligence, and discloses a data security assessment method, a device, equipment and a storage medium, which are used for improving the security of data. The data security evaluation method comprises the following steps: receiving a sensitive data field, database state information and network information, and performing data standardization processing on the sensitive data field, the database state information and the network information to obtain a target association relation; judging whether the sensitive field data exist in a preset data security standard or not according to the target association relation; and if the sensitive field data exist in the preset data security standard, performing data security evaluation on the sensitive field data to obtain a data security evaluation result. In addition, the invention also relates to a block chain technology, and the data security evaluation result can be stored in the block chain node.

Description

Data security evaluation method, device, equipment and storage medium
Technical Field
The invention relates to the field of artificial intelligence, in particular to a data security assessment method, a data security assessment device, data security assessment equipment and a storage medium.
Background
With the arrival of the big data era, the development of cloud computing and deep learning, a more efficient data processing technology brings higher productivity, and simultaneously, a security crisis of data is also caused, particularly, an operation and maintenance system, a data auditing system and the like, and once a data leakage event occurs, great loss is brought. Therefore, data security has become an indispensable part of large data, and how to ensure data security is receiving more and more attention.
In the existing scheme, the network information and the data information which are filled and registered are sorted by a plurality of persons, and the accuracy of the information data is gradually changed along with the change of time, so that the information distortion is generated on the result of the data security influence evaluation, namely the data security of the existing scheme is low.
Disclosure of Invention
The invention provides a data security assessment method, a data security assessment device, data security assessment equipment and a data security assessment storage medium, which are used for improving the data security.
The invention provides a data security assessment method in a first aspect, which comprises the following steps: acquiring a sensitive data field, wherein the sensitive data field is used for indicating name information and data content of a target database table field; acquiring database state information, wherein the database state information is used for indicating data risk operation command records, data table distribution and record quantity and database account local and remote login information recorded in a database auditing system; acquiring network information, wherein the network information is used for indicating host information and network protocol and port information; receiving the sensitive data field, the database state information and the network information, and performing data standardization processing on the sensitive data field, the database state information and the network information to obtain a target association relation; judging whether the sensitive field data exist in a preset data security standard or not according to the target association relation; and if the sensitive field data exist in the preset data security standard, performing data security evaluation on the sensitive field data to obtain a data security evaluation result.
Optionally, in a first implementation manner of the first aspect of the present invention, the obtaining a sensitive data field, where the sensitive data field is used to indicate name information and data content of a target database table field, includes: acquiring field name information and data content of a target database table; and performing state change identification on the field name information of the target database table and the data content according to a preset time interval, and storing the field name information of the target database table and the data content to obtain a sensitive data field.
Optionally, in a second implementation manner of the first aspect of the present invention, the obtaining of database state information, where the database state information is used to indicate data risk operation command records, data table distribution and record number recorded in a database auditing system, and local and remote login information of a database account, includes: collecting data risk operation command records, data sheet distribution and record quantity and local and remote login information of a database account recorded in a preset database auditing system; and taking the data risk operation command records, the distribution and record quantity of the data table and the local and remote login information of the database account as database state information.
Optionally, in a third implementation manner of the first aspect of the present invention, the acquiring network information, where the network information is used to indicate host information and network protocol and port information, includes: inquiring information of a host port, a process and a configuration file to obtain host information and inquiring information of a network protocol and the port; and taking the host information and the network protocol and port information as network information.
Optionally, in a fourth implementation manner of the first aspect of the present invention, the receiving the sensitive data field, the database state information, and the network information, and performing data standardization processing on the sensitive data field, the database state information, and the network information to obtain a target association relationship includes: receiving the sensitive data field, the database state information, and the network information; centralizing the sensitive data field, the database state information and the network information to obtain centralized data, and calculating standard deviation of the centralized data to obtain a target standard deviation; and establishing an incidence relation among the sensitive data field, the database state information and the network information and a preset target address based on the target standard deviation to obtain a target incidence relation.
Optionally, in a fifth implementation manner of the first aspect of the present invention, if the sensitive field data exists in a preset data security standard, performing data security evaluation on the sensitive field data to obtain a data security evaluation result, where the data security evaluation result includes: if the sensitive field data exist in a preset data security standard, comparing the sensitive field data with a preset security reinforcement baseline of an internet security center to obtain comparison results, wherein the comparison results comprise complete conformity, partial conformity and nonconformity; if the comparison result is completely in line with the data security risk, evaluating the data security, and obtaining a data security evaluation result that the data security risk does not exist; if the comparison result is partially in accordance with the data security risk, evaluating the data security, and obtaining a data security evaluation result which is the existence of the data security risk; and if the comparison result is not in accordance, evaluating the data security, and obtaining a data security evaluation result which is the existence of the data security risk.
Optionally, in a sixth implementation manner of the first aspect of the present invention, if the sensitive field data exists in a preset data security standard, the sensitive field data is compared with a preset security reinforcement baseline of an internet security center to obtain a comparison result, where the comparison result includes a complete agreement, a partial agreement, and an agreement, and the comparison result includes: if the sensitive field data comprises a preset data security standard, checking the host network application and the database through a preset host network application system and a preset database system to obtain a checking result; and comparing the sensitive data field with a preset security reinforcement baseline of the internet security center based on the obtained inspection result to obtain a comparison result, wherein the comparison result comprises complete conformity, partial conformity and nonconformity.
A second aspect of the present invention provides a data security evaluation apparatus, including: the acquisition module is used for acquiring sensitive data fields which are used for indicating the name information and the data content of the field of the target database table; the system comprises an acquisition module, a database auditing module, a database management module and a database management module, wherein the acquisition module is used for acquiring database state information which is used for indicating data risk operation command records, data table distribution and record quantity recorded in a database auditing system and local and remote login information of a database account; the extraction module is used for acquiring network information, and the network information is used for indicating host information and network protocol and port information; the processing module is used for receiving the sensitive data field, the database state information and the network information, and carrying out data standardization processing on the sensitive data field, the database state information and the network information to obtain a target association relation; the judging module is used for judging whether the sensitive field data exist in a preset data security standard or not according to the target association relation; and the evaluation module is used for carrying out data security evaluation on the sensitive field data to obtain a data security evaluation result if the sensitive field data exists in a preset data security standard.
Optionally, in a first implementation manner of the second aspect of the present invention, the obtaining module is specifically configured to: acquiring field name information and data content of a target database table; and performing state change identification on the field name information of the target database table and the data content according to a preset time interval, and storing the field name information of the target database table and the data content to obtain a sensitive data field.
Optionally, in a second implementation manner of the second aspect of the present invention, the acquisition module is specifically configured to: collecting data risk operation command records, data sheet distribution and record quantity and local and remote login information of a database account recorded in a preset database auditing system; and taking the data risk operation command records, the distribution and record quantity of the data table and the local and remote login information of the database account as database state information.
Optionally, in a third implementation manner of the second aspect of the present invention, the extraction module is specifically configured to: inquiring information of a host port, a process and a configuration file to obtain host information and inquiring information of a network protocol and the port; and taking the host information and the network protocol and port information as network information.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the processing module is specifically configured to: receiving the sensitive data field, the database state information, and the network information; centralizing the sensitive data field, the database state information and the network information to obtain centralized data, and calculating standard deviation of the centralized data to obtain a target standard deviation; and establishing an incidence relation among the sensitive data field, the database state information and the network information and a preset target address based on the target standard deviation to obtain a target incidence relation.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the evaluation module further includes: the comparison unit is used for comparing the sensitive field data with a preset security reinforcement baseline of the internet security center to obtain comparison results if the sensitive field data exist in a preset data security standard, wherein the comparison results comprise complete conformity, partial conformity and nonconformity; an evaluation unit: the data security evaluation module is used for evaluating the data security if the comparison result is completely in line with the data security evaluation result, and the data security evaluation result is obtained if no data security risk exists; if the comparison result is partially in accordance with the data security risk, evaluating the data security, and obtaining a data security evaluation result which is the existence of the data security risk; and if the comparison result is not in accordance, evaluating the data security, and obtaining a data security evaluation result which is the existence of the data security risk.
Optionally, in a sixth implementation manner of the second aspect of the present invention, the comparing unit is specifically configured to: if the sensitive field data comprises a preset data security standard, checking the host network application and the database through a preset host network application system and a preset database system to obtain a checking result; and comparing the sensitive data field with a preset security reinforcement baseline of the internet security center based on the obtained inspection result to obtain a comparison result, wherein the comparison result comprises complete conformity, partial conformity and nonconformity.
A third aspect of the present invention provides a data security evaluation apparatus, including: a memory and at least one processor, the memory having instructions stored therein; the at least one processor invokes the instructions in the memory to cause the data security assessment device to perform the data security assessment method described above.
A fourth aspect of the present invention provides a computer-readable storage medium having stored therein instructions, which, when run on a computer, cause the computer to execute the above-mentioned data security assessment method.
According to the technical scheme, sensitive data fields are obtained and used for indicating name information and data content of the field of the target database table; acquiring database state information, wherein the database state information is used for indicating data risk operation command records, data table distribution and record quantity and database account local and remote login information recorded in a database auditing system; acquiring network information, wherein the network information is used for indicating host information and network protocol and port information; receiving a sensitive data field, database state information and network information, and performing data standardization processing on the sensitive data field, the database state information and the network information to obtain a target association relation; judging whether the sensitive field data exist in a preset data security standard or not according to the target association relation; and if the sensitive field data exist in the preset data security standard, performing data security evaluation on the sensitive field data to obtain a data security evaluation result. According to the invention, the sensitive data field is obtained through three different data acquisition modes, then the sensitive data field is subjected to standardized processing, and further whether the sensitive field data exist in the preset data security standard or not is judged according to the target association relationship, so that the security evaluation of the sensitive data field is realized, and the security of the data is improved.
Drawings
FIG. 1 is a schematic diagram of an embodiment of a data security evaluation method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of another embodiment of a data security evaluation method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an embodiment of a data security evaluation device in an embodiment of the present invention;
FIG. 4 is a schematic diagram of another embodiment of a data security evaluation device in an embodiment of the present invention;
fig. 5 is a schematic diagram of an embodiment of a data security evaluation device in an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a data security assessment method, a data security assessment device, data security assessment equipment and a storage medium, which are used for improving the data security. The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," or "having," and any variations thereof, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, a specific flow of the embodiment of the present invention is described below, and referring to fig. 1, a first embodiment of a data security evaluation method in the embodiment of the present invention includes:
101. acquiring a sensitive data field, wherein the sensitive data field is used for indicating name information and data content of a target database table field;
it is to be understood that the execution subject of the present invention may be a data security evaluation device, and may also be a terminal or a server, which is not limited herein. The embodiment of the present invention is described by taking a server as an execution subject. The server may be an independent server, or may be a cloud server that provides basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a Content Delivery Network (CDN), and a big data and artificial intelligence platform.
The embodiment of the invention can acquire and process related data based on an artificial intelligence technology. Among them, Artificial Intelligence (AI) is a theory, method, technique and application system that simulates, extends and expands human Intelligence using a digital computer or a machine controlled by a digital computer, senses the environment, acquires knowledge and uses the knowledge to obtain the best result. The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.
It should be noted that the server identifies the sensitive data field and stores the sensitive data field. The server only records the storage location and field type of the sensitive data of the scanning monitoring.
102. Acquiring database state information, wherein the database state information is used for indicating data risk operation command records, data table distribution and record quantity and database account local and remote login information recorded in a database auditing system;
it should be noted that the data auditing system only records the operation command information of the concerned data, and alarms or blocks sensitive operations. The server obtains data risk operation command records, data sheet distribution and record quantity and local and remote login information of the database account recorded in the database auditing system.
103. Acquiring network information, wherein the network information is used for indicating host information and network protocol and port information;
it should be noted that the server only records information concerning host ports, processes, users, and operation states. The server collects host port, process and configuration file information, and proves that personal information access control measures are correctly implemented from a network layer from a state of storing personal information network data, and unauthorized access to the personal information does not occur; the server stores host and network information and state changes.
104. Receiving a sensitive data field, database state information and network information, and performing data standardization processing on the sensitive data field, the database state information and the network information to obtain a target association relation;
specifically, the server establishes a database, a host and a network through data standardization processing, and the server is based on the incidence relation between the source address and the destination address of the host and the network. And the server combines the sensitive data field, the database state information and the network information with the data security evaluation activity to obtain a target association relation.
105. Judging whether the sensitive field data exist in a preset data security standard or not according to the target association relation;
specifically, the sensitive data field identified by the server judges whether the sensitive data field belongs to the information security technology personal information security specification, such as personal sensitive information; the preset data safety standard specifically refers to the safety standard of information safety technology health medical data, and the range of personal health medical data; and if the database does not contain the sensitive data fields, the server does not perform data security evaluation.
106. And if the sensitive field data exist in the preset data security standard, performing data security evaluation on the sensitive field data to obtain a data security evaluation result.
Specifically, the sensitive data field of the server comprises a database in the scope of information security technology personal information security standard and information security technology health and medical data security standard, and a host computer which is associated with a source address and a destination address of the database to carry out data security assessment.
Further, the server stores the data security evaluation result in a blockchain database, which is not limited herein.
In the embodiment of the invention, the sensitive data field is obtained by three different data acquisition modes, then the sensitive data field is subjected to standardized processing, and then whether the sensitive field data exist in the preset data security standard is judged according to the target association relationship, so that the security evaluation of the sensitive data field is realized, and the security of the data is improved.
Referring to fig. 2, a second embodiment of the data security evaluation method according to the embodiment of the present invention includes:
201. acquiring a sensitive data field, wherein the sensitive data field is used for indicating name information and data content of a target database table field;
optionally, the server obtains field name information and data content of the target database table; and the server identifies the state change of the field name information and the data content of the target database table according to a preset time interval, and stores the field name information and the data content of the target database table to obtain the sensitive data field.
Specifically, the server collects sensitive data fields identified in the sensitive data monitoring system, sensitive data field information and state changes in the database. The server is internally provided with a target database account and a password, accesses field name information and data content of a target database table from a database system, actively scans the field name and the data content of the target database table in a circulating mode according to configurable hourly polling and task triggering through a sensitive data keyword list and a sensitive record regular analysis expression rule stored by the server, and identifies sensitive data field information and state change in the database.
202. Acquiring database state information, wherein the database state information is used for indicating data risk operation command records, data table distribution and record quantity and database account local and remote login information recorded in a database auditing system;
optionally, the server collects preset data risk operation command records, data table distribution and record quantity recorded in the database auditing system, and local and remote login information of the database account; and the server takes the data risk operation command records, the data table distribution and record quantity and the local and remote login information of the database account as the database state information.
Specifically, the server collects data risk operation command records, data sheet distribution and record quantity, and database account local and remote login information recorded in the database auditing system, submits the database information and state change to the data transmission terminal, uses the data risk operation command records, data sheet distribution and record quantity, and database account local and remote login information as database state information, and transmits the database state information to the preset data transmission terminal through the preset database auditing system data acquisition terminal.
203. Acquiring network information, wherein the network information is used for indicating host information and network protocol and port information;
optionally, the server queries information of a host port, a process and a configuration file to obtain host information, and queries information of a network protocol and the port; the server takes the host information and the network protocol and port information as the network information.
Specifically, the server collects host port, process and configuration file information through a host data acquisition end, and the server proves that personal information access control measures are correctly implemented from a host level from the state of a host storing personal information, and unauthorized access to the personal information does not occur; the server collects network protocol and port information through the network data acquisition end, and the server proves that personal information access control measures are correctly implemented from a network layer from a state of storing personal information network data, and unauthorized access to personal information does not occur; the server submits host and network information and state change to the data transmission terminal.
204. Receiving a sensitive data field, database state information and network information, and performing data standardization processing on the sensitive data field, the database state information and the network information to obtain a target association relation;
optionally, the server receives the sensitive data field, the database status information and the network information; the server centralizes the sensitive data field, the database state information and the network information to obtain centralized data, and performs standard deviation calculation on the centralized data to obtain a target standard deviation; and the server establishes an incidence relation between the sensitive data field, the database state information and the network information and a preset target address based on the target standard deviation to obtain a target incidence relation.
Specifically, the server establishes a database, a host and a network through data standardization processing, and the server proves that the server conforms to the basic personal information security principle of "ensuring security" based on the incidence relation between the source address and the destination address of the host and the network, for example: certifying the use of the encrypted network to transmit the personal information; the network and host storing the personal information do not have unauthorized acquisition of the personal information.
205. Judging whether the sensitive field data exist in a preset data security standard or not according to the target association relation;
specifically, the server judges whether the information belongs to the information security technology personal information security specification or not through a sensitive data field identified by the sensitive data monitoring system, wherein the personal sensitive information includes an example; the preset data safety standard specifically refers to the safety standard of information safety technology health medical data, and the range of personal health medical data; and if the database does not contain the sensitive data fields, the server does not perform data security evaluation.
206. If the sensitive field data exist in the preset data security standard, comparing the sensitive field data with a preset security reinforcement baseline of the internet security center to obtain comparison results, wherein the comparison results comprise complete conformity, partial conformity and nonconformity;
optionally, if the sensitive field data includes a preset data security standard, the server checks the host network application and the database through a preset host network application system and a preset database system to obtain a check result; and the server compares the sensitive data field with a preset security reinforcement baseline of the Internet security center based on the obtained inspection result to obtain a comparison result, wherein the comparison result comprises complete conformity, partial conformity and nonconformity.
Specifically, the server compares the security reinforcement baseline of the internet security center, and judges whether the host network application and the database meet the baseline standard of the internet security center. The server expands the capacity of identifying sensitive data through a sensitive data detection system through classified identification of personal information safety standard of information safety technology and safety standard of health and medical data of information safety technology, identifies the storage range, the storage type and the storage quantity scale of the sensitive data in a database, shortens the period of finding and evaluating the sensitive data, and continuously identifies whether the sensitive data exists. For a host network application, a database, where sensitive data exists and belongs to the data security assessment scope, a server performs data security assessment.
207. If the comparison result is completely in line with the data security, evaluating the data security, and obtaining a data security evaluation result that no data security risk exists;
specifically, the server compares the states of the host network application system and the database system with the security reinforcement base line of the internet security center by monitoring the states of the host network application system and the database system, the server checks the current situations of the host network application and the database by an audit command provided by the base line standard of the internet security center, and the server judges whether the security reinforcement base line of the internet security center is completely met or not, so that the conclusion that the host network application and the database are met with the data security standard is obtained, and no data security risk exists. For example: and judging that the mysql database system database account accords with the safety baseline without using a root account of a super administrator. And judging whether the database account has the permission for closing the database instance, and if the database account does not have the permission for closing the database instance, judging that the database account conforms to the safety baseline.
208. If the comparison result is partial coincidence, evaluating the data security, and obtaining a data security evaluation result which is the existence of the data security risk;
specifically, the server compares the states of the host network application system and the database system with the security reinforcement base line of the internet security center by monitoring the states of the host network application system and the database system, the server checks the current situations of the host network application and the database by an audit command provided by the base line standard of the internet security center, and the server judges whether part of the server conforms to the security reinforcement base line of the internet security center to draw a conclusion that the host network application and the database partially conform to the data security standard and have data security risks. For example: and judging that the mysql database system database account accords with the safety baseline without using a root account of a super administrator. And judging whether the database account has the permission to close the database instance, and if the database account has the permission to close the database instance, judging that the database account does not conform to the safety baseline. The integration is assessed as the presence of data security risks.
209. And if the comparison result is not in accordance, evaluating the data security, and obtaining a data security evaluation result which is the existence of the data security risk.
Specifically, the server compares the states of the host network application system and the database system with the security reinforcement base line of the internet security center by monitoring the states of the host network application system and the database system, the server checks the current situations of the host network application and the database by an audit command provided by the base line standard of the internet security center, and the server judges whether the security reinforcement base line of the internet security center is completely not met, so that the conclusion that the host network application and the database are not met with the data security standard is obtained, and the data security risk exists. For example: and judging that the mysql database system database account does not conform to the safety baseline by using a root account of a super administrator. And judging whether the database account has the permission to close the database instance, and if the database account has the permission to close the database instance, judging that the database account does not conform to the safety baseline. The integration is assessed as the presence of data security risks.
Further, the server stores the data security evaluation result in a blockchain database, which is not limited herein.
In the embodiment of the invention, the sensitive data field is obtained by three different data acquisition modes, then the sensitive data field is subjected to standardized processing, and then whether the sensitive field data exist in the preset data security standard is judged according to the target association relationship, so that the security evaluation of the sensitive data field is realized, and the security of the data is improved.
With reference to fig. 3, the data security evaluation method in the embodiment of the present invention is described above, and a data security evaluation device in the embodiment of the present invention is described below, where a first embodiment of the data security evaluation device in the embodiment of the present invention includes:
an obtaining module 301, configured to obtain a sensitive data field, where the sensitive data field is used to indicate field name information and data content of a target database table;
an acquisition module 302, configured to acquire database state information, where the database state information is used to indicate data risk operation command records, data table distribution and record number recorded in a database auditing system, and local and remote login information of a database account;
an extracting module 303, configured to obtain network information, where the network information is used to indicate host information and network protocol and port information;
a processing module 304, configured to receive the sensitive data field, the database state information, and the network information, and perform data standardization processing on the sensitive data field, the database state information, and the network information to obtain a target association relationship;
a judging module 305, configured to judge whether the sensitive field data exists in a preset data security standard according to the target association relationship;
the evaluation module 306 is configured to perform data security evaluation on the sensitive field data to obtain a data security evaluation result if the sensitive field data exists in a preset data security standard.
In the embodiment of the invention, a sensitive data field is obtained and used for indicating the name information and the data content of the field of a target database table; acquiring database state information, wherein the database state information is used for indicating data risk operation command records, data table distribution and record quantity and database account local and remote login information recorded in a database auditing system; acquiring network information, wherein the network information is used for indicating host information and network protocol and port information; receiving a sensitive data field, database state information and network information, and performing data standardization processing on the sensitive data field, the database state information and the network information to obtain a target association relation; judging whether the sensitive field data exist in a preset data security standard or not according to the target association relation; and if the sensitive field data exist in the preset data security standard, performing data security evaluation on the sensitive field data to obtain a data security evaluation result. According to the invention, the sensitive data field is obtained through three different data acquisition modes, then the sensitive data field is subjected to standardized processing, and further whether the sensitive field data exist in the preset data security standard or not is judged according to the target association relationship, so that the security evaluation of the sensitive data field is realized, and the security of the data is improved.
Referring to fig. 4, a second embodiment of the data security evaluation apparatus according to the embodiment of the present invention includes:
an obtaining module 301, configured to obtain a sensitive data field, where the sensitive data field is used to indicate field name information and data content of a target database table;
an acquisition module 302, configured to acquire database state information, where the database state information is used to indicate data risk operation command records, data table distribution and record number recorded in a database auditing system, and local and remote login information of a database account;
an extracting module 303, configured to obtain network information, where the network information is used to indicate host information and network protocol and port information;
a processing module 304, configured to receive the sensitive data field, the database state information, and the network information, and perform data standardization processing on the sensitive data field, the database state information, and the network information to obtain a target association relationship;
a judging module 305, configured to judge whether the sensitive field data exists in a preset data security standard according to the target association relationship;
the evaluation module 306 is configured to perform data security evaluation on the sensitive field data to obtain a data security evaluation result if the sensitive field data exists in a preset data security standard.
Optionally, the obtaining module 301 is specifically configured to:
acquiring field name information and data content of a target database table; and performing state change identification on the field name information of the target database table and the data content according to a preset time interval, and storing the field name information of the target database table and the data content to obtain a sensitive data field.
Optionally, the acquisition module 302 is specifically configured to:
collecting data risk operation command records, data sheet distribution and record quantity and local and remote login information of a database account recorded in a preset database auditing system; and taking the data risk operation command records, the distribution and record quantity of the data table and the local and remote login information of the database account as database state information.
Optionally, the extracting module 303 is specifically configured to:
inquiring information of a host port, a process and a configuration file to obtain host information and inquiring information of a network protocol and the port; and taking the host information and the network protocol and port information as network information.
Optionally, the processing module 304 is specifically configured to:
receiving the sensitive data field, the database state information, and the network information; centralizing the sensitive data field, the database state information and the network information to obtain centralized data, and calculating standard deviation of the centralized data to obtain a target standard deviation; and establishing an incidence relation among the sensitive data field, the database state information and the network information and a preset target address based on the target standard deviation to obtain a target incidence relation.
Optionally, the evaluation module 306 further includes:
a comparison unit 3061, configured to compare the sensitive field data with a preset security reinforcement baseline of the internet security center if the sensitive field data exists in a preset data security standard, so as to obtain a comparison result, where the comparison result includes a complete agreement, a partial agreement, and an agreement;
the evaluation unit 3062: the data security evaluation module is used for evaluating the data security if the comparison result is completely in line with the data security evaluation result, and the data security evaluation result is obtained if no data security risk exists; if the comparison result is partially in accordance with the data security risk, evaluating the data security, and obtaining a data security evaluation result which is the existence of the data security risk; and if the comparison result is not in accordance, evaluating the data security, and obtaining a data security evaluation result which is the existence of the data security risk.
Optionally, the comparing unit 3061 is specifically configured to:
if the sensitive field data comprises a preset data security standard, checking the host network application and the database through a preset host network application system and a preset database system to obtain a checking result; and comparing the sensitive data field with a preset security reinforcement baseline of the internet security center based on the obtained inspection result to obtain a comparison result, wherein the comparison result comprises complete conformity, partial conformity and nonconformity.
In the embodiment of the invention, a sensitive data field is obtained and used for indicating the name information and the data content of the field of a target database table; acquiring database state information, wherein the database state information is used for indicating data risk operation command records, data table distribution and record quantity and database account local and remote login information recorded in a database auditing system; acquiring network information, wherein the network information is used for indicating host information and network protocol and port information; receiving a sensitive data field, database state information and network information, and performing data standardization processing on the sensitive data field, the database state information and the network information to obtain a target association relation; judging whether the sensitive field data exist in a preset data security standard or not according to the target association relation; and if the sensitive field data exist in the preset data security standard, performing data security evaluation on the sensitive field data to obtain a data security evaluation result. According to the invention, the sensitive data field is obtained through three different data acquisition modes, then the sensitive data field is subjected to standardized processing, and further whether the sensitive field data exist in the preset data security standard or not is judged according to the target association relationship, so that the security evaluation of the sensitive data field is realized, and the security of the data is improved.
Fig. 3 and fig. 4 describe the data security evaluation device in the embodiment of the present invention in detail from the perspective of the modular functional entity, and the data security evaluation device in the embodiment of the present invention is described in detail from the perspective of hardware processing.
Fig. 5 is a schematic structural diagram of a data security evaluation device according to an embodiment of the present invention, where the data security evaluation device 500 may have a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 510 (e.g., one or more processors) and a memory 520, and one or more storage media 530 (e.g., one or more mass storage devices) storing applications 533 or data 532. Memory 520 and storage media 530 may be, among other things, transient or persistent storage. The program stored on the storage medium 530 may include one or more modules (not shown), each of which may include a sequence of instructions for operating on the data security evaluation device 500. Further, the processor 510 may be configured to communicate with the storage medium 530 to execute a series of instruction operations in the storage medium 530 on the data security evaluation device 500.
Data security evaluation device 500 may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input-output interfaces 560, and/or one or more operating systems 531, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, and the like. Those skilled in the art will appreciate that the data security assessment device configuration shown in FIG. 5 does not constitute a limitation of the data security assessment device, and may include more or fewer components than shown, or some components in combination, or a different arrangement of components.
The invention also provides a data security evaluation device, which comprises a memory and a processor, wherein the memory stores computer readable instructions, and the computer readable instructions, when executed by the processor, cause the processor to execute the steps of the data security evaluation method in the above embodiments.
The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, and which may also be a volatile computer-readable storage medium, having stored therein instructions, which, when run on a computer, cause the computer to perform the steps of the data security assessment method.
Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the blockchain node, and the like.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A data security assessment method, characterized in that the data security assessment method comprises:
acquiring a sensitive data field, wherein the sensitive data field is used for indicating name information and data content of a target database table field;
acquiring database state information, wherein the database state information is used for indicating data risk operation command records, data table distribution and record quantity and database account local and remote login information recorded in a database auditing system;
acquiring network information, wherein the network information is used for indicating host information and network protocol and port information;
receiving the sensitive data field, the database state information and the network information, and performing data standardization processing on the sensitive data field, the database state information and the network information to obtain a target association relation;
judging whether the sensitive field data exist in a preset data security standard or not according to the target association relation;
and if the sensitive field data exist in the preset data security standard, performing data security evaluation on the sensitive field data to obtain a data security evaluation result.
2. The data security assessment method according to claim 1, wherein the obtaining of the sensitive data field, the sensitive data field indicating the target database table field name information and the data content, comprises:
acquiring field name information and data content of a target database table;
and performing state change identification on the field name information of the target database table and the data content according to a preset time interval, and storing the field name information of the target database table and the data content to obtain a sensitive data field.
3. The data security assessment method according to claim 1, wherein the obtaining of database status information, the database status information being used for indicating data risk operation command records, data table distribution and record number recorded in the database auditing system, and database account local and remote login information, comprises:
collecting data risk operation command records, data sheet distribution and record quantity and local and remote login information of a database account recorded in a preset database auditing system;
and taking the data risk operation command records, the distribution and record quantity of the data table and the local and remote login information of the database account as database state information.
4. The data security evaluation method of claim 1, wherein the obtaining network information, the network information indicating host information and network protocol and port information, comprises:
inquiring information of a host port, a process and a configuration file to obtain host information and inquiring information of a network protocol and the port;
and taking the host information and the network protocol and port information as network information.
5. The data security evaluation method of claim 1, wherein the receiving the sensitive data field, the database status information, and the network information, and performing data standardization processing on the sensitive data field, the database status information, and the network information to obtain a target association relationship comprises:
receiving the sensitive data field, the database state information, and the network information;
centralizing the sensitive data field, the database state information and the network information to obtain centralized data, and calculating standard deviation of the centralized data to obtain a target standard deviation;
and establishing an incidence relation among the sensitive data field, the database state information and the network information and a preset target address based on the target standard deviation to obtain a target incidence relation.
6. The data security assessment method according to any one of claims 1 to 5, wherein if the sensitive field data exists in a preset data security standard, performing data security assessment on the sensitive field data to obtain a data security assessment result, comprising:
if the sensitive field data exist in a preset data security standard, comparing the sensitive field data with a preset security reinforcement baseline of an internet security center to obtain comparison results, wherein the comparison results comprise complete conformity, partial conformity and nonconformity;
if the comparison result is completely in line with the data security risk, evaluating the data security, and obtaining a data security evaluation result that the data security risk does not exist;
if the comparison result is partially in accordance with the data security risk, evaluating the data security, and obtaining a data security evaluation result which is the existence of the data security risk;
and if the comparison result is not in accordance, evaluating the data security, and obtaining a data security evaluation result which is the existence of the data security risk.
7. The data security evaluation method of claim 6, wherein if the sensitive field data exists in a preset data security standard, comparing the sensitive field data with a preset security reinforcement baseline of an internet security center to obtain comparison results, wherein the comparison results include complete agreement, partial agreement and non-agreement, and comprise:
if the sensitive field data comprises a preset data security standard, checking the host network application and the database through a preset host network application system and a preset database system to obtain a checking result;
and comparing the sensitive data field with a preset security reinforcement baseline of the internet security center based on the obtained inspection result to obtain a comparison result, wherein the comparison result comprises complete conformity, partial conformity and nonconformity.
8. A data security evaluation apparatus, characterized in that the data security evaluation apparatus comprises:
the acquisition module is used for acquiring sensitive data fields which are used for indicating the name information and the data content of the field of the target database table;
the system comprises an acquisition module, a database auditing module, a database management module and a database management module, wherein the acquisition module is used for acquiring database state information which is used for indicating data risk operation command records, data table distribution and record quantity recorded in a database auditing system and local and remote login information of a database account;
the extraction module is used for acquiring network information, and the network information is used for indicating host information and network protocol and port information;
the processing module is used for receiving the sensitive data field, the database state information and the network information, and carrying out data standardization processing on the sensitive data field, the database state information and the network information to obtain a target association relation;
the judging module is used for judging whether the sensitive field data exist in a preset data security standard or not according to the target association relation;
and the evaluation module is used for carrying out data security evaluation on the sensitive field data to obtain a data security evaluation result if the sensitive field data exists in a preset data security standard.
9. A data security evaluation device characterized by comprising: a memory and at least one processor, the memory having instructions stored therein;
the at least one processor invoking the instructions in the memory to cause the data security assessment device to perform the data security assessment method of any of claims 1-7.
10. A computer-readable storage medium having instructions stored thereon, wherein the instructions, when executed by a processor, implement a data security assessment method according to any one of claims 1-7.
CN202111139795.0A 2021-09-28 2021-09-28 Data security assessment method, device, equipment and storage medium Active CN113839956B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111139795.0A CN113839956B (en) 2021-09-28 2021-09-28 Data security assessment method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111139795.0A CN113839956B (en) 2021-09-28 2021-09-28 Data security assessment method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113839956A true CN113839956A (en) 2021-12-24
CN113839956B CN113839956B (en) 2023-10-03

Family

ID=78970764

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111139795.0A Active CN113839956B (en) 2021-09-28 2021-09-28 Data security assessment method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113839956B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116248406A (en) * 2023-03-08 2023-06-09 深圳市亿特宝科技有限公司 Information security storage method and information security device thereof

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150324606A1 (en) * 2014-05-10 2015-11-12 Informatica Corporation Identifying and Securing Sensitive Data at its Source
CN107733902A (en) * 2017-10-23 2018-02-23 中国移动通信集团广东有限公司 A kind of monitoring method and device of target data diffusion process
CN110377633A (en) * 2019-06-21 2019-10-25 深圳壹账通智能科技有限公司 Method for processing report data, device, computer equipment and storage medium
CN110737917A (en) * 2019-10-15 2020-01-31 卓尔智联(武汉)研究院有限公司 Data sharing device and method based on privacy protection and readable storage medium
CN111258989A (en) * 2020-02-14 2020-06-09 腾讯科技(深圳)有限公司 Database migration evaluation method and device, storage medium and computer equipment
CN111832017A (en) * 2020-07-17 2020-10-27 中国移动通信集团广西有限公司 Cloud-oriented database security situation sensing system
CN112560027A (en) * 2020-12-18 2021-03-26 福建中信网安信息科技有限公司 Data safety monitoring system
CN112861142A (en) * 2021-02-22 2021-05-28 北京安华金和科技有限公司 Database risk level determination method and device, storage medium and electronic device
CN113032793A (en) * 2021-04-13 2021-06-25 北京国联易安信息技术有限公司 Intelligent reinforcement system and method for data security

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150324606A1 (en) * 2014-05-10 2015-11-12 Informatica Corporation Identifying and Securing Sensitive Data at its Source
CN107733902A (en) * 2017-10-23 2018-02-23 中国移动通信集团广东有限公司 A kind of monitoring method and device of target data diffusion process
CN110377633A (en) * 2019-06-21 2019-10-25 深圳壹账通智能科技有限公司 Method for processing report data, device, computer equipment and storage medium
CN110737917A (en) * 2019-10-15 2020-01-31 卓尔智联(武汉)研究院有限公司 Data sharing device and method based on privacy protection and readable storage medium
CN111258989A (en) * 2020-02-14 2020-06-09 腾讯科技(深圳)有限公司 Database migration evaluation method and device, storage medium and computer equipment
CN111832017A (en) * 2020-07-17 2020-10-27 中国移动通信集团广西有限公司 Cloud-oriented database security situation sensing system
CN112560027A (en) * 2020-12-18 2021-03-26 福建中信网安信息科技有限公司 Data safety monitoring system
CN112861142A (en) * 2021-02-22 2021-05-28 北京安华金和科技有限公司 Database risk level determination method and device, storage medium and electronic device
CN113032793A (en) * 2021-04-13 2021-06-25 北京国联易安信息技术有限公司 Intelligent reinforcement system and method for data security

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116248406A (en) * 2023-03-08 2023-06-09 深圳市亿特宝科技有限公司 Information security storage method and information security device thereof
CN116248406B (en) * 2023-03-08 2023-09-01 深圳市亿特宝科技有限公司 Information security storage method and information security device thereof

Also Published As

Publication number Publication date
CN113839956B (en) 2023-10-03

Similar Documents

Publication Publication Date Title
US10140453B1 (en) Vulnerability management using taxonomy-based normalization
CN111881452B (en) Safety test system for industrial control equipment and working method thereof
CN111177714A (en) Abnormal behavior detection method and device, computer equipment and storage medium
CN109345417B (en) Online assessment method and terminal equipment for business personnel based on identity authentication
CN103748853A (en) Method and system for classifying a protocol message in a data communication network
CN114218606A (en) Tenant data isolation method, device, equipment and storage medium
CN113709162A (en) Method, device and equipment for acquiring intranet data and storage medium
CN114721856A (en) Service data processing method, device, equipment and storage medium
CN116644825B (en) Big data-based outpatient information inquiry reservation management system
CN114742477A (en) Enterprise order data processing method, device, equipment and storage medium
CN111767192A (en) Service data detection method, device, equipment and medium based on artificial intelligence
CN113839956A (en) Data security evaluation method, device, equipment and storage medium
CN111930726A (en) Off-line form-based grade protection evaluation data acquisition and analysis method and system
CN114238474A (en) Data processing method, device and equipment based on drainage system and storage medium
CN114398465A (en) Exception handling method and device of Internet service platform and computer equipment
CN112671614B (en) Method, system, device and storage medium for testing connectivity of association system
CN115080827B (en) Sensitive data processing method and device
CN111241821B (en) Method and device for determining behavior characteristics of user
CN115018505A (en) Payment request processing method, device, equipment and storage medium
CN114416417A (en) System abnormity monitoring method, device, equipment and storage medium
CN111429110B (en) Store standardized auditing method, store standardized auditing device, store standardized auditing equipment and store medium
CN105678157A (en) System and method for data property right protection based on application environment identification
CN113517998A (en) Processing method, device and equipment of early warning configuration data and storage medium
CN113553060B (en) Code processing method, device, equipment and storage medium
CN115098602B (en) Data processing method, device and equipment based on big data platform and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220525

Address after: 518000 China Aviation Center 2901, No. 1018, Huafu Road, Huahang community, Huaqiang North Street, Futian District, Shenzhen, Guangdong Province

Applicant after: Shenzhen Ping An medical and Health Technology Service Co.,Ltd.

Address before: Room 12G, Area H, 666 Beijing East Road, Huangpu District, Shanghai 200001

Applicant before: PING AN MEDICAL AND HEALTHCARE MANAGEMENT Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant