CN114372286A - Data security management method and device, computer equipment and storage medium - Google Patents
Data security management method and device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN114372286A CN114372286A CN202111552275.2A CN202111552275A CN114372286A CN 114372286 A CN114372286 A CN 114372286A CN 202111552275 A CN202111552275 A CN 202111552275A CN 114372286 A CN114372286 A CN 114372286A
- Authority
- CN
- China
- Prior art keywords
- data
- protection
- sensitive data
- access
- sensitive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The application provides a data security management method, a data security management device, computer equipment and a storage medium, and relates to the technical field of computers. The method comprises the following steps: receiving a data access request, the data access request comprising: an identification of data to be accessed; determining whether the data to be accessed is sensitive data from a preset database according to the identifier of the data to be accessed; and if the data is sensitive data, performing safety protection on the sensitive data by adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data. The application can carry out multiple safety protection on sensitive data.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a data security management method and device, computer equipment and a storage medium.
Background
With the acceleration of the electronic informatization process, the data quantity shows explosive growth. Meanwhile, the data security problem is also a problem which is increasingly concerned by people.
A large amount of sensitive data are recorded in a big data system, the existing safety products on the market are various in types, and a single safety product has a large security hole when being used for protecting the data.
When multiple security products are used for security protection of data, different security products have the same policy for protecting the data, and policy conflict may occur when multiple security protection is performed on the data.
Disclosure of Invention
The present invention aims to provide a data security management method, apparatus, computer device and storage medium for performing multiple security protections on sensitive data, thereby improving the data security protection capability and ensuring the data security.
In order to achieve the above purpose, the technical solutions adopted in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a data security management method, where the method includes:
receiving a data access request, the data access request comprising: an identification of data to be accessed;
determining whether the data to be accessed is sensitive data from a preset database according to the identifier of the data to be accessed;
and if the sensitive data is the sensitive data, performing safety protection on the sensitive data by adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data.
Optionally, the multiple protection strategies corresponding to the sensitivity levels include: storing a protection strategy, wherein the multiple protection strategies corresponding to the sensitivity level of the sensitive data are adopted to perform security protection on the sensitive data, and the method comprises the following steps:
and performing encryption protection on the sensitive data by adopting the storage protection strategy corresponding to the sensitivity level, wherein the encryption protection comprises the following steps: full ciphertext and partial ciphertext.
Optionally, the multiple protection policy corresponding to the sensitivity level further includes: the method for performing security protection on the sensitive data by adopting the multiple protection strategies corresponding to the sensitivity level of the sensitive data comprises the following steps:
and performing access authority protection and desensitization protection on the sensitive data by adopting the access protection strategy corresponding to the sensitivity level, wherein the access authority protection comprises the following steps: the access right, the authorized access right and the full access right are approved, and the desensitization protection is as follows: dynamic desensitization.
Optionally, the multiple protection policy corresponding to the sensitivity level further includes: the sharing protection strategy is used for carrying out safety protection on the sensitive data by adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data, and comprises the following steps:
adopting the shared protection strategy corresponding to the sensitivity level to carry out export protection and leakage protection on the sensitive data, wherein the export protection comprises the following steps: forbidding export, approval export, authorization export and direct export, the leakage protection comprises: desensitization protection and leakage protection, desensitization protection is used for revealing the protection to structured data, prevents leaking and is used for revealing the protection to unstructured data.
Optionally, the multiple protection policy corresponding to the sensitivity level further includes: and an audit protection strategy, wherein the safety protection is performed on the sensitive data by adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data, and the method comprises the following steps:
adopting the audit protection strategy corresponding to the sensitivity level to perform audit protection on the sensitive data, wherein the audit protection comprises the following steps: field level auditing, table level auditing, and file level auditing.
Optionally, the method further includes:
counting the access flow of the sensitive data;
and determining the leakage risk of the sensitive data based on the access flow, and generating leakage alarm information of the sensitive data.
Optionally, after determining the risk of leakage of the sensitive data based on the access traffic and generating leakage warning information of the sensitive data, the method further includes:
analyzing whether a user accessing the sensitive data is an abnormal user or not based on the multidimensional data, wherein the multidimensional data comprises: safety log data, the sensitive data, the access flow of the sensitive data, access user information and the leakage alarm information.
In a second aspect, an embodiment of the present application further provides a data security management apparatus, where the apparatus includes:
an access request receiving module, configured to receive a data access request, where the data access request includes: an identification of data to be accessed;
the sensitive data determining module is used for determining whether the data to be accessed is sensitive data from a preset database according to the identifier of the data to be accessed;
and the sensitive data protection module is used for adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data to perform safety protection on the sensitive data if the sensitive data is the sensitive data.
Optionally, the multiple protection strategies corresponding to the sensitivity levels include: and the sensitive data protection module is specifically configured to perform encryption protection on the sensitive data by using the storage protection strategy corresponding to the sensitivity level, where the encryption protection includes: full ciphertext and partial ciphertext.
Optionally, the multiple protection policy corresponding to the sensitivity level further includes: the sensitive data protection module is further configured to perform access right protection and desensitization protection on the sensitive data by using the access protection policy corresponding to the sensitivity level, where the access right protection includes: the access right, the authorized access right and the full access right are approved, and the desensitization protection is as follows: dynamic desensitization.
Optionally, the multiple protection policy corresponding to the sensitivity level further includes: and the sensitive data protection module is further used for adopting the shared protection strategy corresponding to the sensitivity level to carry out export protection and leakage protection on the sensitive data, wherein the export protection comprises the following steps: forbidding export, approval export, authorization export and direct export, the leakage protection comprises: desensitization protection and leakage protection, desensitization protection is used for revealing the protection to structured data, prevents leaking and is used for revealing the protection to unstructured data.
Optionally, the multiple protection policy corresponding to the sensitivity level further includes: and the sensitive data protection module is further used for performing audit protection on the sensitive data by adopting the audit protection strategy corresponding to the sensitivity level, wherein the audit protection comprises the following steps: field level auditing, table level auditing, and file level auditing.
Optionally, the apparatus further comprises:
the flow statistic module is used for counting the access flow of the sensitive data;
and the warning information generating module is used for determining the leakage risk of the sensitive data based on the access flow and generating the leakage warning information of the sensitive data.
Optionally, the apparatus further comprises:
an abnormal user analysis module, configured to analyze whether a user accessing the sensitive data is an abnormal user based on multidimensional data, where the multidimensional data includes: safety log data, the sensitive data, the access flow of the sensitive data, access user information and the leakage alarm information.
In a third aspect, an embodiment of the present application further provides a computer device, including: the data security management system comprises a processor, a storage medium and a bus, wherein the storage medium stores program instructions executable by the processor, when the computer device runs, the processor and the storage medium communicate through the bus, and the processor executes the program instructions to execute the steps of the data security management method according to any one of the above embodiments.
In a fourth aspect, an embodiment of the present application further provides a computer-readable storage medium, where the storage medium stores a computer program, and the computer program is executed by a processor to perform the steps of data security management according to any of the foregoing embodiments.
The beneficial effect of this application is:
the application provides a data security management method, a data security management device, a computer device and a storage medium, wherein a data access request is received, and the data access request comprises the following steps: an identification of data to be accessed; determining whether the data to be accessed is sensitive data from a preset database according to the identifier of the data to be accessed; and if the data is sensitive data, performing safety protection on the sensitive data by adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data. According to the scheme, multiple safety protection can be performed on the sensitive data based on the sensitivity level of the sensitive data and multiple protection strategies, strategy conflict among the multiple protection strategies is avoided, the data safety protection capability is improved, and data safety is guaranteed.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is an architecture diagram of a data security unified management system according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a data security management method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of another data security management method according to an embodiment of the present application;
FIG. 4 is a diagram illustrating an example of a data security protection process provided by an embodiment of the present application;
fig. 5 is an interaction diagram of a data security unified management platform and a plurality of security management components according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a data security management apparatus according to an embodiment of the present application;
fig. 7 is a schematic diagram of a computer device provided in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Furthermore, the terms "first," "second," and the like in the description and in the claims, as well as in the drawings, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the features of the embodiments of the present application may be combined with each other without conflict.
Before introducing the data security management method, the applied data security unified management system is explained first for better understanding of the scheme of the application.
Referring to fig. 1, an architecture diagram of a data security unified management system according to an embodiment of the present application is shown in fig. 1, where the data security unified management system includes: the system comprises a basic supporting layer, a safety capability layer and a unified platform layer.
The bottom layer assembly of the basic supporting layer is used for analyzing a database protocol, analyzing a communication protocol in a data security management process, capturing and forwarding a data packet and identifying data content. The common module of the basic support layer is the basic function of the data security management system and can comprise data management, sensitive data identification, authorization management and policy management.
The security capability layer includes various components for performing security management on data, and specifically may include: the Data security system comprises an asset management component, a Data encryption component, a Data desensitization component, a Data firewall component, a Data auditing component and a Data Leakage Protection (DLP) component, wherein the Data Leakage protection component is used for performing security protection on unstructured Data, and other components are used for performing security protection on structured Data.
The asset management component has an asset automatic discovery function, a sensitive data identification function and a classification and grading function. And the asset automatic discovery function calls a scanning engine based on the scanning strategy to scan the data source so as to determine the database where the data source is located. And the sensitive data identification function calls an identification model and an identification engine based on the identification strategy to identify the data in the database so as to discover the sensitive data in the database. The classification and grading function classifies and grades the sensitive data based on classification and grading standards. The asset management component may also have a risk warning function, but the asset management component is separately used to manage the data assets, and when the security management component used to perform security protection on the data does not include the data firewall component and the data auditing component, a risk warning function needs to be set in the asset management component to warn the access risk existing in the data. After the asset management component classifies and grades the sensitive data, the classification and grading results are shared by the unified platform layer to other modules of the security layer.
The data encryption component has an encryption function and an access right limiting function. The data encryption component receives a classification result and a storage protection strategy shared by the unified platform layer, the encryption function is based on the sensitive grade and the storage protection strategy of the sensitive data, and the field table encryption is carried out on the sensitive data by adopting an encryption and decryption queue. When the data encryption component is used alone, the data encryption component can scan the data source to determine the database where the data source is located, and perform field table encryption on data in the database based on the encryption and decryption queue.
The data desensitization component has a data desensitization function and a sharing authority limit function. The data desensitization component receives a classification grading result and a sharing protection strategy shared by the unified platform layer, and the data desensitization function determines sensitive data and an export authority and desensitization rules based on the sensitive grade of the sensitive data and the sharing protection strategy.
The data firewall component has an intelligent protection function and a risk alarm processing function. The data firewall component receives classification grading results and access protection strategies shared by the unified platform layer, the intelligent protection function sets access authority for the sensitive data based on the sensitive grade of the sensitive data and the access protection strategies, and the access behavior or the export behavior is intercepted and blocked when the sensitive data is subjected to unauthorized access, unauthorized export sharing, illegal access and illegal export sharing. And the risk alarm processing function is used for generating alarm information when the sensitive data is subjected to unauthorized access, unauthorized export sharing, illegal access and illegal export sharing.
The data auditing component has auditing strategy setting function, user behavior analysis function and risk analysis warning function. And the data auditing component receives the classification grading result and the auditing protection strategy shared by the unified platform layer, and the auditing strategy setting function determines the auditing strategy of the sensitive data based on the sensitive grade of the sensitive data and the auditing protection strategy. And the user behavior analysis function is used for auditing the behavior of accessing the sensitive data based on the auditing strategy and counting the access flow or the access frequency of accessing the sensitive data. And the risk classification alarm function determines whether the access behavior is abnormal or not based on the access flow or the access frequency of the access sensitive data, and generates alarm information when determining that the abnormality exists.
The data leakage protection component has the functions of an asset management component, a data encryption component, a data desensitization component, a data firewall component and a data auditing component and is used for carrying out safety protection on non-institutional data.
It should be noted that, in this embodiment, the above-mentioned multiple components for performing security management on data are installed in a server or a virtual machine where the database is located, and different security management roles log in the server or the virtual machine where the database is located to perform data access.
The unified platform layer is a data security unified management platform which comprises a unified management module, a strategy cooperation module and a data security brain module. The unified management module has a component management function, a user management function, a safety audit function and an alarm display function.
The component management function is used for monitoring the type and the state of the equipment where the safety management component is located and the running state of the safety management component, ensuring the normal running of the safety management component and the equipment where the safety management component is located, and providing safety protection for data.
The user management function is used for authenticating login accounts with different security management roles, managing the authority of different accounts, and supporting the retrieval of the login accounts, the login roles, users and login time ranges, and performing manual or automatic verification to determine whether the accounts are abnormal in login.
The safety design function is used for safety audit of the safety management assembly, and specifically, the audit supports retrieval audit of multiple dimensions such as account numbers, users, login IP addresses and keyword time through operation records of log audit operation accounts.
The alarm display function is used for carrying out unified management and display on the service alarms, carrying out statistics according to the alarm level and the module for generating alarm information, and carrying out retrieval and display according to different dimensions. Specifically, the sensitive data with high leakage risk can be retrieved according to the risk of the sensitive data being leaked, and the access condition of the sensitive data is displayed; the high-aggressiveness database can be searched according to the degree of attack on the database, and the attack condition of the database is displayed; and searching according to the information of the risk account, and displaying the behavior or operation log of the high risk account.
The strategy cooperation module is used for calling different safety management components to integrate the capabilities of the different safety management components, provide joint defense linkage safety protection for sensitive data and meet the safety protection requirements of the sensitive data in different scenes. From the perspective of a data security protection system, the data security unified management platform serves as a support platform for data security protection, Internet Protocol Detail Record (IPDR) is satisfied, and full coverage of a full life cycle process from production, transmission, storage, processing, exchange to destruction of data security protection is realized.
The strategy coordination module is divided into an asset identification and discovery (identification) stage, a strategy coordination (Protect) stage, a joint defense linkage (Detect) stage and a real-time alarm Response (Response) stage. And calling an asset management component to perform whole-network asset exploration in the asset identification and discovery stage, automatically discovering the database by scanning data flow, defining the sensitive data in different databases according to the unified standard by adopting the unified standard, sharing the sensitive data characteristic database in the whole database so as to identify and discover the sensitive data, and classifying and grading the sensitive data.
In the strategy cooperation stage, the asset management component sends the sensitive data and the classification grading result to the data security unified management platform, and the data security unified management platform makes a protection strategy for the sensitive data according to the service requirement, so that a protection strategy system is realized, the condition that a client full-service scene can be covered is ensured, and integrated defense is achieved.
In the joint defense linkage stage, the data security unified management platform identifies the behavior of accessing sensitive data through each security management component according to an automatic arrangement strategy, so that interfaces of a data encryption component, a data desensitization component and a data protection wall component are called aiming at the sensitive data in different application scenes, the sensitive data is encrypted, desensitized and subjected to fine-grained access control, and the data storage, use and sharing security is ensured.
In the real-time alarm Response stage, the data Security unified management platform helps the Security operation and maintenance personnel to define, sequence and drive standardized time Response activities by utilizing Security organization Automation and Response (SOAP) and a man-machine combination mode through a standard workflow. After receiving the alarm information sent by each safety management component, the data safety unified management platform automatically responds according to a preset alarm response script, wherein the responding actions comprise: blocking, encryption, desensitization, interception, and the like. The data security unified management platform can also fuse the alarm information of different security management components, perform correlation analysis on the alarm information of the same account and the same sensitive data, and discover hidden threats which cannot be discovered by a single security management component.
The data security brain module comprises a big data platform and a data security brain. And receiving sensitive data information, log information of safety key components and flow information of key equipment by a big data platform user, wherein the sensitive data information, the log information of the safety key components and the flow information of the key equipment are sent by each safety management component, and the key equipment is a server or a virtual machine where the database is located. The big data platform is provided with a perfect big data analysis basic assembly and various artificial intelligence operators, realizes automatic operation and maintenance, and performs unified preprocessing, storage and calculation on multi-dimensional data such as safety log data, sensitive data, access flow of the sensitive data, leakage warning information of the sensitive data, user information for accessing the sensitive data and the like of each safety management assembly.
The data security brain integrates technologies such as multidimensional association, artificial intelligence analysis, complex network and user entity behavior analysis based on the calculation of a big data platform, realizes risk analysis monitoring, threat identification blocking, data tracing and tracking and security situation perception, and comprehensively realizes intellectualization, integration and visualization of data security protection.
User entity behavior analysis may provide, among other things, user portrayal and anomaly detection based on various analysis methods. The method can generally comprise a basic analysis method and a high-level analysis method, and the users and the entities are evaluated through intelligent analysis to find potential events related to activities with abnormal user or entity standard portrayal or behaviors. Wherein, the abnormal activity may be: abnormal access to the database by trusted or third party personnel, or intrusion by an external attacker bypassing the protection of the security management component.
And (4) data security risk analysis, wherein AI technologies such as complex network analysis and the like are adopted to globally search for complex relationships among different access behaviors, and features which cannot be captured based on a security protection strategy are found, so that data security protection is further improved. The high dependence of the existing data safety protection scheme on the analysis and judgment of professionals can be relieved, and automatic identification and intelligent monitoring protection of the safety risk of dynamically changed data are achieved. Real-time analysis, historical analysis and future risk situation prediction can be achieved.
And the data security situation perception is used for normalizing various heterogeneous data, performing correlation analysis, dynamically displaying the distribution condition of the sensitive data and the access behavior of the sensitive data, predicting the possible leakage risk of the sensitive data, and providing a clear, transparent and controllable data asset distribution access behavior situation.
Based on the data safety unified management system, the intelligent data safety operation can be realized, a real-time data risk analysis model is established by taking sensitive data as a core and taking data safety event management as a key process, and the safety unified management system assists safety operation and maintenance personnel to carry out event and risk analysis, early warning management and emergency response. On the basis of situation awareness, technologies such as multi-dimensional correlation analysis, security event automatic arrangement, visual presentation and the like of multi-source data are added, so that a client is helped to realize comprehensive monitoring of security situation, real-time early warning of security threat, full life cycle management of assets and vulnerabilities and automatic emergency response capability, the client is helped to quickly find, analyze and dispose security problems, and safe closed-loop management is realized. The safety operation is divided into different roles, such as safety management personnel, safety experts, safety operation and maintenance, safety analysts, safety emergency response personnel, safety researchers and the like, and in the process of integrating the whole life cycle of safety event management, the safety operation process is connected in series through the working process, so that the safety operation process is more standard and ordered.
On the basis of the above data security unified management system, the data security management method provided in the embodiment of the present application is described in detail.
Referring to fig. 2, a schematic flow chart of a data security management method according to an embodiment of the present application is shown, as shown in fig. 2, the method includes:
s10: receiving a data access request, the data access request comprising: identification of data to be accessed.
In this embodiment, the user sends a data access request to the database, where the data access request includes an identifier of data to be accessed by the user, where the identifier is a unique identifier of the data to be accessed, and may be, for example, an address of the data to be accessed.
S20: and determining whether the data to be accessed is sensitive data from a preset database according to the identifier of the data to be accessed.
Before determining whether the data to be accessed is sensitive data, the asset management component calls a scanning engine to perform full-network asset exploration based on a scanning strategy, determines at least one database of a data source, calls an identification model and an identification engine based on an identification strategy, identifies the data in the database to find the sensitive data in the database, classifies and grades the sensitive data based on classification and grading standards, and determines the sensitivity grade of the sensitive data, wherein the sensitivity grade comprises 1-5 grades, the first grade is public data, the second grade is low-sensitivity data, the third grade is more-sensitivity data, the fourth grade is sensitivity data, and the fifth grade is extremely-sensitivity data.
In this embodiment, the sensitivity level of the data to be accessed is determined according to the identifier of the data to be accessed and the classification and classification result of the sensitive data.
S30: and if the data is sensitive data, performing safety protection on the sensitive data by adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data.
In this embodiment, the data security unified management platform makes multiple protection policies for the sensitive data according to the service requirements, and sends the multiple protection policies to the corresponding security management components. The asset management component sends the sensitive data and the classification grading result to the data security unified management platform, the data security unified management platform shares the classification grading result of the sensitive data to each security management component, and each security management component carries out corresponding security protection on the sensitive data based on a security management strategy.
In one possible implementation, the multiple protection strategies corresponding to the sensitivity levels include: the storage protection policy S30 includes:
and carrying out encryption protection on the sensitive data by adopting a storage protection strategy corresponding to the sensitive grade, wherein the encryption protection comprises the following steps: full ciphertext and partial ciphertext.
Specifically, the data encryption component adopts a storage protection strategy, and performs encryption protection of different levels on sensitive data based on the sensitivity level of the sensitive data. If the sensitivity level of the sensitive data is the fourth level or the fifth level, all ciphertext encryption is carried out on the sensitive data, and if the sensitivity level of the sensitive data is the second level or the first level, partial ciphertext encryption is carried out on the sensitive data; if the sensitivity level of the sensitive data is the first level, namely the public data, encryption is not needed, and the sensitive data is directly displayed in a plaintext mode.
If the sensitive data is unstructured data, the data leakage protection component can also perform encryption protection on the unstructured sensitive data by adopting the storage protection strategy. If the sensitive data is structured data, the encryption mode is database encryption, and if the sensitive data is unstructured data, the encryption mode is document encryption.
In another possible implementation manner, the multiple protection policy corresponding to the sensitivity level further includes: the access protection policy S30 further includes:
and performing access authority protection and desensitization protection on the sensitive data by adopting an access protection strategy corresponding to the sensitivity level, wherein the access authority protection comprises the following steps: the access authority, the authorized access authority and the full access authority are approved, and desensitization protection is as follows: dynamic desensitization.
In this embodiment, the data firewall component adopts an access protection policy, and sets the access permission for the sensitive data based on the sensitivity level of the sensitive data. If the sensitivity level of the sensitive data is the fifth level, the access authority of the sensitive data is set as an approval access authority, namely, the access requirement of an access user can be accessed only after being approved by a manager; if the sensitivity level of the sensitive data is the second level, the third level or the fourth level, the access authority of the sensitive data is set as an authorized access authority, namely, the access user can only be an authorized user, and the authorized user can only access after being authenticated by using an access password; if the sensitivity level of the sensitive data is the first level, namely the public data, the access authority of the public data is set to be the full access authority, namely any user can directly access the public data.
The data desensitization component carries out desensitization processing on the sensitive data by adopting an access protection strategy based on the sensitivity level of the sensitive data, namely carrying out dynamic desensitization operation on the sensitive data with different sensitivity levels according to different desensitization rules. The dynamic desensitization is to adopt a preset desensitization algorithm to deform, shield, replace and randomize sensitive data in the data, convert the sensitive data into fictional data, or perform fuzzy processing on the sensitive data in the data.
In another possible implementation manner, the multiple protection policy corresponding to the sensitivity level further includes: the shared protection policy, S30 further includes:
and adopting a sharing protection strategy corresponding to the sensitivity level to carry out export protection and leakage protection on the sensitive data, wherein the export protection comprises the following steps: forbidding export, approval export, authorization export and direct export, the leakage protection comprises: desensitization protection and leakage protection, desensitization protection is used for revealing the protection to structured data, prevents leaking and is used for revealing the protection to unstructured data.
In this embodiment, the data firewall component adopts a shared protection policy, and performs export protection on the sensitive data and sets export permission on the sensitive data based on the sensitivity level of the sensitive data. If the sensitivity level of the sensitive data is the fifth level, the export permission of the sensitive data is set as the export prohibition permission, namely, the sensitive data can only be accessed and checked but not exported; if the sensitivity level of the sensitive data is the fourth level, the export authority of the sensitive data is set as an approval export authority, namely, the sensitive data can be exported after being approved by a manager when being exported by a user; if the sensitivity level of the sensitive data is the third level or the second level, the export permission of the sensitive data is set as the authorized export permission, only the authorized user can export the sensitive data, and other users have no right to export the sensitive data; if the sensitivity level of the sensitive data is the first level, namely the public data, the export authority of the public data is set to be directly exported, namely, any authority control is not needed.
And the data desensitization component adopts a shared protection strategy and desensitizes the sensitive data when the sensitive data is exported based on the sensitivity level of the sensitive data. During desensitization, different desensitization modes can be adopted according to the application scene of sensitive data. If the derived sensitive data is applied to scenes such as testing, development, training, data analysis and the like, static desensitization is adopted, the data after the static desensitization can still be used, and the static desensitization is actually to move and simulate and replace the sensitive data according to desensitization rules. For example, the sensitive data is "Zhang three", and the data derived after static desensitization is "Liquan". If a data use scenario requiring direct access to production data, such as data operation and maintenance management and application access, is adopted, dynamic desensitization is performed during sensitive data access, for example, the sensitive data needs to be displayed, but the entire content of the sensitive data does not need to be displayed, and dynamic desensitization can be performed.
In yet another possible implementation manner, the multiple protection policy corresponding to the sensitivity level further includes: the audit protection policy of S30 above, further comprising:
adopting an audit protection strategy corresponding to the sensitivity level to perform audit protection on the sensitive data, wherein the audit protection comprises the following steps: field level auditing, table level auditing, and file level auditing.
In this embodiment, the data auditing component adopts an auditing protection strategy, and audits the behavior of accessing the sensitive data based on the sensitivity level of the sensitive data. If the sensitivity level of the sensitive data is the fifth level or the fourth level, auditing the behavior of accessing the sensitive field in the sensitive data, and judging whether the condition of accessing the sensitive field violates; if the sensitivity level of the sensitive data is the third level or the second level, auditing the behavior of accessing the table or the file where the sensitive data is located, and judging whether the condition of accessing the sensitive data table or the file in a violation manner exists; if the sensitivity level of the sensitive data is the first level, namely the public data, the auditing of the access behavior is not needed.
For example, table 1 shows a correspondence relationship between the sensitivity level of sensitive data and a multi-protection policy.
TABLE 1 correspondence between sensitivity level of sensitive data and multi-protection policy
The data security management method provided by the embodiment of the application receives a data access request, wherein the data access request comprises the following steps: an identification of data to be accessed; determining whether the data to be accessed is sensitive data from a preset database according to the identifier of the data to be accessed; and if the data is sensitive data, performing safety protection on the sensitive data by adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data. According to the scheme of the embodiment of the application, multiple safety protection can be performed on the sensitive data based on the sensitivity level of the sensitive data and multiple protection strategies, strategy conflict among the multiple protection strategies is avoided, the data safety protection capability is improved, and data safety is guaranteed.
On the basis of the above embodiments, the embodiments of the present application further provide a data security management method. Referring to fig. 3, a schematic flow chart of another data security management method according to an embodiment of the present application is shown, and as shown in fig. 3, the method further includes:
s40: and counting the access flow of the sensitive data.
In this embodiment, the data firewall component and the data auditing component both have an access flow counting function, and perform different levels of auditing on the behavior of accessing sensitive data by using the data firewall component and/or the data auditing component, and count the access flow of the sensitive data in an auditing process, or count the frequency of accessing the sensitive data by the same user within a preset time, so as to monitor whether the access request of the sensitive data has a risk or not in real time.
S50: and determining the leakage risk of the sensitive data based on the access flow, and generating leakage alarm information of the sensitive data.
In this embodiment, if it is determined that the sensitive data has a leakage risk based on the access flow, the warning information of the sensitive data may be generated by the data firewall component and/or the data auditing component, and sent to the data security unified management platform.
And the data security unified management platform responds to the alarm information in real time according to a preset alarm response script. For example, if the alarm information shows that the sensitive data is subjected to illegal access, that is, a user accessing the sensitive data does not directly access the sensitive data through identity authentication, the data security unified management platform calls a data firewall component to directly intercept and block the access behavior; if the alarm information shows that the sensitive data is accessed by unauthorized, namely, a user without access authority accesses the sensitive data, the data security unified management platform calls the data desensitization component to perform dynamic desensitization on the sensitive data and returns the data after the dynamic desensitization to the access user.
According to the data security management method provided by the embodiment of the application, the access flow of the sensitive data is counted, the leakage risk of the sensitive data is determined based on the access flow, and the leakage warning information of the sensitive data is generated. According to the scheme of the embodiment of the application, the abnormal access of the sensitive data is monitored, and when the sensitive data has leakage risks, the alarm information is generated, so that the sensitive data is prevented from being leaked, and the data safety is guaranteed.
On the basis of the foregoing embodiment, an embodiment of the present application further provides a data security management method, where after determining a leakage risk of sensitive data based on access traffic and generating leakage alarm information of the sensitive data, the method further includes:
analyzing whether a user accessing sensitive data is an abnormal user or not based on the multidimensional data, wherein the multidimensional data comprises: safety log data, sensitive data, access flow of the sensitive data, access user information and leakage alarm information.
In the embodiment, the data security brain module is used for calculating and processing the sensitive data, the access flow of the sensitive data, the access user information, the security log data of each security management component and the leakage alarm information, and analyzing whether the user entity behavior is abnormal or not. For example, whether there is an abnormal access to the database by the user or a third party person, such as an unauthorized access, or whether there is an intrusion by an external attacker bypassing the security management component, i.e., an illegal access.
The data security management method provided in this embodiment analyzes whether a user accessing sensitive data is an abnormal user based on multidimensional data, where the multidimensional data includes: safety log data, sensitive data, access flow of the sensitive data, access user information and leakage alarm information. According to the scheme of the embodiment of the application, abnormal access behaviors can be analyzed and identified, corresponding safety protection is carried out, and data safety is guaranteed.
Referring to fig. 4, a diagram of an example of a process of data security protection according to an embodiment of the present application is shown based on the foregoing data security management method. As shown in fig. 4, a plurality of security management components are installed in one key to a server or a virtual machine where a database is located, where the database may include a cloud database, a gateway database, and a terminal database. The database is scanned by the asset management component using a scanning engine based on the scanning policy to determine data included in the database. Based on the identification strategy, an identification model and an identification engine are called to identify sensitive data, and the sensitive data are classified and graded according to the existing classification and grading standards.
The data security unified management platform sends multiple protection strategies to the multiple security management components based on classification grading results, the data encryption components perform one-key encryption on data based on a storage protection strategy, the data desensitization components perform one-key desensitization on the data based on a shared protection strategy and an access protection strategy, the data firewall components perform interception and blocking on illegal access based on the access protection strategy and perform dynamic desensitization on unauthorized access, and the data auditing components are used for auditing access behaviors of sensitive data and generating risk alarms.
Based on the above data security management method, please refer to fig. 5, which is an interaction diagram of a data security unified management platform and a plurality of security management components provided in an embodiment of the present application. As shown in fig. 5, the data interaction mode between the data security unified management platform and each security management component includes: pushing and pulling. The basic data synchronization adopts a pulling mode: namely, each security management component actively acquires corresponding data from the data security unified management platform through a notification mechanism of the message middleware according to the API specification provided by the data security unified management platform. The state and alarm information adopt a push mode: and each safety management platform pushes state and alarm information to the data safety unified management platform according to the unified syslog format. Corresponding actions such as encryption, desensitization, blocking and the like are pushed to each safety management component by a data safety unified management platform through an Application Program Interface (API), each safety management component automatically responds according to an agreed alarm response script, and a response result is returned to the data safety unified management platform. When the data security unified management platform performs the operations of adding, deleting and modifying the managed data, the related messages are sent, each security management component subscribes the related messages, corresponding actions are required to be completed after the messages are received, the platform side inquires the required data, and the inquired data is stored, so that the data synchronization is completed. The data security unified management platform provides a standard WEB API interface for a subscriber to inquire related data.
On the basis of the foregoing embodiments, an embodiment of the present application further provides a virtual device applied to the foregoing data security management method, please refer to fig. 6, which is a schematic structural diagram of a data security management device provided in the embodiment of the present application, and the device includes:
an access request receiving module 10, configured to receive a data access request, where the data access request includes: an identification of data to be accessed;
the sensitive data determining module 20 is configured to determine whether the data to be accessed is sensitive data from a preset database according to the identifier of the data to be accessed;
and the sensitive data protection module 30 is configured to, if the data is sensitive data, perform security protection on the sensitive data by using a multiple protection policy corresponding to a sensitivity level of the sensitive data.
Optionally, the multiple protection strategies corresponding to the sensitivity levels include: the storage protection policy and sensitive data protection module 30 is specifically configured to perform encryption protection on the sensitive data by using a storage protection policy corresponding to a sensitive level, where the encryption protection includes: full ciphertext and partial ciphertext.
Optionally, the multiple protection policy corresponding to the sensitivity level further includes: the access protection policy and the sensitive data protection module 30 are further configured to perform access right protection and desensitization protection on the sensitive data by using the access protection policy corresponding to the sensitivity level, where the access right protection includes: the access authority, the authorized access authority and the full access authority are approved, and desensitization protection is as follows: dynamic desensitization.
Optionally, the multiple protection policy corresponding to the sensitivity level further includes: the shared protection policy and the sensitive data protection module 30 are further configured to perform export protection and leakage protection on the sensitive data by using the shared protection policy corresponding to the sensitive level, where the export protection includes: forbidding export, approval export, authorization export and direct export, the leakage protection comprises: desensitization protection and leakage protection, desensitization protection is used for revealing the protection to structured data, prevents leaking and is used for revealing the protection to unstructured data.
Optionally, the multiple protection policy corresponding to the sensitivity level further includes: the audit protection strategy and the sensitive data protection module 30 are further configured to perform audit protection on the sensitive data by using the audit protection strategy corresponding to the sensitive grade, where the audit protection includes: field level auditing, table level auditing, and file level auditing.
Optionally, the apparatus further comprises:
the flow statistic module is used for counting the access flow of the sensitive data;
and the warning information generating module is used for determining the leakage risk of the sensitive data based on the access flow and generating the leakage warning information of the sensitive data.
Optionally, the apparatus further comprises:
an abnormal user analysis module, configured to analyze whether a user accessing sensitive data is an abnormal user based on multidimensional data, where the multidimensional data includes: safety log data, sensitive data, access flow of the sensitive data, access user information and leakage alarm information.
The above-mentioned apparatus is used for executing the method provided by the foregoing embodiment, and the implementation principle and technical effect are similar, which are not described herein again.
These above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors, or one or more Field Programmable Gate Arrays (FPGAs), etc. For another example, when one of the above modules is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Referring to fig. 7, which is a schematic diagram of a computer device according to an embodiment of the present disclosure, as shown in fig. 7, the computer device 100 includes: the computer system comprises a processor 101, a storage medium 102 and a bus, wherein the storage medium 102 stores program instructions executable by the processor 101, when the computer device 100 runs, the processor 101 communicates with the storage medium 102 through the bus, and the processor 101 executes the program instructions to execute the method embodiments.
Optionally, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the storage medium, and when the computer program is executed by a processor, the method and the system perform the above embodiment, and the specific implementation manner and the technical effect are similar, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute some steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and shall be covered by the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A method for managing data security, the method comprising:
receiving a data access request, the data access request comprising: an identification of data to be accessed;
determining whether the data to be accessed is sensitive data from a preset database according to the identifier of the data to be accessed;
and if the sensitive data is the sensitive data, performing safety protection on the sensitive data by adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data.
2. The method of claim 1, wherein the multiple protection policies for the sensitivity level comprise: storing a protection strategy, wherein the multiple protection strategies corresponding to the sensitivity level of the sensitive data are adopted to perform security protection on the sensitive data, and the method comprises the following steps:
and performing encryption protection on the sensitive data by adopting the storage protection strategy corresponding to the sensitivity level, wherein the encryption protection comprises the following steps: full ciphertext and partial ciphertext.
3. The method of claim 2, wherein the multi-protection policy for the sensitivity level further comprises: the method for performing security protection on the sensitive data by adopting the multiple protection strategies corresponding to the sensitivity level of the sensitive data comprises the following steps:
and performing access authority protection and desensitization protection on the sensitive data by adopting the access protection strategy corresponding to the sensitivity level, wherein the access authority protection comprises the following steps: the access right, the authorized access right and the full access right are approved, and the desensitization protection is as follows: dynamic desensitization.
4. The method of claim 2, wherein the multi-protection policy for the sensitivity level further comprises: the sharing protection strategy is used for carrying out safety protection on the sensitive data by adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data, and comprises the following steps:
adopting the shared protection strategy corresponding to the sensitivity level to carry out export protection and leakage protection on the sensitive data, wherein the export protection comprises the following steps: forbidding export, approval export, authorization export and direct export, the leakage protection comprises: desensitization protection and leakage protection, desensitization protection is used for revealing the protection to structured data, prevents leaking and is used for revealing the protection to unstructured data.
5. The method of claim 2, wherein the multi-protection policy for the sensitivity level further comprises: and an audit protection strategy, wherein the safety protection is performed on the sensitive data by adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data, and the method comprises the following steps:
adopting the audit protection strategy corresponding to the sensitivity level to perform audit protection on the sensitive data, wherein the audit protection comprises the following steps: field level auditing, table level auditing, and file level auditing.
6. The method of claim 5, wherein the method further comprises:
counting the access flow of the sensitive data;
and determining the leakage risk of the sensitive data based on the access flow, and generating leakage alarm information of the sensitive data.
7. The method of claim 6, wherein after the determining a risk of leakage of the sensitive data based on the access traffic, generating leakage warning information for the sensitive data, the method further comprises:
analyzing whether a user accessing the sensitive data is an abnormal user or not based on the multidimensional data, wherein the multidimensional data comprises: safety log data, the sensitive data, the access flow of the sensitive data, access user information and the leakage alarm information.
8. A data security management apparatus, characterized in that the apparatus comprises:
an access request receiving module, configured to receive a data access request, where the data access request includes: an identification of data to be accessed;
the sensitive data determining module is used for determining whether the data to be accessed is sensitive data from a preset database according to the identifier of the data to be accessed;
and the sensitive data protection module is used for adopting a multiple protection strategy corresponding to the sensitivity level of the sensitive data to perform safety protection on the sensitive data if the sensitive data is the sensitive data.
9. A computer device, comprising: a processor, a storage medium and a bus, the storage medium storing program instructions executable by the processor, the processor and the storage medium communicating via the bus when the computer device is running, the processor executing the program instructions to perform the steps of the data security management method according to any one of claims 1 to 7.
10. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of data security management according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111552275.2A CN114372286A (en) | 2021-12-17 | 2021-12-17 | Data security management method and device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111552275.2A CN114372286A (en) | 2021-12-17 | 2021-12-17 | Data security management method and device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114372286A true CN114372286A (en) | 2022-04-19 |
Family
ID=81140923
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111552275.2A Pending CN114372286A (en) | 2021-12-17 | 2021-12-17 | Data security management method and device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114372286A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114884742A (en) * | 2022-06-02 | 2022-08-09 | 深圳市斑点猫软件有限公司 | Business data sharing method and system based on privacy computing technology |
| CN114979281A (en) * | 2022-07-11 | 2022-08-30 | 成都信息工程大学 | Data interaction method applied to industrial internet cloud service platform |
| CN115114647A (en) * | 2022-08-26 | 2022-09-27 | 湖南华菱电子商务有限公司 | Customer information management method and system for constructing customer portrait based on digital middlebox |
| CN115277046A (en) * | 2022-05-24 | 2022-11-01 | 中国电信股份有限公司 | 5G capability open security control method, device, equipment and storage medium |
| CN115906131A (en) * | 2022-12-23 | 2023-04-04 | 星环信息科技(上海)股份有限公司 | Data management method, system, equipment and storage medium |
| CN116578994A (en) * | 2023-06-29 | 2023-08-11 | 北京亿赛通科技发展有限责任公司 | Data security operation method, computer device and computer storage medium |
| CN116595573A (en) * | 2023-04-14 | 2023-08-15 | 敦源信息科技(广州)有限公司 | Data security reinforcement method and device for traffic management information system |
| CN116723042A (en) * | 2023-07-12 | 2023-09-08 | 北汽蓝谷信息技术有限公司 | Data packet security protection method and system |
| CN117195253A (en) * | 2023-08-24 | 2023-12-08 | 南京证券股份有限公司 | Personal information security protection method and system |
| CN117270785A (en) * | 2023-10-13 | 2023-12-22 | 北京泓鹏网络科技有限公司 | Data security storage method and system based on big data platform |
| CN117435523A (en) * | 2023-12-21 | 2024-01-23 | 北京中超伟业信息安全技术股份有限公司 | Automatic storage medium destroying method based on data sensitivity level identification |
-
2021
- 2021-12-17 CN CN202111552275.2A patent/CN114372286A/en active Pending
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115277046A (en) * | 2022-05-24 | 2022-11-01 | 中国电信股份有限公司 | 5G capability open security control method, device, equipment and storage medium |
| CN115277046B (en) * | 2022-05-24 | 2024-01-30 | 中国电信股份有限公司 | 5G capability open security control method, device, equipment and storage medium |
| CN114884742A (en) * | 2022-06-02 | 2022-08-09 | 深圳市斑点猫软件有限公司 | Business data sharing method and system based on privacy computing technology |
| CN114884742B (en) * | 2022-06-02 | 2024-03-29 | 深圳市斑点猫软件有限公司 | Service data sharing method and system based on privacy computing technology |
| CN114979281A (en) * | 2022-07-11 | 2022-08-30 | 成都信息工程大学 | Data interaction method applied to industrial internet cloud service platform |
| CN114979281B (en) * | 2022-07-11 | 2022-11-08 | 成都信息工程大学 | Data interaction method applied to industrial internet cloud service platform |
| CN115114647A (en) * | 2022-08-26 | 2022-09-27 | 湖南华菱电子商务有限公司 | Customer information management method and system for constructing customer portrait based on digital middlebox |
| CN115114647B (en) * | 2022-08-26 | 2022-11-11 | 湖南华菱电子商务有限公司 | Customer information management method and system for constructing customer portrait based on digital middlebox |
| CN115906131B (en) * | 2022-12-23 | 2024-01-26 | 星环信息科技(上海)股份有限公司 | Data management method, system, equipment and storage medium |
| CN115906131A (en) * | 2022-12-23 | 2023-04-04 | 星环信息科技(上海)股份有限公司 | Data management method, system, equipment and storage medium |
| CN116595573B (en) * | 2023-04-14 | 2024-01-19 | 敦源信息科技(广州)有限公司 | Data security reinforcement method and device for traffic management information system |
| CN116595573A (en) * | 2023-04-14 | 2023-08-15 | 敦源信息科技(广州)有限公司 | Data security reinforcement method and device for traffic management information system |
| CN116578994B (en) * | 2023-06-29 | 2023-10-03 | 北京亿赛通科技发展有限责任公司 | Data security operation method, computer device and computer storage medium |
| CN116578994A (en) * | 2023-06-29 | 2023-08-11 | 北京亿赛通科技发展有限责任公司 | Data security operation method, computer device and computer storage medium |
| CN116723042A (en) * | 2023-07-12 | 2023-09-08 | 北汽蓝谷信息技术有限公司 | Data packet security protection method and system |
| CN116723042B (en) * | 2023-07-12 | 2024-01-26 | 北汽蓝谷信息技术有限公司 | Data packet security protection method and system |
| CN117195253A (en) * | 2023-08-24 | 2023-12-08 | 南京证券股份有限公司 | Personal information security protection method and system |
| CN117270785A (en) * | 2023-10-13 | 2023-12-22 | 北京泓鹏网络科技有限公司 | Data security storage method and system based on big data platform |
| CN117435523A (en) * | 2023-12-21 | 2024-01-23 | 北京中超伟业信息安全技术股份有限公司 | Automatic storage medium destroying method based on data sensitivity level identification |
| CN117435523B (en) * | 2023-12-21 | 2024-03-19 | 北京中超伟业信息安全技术股份有限公司 | Automatic storage medium destroying method based on data sensitivity level identification |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114372286A (en) | Data security management method and device, computer equipment and storage medium | |
| CN106411578B (en) | A kind of web publishing system and method being adapted to power industry | |
| CN111800395A (en) | Threat information defense method and system | |
| CN111245793A (en) | Method and device for analyzing abnormity of network data | |
| US7607169B1 (en) | User interface for network security console | |
| US7788722B1 (en) | Modular agent for network security intrusion detection system | |
| US7650638B1 (en) | Network security monitoring system employing bi-directional communication | |
| CN115733681A (en) | Data security management platform for preventing data loss | |
| US20140172495A1 (en) | System and method for automated brand protection | |
| CN110443048A (en) | Data center looks into number system | |
| KR20040035572A (en) | Integrated Emergency Response System in Information Infrastructure and Operating Method therefor | |
| CN104166812A (en) | Database safety access control method based on independent authorization | |
| Miloslavskaya | Security operations centers for information security incident management | |
| CN112115482A (en) | Big data-based data security monitoring system for protecting data | |
| Beigh et al. | Intrusion Detection and Prevention System: Classification and Quick | |
| CN112039862A (en) | Multi-dimensional stereo network-oriented security event early warning method | |
| CN113032793A (en) | Intelligent reinforcement system and method for data security | |
| CN113516337A (en) | Method and device for monitoring data security operation | |
| CN113794276A (en) | Power distribution network terminal safety behavior monitoring system and method based on artificial intelligence | |
| CN114157457A (en) | Authority application and monitoring method for network data information security | |
| CN114640548A (en) | Network security sensing and early warning method and system based on big data | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| US8572744B2 (en) | Information security auditing and incident investigation system | |
| CN114218194A (en) | Data bank safety system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20230321 Address after: Room 302, Building 5, 1818-2 Wenyi West Road, Yuhang Street, Yuhang District, Hangzhou City, Zhejiang Province, 310023 Applicant after: Hangzhou Shuyixin Technology Co.,Ltd. Address before: 310000 Room 201, unit 2, building 3, Xixi Zhenglu, Xihu District, Hangzhou City, Zhejiang Province Applicant before: Liu Weiwei |