CN115630404A - Data security management service method - Google Patents

Data security management service method Download PDF

Info

Publication number
CN115630404A
CN115630404A CN202211315087.2A CN202211315087A CN115630404A CN 115630404 A CN115630404 A CN 115630404A CN 202211315087 A CN202211315087 A CN 202211315087A CN 115630404 A CN115630404 A CN 115630404A
Authority
CN
China
Prior art keywords
data
identification
log
audit
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211315087.2A
Other languages
Chinese (zh)
Inventor
薛锋
陈莉
白健
安红章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202211315087.2A priority Critical patent/CN115630404A/en
Publication of CN115630404A publication Critical patent/CN115630404A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/36Creation of semantic tools, e.g. ontology or thesauri
    • G06F16/367Ontology
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/906Clustering; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis

Abstract

The invention discloses a data security management service method, which relates to the technical field of data management and comprises the following steps: scanning an enterprise data directory, collecting data and acquiring data information; classifying and grading safety while acquiring a data feature recognition result from the data information, and realizing data assets by identifying the data feature recognition result; verifying and confirming the data asset identification and the safety grading result; collecting enterprise log data; performing safety audit of the whole life cycle on the operation and use condition of the data asset according to the data asset identification and the log data; the invention meets the requirements of a safety protection system and tamping basic protection measures, and constructs a data safety management service system which is suitable for the current situation of an enterprise information system and meets the safety management standard of an organization.

Description

Data security management service method
Technical Field
The invention relates to the technical field of data management, in particular to a data security management service method.
Background
The statements in this section merely provide background information related to the present disclosure and may not constitute prior art.
With the issuance and implementation of the data security law of the people's republic of China, "treating according to the law" becomes the basic premise of legal compliance operation of data-holding enterprises in the market environment of the new era; the related information technology aiming at data security management becomes an important support for enterprises in the data security management process and the necessary capacity for preventing data security risks.
The basic premise of enterprise data safety control is to classify and grade data accurately, efficiently and comprehensively; but the following problems exist in the current enterprise data security management:
1. classifying and grading data without implementation rules; although the country has issued relevant laws and regulations for data classification and grading, no corresponding data classification and grading standard exists for each industry, and the actual situation of each enterprise is different without instructive implementation details; 2. data collating ability is deficient; due to insufficient reserve of self information technology capability of part of enterprises, an effective data classification grading tool cannot be established, or the enterprises are deficient in function, efficiency and accuracy, even the enterprises have no informatization construction capability at all, and cannot meet business requirements and safety requirements; 3. data auditing capacity is insufficient; when some internal systems of an enterprise stand, the data processing process of each system is complex and has different standards, the reconstruction difficulty is very high, or the technical basis of the reconstruction is not provided at all, and the auditing and monitoring functions of each system are independently realized, so that the repeated investment and the cost are high; 4. the data security management capability is not enough; a unified data management platform is built in part of enterprises, but the data security grading and data monitoring capabilities are lacked in the data life cycle circulation process, so that the risks of data mishandling and processing still exist, and further, illegal data production behaviors of the enterprises are possibly caused.
Disclosure of Invention
The invention aims to: aiming at the existing enterprise data safety management: the data security management service method has the advantages that the data classification of each industry has no implementation rule, part of enterprise data arrangement capacity is lack, part of enterprise data auditing capacity is insufficient, and part of enterprise data security management capacity is insufficient, the data security management service method meets the requirements of a security protection system and tamping basic protection measures, the data security management service system which is suitable for the current situation of an enterprise information system and meets the security management standards of an organization is constructed, and the problems are solved.
The technical scheme of the invention is as follows:
a data security management service method comprises the following steps:
scanning an enterprise data directory, collecting data and acquiring data information;
classifying and grading safety while acquiring a data feature recognition result from the data information, and realizing data assets by identifying the data feature recognition result;
verifying and confirming the data asset identification and the safety grading result;
collecting enterprise log data;
performing safety audit of the whole life cycle on the operation and use condition of the data asset according to the data asset identification and the log data; the full lifecycle security audit comprises: audit analysis, circulation traceability and safety early warning.
Further, the scanning the enterprise data directory comprises:
the method comprises the steps of detecting whether common data services exist or not through a service detection technology, attempting to send a request message, automatically identifying the type and the version number of a data source through protocol collision, and then performing full-volume or sampling scanning on the found data source through a data automatic scanning technology.
Further, the obtaining a data feature recognition result from the data information includes:
respectively extracting a file MD5, content HASH and fragment fuzzy HASH of the content aiming at the data of the structured base table and the data of the unstructured file;
when the data is structured base table data, firstly setting a sampling rule, carrying out sample extraction on the data, then carrying out keyword and regular expression matching on the sample data and original data information, and finally obtaining data characteristics and content identification results;
when the data is unstructured file data, firstly configuring a file format protocol, compiling a protocol analysis algorithm, then extracting original data information and data content of the file, and finally obtaining a file feature identification result.
Further, the classifying and the security grading comprise:
classifying and grading the data by adopting a natural language processing method according to the data feature recognition result through a trained data classification and grading model; and optimizing the data classification grading model according to multiple iterations of data and manual marking.
Further, the data assets realization through identification comprises the following steps:
and establishing a data identification model, and binding the data with the issued data identification to form a data asset library and a data identification library.
Further, the issuing of the data identifier comprises:
the data identification is issued by a safe and credible data identification authentication system, and the integrity and the authenticity of identification information are ensured by adopting a cryptographic technology;
the binding includes:
separate for all types of data and integral for individual data; the separation formula is as follows: constructing an identification-data mapping table; the integrated type is as follows: carrying out integrated sealing on the data and the identification;
the construction of the data asset library and the data identification library comprises the following steps:
and uniformly reporting the identification result to form a data asset library and a data identification library of the enterprise taking the data identification as a core.
Further, before collecting enterprise log data, discovering an audit object in an automatic discovery mode or a manual configuration mode;
the automatic discovery mode comprises the following steps: the method comprises the steps of detecting a database based on mirror image flow analysis, configuring an audit object scanning rule, screening out a data source serving as an audit object according to the scanning rule, and recording data source information;
the manual configuration mode comprises the following steps: and manually importing data source information in batch and adding the data source information to an audit target.
Further, the collecting enterprise log data includes:
recording the information of the audit object to form an audit log; the information of the audit object comprises: terminal information, client information and access behavior information;
and deeply analyzing the audit log based on semantic analysis to form an access log and an operation log of the audit object.
Further, the audit analysis includes: the mass log data are classified by clustering, counting, associating and the like on the data identification, and meanwhile, a log audit strategy is matched, and audit analysis is carried out through the log audit strategy;
the safety precaution includes: and forming a risk event and an alarm notification after the abnormal behavior is found based on the audit strategy, and timely notifying related equipment or systems and personnel through a push channel.
Further, the stream tracing comprises:
the method comprises the steps of finishing trusted evidence storage of data among a plurality of storage systems or devices by using a data consistency consensus algorithm, and storing log abstract information by using a chain hash book technology to ensure that log data cannot be tampered;
extracting data identification in the log, retrieving a data identification library according to the data identification, extracting data identification content under the data identification, analyzing identification information of related logs, synchronously matching operation behavior keywords of the log, and calculating association change of the data identification;
the method comprises the steps of using three types of data fingerprints including a file MD5, a content HASH and a fragment fuzzy HASH of the content to carry out similarity analysis on related data to form a blood-related graph based on the data, simultaneously forming a data behavior chain according to a time sequence of a log, and forming a source tracing path of the data by combining the blood-related graph, the data behavior chain and an entity identity and taking time as an axis.
Compared with the prior art, the invention has the beneficial effects that:
1. a data security management service method has high-efficiency data management and control; the data classification and classification standard is used as a guide to manage the data assets in advance, the data security strategy is used for carrying out full-flow management and control and monitoring sensitive data behaviors in advance, and safety audit is carried out on log data and tracking and tracing are carried out on the data assets in the later period.
2. A data security governance service method, on the basis of the intelligent data analysis; by taking data asset identification as a core, analyzing and analyzing data, particularly log data, based on the blood relationship and log sequence of the data identification, and discovering abnormal data behaviors and risk events in a relatively low-cost mode.
3. A data security management service method, which has a safe compliance path; the data safety management service is deployed, so that the data safety management of the interior of an enterprise can be finished, the data safety management service can be further linked with the data safety management service of a supervision mechanism, the sensitive data identification and the risk event of the enterprise can be reported, the supervision mechanism can master the data safety condition of the enterprise under the condition that the sensitive data are not leaked, and the compliance safety of the enterprise data is facilitated.
Drawings
FIG. 1 is a flow chart of a data security administration service method;
FIG. 2 is a data security administration technology model;
FIG. 3 is a data identification marking process;
FIG. 4 is a data security policy management flow;
FIG. 5 is a data security audit flow;
FIG. 6 is a data tracing process.
Detailed Description
It is noted that relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The features and properties of the present invention are described in further detail below with reference to examples.
Example one
Referring to fig. 1 to 6, the present embodiment provides a data security administration service method for solving the problems pointed out in the background art, which satisfies the requirements of a security protection system and tamper basic protection measures, constructs a data security administration service system that is adapted to the current situation of an enterprise information system and satisfies the security management specifications of an organization, and deploys the data security administration service system in an enterprise information network; the method comprises the steps of acquiring terminal data, stored data, network data and third-party data through front-end data acquisition, marking the data according to a data classification and classification model, analyzing the log, extracting, analyzing and analyzing identification data, finishing data safety situation presentation and using the data safety situation presentation as a safety command brain of enterprise data.
A data security governance service method adopts the technical model: the data security management service method is divided into 5 models by taking a data identifier as a core, namely data security identifier management, data security policy management, data security audit, data security tracking and source tracing and data security situation presentation: the method comprises the steps of collecting and marking data of related data security systems and equipment, outputting data security strategies for the related data security systems and the equipment according to a unified data security system and standard of an enterprise or a supervisory organization, simultaneously collecting and analyzing logs of the corresponding data security system equipment and part of service systems, auditing the data assets of circulation by taking data identification as a main auditing object, finding and recording abnormal data circulation behaviors and risks, and displaying related statistical and analysis information in the whole process by taking the data assets as a core.
Specifically, a data security management service method, the managed objects mainly include: business data, log data, behavior data and external shared data generated inside an enterprise, wherein the corresponding core process comprises the following steps: data security identification management, data security policy management, data security audit and data tracking and tracing.
Wherein, the data security identification management: after data acquisition is completed, sample data extraction needs to be carried out on the acquired data, data content is synchronously identified and extracted, a data classification and classification model based on AI technology is adopted to classify and classify the data based on the identification result of the data content, a data identification model is established, and a data body is bound with data identification to form a data asset library and a data identification library.
Data security policy management: following a data security external policy and a system related to data security management and governance, establishing a unified data security policy management system according to the data value and characteristics of an organization, defining a data security access control target and flow on the basis of an access control policy, and realizing data security exchange supervision based on identification; the method takes log analysis, security audit and risk alarm strategy management and control as keys to realize high-efficiency management and control of data security risk and threat.
And (3) data security audit: the method comprises the steps of establishing a full-flow data security audit mechanism of 'object discovery-event acquisition-audit analysis-alarm handling', automatically scanning and discovering a data security audit object, dynamically acquiring and analyzing operation events such as users, data and authorities, establishing a sensitive event domain management security fence, establishing a user behavior and risk event analysis model, realizing intelligent audit analysis and risk identification alarm based on an AI engine, improving data security risk control capability and improving data security event handling efficiency.
Tracing and tracing the data: based on a chain data structure, firstly, trusted data storage of data is completed, key operation log data are obtained as an analysis basis, and a chain of a data full life cycle is constructed based on expansion of user operation behavior analysis, data blood relationship analysis, data visualization and the like. The data circulation records under the data chain are analyzed in combination with the extraction and analysis of the data identification, so that the source tracing, responsibility positioning and credible evidence obtaining of the data leakage event are realized, and certain deterrence and supervision effects are achieved.
Through the four core processes, marking data, issuing a data security strategy, auditing and analyzing data circulation behaviors, forming a data tracing chain, and finishing data security management based on data identification; in the process, key analysis data, statistical data, risk events and the like can be displayed in a safety situation mode, and managers can master the data safety condition of enterprises conveniently.
A data security management service method specifically comprises the following steps:
scanning an enterprise data directory, collecting data and acquiring data information; preferably, the enterprise data directory includes, but is not limited to: enterprise terminals, enterprise server data directories;
classifying and grading safety while acquiring a data feature recognition result from the data information, and realizing data assets by identifying the data feature recognition result;
verifying and confirming the data asset identification and the safety grading result; preferably, this step is confirmed by an administrator of the enterprise;
collecting enterprise log data; preferably, log data of related systems such as enterprise terminals, storage, networks and applications are collected;
performing safety audit of the whole life cycle on the operation and use condition of the data asset according to the data asset identification and the log data; the full lifecycle security audit comprises: auditing analysis, circulation tracing and safety early warning; and finally, updating the data asset identification and the security policy according to the security audit result.
In this embodiment, specifically, the scanning the enterprise data directory includes:
the method comprises the steps of detecting whether common data services exist or not through a service detection technology, attempting to send a request message, automatically identifying the type and the version number of a data source through protocol collision, and performing full-volume or sampling scanning on the found data source through a data automatic scanning technology.
In this embodiment, specifically, the acquiring a data feature recognition result from the data information includes:
respectively extracting a file MD5, content HASH and fragment fuzzy HASH of the content aiming at the data of the structured base table and the data of the unstructured file, namely extracting data fingerprints;
when the data is structured base table data, firstly setting a sampling rule, carrying out sample extraction on the data, then carrying out keyword and regular expression matching on the sample data and original data information, and finally obtaining data characteristics and content identification results;
when the data is unstructured file data, a file format protocol (such as TXT, CSV, word, excel, powerPoint, PDF and the like) is firstly configured, a protocol analysis algorithm is written, original data information and data content of the file are extracted, and finally a file feature identification result is obtained.
In this embodiment, specifically, the core basis for classification and security classification is a data classification model, which specifically includes:
classifying and grading the data by adopting a natural language processing method (NLP) according to the data feature recognition result through a trained data classification and grading model; and optimizing a data classification hierarchical model according to multiple iterations of data and manual marking.
In this embodiment, specifically, the implementing data assets by identification is substantially to perform formatting and packaging on object data and data identification (i.e. data security identification), that is, "marking" on data, and specifically includes:
establishing a data identification model, and binding data and issued data identifications to form a data asset library and a data identification library; preferably, the issuance of the data identifier is issued by a secure and trusted data identifier authentication system, and the integrity and authenticity of the identification information are ensured by adopting a cryptographic technology, so that the data identifier is prevented from being tampered and counterfeited.
In this embodiment, specifically, the binding manner includes:
separate for all types of data and integral for individual data; the separation formula is as follows: constructing an identification-data mapping table; the integrated type is as follows: carrying out integrated sealing on the data and the identification;
the construction of the data asset library and the data identification library comprises the following steps:
and uniformly reporting the identification result to form a data asset library and a data identification library of the enterprise taking the data identification as a core.
In this embodiment, specifically, before collecting enterprise log data, a new audit object needs to be discovered in an automatic discovery manner or a manual configuration manner;
the automatic discovery mode comprises the following steps: the method comprises the steps of detecting a database based on mirror image flow analysis, configuring scanning rules (including a scanning network segment, scanning duration and the like) of an audit object, screening a data source serving as the audit object according to the scanning rules, and recording data source information (including information such as an IP address, a port number, a type and the like of the data source);
the manual configuration mode comprises the following steps: manually importing data source information in batch and adding the data source information to an audit target; the method specifically comprises the following steps: the type, version, IP address, port number and the like of the data source, a data source list can be added or omitted, and a plurality of database IPs can be classified into the same service database.
In this embodiment, specifically, the collecting enterprise log data includes:
recording the information of the audit object to form an audit log; the information of the audit object comprises: terminal information, client information and access behavior information; the information of the audit object comprises: terminal information, client information, access behavior information and the like of an audit object;
deep analysis is carried out on the audit logs based on semantic analysis, and access logs and operation logs of the audit objects are formed, wherein the operation logs comprise: operation logs such as data operation, user operation and authority operation.
In this embodiment, specifically, the audit analysis includes: the mass log data are classified by clustering, counting, associating and the like on the data identification, and meanwhile, a log audit strategy is matched, and audit analysis is carried out through the log audit strategy; if the operation frequency strategy is different from the usual operation frequency strategy, discovering the abnormal behavior and the internal threat of the internal user;
in this embodiment, specifically, the safety precaution includes: and forming a risk event and an alarm notice after abnormal behaviors are found based on the audit strategy, and timely notifying related equipment or systems and personnel through a push channel.
In this embodiment, specifically, the flow tracing includes:
the method comprises the steps that a data consistency consensus algorithm is used for completing credible evidence storage of data among a plurality of storage systems or devices, and log abstract information is stored through a chain hash book technology to ensure that log data cannot be tampered;
extracting data identification in the log, retrieving a data identification database according to the data identification, extracting data identification content under the data identification, analyzing identification information of related logs, synchronously matching operation behavior keywords of the log, and calculating association change of the data identification;
the method comprises the steps of using three types of data fingerprints including a file MD5, a content HASH and a content fragment fuzzy HASH to carry out similarity analysis on related data to form a data-based blood vessel map, forming a data behavior chain according to a time sequence of a log, and forming a data tracing path by combining the blood vessel map, the data behavior chain and an entity identity and taking time as an axis.
Example two
Embodiment two is further described with respect to embodiment one, and the same components are not described again here; the data security policy management specifically flows as follows:
(1) Rule customization: writing data identification judgment logic to form a data security rule according to the data security requirements of the country, the industry and the enterprise besides defining the general elements of the use object, the rule type, the rule risk level, the rule state and the like of the rule;
(2) Policy configuration: formulating a strategy template according to the security strategy inside the enterprise, wherein the strategy template comprises a strategy grade, an event trigger condition, a strategy response action and the like, and combining data security rules to form an executable task action;
(3) And (3) strategy issuing: and forming a data security policy issuing task according to the requirements of the enterprise internal business system, the data security and network security related system and equipment, and issuing the policy to target equipment and the system.
The above-mentioned embodiments only express the specific embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for those skilled in the art, without departing from the technical idea of the present application, several changes and modifications can be made, which are all within the protection scope of the present application.
The background section is provided to present the context of the invention in general, and work of the presently named inventors, to the extent it is described in this background section, as well as aspects of the description that may not otherwise qualify as prior art at the time of filing, are neither expressly nor impliedly admitted as prior art against the present invention.

Claims (10)

1. A data security administration service method is characterized by comprising the following steps:
scanning an enterprise data directory, collecting data and acquiring data information;
classifying and grading safety while acquiring a data feature recognition result from the data information, and realizing data assets by identifying the data feature recognition result;
verifying and confirming the data asset identification and the safety grading result;
collecting enterprise log data;
performing safety audit of the whole life cycle on the operation and use condition of the data asset according to the data asset identification and the log data; the full lifecycle security audit comprises: audit analysis, circulation traceability and safety early warning.
2. The method according to claim 1, wherein the scanning the enterprise data directory comprises:
the method comprises the steps of detecting whether common data services exist or not through a service detection technology, attempting to send a request message, automatically identifying the type and the version number of a data source through protocol collision, and performing full-volume or sampling scanning on the found data source through a data automatic scanning technology.
3. The data security management service method according to claim 1, wherein the obtaining of the data feature identification result from the data information includes:
respectively extracting a file MD5, content HASH and fragment fuzzy HASH of the content aiming at the data of the structured base table and the data of the unstructured file;
when the data is structured base table data, firstly setting a sampling rule, carrying out sample extraction on the data, then carrying out keyword and regular expression matching on the sample data and original data information, and finally obtaining data characteristics and content identification results;
when the data is unstructured file data, firstly configuring a file format protocol, compiling a protocol analysis algorithm, then extracting original data information and data content of the file, and finally obtaining a file feature identification result.
4. The data security management service method of claim 1, wherein the classifying and the security grading comprise:
classifying and grading the data by adopting a natural language processing method according to the data feature recognition result through a trained data classification and grading model; and optimizing the data classification grading model according to multiple iterations of data and manual marking.
5. The data security governance service method of claim 4, wherein the enabling data capitalization through identification comprises:
and establishing a data identification model, and binding the data with the issued data identification to form a data asset library and a data identification library.
6. The data security management service method of claim 5, wherein the issuing of the data identifier comprises:
the data is signed and issued by a safe and credible data identification authentication system, and the integrity and authenticity of identification information are ensured by adopting a cryptographic technology;
the binding includes:
separate for all types of data and integral for individual data; the separation formula is as follows: constructing an identification-data mapping table; the integrated type is as follows: carrying out integrated sealing on the data and the identification;
the construction of the data asset library and the data identification library comprises the following steps:
and uniformly reporting the identification result to form a data asset library and a data identification library of the enterprise taking the data identification as a core.
7. The data security management service method according to claim 1, wherein before collecting enterprise log data, an audit object is discovered in an automatic discovery manner or a manual configuration manner;
the automatic discovery mode comprises the following steps: database detection based on mirror image flow analysis can configure audit object scanning rules, screen out data sources as audit objects according to the scanning rules, and record data source information;
the manual configuration mode comprises the following steps: and manually importing data source information in batch and adding the data source information to an audit target.
8. The data security management service method of claim 7, wherein the collecting enterprise log data comprises:
recording the information of the audit object to form an audit log; the information of the audit object comprises: terminal information, client information and access behavior information;
and deeply analyzing the audit log based on semantic analysis to form an access log and an operation log of the audit object.
9. The data security management service method of claim 8, wherein the audit analysis comprises: clustering, counting and associating the data identification, classifying mass log data, matching a log audit strategy, and performing audit analysis through the log audit strategy;
the safety precaution includes: and forming a risk event and an alarm notification after the abnormal behavior is found based on the audit strategy, and timely notifying related equipment or systems and personnel through a push channel.
10. The data security governance service method of claim 8, wherein the flow tracing comprises:
the method comprises the steps of finishing trusted evidence storage of data among a plurality of storage systems or devices by using a data consistency consensus algorithm, and storing log abstract information by using a chain hash book technology to ensure that log data cannot be tampered;
extracting data identification in the log, retrieving a data identification library according to the data identification, extracting data identification content under the data identification, analyzing identification information of related logs, synchronously matching operation behavior keywords of the log, and calculating association change of the data identification;
the method comprises the steps of using three types of data fingerprints including a file MD5, a content HASH and a fragment fuzzy HASH of the content to carry out similarity analysis on related data to form a blood-related graph based on the data, simultaneously forming a data behavior chain according to a time sequence of a log, and forming a source tracing path of the data by combining the blood-related graph, the data behavior chain and an entity identity and taking time as an axis.
CN202211315087.2A 2022-10-26 2022-10-26 Data security management service method Pending CN115630404A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211315087.2A CN115630404A (en) 2022-10-26 2022-10-26 Data security management service method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211315087.2A CN115630404A (en) 2022-10-26 2022-10-26 Data security management service method

Publications (1)

Publication Number Publication Date
CN115630404A true CN115630404A (en) 2023-01-20

Family

ID=84907560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211315087.2A Pending CN115630404A (en) 2022-10-26 2022-10-26 Data security management service method

Country Status (1)

Country Link
CN (1) CN115630404A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117473225A (en) * 2023-10-17 2024-01-30 杭州智顺科技有限公司 Log data management method and device, electronic equipment and readable storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117473225A (en) * 2023-10-17 2024-01-30 杭州智顺科技有限公司 Log data management method and device, electronic equipment and readable storage medium

Similar Documents

Publication Publication Date Title
CN112699175B (en) Data management system and method thereof
CN107341401B (en) A kind of malicious application monitoring method and equipment based on machine learning
Sun et al. Detecting anomalous user behavior using an extended isolation forest algorithm: an enterprise case study
CN101751535B (en) Data loss protection through application data access classification
CN106572117B (en) A kind of detection method and device of WebShell file
CN103827810B (en) Asset model imports connector
CN109471846A (en) User behavior auditing system and method on a kind of cloud based on cloud log analysis
CN104298726B (en) A kind of BMS data-storage systems and its method based on database
CN109284631A (en) A kind of document desensitization system and method based on big data
EP2023572B1 (en) Method, computer program and apparatus for controlling access to a computer resource and obtaining a baseline therefor
CN110020687B (en) Abnormal behavior analysis method and device based on operator situation perception portrait
WO2012079836A1 (en) Method and system for creating and processing a data rule, data processing program, and computer program product
US11803461B2 (en) Validation of log files using blockchain system
CN112560031B (en) Lesovirus detection method and system
CN112417492A (en) Service providing method based on data classification and classification
CN113132311A (en) Abnormal access detection method, device and equipment
CN115630404A (en) Data security management service method
CN109388949B (en) Data security centralized management and control method and system
Skopik et al. Smart Log Data Analytics
CN110891071A (en) Network traffic information acquisition method, device and related equipment
CN116226894B (en) Data security treatment system and method based on meta bin
CN115296892B (en) Data information service system
KR101104300B1 (en) System of access management comprising exclusive tool for accessing of personal information database and method thereof
CN116881979A (en) Method, device and equipment for detecting data safety compliance
CN115115351B (en) Method and system for auditing environmental damage identification evaluation report

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination