网络数据处理安全要求标准在数据安全认证领域的应用
Application of Network Data Processing Security Requirements in the Field of Data Security Certification
程瑜琦 1陈世翔 1徐羽佳 2任英杰 2张嘉玮 3王晖3
作者信息
- 1. 中国网络安全审查认证和市场监管大数据中心
- 2. 中国电子技术标准化研究院
- 3. 国家计算机网络应急技术处理协调中心
- 折叠
摘要
GB/T 41479-2022《信息安全技术 网络数据处理安全要求》的应用是《中华人民共和国数据安全法》落地实施的有效支撑,但作为一项新的标准其理解应用存在一定的困难.通过对标准应用的场景、过程、方法和成效进行介绍,展示了通过数据安全管理认证制度,成功地推动该标准应用的过程,并在企业内形成了数据安全建设、运行、自评价、三方评价、持续改进的良性循环,既为企业在该标准应用方面提供范例,也为其他标准的有效应用提供参考.
Abstract
The implementation of GB/T 41479-2022"Information security technology-Network data processing security requirements"effectively supports the enforcement of the"Data Security Law of the People's Republic of China".However,as a new standard,comprehending and applying it poses certain challenges.This paper sheds light on the scenarios,processes,methods,and outcomes of standard application,demonstrating the successful promotion of the standard application process through the data security management certification regulation.This approach fosters a virtuous cycle of data security construction,operation,self-evaluation,third-party evaluation and continuous improvement within enterprises.It not only offers a model for enterprises to adopt this standard but also serves as a reference for the effective application of other standards.
关键词
网络数据/数据处理/安全要求/数据安全认证Key words
network data/data processing/security requirements/data security certification引用本文复制引用
出版年
2024
NETL
NSTL
万方数据