Research And Implementation Of Enterprise Data Security And Compliance Management

With the increasing strengthening of data security supervision at home and abroad,enterprise data security and compliance management has become a current research hot topic.From the perspective of data security and compliance,this paper studies the enterprise data security and compliance risk,puts forward the overall control method of enterprise data security and compliance management,designs and implements the fine-grained authority dynamic control scheme of user data query,which aims to provide theoretical and technical guidance and reference for enterprise data security and compliance management,and help enterprises avoid the risk of data security and compliance,improve the level of enterprise data security protection ability,and ensure data security and compliance effectively while maximizing the value of data use and flow.1.This paper studies the enterprise data security and compliance management standards,defines the definition of data security and security compliance,summarizes what data security compliance is,identifies the enterprise data security compliance standard library,combs,summarizes,analyzes and interprets the content of standards and the relationship between key standards,which provides standards and evaluation basis for the implementation of enterprise data security compliance risk assessment.2.A risk assessment model of enterprise data security compliance is proposed.Research on common risk assessment methods,design the principle of enterprise data security compliance risk assessment,and implement risk assessment based on the actual situation of the enterprise by using the combination of qualitative and quantitative assessment.The evaluation results show that the enterprise is facing multiple data security and compliance risks,and the problems such as sensitive data identification,data abuse,no fine-grained authority control ability,and many exposures of plain text data used and shared by data are prominent.The evaluation provides important guiding significance for enterprise data security and compliance management scheme.3.Put forward the overall scheme of enterprise data security compliance control,and put forward detailed control methods for core competencies.Design the overall data security and compliance control scheme from the four dimensions of planning,management,technology and operation,implement data classification and grading,and improve efficiency manually with the help of technical tools.For data use and sharing scenarios,ABAC authority principle and sensitive data desensitization principle are used to ensure data confidentiality in complex data use scenarios of enterprises.The scheme not only improves the data value,but also ensures the data security and compliance of the enterprise,and the scheme has good portability.4.A fine-grained authority dynamic control scheme for data query based on ABAC model is proposed,designed and implemented.The system is disassembled into four sub modules:trusted authentication source management,sensitive data authority verification,application and asynchronous approval,and white list user management.The scheme effectively protects sensitive data from malicious access or private query,considers the impact on the query efficiency of users’ real query needs,and improves the scheme,which provides a new idea for the management and control of enterprise data authority.