Research On Risk Management In The Transmission Phase Of Data Security Governance

In recent years,China has promulgated related laws and regulations of data security,including Cyber Security Law,Data Security Law of the People’s Republic of China,Personal Information Protection Law,and Regulations on the Security Protection of Critical Information Infrastructures.Data security governance in different industries is rising.As serious data leakage incidents and data governance violation and punishment cases occurred one after another,many state-owned enterprises and central enterprises became the first to look for more scientific and systematic data security governance methods.In the entire data governance lifecycle from data collection,data transmission,data storage,and data exchange to data destruction,more than half of data security incidents are related to the data transmission stage.Therefore,it is crucial to study risk management in the transmission stage of data security governance.This paper focuses on the study on the transmission stage of data security governance of Enterprise V,and identifies risks in the data transmission stage based on literature research,survey interview,and SWOT analysis.Finally,23 security risk factors in the data transmission stage were identified and Risk Checklist in the Transmission Stage of Data Security Governance was output.And then,through expert judgment and probability and impact matrix analysis method,quantitative analysis was made on the risks identified in the data transmission stage in the dimensions of risk occurrence probability and risk impact degree.Based on the analysis results,the risk items in the risk checklist were marked with risk levels one by one,including 5 high-level risks,13 medium-level risks,and 5 low-level risks.And then,risk response measures suitable for different levels were explored in the dimensions of management,technology,and operation.Finally,a risk tracking form was used to continuously track and monitor the changes after risk response in the data transmission stage,especially the possible secondary and residual risks to ensure the effectiveness of risk response measures.Through the research on risk management in the transmission stage of data security governance,the following conclusions were drawn.First,in the data transmission risk identification stage,for complicated data transmission business scenarios,comprehensive literature research,survey interview,and SWOT analysis can be used to identify potential security risks in the data transmission stage more comprehensively and achieve relatively good risk identification expectations.Second,in the data transmission risk assessment stage,the risk probability and impact matrix can be used to obtain the quantitative risk index of risk factors,which can be ranked from high to low to distinguish the data transmission risk grades more accurately.Third,in the data transmission risk response stage,different response measures are taken for risks of high level and medium to low levels and good data transmission risk response effects can be achieved.Fourth,in the data transmission risk tracking and monitoring stage,tools such as risk tracking form are used to regularly monitor,feedback,and record risks,which can effectively ensure closed-loop management of data transmission risks.