What are the cases of data security?

"In the era of big data, while fully tapping and exerting the value of big data, there is an urgent need to solve problems such as data security and personal information protection." Shi Xiansheng, Deputy Secretary-General of internet society of china, pointed out when attending the meeting in Guiyang.

Employees secretly steal information from hundreds of millions of users.

Earlier this year, the Ministry of Public Security cracked a case of stealing and selling citizens' personal information.

The stolen user information mainly involves hundreds of millions of pieces in transportation, logistics, medical care, social networks, banks and other fields, and then the personal information of these users is sold on the internet black market in various ways. The police found that the main suspect behind the scenes was the employee of this company who leaked information.

Industry data security experts commented that this case leaked hundreds of millions of citizens' personal information, and the main problem lies in the shortcomings of internal data security management.

The situation abroad is not optimistic either. On September 22nd, 20 16, the global internet giant Yahoo confirmed that at least 500 million users' account information was stolen in 20 14. The stolen content involves the user's name, e-mail, telephone number, date of birth and some login passwords.

After the enterprise data information is leaked, it is easy for criminals to use it for profit in the operation of network black ash production. If the harm is light, stealing money will kill them. In August last year, Xu Yuyu, a Shandong college entrance examination student, was killed by a telecom fraud of 9,900 yuan in tuition fees. Other data security incidents can be seen.

In July last year, Microsoft windows 10 was also warned by CNIL, a French data protection regulator, for failing to comply with the EU's "safe harbor" regulations and collecting user data excessively.

The report issued by the Internet Research Center of Shanghai Academy of Social Sciences pointed out that with the prominent commercial value of data resources, activities such as data attack, theft, abuse and hijacking continued to flood, and showed the characteristics of industrialization, high technology and internationalization, posing new challenges to the ecological governance level of the country and data and the data security capability of the organization.

At present, the massive user data of important commercial websites is the core asset of enterprises, and it is also an important target for private hackers and even national attacks. The data security management of key enterprises is facing severe pressure.

How can enterprises and organizations improve their data security capabilities?

Enterprises urgently need to improve data security management capabilities.

"Big data security threats have penetrated into all aspects of big data industries such as data production, circulation and consumption, and all kinds of subjects including data sources, big data processing platforms and big data analysis services are threat sources." Hui Zhibin, director of the Information Research Institute of Shanghai Academy of Social Sciences, told the reporter that the risk causes of big data security incidents are complex and intertwined, including external attacks and internal leaks, as well as technical loopholes and management defects, both new risks caused by new technologies and new models, and traditional security issues.

On May 27th, Shi Xiansheng, Deputy Secretary-General of internet society of china, said that the Internet has increasingly become the foundation of economic and social operation, and the awareness, ability and protection means of network data security are facing new challenges.

The Network Security Law, which will be implemented in June this year 1, focuses on issues related to data leakage in enterprises and institutions. The bill requires all kinds of institutions to assume the responsibility of ensuring data security, namely confidentiality, integrity and availability. In addition, it is necessary to ensure that individuals are safe and controllable about their personal information.

According to Shi Xiansheng, as early as 20 15, the State Council issued the Action Plan for Promoting the Development of Big Data, clearly proposing to "improve the security guarantee system of big data" and "strengthen security support and improve the security and reliability level of key infrastructure equipment".

"At present, many enterprises and institutions do not know how to improve their data security management capabilities, nor do they know what standards to measure." An industry insider said that the crux of the problem is that domestic data security management is still in its infancy, and many enterprises have not established a data security evaluation system, or there is no complete evaluation reference standard.

"Big Data Security Capability Maturity Model" has applied for national standards.

During the Expo, the reporter learned from the "Big Data Security Industry Practice Summit Forum" that in order to solve this problem, the National Information Security Standardization Technical Committee and other functional departments, together with standardization experts and scholars in the field of data security and industry representative enterprises, set out to formulate a set of evaluation standards for institutional data security capabilities-"Big Data Security Capability Maturity Model", which is based on the Data Security Maturity Model (DSMM) proposed by Alibaba.

Zheng Bin, Minister of Security of Alibaba Group, introduced DSMM.

As the main drafter of the standard project, Zheng Bin, director of the security department of Alibaba Group, said that the standard is the first draft drafted by DSMM based on Alibaba's own practical experience in data security management, aiming at sharing Ali's experience with the same industry and improving the overall security capability of the industry.

"The information security of Internet users has never been a company's business." Zheng Bin said that the "Big Data Security Capability Maturity Model" was also jointly proposed by authoritative data security institutions, academic institutions and enterprises such as China Institute of Electronic Technology Standardization, National Information Security Engineering Technology Research Center, China Information Security Evaluation Center, Third Institute of Public Security, Tsinghua University and Alibaba Cloud Computing Co., Ltd..