Big data security threats permeate all aspects of the big data industry such as data production, circulation and consumption, including data sources, big data processing platforms and big data analytics services and other aspects of the various types of subjects are the source of the threat." Shanghai Academy of Social Sciences, Director of the Institute of Information Hui Zhibin analyzed to the reporter that the risk causes of big data security incidents are complex and intertwined, both external attacks and internal leaks, both technical loopholes and management deficiencies, both new technologies and new modes of triggering the new risks, but also the continued triggering of traditional security issues.

On May 27, Shi Xiansheng, deputy secretary-general of the Internet Society of China (ISOC), said the Internet is increasingly becoming the basis of economic and social operations, and network data security awareness, capabilities and means of protection are facing new challenges.

The Cybersecurity Law, which will come into effect on June 1 this year, focuses on issues related to data leakage by business organizations. The bill requires that all types of organizations should effectively assume the responsibility of safeguarding data security, i.e. confidentiality, integrity and availability. It also needs to guarantee that individuals have safe and controllable access to their personal information.

Shi Xian Sheng introduced, in fact, as early as 2015, the State Council issued the "Outline of Action for Promoting the Development of Big Data", it is clear to "improve the security system of big data", "strengthen the security support, enhance the level of safety and reliability of infrastructure key equipment ".

"At present, many enterprises and organizations do not know how to improve their data security management capabilities, nor do they know what standards to base on as a measure." An industry source analyzed that the crux of the problem lies in the fact that domestic data security management is still in its infancy, and many enterprises and organizations have not set up a data security assessment system, or do not have a complete assessment of reference standards.

"Big Data Security Capability Maturity Model" has been submitted to the national standard application

During the Digital Expo, the reporter learned from the "Big Data Security Industry Practice Summit Forum" that in order to solve this problem, the National Information Security Standardization Technical Committee and other functional departments, together with the data security field, have been working together to develop a national standard. Committee and other functional departments and standardization experts and scholars in the field of data security and industry representative enterprises to develop a set of assessment standards for organizational data security capabilities - "Big Data Security Capability Maturity Model", the standard is based on Alibaba's proposed Data Security Maturity Model (Data Security Maturity Model (DSMM) proposed by Alibaba.

Figure: Zheng Bin, director of Alibaba Group's security department, introduces DSMM.

As the lead drafter of this standard project, Zheng Bin, director of Alibaba Group's security department, said the standard is the first draft of the DSMM formulated by Alibaba based on the results of its own practical experience in data security management and is designed to share Ali's experience with the same industry and enhance the industry's overall security capabilities.

"The information security of Internet users has never been the business of a particular company enterprise." Zheng Bin said the development of "big data security capability maturity model" is also by the China Electronic Technology Standardization Institute, the National Center for Information Security Engineering and Technology Research, China Information Security Evaluation Center, Public Security three, Tsinghua University and Ali Cloud Computing Co. and other industry authority data security institutions, academic units enterprises, etc. *** with the cooperation of the comments.

A data security researchers analyze, enterprises to enhance data security management capabilities, first of all to recognize their own data protection capability level, and then make up for the shortcomings and shortcomings of the symptomatic drugs, and the standard is precisely for the majority of enterprises in general, do not understand or are not clear about their own data security management capabilities of the problem.

From the standard structure, from the organization's data collection, storage, transmission, processing, exchange and destruction of six data life cycle, on the enterprise organization construction, systems and processes, technical tools and personnel capacity of the four key capacity dimensions, at least more than 30 security domains for a full range of assessment and evaluation, and ultimately will be divided into informal implementation of the organization's data security capabilities, plan tracking, full definition, quantitative control and continuous optimization. The final data security capability of the organization is divided into informal implementation, plan tracking, adequate definition, quantitative control and continuous optimization, and the capability maturity level from level 1 to level 5, with the higher level implying the stronger data security capability.