摘要
强化安全意识和责任意识是做好数据安全管理工作的首要条件,人是数据安全建设中最重要的因素,一切数据安全管理规范和措施都是以人为基础的.从数据安全合规视角出发,依据《中华人民共和国数据安全法》(以下简称《数据安全法》),充分分析企业数据安全保护义务,创新设计了企业数据安全责任矩阵和数据安全事件追责矩阵,为企业提供建设数据安全合规管理体系过程中各利益攸关方所需的关键职能的设计思路,并依据关键职能给出了切实可行的问责方案,可以为各行业各单位落实《数据安全法》、构建数据安全组织建设和事件问责机制提供充分的参考.
Strengthening the awareness of security and responsibility is the primary condition for data security management.People are the most important factor in the construction of data security.All data security management specifications and technical measures are based on people.From the perspective of data security compliance,this article fully analyzes the corporate data security protection obligations in accordance with the Data Security Law,and innovatively designs the corporate data security responsibility matrix and data security incident accountability matrix to provide enterprises with the construction of data security compliance management.The design ideas for the key functions required by each stakeholder in the system process,and a practical accountability plan based on the key functions,can implement the Data Security Law for various industries and units,and build a data security organization.And the incident accountability mechanism to provide sufficient reference.
作者
艾龙
Ai Long(Data Security Governance Center,Beijing Topsec Network Security Technology Co.,Ltd.,Wuhan 430048)
出处
《信息安全研究》
CSCD
2023年第1期73-78,共6页
Journal of Information Security Research
关键词
数据安全
安全管理
数据安全职责
数据安全事件问责
数据安全管理体系
data security
security management
data security responsibilities
data security incident accountability
data security management system
