摘要
安全的目的是为了保障发展,如何衡量一个拥有数据的组织的数据安全保护能力是十分重要的。本文探讨了拥有数据的组织面临的数据问题及挑战,介绍了大数据环境下数据安全发展趋势和完整的组织级数据安全能力框架,阐述了数据安全保护能力的实现路径及实践过程中可能遇到的难点,最后以某互联网金融企业为例,分析了利用数据安全能力成熟度模型指导企业进行数据安全保护能力建设的过程和方法。
The purpose of security is to safeguard development,therefore how to evaluate the competency of an organization regarding data security is very important.This paper discussed the problems and challenges faced by every organization that held data,described the development trend of data security in the big data era,introduced a comprehensive competency framework on organizational data security,set forth the path to enhance data protection competency,and highlighted several difficulties in its implementing process.The paper concluded with a case study of an Internet financial company,analyzed the processes and methods in using the data security competency maturity model to guide enterprises on data security capabilities construction.
作者
郑斌
ZHENG Bin(Department of Data Security, Alibaba Group, Hangzhou Zhejiang 311121, China)
出处
《信息安全与通信保密》
2017年第11期70-78,共9页
Information Security and Communications Privacy
关键词
大数据
安全能力
成熟度模型
安全管理
Big Data
security capability
maturity model
security management
作者简介
郑斌,阿里巴巴集团数据安全部总监。
