摘要
研究探讨铁路建设期数据的分类分级及相应的安全保护策略。在数据分类方面,按照中国国家铁路集团有限公司信息化规划和自身管理现状,将数据划分为5个业务一级子类,并进一步划分为多个业务二级子类,形成详实的数据分类表。根据国家规划和铁路建设特点,对每个业务二级子类进行细致分割,构建了多层次的数据类别体系。在数据分级方面,以影响对象、影响范围、可控程度、影响程度、敏感程度为考量因素,将数据分为4个安全等级,从低敏感到极敏感,为数据安全提供了清晰的层次划分。为了应对数据活动中的安全需求,提出技术安全、管理安全、网络安全3个方面的数据和网络安全防护体系:技术安全方面,明确采集、传输、存储、处理、共享、销毁6个方面的四级安全防护策略,以全生命周期角度确保数据的安全性;管理安全方面,明确安全审核、检查考核、应急处置、安全监督等管理措施,规范相关操作的安全管理流程;网络安全方面,明确各单位配置边界安全设备、统一终端安全管理软件,划分不同级别的网络安全防护,以保障网络的稳定和数据的安全传输。该研究对铁路建设期数据的分类分级和安全保护提供了全面的分析和解决方案,为铁路工程建设领域数据管理提供了理论和实践指导。
This paper studies and discusses the classification and grading of data during railway construction period and corresponding safety protection strategies.In terms of data classification,according to the informatization planning and its own management status of China State Railway Group Co.,Ltd.,the data is divided into 5 primary subcategories of services and further divided into multiple secondary subcategories of services to generate a detailed data classification table.According to the national planning and the characteristics of railway construction,each secondary subcategory of services is carefully divided to build a multi-level data category system.In terms of data grading,the data is divided into 4 security levels from low sensitivity to extreme sensitivity by taking into account the impact object,impact scope,controllability degree,impact degree and sensitivity degree,providing a clear hierarchical division in terms of data security.In order to meet the security requirements in data activities,this paper proposes a data and network security protection system from technical security,management security and network security:specifically,in terms of technical security,the four-level security protection strategy for acquisition,transmission,storage,processing,sharing and destruction is clarified to ensure data security from the perspective of full life cycle;in terms of management security,the management measures such as safety review,inspection and assessment,emergency response and safety supervision are specified,thus specifying the safety management process of relevant operations;in terms of network security,each organization shall be equipped with boundary security device and unified terminal security management software,and different levels of network security protection shall be defined to ensure the stability of the network and the secure transmission of data.This study provides a comprehensive analysis and solution for classification and grading as well as security protection of data during railway construction and provides theoretical and practical guidance for data management in the field of railway engineering construction.
作者
宋树宝
卢文龙
解亚龙
SONG Shubao;LU Wenlong;XIE Yalong(Beijing Jingwei Information Technology Co.,Ltd.,Beijing 100081,China;Institute of Computing Technology,China Academy of Railway Sciences Corporation Limited,Beijing 100081,China)
出处
《铁路技术创新》
2024年第2期13-20,共8页
Railway Technical Innovation
基金
中国国家铁路集团有限公司科技研究开发计划项目(N2023G079)。
关键词
铁路工程建设管理信息系统
数据分类分级
铁路信息数据
数据安全
railway engineering construction management information system
data classification and grading method
railway information data
data security
作者简介
第一作者:宋树宝(1993-),女,助理研究员。E-mail:826508414@qq.com。
