Journal of Information Security Reserach ›› 2021, Vol. 7 ›› Issue (10): 933-.

Previous Articles     Next Articles

Research on Data Classification and Grading Method Based on Data Security Law

  

  • Online:2021-10-09 Published:2021-10-09

基于《数据安全法》的数据分类分级方法研究

高磊1  赵章界1  林野丽2   翟志佳3    

  1. 1)(北京市大数据中心 北京 100101) 
    2)(北京市鑫诺律师事务所 北京 100053)
    3)(中电长城网际系统应用有限公司 北京 102209)

  • 通讯作者: 高磊
  • 作者简介:高磊 硕士,高级工程师.主要研究方向为网络空间安全、大数据安全、个人信息安全. cynh1005@126.com 赵章界 博士,高级工程师.主要研究方向为网络空间安全、大数据安全、个人信息安全. zhaozj@jxj.beijing.gov.cn 林野丽 硕士.主要研究方向为数据产业与合规、建设工程领域重大诉讼与仲裁. sabrina_12@126.com 翟志佳 主要研究方向为大数据安全、网络靶场应用、社会公共安全. . zhaizhijia@sina.com

Abstract: The Data Security Law of the People's Republic of China (hereinafter referred to as the Data Security Law) has been formally promulgated, which clearly stipulates that the state establishes data classification and grading protection system, and implements classified and graded protection for data. However, at present, the relevant standards and specifications of data classification and grading in China are relatively lacking, and the practical experiences that can be used for reference in various industries are relatively insufficient. How to effectively implement the data classification and grading protection is still a thorny problem. Based on Article 21 of the Data Security Law, this paper analyzes the factors such as the influence object, influence breadth and influence depth after the data is damaged, puts forward the principles and methods of data classification and data grading, and gives an implementation path of data classification and grading according to the application scenarios and industry characteristics of the data, which provide a certain reference for data classification and grading protection of various industries.

Key words: data security, data classification, data grading, influencing factor, implementation process

摘要: 《中华人民共和国数据安全法》(以下简称《数据安全法》)已正式出台,明确规定国家建立数据分类分级保护制度,对数据实行分类分级保护。但目前我国数据分类分级相关标准规范较为欠缺,各行业在数据分类分级方面可借鉴的实践经验较为不足,如何将数据分类分级保护工作有效落地实施仍是比较棘手的问题。以《数据安全法》第二十一条为基础,分析数据遭受破坏后的影响对象、影响广度、影响深度等因素,提出数据分类、数据分级的原则和方法,并根据数据的应用场景、行业特点等,给出一种数据分类和数据分级相结合的实施路径,为行业数据分类分级保护工作提供一定的参考。

关键词: 数据安全, 数据分类, 数据分级, 影响因素, 实施路径