Table of Content

    09 October 2021, Volume 7 Issue 10
    Establish the baseline of Cyberspace Security in accordance with the regulation on security protection of key information infrastructures
    2021, 7(10):  890. 
    Asbtract ( )   PDF (685KB) ( )  
    Related Articles | Metrics
    Construction of Data Security Evaluation and Certification System Wei Hao
    2021, 7(10):  894. 
    Asbtract ( )   PDF (426KB) ( )  
    Related Articles | Metrics
    Anonymisation and Proposals under MPC Application Scenarios
    2021, 7(10):  896. 
    Asbtract ( )   PDF (5945KB) ( )  
    References | Related Articles | Metrics
    Demands for data in various industries have experienced rapid growth since data became key production factor. Data Security Law (taking effect on September 1, 2021) enhanced an increasing comprehensive legal framework for information and data security in the PRC. Due to its private and sensitive nature, personal information will receive more rigorous protection and regulations under the Personal Information Protection Law of China. While details differ, the Draft Personal Information Protection Law of China shares main concepts of anonymization and de identification with its EU parallels. Starting from the regulations of Europe and the United States, this paper provides insights into the gaps between concepts of anonymization of the two parties, then we evaluate the feasibility and worthiness of learning for both. This paper combines the relevant provisions of China with the data transaction scenario based on multi-party computing (MPC), and analyzes the possible problems in the application of the relevant provisions of anonymization and de identification. Finally, from the perspective of personal information protection and data circulation, this paper puts forward suggestions on anonymization and de identification and their relevant provisions.
    Research on Security Technologies in Data Security Governance
    2021, 7(10):  907. 
    Asbtract ( )   PDF (1444KB) ( )  
    References | Related Articles | Metrics
     In recent years, the data-centric digital economy has been developed rapidly and its proportion in GDP continuously increase. However, behind the development, data security incidents occur frequently, and data security issues have attracted much attention. Under the background that data is regarded as a factor of production, data security governance with the goals of standardizing data processing activities, improving data security capabilities, and building a healthy data ecology is the key to make the data industry continue to develop. Though the "Data Security Law of the People’s Republic of China" provides direction for data security governance, the implementation of data security governance also requires corresponding technologies. In this paper, we introduce the basic concepts of data security, propose the data life cycle for data security governance, and study the applicable technologies at each stage of the data life cycle. After that, under the guidance of privacy protection and data ownership, we respectively introduce two technical routes of data security governance. Finally, we propose the ideas of data security governance.
    Practical Exploration of Data Security Governance
    2021, 7(10):  915. 
    Asbtract ( )   PDF (935KB) ( )  
    References | Related Articles | Metrics
    With the in-depth implementation of the “Data Security Law” and the further development of data element marketization, the technologies and practices related to data security governance will also develop continuously. However, so far, neither a unified understanding of the relevant practices of data security governance has been formed within the industry, nor relevant national and industrial standards have been introduced. This paper attempts to explore an effective data security governance practice from the aspects of data security governance objectives and methods. This paper also puts forward a set of data security governance system architecture, and describes in detail one by one the requirements of data security governance practice mechanism in terms of management, technology, evaluation and operation, etc., with key measures and technical requirements involved in the practice of data security governance introduced.
    Overview of Data Security Governance at Home and Abroad
    2021, 7(10):  922. 
    Asbtract ( )   PDF (3579KB) ( )  
    References | Related Articles | Metrics
    With the rapid development of digital economy, privacy infringement, data leakage, platform monopoly, misinformation and other issues emerge one after another, increasingly becoming an important issue that threatens individual rights, industrial development and national security. This article, on the national policy and law level, sorts out four categories of data governance, that is, personal data protection, cross-border data flow regulation, data market governance, and data content management. Countries and regions like United States, European Union and China are the centers of global digital economy. This article summarizes their practices and experience in above-mentioned four categories, and on this basis, puts forward some suggestions on strengthening China's data security governance system and capacity building, that is, further improving the legal system to compete for the leadership of the digital economy, deeply participating in global data governance to enhance the international voice of rule-making, and strengthening support and oversight of new technologies and applications to seize new heights in digital economy governance.
    Research on Data Classification and Grading Method Based on Data Security Law
    2021, 7(10):  933. 
    Asbtract ( )   PDF (2157KB) ( )  
    References | Related Articles | Metrics
    The Data Security Law of the People's Republic of China (hereinafter referred to as the Data Security Law) has been formally promulgated, which clearly stipulates that the state establishes data classification and grading protection system, and implements classified and graded protection for data. However, at present, the relevant standards and specifications of data classification and grading in China are relatively lacking, and the practical experiences that can be used for reference in various industries are relatively insufficient. How to effectively implement the data classification and grading protection is still a thorny problem. Based on Article 21 of the Data Security Law, this paper analyzes the factors such as the influence object, influence breadth and influence depth after the data is damaged, puts forward the principles and methods of data classification and data grading, and gives an implementation path of data classification and grading according to the application scenarios and industry characteristics of the data, which provide a certain reference for data classification and grading protection of various industries.
    Research and Practice on the Construction of Data Security Ecosystem
    2021, 7(10):  941. 
    Asbtract ( )   PDF (3921KB) ( )  
    References | Related Articles | Metrics
    In March 2021, “the 14th five year plan for national economic and social development of the People's Republic of China and the outline of long-term objectives for 2035”were officially released, which mentioned that“we should pay equal attention to open and control, promote the unity of development and standardized management, build a digital rule system, and create an open, healthy and safe digital ecology”. The proposal of“digital ecology”provides strong support for the research and practice of building a data security ecosystem. Under the guidance of the national data security strategy, a good environment that the whole society participates, maintains data security and promotes development is gradually formed. This study proposes the overall framework of the data security ecosystem, including one center, two cycles, three systems, five keys and eight routes. Taking the digital ecology as the construction goal, the specific contents and indicators of the data security ecosystem are determined from the perspective of how to implement the data security governance and construction requirements. Finally, a landing execution path at all levels of data security is formed.
    Research on Application of DataSecOps in Data Sovereignty
    2021, 7(10):  949. 
    Asbtract ( )   PDF (1785KB) ( )  
    References | Related Articles | Metrics
     Under the background of digitization, data has become the core competitiveness of the competition between countries and enterprises, and data flow is the normal trend of domestic and international development, including cross-border flow between countries, data sharing between enterprises, data processing within enterprises, and personal information interaction between individuals and organizations. In the whole process of data flow, it is a top priority to grasp data sovereignty. No matter at the national level, enterprise level or individual level, we can obtain national security, enterprise interests and individual legitimate rights only when we master data sovereignty. In the period of digital transformation, how to protect data sovereignty at the level of data security is a difficult problem that cannot be solved by existing technical means. Through the research on DataSecOps, security attributes are embedded in the data flow and with the data as the core object, risk assessment and compliance check are carried out on data based on AI, and data sandbox is fused, DataSecOps technology is applied to data sovereignty protection, and data sovereignty is guaranteed from the data security level.
    Practice and Exploration on the Construction of E-Government Data Security Situation Awareness Platform
    2021, 7(10):  954. 
    Asbtract ( )   PDF (1501KB) ( )  
    References | Related Articles | Metrics
    As our country vigorously promotes the cultivation of data element market, data value increasingly prominent, the damage from the data breach is growing, Data Security Law of the people's Republic of China  had been issued, which claims to complement Data security governance system, and strengthen data sharing and security measures. At this rate of development, some e-government operators begin to plan and design the data security technology protection system which covers the whole life cycle and takes the data security situation awareness platform as the core. This paper analyzes the data security risk and demand of e-government system, based on the research on the model of data security management capability building at home and abroad, try to design and construction of data security situational awareness platform, which provides a basis for e-government operators to gradually realize the business objectives of visible, clear, manageable, strong audit and traceability of data assets.
    Analysis of Data Security Governance Frame in E-Government
    2021, 7(10):  962. 
    Asbtract ( )   PDF (1303KB) ( )  
    References | Related Articles | Metrics
    As a basic national strategic resource, e-government data is related to the country's political and economic operations, national defense, and social stability. The severe security situation and complex security threats affect e-government data security, and a high-level security framework is urgently needed to guide the development of data security governance. The problems of e-government data security governance and the current research situation are studied. Based on the threats and risks analysis of e-government data, to study the data governance framework and security governance framework. And based on the system engineering method, propose the e-government data security governance framework and governance approaches. The new goals, new methods, new approaches, and new measures of e-government data security governance are given, which provide a reference for the implementation of e-government data security governance.
    Data Grading
    2021, 7(10):  969. 
    Asbtract ( )   PDF (498KB) ( )  
    References | Related Articles | Metrics
    Research on Outstanding Risks and Countermeasures Faced by Open Source Software Industry of China
    2021, 7(10):  973. 
    Asbtract ( )   PDF (649KB) ( )  
    References | Related Articles | Metrics
    In recent years, open source software has become one of the important models for the innovation and development of software industry of China. This paper systematically analyzes the development trend of the global open source model, analyzes the open source supply interruption risk, code security risk, intellectual property risk and independent innovation risk in open source software industry of China, and proposes specific policies and measures to promote open source independence, strengthen model innovation and optimize the development environment, so as to promote the healthy and sustainable development of open source industry of China.
    Digital Currency Money Laundering Model and Tracking Analysis
    2021, 7(10):  977. 
    Asbtract ( )   PDF (2085KB) ( )  
    References | Related Articles | Metrics
    Money laundering activities have evolved from a traditional model of Underground Bank to the new model such as "Fourth-Party Payment", along with the rising of the emerging digital currency, which has brought huge challenges to crime investigations, and also caused damage to the social financial system. In view of lack of supervision on the application installation of the digital currency system, lack of supervision on the digital currency transactions, as well as the anonymity of digital currency transactions, we put forward the key channels to solve the problems. This article describes the realization of obtaining real-name of digital wallet addresses, identifying digital exchange addresses, and how to establish evidence of digital currency transactions. In order to figure out the data visualization and address tagging display in the process of digital currency trading, provide clear flow tracking graphics of digital currency trading process for staff in case handling, identify the digital currency exchange, determine if it is able to retrieve evidence from that digital currency exchange, which will significantly improve work efficiency on money laundering crime investigation.
    Risk Challenge and Regulatory Research of Face Recognition Facing “Easy to Crack”
    2021, 7(10):  984. 
    Asbtract ( )   PDF (921KB) ( )  
    References | Related Articles | Metrics
    The RealAI research team of Tsinghua University successfully cracked the face recognition of nineteen mobile in just fifteen minutes by using anti sample interference technology in the February of this year.These cracked mobile phones all use 2D face recognition. However apple mobile phone using 3D face recognition failed to crack. Now many domestic face recognition still use 2D face recognition because of the cost.So they face the risk of easy to be cracked.This paper mainly describes the basic principle and application of face recognition and it also analyzes the technical challenge and security risk of face recognition easy to be cracked. In response to the situation of face recognition easy to be cracked and create a benign ecological development environment of this industry, this paper also raises targeted regulatory research.
    Research on the Application of Beidou Space-time Information in the Field of Industrial Internet Security
    2021, 7(10):  989. 
    Asbtract ( )   PDF (3379KB) ( )  
    References | Related Articles | Metrics
    With the development of artificial intelligence, cloud computing, big data, Internet of things and other technologies, information security issues have become increasingly prominent, security is becoming more and more complex. The intensity, frequency, scale and impact of network malicious attacks are escalating, great changes have taken place in the security "boundary". The application of Beidou space-time information, provide unified time and location information for data in industrial Internet,take space-time information as the key identification of industrial big data. An industrial Internet Security Platform Based on Beidou space-time benchmark service is constructed, realize high-precision positioning, time benchmark, flexible access of multi-source sensors and spatial geographic information services. The fusion of industrial data and high-precision spatio-temporal data is realized. It solves the concealment of industrial big data, greatly reduces the security risk of industrial Internet, improve industrial production efficiency.