The practical paper of Shiping information and data security compliance testing was selected into the Chinese core journals

In recent days, , By Shiping information CEO Written jointly by assistant Dr. Zhang Cui and senior vice president Zhang Liang 《 Data security law and data security compliance testing best practices 》 Through the review and recommendation of senior experts in the industry , As an excellent thesis In Chinese core journals 、 The core journals of science and technology in China ——《 Computer science and exploration 》2021 In the first 15 Officially published in a special issue .

Enterprise data security compliance testing best practices

With the establishment and improvement of relevant data security supervision laws and regulations , To prevent data security incidents caused by data leakage , Meet the continuously strengthened national regulatory requirements and the needs of the enterprise's own safety development , Enterprises need to strengthen the construction of their own data security and compliance guarantee capacity .

In many data security protection and governance means , Data security compliance detection technology as a means to effectively monitor and prevent data security risks , For enhancing the security protection of data subjects such as enterprises , It is of great significance to help the healthy and sustainable development of the industry .

World peace information CEO Assistant Dr. Zhang Cui and senior vice president Zhang Liang summarized the exploration and practice achievements of Shiping information in the field of data security and compliance over the years , In this paper, the functions of Shiping data security compliance detection system, an innovative compliance detection tool, are analyzed 、 Detailed description of technology and application scenarios .

Shiping data security compliance detection system （SIMP-SRD）

The product can realize routine self inspection and real-time monitoring for data security , Ensure sustainable information system data security and compliance , Pinpoint and evaluate individuals / Risk of customer information disclosure . On this basis , Comprehensively control the risk situation of all links in the data life cycle , Greatly improve the ability of data security protection .

One 、 Product function

SIMP-SRD It covers manual inquiry detection and technical tool detection , It mainly provides the following functions ：

1. Standardized testing process

Standardize the testing process , The manual inquiry detection and technical tool detection shall be reasonably connected in series , Jointly provide the content of the test report .

2. Detection operation interface

Provide operation interface for each step in the detection process , Including step-by-step operation interface for manual inquiry detection and technical tool detection , Simple and effective operation functions are configured on the interface .

3. Preset detection template

Corresponding preset manual query templates are provided for each test item 、 Self inspection template 、 Test report template, etc , It is convenient for detection, operation and input .

4. Technical testing tools

Provide technical testing tools for testing items including technical testing part , Technical testing tools can be added according to the needs of testing practice , Form the standard version and extended version of testing tools .

5. Detection knowledge base

Provide corresponding preset compliance judgment rules for each test item ; And for the test items including the technical test part , For relevant sensitive data , Provide sensitive data identification model required for technical detection .

Two 、 Application scenarios

2.1 Compliance detection of data acquisition link

Data acquisition link , Illegal collection and detection of personal information .

2.2 Data exit safety compliance inspection

Data security , As 《 Data security law 》 Highlight the key content of data sovereignty , It is the focus of current and future data security compliance testing . When the data is stored in its own computer room , The data exit security compliance detection system captures real-time traffic data through the image of the switch , Rely on built-in IP Address base 、 Identify rule base 、 Compliance rule base , Determine whether it is outbound data , And make compliance judgment according to relevant laws and regulations .

When data is stored in the cloud , The data exit security compliance detection system passes the packet capture tool , Grab the data packets transmitted by the network , Back to the intermediate server , Then play back to SIMP-SRD, Rely on built-in IP Address base 、 Identify rule base 、 Compliance rule base , Determine whether it is outbound data , And make compliance judgment according to relevant laws and regulations .

It is also mentioned that ： With the continuous enhancement of data security compliance supervision , Enterprises as regulated parties , The cost of violation also increases . With the help of data security compliance detection technology tools , By analyzing the flow 、 Scanning of static data 、 monitoring , Enterprises can discover the potential compliance hazards of data in the daily operation process , And make rectification in time , To meet the needs of the public security department 、 Netcom Department , Data security compliance requirements of regulatory authorities in various industries , Reduce the cost of data security compliance .

meanwhile , The data security compliance detection system is also the responsibility of various regulatory authorities , And the means by which the hierarchical protection evaluation organization strengthens the supervision and evaluation of data security compliance . Development of data security compliance detection technology , It can be used to carry out data security detection and evaluation 、 Certification provides strong technical support , Provide strong technical support for regulators “ armed forces ”, Promote the implementation of data security laws and regulations , Effectively improve China's data security guarantee ability .