With the explosive growth of the data scale and industry scale of the Internet of Vehicles (IoV), the data security risks of the Internet of Vehicles data are also increasing. In order to improve the data security governance level of Internet of vehicles data, this paper first analyzes the key characteristics of the development of Internet of vehicles, including new network form, new data composition, and new data flow system. Then, this paper mainly discusses the data security challenges brought by data itself, data flow process, strong offensive and weak defensive situation. Furthermore, this paper proposes three prospective enlightenment: the establishment of data classification security management mechanism for different subjects; form its own system of defense in depth scheme; adhere to the integrated security strategy based on the holistic security concept.
In the digital age, the economic, social and international relations have undergone drastic changes, and the legal elements have also changed along with the development of technology business. New legal entities, new objects of legal relation, rights and obligations have emerged. In the face of the challenges brought by the development and changes of the digital age, the legislation needs to be further improved. It is necessary for us to adjust our legislative goals and paths, make the system of cyber laws more systematic and coordinated, and promote the high-quality development of the digital economy.
This paper will first analyze the profound background of data security compliance governance, put forward the status quo, risks, challenges and compliance needs of data security compliance based on the research in the telecommunications field, analyze the data security compliance governance measures that telecommunications enterprises should take around management, technology, operation and other aspects, and avoid problems such as unsatisfied management, technology, operation compliance and inadequate implementation of specific measures in the process of compliance supervision, So as to think about the capabilities of telecom enterprises in data security compliance governance, and explore and think about the measures and methods that telecom enterprises should take to achieve positive circular development of data security compliance governance.
In recent years, with data security laws and regulations continue to be issued, how to ensure the legal compliance of government affairs and other important data security has become the focus of attention of government departments at all levels. This paper focuses on the analysis of the domestic government affairs data security should follow the relevant legal requirements, mainly for the government affairs data related to the “Data security Law”“Personal Information Protection Law”“Critical information infrastructure security protection regulations” compliance requirements for targeted analysis. At the same time, this paper focuses on the difference between data security assessment and data security compliance assessment, and puts forward a set of government data security compliance capability maturity model, which gives three data security compliance maturity levels, and analyzes the key points of compliance assessment of each level. At the end of this paper, an innovative practice idea of government data security compliance is proposed, which can be used as a reference for data security compliance practice of government data processors at all levels.
From the perspective of overall development and security, cyber security is an important prerequisite and basic condition to ensure high-quality development. The development of cyber security industry is an important component of the national cyber development strategy, and cyber security enterprises are the foundation of cyber security industry. Based on the observation and investigation of the current situation of cyber security industry and enterprises in recent years, this paper summarizes and analyzes the current status of cyber security enterprises under the new situation from multiple perspectives. Finally, based on the analysis of the current status of cyber security enterprises, put forward cyber security enterprise development suggestions.
SDN network realizes the separation of control and forwarding, and meets the requirements of computing and storage that change continuous, so it is widely used in new technologies in recent years. With the continuous development and deployment of SDN network, it faces more and more security threats and risks. SDN security has become an important research direction in the field of network security. This paper starts with the SDN three-tier architecture, analyzes and summarizes the main security problems faced by the SDN network, discusses the current main measures for security problems, mainly introduces the research results of DDoS attack prevention, and looks forward to the next research direction.
Difficulty in safe sharing, openness and utilization of medical and health data is one of the most important factors hindering the development of informatization in the current health and health industry. This paper researches and discusses the difficulties faced by the health industry in the actual application scenarios of data sharing and utilization, proposes the application schemes of privacy computing in various application scenarios, and gives suggestions on the security of privacy computing models in corresponding scenarios according to actual needs.
The current international cybersecurity confrontation situation is becoming complicated. Under the background of COVID-19, ICT supply chain security has gradually become the focus of varies countries. From the perspective of ICT cybersecurity, this paper analyzes the current development, evolution trend of the international ICT supply chain security system, and the impact on Chain’s security. Through horizontal comparison, this paper summarizes the development characteristics, advantages and disadvantages of ICT supply chain security systems in various countries, finds the deficiencies of China’s current ICT supply chain security systems, and put forward suggestions for improvement in the fields of cybersecurity industry, data security, product and service security. This paper could support for government ICT supply chain security management.
This article first briefly introduces the concept of anonymous communication technology and related technical means, and summarizes the main practices and effects of anonymous communication technology supervision in the world. This article explains the supervision of anonymous communication technology in China at this stage, including the introduction of laws and regulations and the technical research work of the industry. Finally, combined with the international supervision and governance experience of anonymous communication technology and the current supervision in China, three suggestions are proposed, including the construction of anonymous communication technology monitoring methods based on traffic analysis.
At present, data security compliance has become a core driving force for data security construction. The data security compliance construction should meet compliance requirements and prevent data security risks. This paper proposes the target framework of the data security compliance system, as well as the planning and construction methods for the organizational, management and technical competences. Based on this, it aims to form a closed-loop management framework, namely, a framework consisting of “discovery-rectification-supervision” steps.
In recent years, with the rapid development of big data, data leakage incidents have occurred constantly, and data security has been paid more and more attention. The hardware-based chip-level privacy computing uses the chip security base to ensure the data security of upper-layer applications, and has become an effective data security solution. This paper proposes a privacy-based computing-based database life cycle protection method. We design a new key management service system (Key Management Service, KMS). Encryption to ensure the security of the private data throughout the entire life cycle (storage, transmission, and use). Compared with database operations in ordinary computing, this solution has a performance loss of about 30% in read and write operations in the MySQL database system, and about 8 seconds in read and write operations in the SQLCipher database system.
Based on the continuous advancement of the cloud migration of e-government information system and cloud service platform in various places, the system architecture of the endogenous security cloud service platform is proposed. On the basis, the concepts of endogenous security cloud service platform security measurement index system are proposed, which solves the difficulty of measuring the network security of endogenous security information systems and cloud service platforms. In addition, this paper proposes the corresponding test evaluation method, and proposes a feasible plan for the construction of the subsequent test evaluation plan.
Under the background of digital age, computer power network develops rapidly, but it also causes more and more security problems. In order to ensure the steady progress of the computer power industry, it is necessary to build a complete computer power network security system as soon as possible. Based on the research of the three modules of computing network architecture infrastructure, arrangement management and operation service, in order to ensure the sustainable development of computer power network, the corresponding security construction scheme is put forward.
In recent years, telecommunication network fraud has been a deep-rooted social problem with constantly updated expedient. In order to hide location information, the internet protocol (IP) address switching technology is exploited by fraudsters to change the login IP address of social or payment platform. Such tactics seriously hinder the tracing and detection of fraud cases. This paper analyzes the IP address switching technology, summarizes the governance risks and challenges, and further proposes suggestions.
Data is an important asset of an enterprise, and there are significant challenges in data security management. This paper proposes to solve the problem of data security management by establishing an enterprise-level middle platform of data security, ensure data security in the whole life cycle, and build the lifeline of enterprise data. The middle platform of data secrity provides security service capability through three steps: first, judge the security business boundary to form a relatively function boundary; Then the reusable part is abstracted into a security module component; Finally, business association and incremental packaging are performed between module components to provide security capabilities. The method in this paper can solve the problem of “repeatedly building wheels” in the data security industry, and further solve the problem of security boundary division and data islands of traditional platforms.