{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"編者按"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"新型智慧城市是運用物聯網、雲計算、大數據、空間地理信息集成等新一代信息技術,促進城市規劃、建設、管理和服務智慧化的新理念和新模式,是政府治理能力提升的重要標誌,對增強羣衆獲得感、幸福感和推動數字經濟發展具有重要意義。隨着新型智慧城市建設的深入推進,其成果應用必然需要各領域、各部門數據的打通與整合,從而形成大數據支撐和一系列數據融合應用。跨層級、跨部門、跨系統的政務數據在匯聚、共享、使用的過程中,安全風險日益凸顯。與傳統環境相比,新型智慧城市的發展,對數據安全管理工作提出了更多的要求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文從新型智慧城市建設過程中政務數據共享開放可能存在的數據安全風險出發,結合百分點科技多年服務各類政府部門和企業的數據管理經驗,基於對數據全生命週期的有效認知,融合大數據算法挖掘和人工智能識別等技術,全面系統地提出了一套政務數據安全管理體系和實踐成果,以期全方位保障政務數據共享開放安全,促進新型智慧城市建設。"}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"一、引言"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"近年來,我國智慧城市快速發展,成效顯著,大數據、人工智能等現代信息技術成爲重要戰略資源。新型智慧城市建設已經成爲推進我國城鎮化、提升城市治理水平、破解大城市病、提高公共服務質量、發展數字經濟的戰略選擇。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2015年年底,中央網絡安全和信息化委員會辦公室、國家互聯網信息辦公室提出了“新型智慧城市的概念”,利用大數據智能化集中數據資源,以數據驅動新型智慧城市建設,推動政務數據共享融合與開放應用,標誌着我國智慧城市建設正式步入“四期疊加”狀態,即同時面臨:戰略機遇期、起步探索期、瓶頸凸顯期和創新發展期。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同年,國務院發佈《促進大數據發展行動綱要》提出要在2018年年底建成國家政務數據統一開放平臺後,全國各級地方政府都積極建設政務共享交換平臺和公共數據開放平臺,政務數據開放的規模與範圍越來越大,影響政府數據開放的安全因素也日益凸顯,數據安全是政務數據開放的基礎與前提,安全問題解決不好,公共信息資源就不可能實現“真正”的開放,如何通過分級分類推進政務數據共享開放,打通信息壁壘,加速信息資源整合應用,充分挖掘開發海量的政務以及行業數據的價值,平衡好數據開放與數據安全的關係,成爲政府數據開放必須正視的關鍵議題。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"二、政務數據共享開放的安全風險分析"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1. 政務數據權屬不明邊界不清的風險"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"政務數據共享開放涉及國家機密保護、知識產權保護、企業信息保護、個人信息保護、個人隱私保護、數據融合利用等多方面問題,在政務數據開放的過程中,數據權屬不明確,將對使用權責、開放原則、開放範圍、開放模式產生爭議。盲目開放,將會引起數據泄露風險。只有數據權屬明確、責任邊界清晰,才能劃定政務數據開放共享過程中各部門的安全責任邊界,明確相關部門在數據開放中應當承擔的責任,保障數據安全。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2. 缺乏數據分類以及管理依據的風險"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"新型智慧城市建設過程中一方面亟需打破“信息孤島”,實現政務數據的共享開放,通過全面數據開發與利用創造更大的數據價值;另一方面,由於我國尚未建立完善的數據保護與個人隱私保護法律法規,各類數據缺乏分級分類和管理依據,出於數據安全與隱私保護的制約,很多政府部門不敢共享開放或不願共享開放數據。極易造成開放不足數據價值難以釋放或開放過度數據泄密的風險。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3. 違規操作導致出現敏感信息的風險"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"政務數據共享開放過程中,參與部門多、企業多、人員多、流程嚴謹是工作常態,由於缺乏數據管理規範,非涉密人員保密意識相對薄弱,存在個別人員爲了工作便利,直接在非涉密環境中處理含有敏感信息的數據的情況,爲敏感信息帶來安全隱患。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"4. 公開信息匯聚增值可能涉密的風險"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在新型智慧城市建設過程中,政務數據匯聚、融合、開放、應用的力度越來越大,即便對數據進行分級分類管理,在長期持續的存儲以及共享開放過程中,也存在以下隱患:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(1)各部門在進行數據脫敏或脫密處理時,無法預見相關部門公開的數據與之融合後,是否會涉密。有些數據孤立看沒問題,但幾類數據關聯起來形成的組合數據,可能會成爲涉及國家安全的涉密數據或涉及個人隱私、企業經營的敏感數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(2)一段時間內的單個數據集不構成敏感信息,但在數據持續共享開放的過程中,通過增量疊加方式彙總形成的全量數據集,極易造成信息泄露風險。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(3)各地區對敏感數據的認定不同、標準不一,也是極易導致失泄密的風險之一。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"5. 大數據全週期管控能力不足的風險"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"大數據時代,數據已成爲國家戰略資源,傳統信息安全中的“靜態”數據保護概念,在以數據共享、融合、應用爲常態的“動態”場景中將面臨業務生態更加複雜、數據處理角色更加多元、責任主體和邊界難以釐清的挑戰。傳統的“以系統爲核心”的信息安全防護體系已無法滿足數據流轉與數據安全的雙重需求。在採用雲計算、大數據等技術,以多副本、多節點、分佈式的形式處理海量政務數據的現實環境中,傳統數據安全技術相對滯後,難以實現實時、連續、全生命週期(數據收集、傳輸、存儲、處理、共享、開放等)的安全管控,無法有效保障新型智慧城市建設的健康發展。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"三、國內數據安全管理政策分析"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我國對保障數據安全這方面的工作隨着政務數據開放逐漸重視起來,因爲政務數據開放起步較晚,2020年7月公佈的《中華人民共和國數據安全法(草案)》和2019年5月國家互聯網信息辦公室發佈的《數據安全管理辦法》目前還處於徵求意見稿階段。而對於商業祕密、個人隱私等數據的立法保護也是散見於各類關於大數據發展、數字政府建設、政務信息管理等政策文件中,且多爲原則性要求,缺乏具體指導規範,對於政務數據的共享開放工作指導有限,具體情況如下表所示。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/7b\/18\/7bb8425fd781a1e14d74fb6c578efc18.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/03\/f1\/0355713fa349c6522c777ec700ae25f1.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"四、政務數據共享開放安全管理措施與實踐"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技結合當前數據安全政策體系的建設情況,在政務數據共享開放的數據安全管理領域與政府客戶共同探索、實踐了安全管理長效機制,打造了全方位管控政務數據共享開放安全的能力體系。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1. 明確政務數據權屬,劃清安全責任邊界"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在政務數據共享開放管理工作中,首先要梳理清楚管理對象和數據權屬,明確數據的提供者、使用者(又分爲政務共享數據使用者、公共開放數據使用者)、平臺建設單位、平臺運維單位、平臺運營單位和平臺監管單位等責任主體; 其次要結合本地相關政策,參照“誰主管誰負責、誰運行誰負責、誰使用誰負責”的總體原則,圍繞政務數據匯聚、存儲、處理、傳輸、共享、開放、銷燬、備份的全生命週期梳理相關角色、權限、人員等管理對象的安全責任邊界、責任範圍、具體安全職責和工作內容。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2. 梳理共享開放範圍,統一共享開放渠道"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"依照“以共享爲常態、不共享爲例外”的原則,梳理共享開放範圍,編制各政府部門的“三清單”,即責任清單(各部門所擁有的政務信息資源)、需求清單(對其他部門的數據共享需求、共享方式,應用場景)和負面清單(各部門認爲不宜提供給其他政務部門共享使用的信息資源,必須有法律、行政法規、部委規章或黨中央國務院政策依據)。由平臺建設單位輔助各政府部門按照《政務信息資源目錄編制目錄》(發改技[2017]1271號)編制、優化政務信息資源目錄,明確數據共享屬性和共享範圍,並動態維護更新,保證數據共享質量和時效性。梳理工作完成之後,凡是因各部門預期未報原因而未列入“三清單”之內的,原則上不再予以協調。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"明確共享開放的統一工作平臺和渠道,原則上只能通過共享交換平臺和數據開放平臺(含政務數據共享和公共數據開放)進行,擅自通過其他方式進行數據共享及開放,需承擔相關責任; 其次要確定共享開放的範圍,明確共享開放數據邊界,將數據劃分爲無條件共享、有條件共享和不予共享3類;再次對於涉及敏感數據共享的情況,還應當採用脫敏、加密等方式保障數據安全; 最後還可結合本地實際,統籌規劃,分期分批進行開放,先對部分數據進行優先試點開放,比如有明確政策依據和數據來源的政務公開數據,以及一些與公衆密切相關的基礎數據,再逐步放開其他數據的開放利用,在數據共享開放需求、數據安全和隱私保護之間找到最佳平衡點。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3. 打造政企協同機制,加強安全知識培訓"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技與參與新型智慧城市建設的信息化企業及政府部門保持密切聯繫,形成一套政企聯動、企企聯動的協同機制,保障數據安全管控流程的順暢運轉。首先是對點聯繫,參與新型智慧城市建設的相關企業和政府部門都明確了一名工作聯絡員,做到點對點聯繫,確保有效對接。其次是協同聯動,基於明確的數據權屬、安全邊界、共享範圍、開放渠道等信息,使用信息化手段,實現數據安全管控的流程化、標準化。再次是定期培訓,配合政務數據主管部門每月\/每季度以邀請上門交流、召開座談會、線下培訓等方式瞭解掌握各參與企業在新型智慧城市建設中的實施進度、安全管控難題,並提出具有普適性和針對性的工作方案,同時對相關工作人員開展數據安全知識培訓,加強安全保密意識,杜絕因違規操作導致的數據泄密風險。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"4. 健全數據管控能力,提升政務數據質量"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"政務數據擁有良好的質量,不僅可以降低後續融合應用的成本,促進數據資源更好地開放利用,同時也是數據安全保障的基礎。數據質量要求政務數據保證信息的完整性、準確性、及時性、可用性和一致性,百分點科技構建了政務數據全生命週期管理體系,實現了對政務數據的長效運營,能夠有效提升數據質量,保障數據的完整性,確保對數據來源、數據權屬、共享內容、開放條件、數據質量、應急處置等信息有完備而系統的管控能力,同時對數據的流通使用進行監管,保障數據的流通安全可控;通過分析數據的血緣關係獲知數據的來源出處,明確數據的數據歸屬,實現“一數一源”; 以前端應用爲牽引,以數據質量報告抓手,倒逼政府部門及時更新和修改提供的數據,避免在彙集過程中產生交叉重複。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"5. 實行數據分級分類,保障共享開放安全"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前,我國尚未建立數據安全分級分類的標準規範。對於安全等級不明確的數據,數據安全保護措施不當會出現數據安全保護強度不足導致數據泄露風險,數據過度保護又會帶來數據共享困難。所以,百分點科技結合多年服務政府客戶和企業客戶經驗,結合政府客戶本地實際,按照數據類型、泄露影響程度以及敏感程度(非敏感數據、涉及用戶隱私數據、涉及國家祕密數據),制定分級分類標準,對政務數據資源進行先分類再分級,並明確相應的開放屬性、共享屬性和安全防護策略,具體內容如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/54\/47\/54916cf92dd63dcacae9432415654747.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在政務大數據的安全整體架構中,根據數據的類別及等級對數據流生命週期過程進行“矩陣式管控”,其對應關係如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/48\/5b\/4890565629b1a722d02bed6d6197c25b.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過分級分類管理,對數據進行分級分域存儲,對數據訪問按照數據分級分類管理指南進行顆粒化的權限管理。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/ba\/53\/ba664deabb09f85a7e2844704cb2fb53.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對敏感數據傳輸進行加密保護,對涉及國家安全、社會公共利益、商業祕密、個人信息和隱私數據的使用按照標準規範進行脫敏脫密處理,對各類數據重要操作實施流程審批,對數據共享開放全生命週期進行安全審計,保證每個環節的安全和策略一致性。脫敏方法及敏感數據示例如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/57\/33\/570d1c8ebf60792f8a8ba53f0b4e7f33.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/a1\/03\/a192557d7b9cea37c943f1f29103a103.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"6. 引入先進技術經驗,加強安全技術保障"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"技術手段是大數據安全管理的保障條件,傳統數據安全技術已無法滿足數據流轉與數據安全的雙重需求,需要以網絡安全爲基礎、以數據爲中心,以顆粒化權限管控爲抓手,輔以脫敏加密、分級分類、安全審計、行爲追溯(區塊鏈)、隱私計算等技術手段,搭建數據安全管理體系實現數據全週期(數據收集、傳輸、存儲、處理、共享、開放等) 保障。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技爲政務數據共享開放提供了全生命週期技術支持。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在數據存儲環節,通過安全區域劃分,建立DMZ區、數據加密區,解決不同區域間存儲和邊界控制問題,採用數據加密技術、顆粒化訪問控制和審批管理,防止數據泄露與非授權訪問。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/b3\/13\/b3795663ed0fb407f877bc04e5357d13.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在數據採集、匯聚、處理環節,採用元數據管理、數據標準管理、數據模型管理、數據質量管控、數據治理等技術,管控數據質量,形成數據資產; 在數據傳輸環節,採用數據加密、數據指紋等技術,實現數據可追蹤可溯源; 在數據使用環節,採用數據脫敏、脫密技術,保障敏感數據的安全使用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/d1\/60\/d15999bf052ab73257f8fa926yyfc660.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同時,爲解決多個機構間數據共享和數據價值挖掘問題,通過搭建隱私計算服務平臺,解決了在不共享原始數據前提下實現數據價值挖掘和流轉的技術手段。通過原始數據“去標識化”,可信執行環境搭建和能夠保護數據和模型隱私的智能計算技術(聯邦學習)三個環節,保證各政府部門數據和模型隱私,實現數據“可用不可見”、“可算不可識”和“可用不可擁”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在數據全生命週期採用日誌管理和用戶行爲審計,實現異常行爲實時監控,防止數據泄露等安全事件發生,全方面保障政務數據共享開放安全。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"7. 建立風險評估體系,評估安全服務能力"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技建立了貫穿政務數據共享開放全生命週期的數據安全風險評估體系。梳理出了匯聚、存儲、處理、傳輸、共享、開放、銷燬、備份等各環節的安全風險點,對各類風險進行量化分析(等級、百分比、數值),形成風險評估模型,定期對數據安全風險進行評估,防範數據安全隱患,對可能的風險進行監測預警。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由政府數據主管部門牽頭,引入具有相關資質的第三方測評機構開展安全保障能力和安全風險評估,對測評中發現的風險事項限期整改,提高政務數據共享開放工作質量,減少數據安全隱患。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"8. 建立監督管理機制,形成安全管理閉環"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技輔助政府客戶建立完善的監督考評機制,確保政務數據共享開放的及時性、有效性和安全性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"主管部門定期對系統接入量、數據接入量、數據質量、數據引用量、安全告警量、安全評估等級等信息進行彙總,形成數據安全風險評估報告,並將政務數據共享、開放的數據質量、安全管理情況作爲績效考覈指標,要求各部門發佈年度工作報告,主管部門按照考評機制對相關部門進行考覈,動態監管數據安全管理制度執行情況,形成安全管理閉環,保障政務數據共享開放安全。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"結束語"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文從新型智慧城市建設面臨的數據安全挑戰出發,結合百分點新型智慧城市實踐經驗分享了數據安全管理理念和技術手段。政務數據共享融合與開放應用在創造新價值的同時,也帶來了新的挑戰。一方面需要推進數據開放利用; 另一方面數據安全是大數據發展的底線。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技將積極與各政務管理部門一起完善頂層設計,細化數據安全管理事項,加強項目團隊安全保密知識培訓,切實有效地支撐政務信息化平臺的安全穩定運行,做好政務數據安全管理工作,積極構建政務數據健康發展的有利環境,推進新型智慧城市的建設,爲大數據產業的健康發展貢獻一份力量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"本文轉載自公衆號百分點科技(ID:baifendian_com)。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"原文鏈接"},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s\/hErEBn28cd7mS8GZIarn_A","title":"","type":null},"content":[{"type":"text","text":"政務數據安全管理實踐"}]}]}]}
政務數據安全管理實踐
{"type":"doc","content":[{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"編者按"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"新型智慧城市是運用物聯網、雲計算、大數據、空間地理信息集成等新一代信息技術,促進城市規劃、建設、管理和服務智慧化的新理念和新模式,是政府治理能力提升的重要標誌,對增強羣衆獲得感、幸福感和推動數字經濟發展具有重要意義。隨着新型智慧城市建設的深入推進,其成果應用必然需要各領域、各部門數據的打通與整合,從而形成大數據支撐和一系列數據融合應用。跨層級、跨部門、跨系統的政務數據在匯聚、共享、使用的過程中,安全風險日益凸顯。與傳統環境相比,新型智慧城市的發展,對數據安全管理工作提出了更多的要求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文從新型智慧城市建設過程中政務數據共享開放可能存在的數據安全風險出發,結合百分點科技多年服務各類政府部門和企業的數據管理經驗,基於對數據全生命週期的有效認知,融合大數據算法挖掘和人工智能識別等技術,全面系統地提出了一套政務數據安全管理體系和實踐成果,以期全方位保障政務數據共享開放安全,促進新型智慧城市建設。"}]}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"一、引言"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"近年來,我國智慧城市快速發展,成效顯著,大數據、人工智能等現代信息技術成爲重要戰略資源。新型智慧城市建設已經成爲推進我國城鎮化、提升城市治理水平、破解大城市病、提高公共服務質量、發展數字經濟的戰略選擇。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2015年年底,中央網絡安全和信息化委員會辦公室、國家互聯網信息辦公室提出了“新型智慧城市的概念”,利用大數據智能化集中數據資源,以數據驅動新型智慧城市建設,推動政務數據共享融合與開放應用,標誌着我國智慧城市建設正式步入“四期疊加”狀態,即同時面臨:戰略機遇期、起步探索期、瓶頸凸顯期和創新發展期。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同年,國務院發佈《促進大數據發展行動綱要》提出要在2018年年底建成國家政務數據統一開放平臺後,全國各級地方政府都積極建設政務共享交換平臺和公共數據開放平臺,政務數據開放的規模與範圍越來越大,影響政府數據開放的安全因素也日益凸顯,數據安全是政務數據開放的基礎與前提,安全問題解決不好,公共信息資源就不可能實現“真正”的開放,如何通過分級分類推進政務數據共享開放,打通信息壁壘,加速信息資源整合應用,充分挖掘開發海量的政務以及行業數據的價值,平衡好數據開放與數據安全的關係,成爲政府數據開放必須正視的關鍵議題。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"二、政務數據共享開放的安全風險分析"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1. 政務數據權屬不明邊界不清的風險"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"政務數據共享開放涉及國家機密保護、知識產權保護、企業信息保護、個人信息保護、個人隱私保護、數據融合利用等多方面問題,在政務數據開放的過程中,數據權屬不明確,將對使用權責、開放原則、開放範圍、開放模式產生爭議。盲目開放,將會引起數據泄露風險。只有數據權屬明確、責任邊界清晰,才能劃定政務數據開放共享過程中各部門的安全責任邊界,明確相關部門在數據開放中應當承擔的責任,保障數據安全。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2. 缺乏數據分類以及管理依據的風險"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"新型智慧城市建設過程中一方面亟需打破“信息孤島”,實現政務數據的共享開放,通過全面數據開發與利用創造更大的數據價值;另一方面,由於我國尚未建立完善的數據保護與個人隱私保護法律法規,各類數據缺乏分級分類和管理依據,出於數據安全與隱私保護的制約,很多政府部門不敢共享開放或不願共享開放數據。極易造成開放不足數據價值難以釋放或開放過度數據泄密的風險。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3. 違規操作導致出現敏感信息的風險"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"政務數據共享開放過程中,參與部門多、企業多、人員多、流程嚴謹是工作常態,由於缺乏數據管理規範,非涉密人員保密意識相對薄弱,存在個別人員爲了工作便利,直接在非涉密環境中處理含有敏感信息的數據的情況,爲敏感信息帶來安全隱患。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"4. 公開信息匯聚增值可能涉密的風險"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在新型智慧城市建設過程中,政務數據匯聚、融合、開放、應用的力度越來越大,即便對數據進行分級分類管理,在長期持續的存儲以及共享開放過程中,也存在以下隱患:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(1)各部門在進行數據脫敏或脫密處理時,無法預見相關部門公開的數據與之融合後,是否會涉密。有些數據孤立看沒問題,但幾類數據關聯起來形成的組合數據,可能會成爲涉及國家安全的涉密數據或涉及個人隱私、企業經營的敏感數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(2)一段時間內的單個數據集不構成敏感信息,但在數據持續共享開放的過程中,通過增量疊加方式彙總形成的全量數據集,極易造成信息泄露風險。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(3)各地區對敏感數據的認定不同、標準不一,也是極易導致失泄密的風險之一。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"5. 大數據全週期管控能力不足的風險"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"大數據時代,數據已成爲國家戰略資源,傳統信息安全中的“靜態”數據保護概念,在以數據共享、融合、應用爲常態的“動態”場景中將面臨業務生態更加複雜、數據處理角色更加多元、責任主體和邊界難以釐清的挑戰。傳統的“以系統爲核心”的信息安全防護體系已無法滿足數據流轉與數據安全的雙重需求。在採用雲計算、大數據等技術,以多副本、多節點、分佈式的形式處理海量政務數據的現實環境中,傳統數據安全技術相對滯後,難以實現實時、連續、全生命週期(數據收集、傳輸、存儲、處理、共享、開放等)的安全管控,無法有效保障新型智慧城市建設的健康發展。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"三、國內數據安全管理政策分析"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我國對保障數據安全這方面的工作隨着政務數據開放逐漸重視起來,因爲政務數據開放起步較晚,2020年7月公佈的《中華人民共和國數據安全法(草案)》和2019年5月國家互聯網信息辦公室發佈的《數據安全管理辦法》目前還處於徵求意見稿階段。而對於商業祕密、個人隱私等數據的立法保護也是散見於各類關於大數據發展、數字政府建設、政務信息管理等政策文件中,且多爲原則性要求,缺乏具體指導規範,對於政務數據的共享開放工作指導有限,具體情況如下表所示。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/7b\/18\/7bb8425fd781a1e14d74fb6c578efc18.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/03\/f1\/0355713fa349c6522c777ec700ae25f1.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"四、政務數據共享開放安全管理措施與實踐"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技結合當前數據安全政策體系的建設情況,在政務數據共享開放的數據安全管理領域與政府客戶共同探索、實踐了安全管理長效機制,打造了全方位管控政務數據共享開放安全的能力體系。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1. 明確政務數據權屬,劃清安全責任邊界"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在政務數據共享開放管理工作中,首先要梳理清楚管理對象和數據權屬,明確數據的提供者、使用者(又分爲政務共享數據使用者、公共開放數據使用者)、平臺建設單位、平臺運維單位、平臺運營單位和平臺監管單位等責任主體; 其次要結合本地相關政策,參照“誰主管誰負責、誰運行誰負責、誰使用誰負責”的總體原則,圍繞政務數據匯聚、存儲、處理、傳輸、共享、開放、銷燬、備份的全生命週期梳理相關角色、權限、人員等管理對象的安全責任邊界、責任範圍、具體安全職責和工作內容。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"2. 梳理共享開放範圍,統一共享開放渠道"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"依照“以共享爲常態、不共享爲例外”的原則,梳理共享開放範圍,編制各政府部門的“三清單”,即責任清單(各部門所擁有的政務信息資源)、需求清單(對其他部門的數據共享需求、共享方式,應用場景)和負面清單(各部門認爲不宜提供給其他政務部門共享使用的信息資源,必須有法律、行政法規、部委規章或黨中央國務院政策依據)。由平臺建設單位輔助各政府部門按照《政務信息資源目錄編制目錄》(發改技[2017]1271號)編制、優化政務信息資源目錄,明確數據共享屬性和共享範圍,並動態維護更新,保證數據共享質量和時效性。梳理工作完成之後,凡是因各部門預期未報原因而未列入“三清單”之內的,原則上不再予以協調。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"明確共享開放的統一工作平臺和渠道,原則上只能通過共享交換平臺和數據開放平臺(含政務數據共享和公共數據開放)進行,擅自通過其他方式進行數據共享及開放,需承擔相關責任; 其次要確定共享開放的範圍,明確共享開放數據邊界,將數據劃分爲無條件共享、有條件共享和不予共享3類;再次對於涉及敏感數據共享的情況,還應當採用脫敏、加密等方式保障數據安全; 最後還可結合本地實際,統籌規劃,分期分批進行開放,先對部分數據進行優先試點開放,比如有明確政策依據和數據來源的政務公開數據,以及一些與公衆密切相關的基礎數據,再逐步放開其他數據的開放利用,在數據共享開放需求、數據安全和隱私保護之間找到最佳平衡點。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"3. 打造政企協同機制,加強安全知識培訓"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技與參與新型智慧城市建設的信息化企業及政府部門保持密切聯繫,形成一套政企聯動、企企聯動的協同機制,保障數據安全管控流程的順暢運轉。首先是對點聯繫,參與新型智慧城市建設的相關企業和政府部門都明確了一名工作聯絡員,做到點對點聯繫,確保有效對接。其次是協同聯動,基於明確的數據權屬、安全邊界、共享範圍、開放渠道等信息,使用信息化手段,實現數據安全管控的流程化、標準化。再次是定期培訓,配合政務數據主管部門每月\/每季度以邀請上門交流、召開座談會、線下培訓等方式瞭解掌握各參與企業在新型智慧城市建設中的實施進度、安全管控難題,並提出具有普適性和針對性的工作方案,同時對相關工作人員開展數據安全知識培訓,加強安全保密意識,杜絕因違規操作導致的數據泄密風險。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"4. 健全數據管控能力,提升政務數據質量"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"政務數據擁有良好的質量,不僅可以降低後續融合應用的成本,促進數據資源更好地開放利用,同時也是數據安全保障的基礎。數據質量要求政務數據保證信息的完整性、準確性、及時性、可用性和一致性,百分點科技構建了政務數據全生命週期管理體系,實現了對政務數據的長效運營,能夠有效提升數據質量,保障數據的完整性,確保對數據來源、數據權屬、共享內容、開放條件、數據質量、應急處置等信息有完備而系統的管控能力,同時對數據的流通使用進行監管,保障數據的流通安全可控;通過分析數據的血緣關係獲知數據的來源出處,明確數據的數據歸屬,實現“一數一源”; 以前端應用爲牽引,以數據質量報告抓手,倒逼政府部門及時更新和修改提供的數據,避免在彙集過程中產生交叉重複。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"5. 實行數據分級分類,保障共享開放安全"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"目前,我國尚未建立數據安全分級分類的標準規範。對於安全等級不明確的數據,數據安全保護措施不當會出現數據安全保護強度不足導致數據泄露風險,數據過度保護又會帶來數據共享困難。所以,百分點科技結合多年服務政府客戶和企業客戶經驗,結合政府客戶本地實際,按照數據類型、泄露影響程度以及敏感程度(非敏感數據、涉及用戶隱私數據、涉及國家祕密數據),制定分級分類標準,對政務數據資源進行先分類再分級,並明確相應的開放屬性、共享屬性和安全防護策略,具體內容如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/54\/47\/54916cf92dd63dcacae9432415654747.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在政務大數據的安全整體架構中,根據數據的類別及等級對數據流生命週期過程進行“矩陣式管控”,其對應關係如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/48\/5b\/4890565629b1a722d02bed6d6197c25b.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過分級分類管理,對數據進行分級分域存儲,對數據訪問按照數據分級分類管理指南進行顆粒化的權限管理。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/ba\/53\/ba664deabb09f85a7e2844704cb2fb53.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"對敏感數據傳輸進行加密保護,對涉及國家安全、社會公共利益、商業祕密、個人信息和隱私數據的使用按照標準規範進行脫敏脫密處理,對各類數據重要操作實施流程審批,對數據共享開放全生命週期進行安全審計,保證每個環節的安全和策略一致性。脫敏方法及敏感數據示例如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/57\/33\/570d1c8ebf60792f8a8ba53f0b4e7f33.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/a1\/03\/a192557d7b9cea37c943f1f29103a103.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"6. 引入先進技術經驗,加強安全技術保障"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"技術手段是大數據安全管理的保障條件,傳統數據安全技術已無法滿足數據流轉與數據安全的雙重需求,需要以網絡安全爲基礎、以數據爲中心,以顆粒化權限管控爲抓手,輔以脫敏加密、分級分類、安全審計、行爲追溯(區塊鏈)、隱私計算等技術手段,搭建數據安全管理體系實現數據全週期(數據收集、傳輸、存儲、處理、共享、開放等) 保障。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技爲政務數據共享開放提供了全生命週期技術支持。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在數據存儲環節,通過安全區域劃分,建立DMZ區、數據加密區,解決不同區域間存儲和邊界控制問題,採用數據加密技術、顆粒化訪問控制和審批管理,防止數據泄露與非授權訪問。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/b3\/13\/b3795663ed0fb407f877bc04e5357d13.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在數據採集、匯聚、處理環節,採用元數據管理、數據標準管理、數據模型管理、數據質量管控、數據治理等技術,管控數據質量,形成數據資產; 在數據傳輸環節,採用數據加密、數據指紋等技術,實現數據可追蹤可溯源; 在數據使用環節,採用數據脫敏、脫密技術,保障敏感數據的安全使用。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/d1\/60\/d15999bf052ab73257f8fa926yyfc660.jpg","alt":null,"title":null,"style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同時,爲解決多個機構間數據共享和數據價值挖掘問題,通過搭建隱私計算服務平臺,解決了在不共享原始數據前提下實現數據價值挖掘和流轉的技術手段。通過原始數據“去標識化”,可信執行環境搭建和能夠保護數據和模型隱私的智能計算技術(聯邦學習)三個環節,保證各政府部門數據和模型隱私,實現數據“可用不可見”、“可算不可識”和“可用不可擁”。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在數據全生命週期採用日誌管理和用戶行爲審計,實現異常行爲實時監控,防止數據泄露等安全事件發生,全方面保障政務數據共享開放安全。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"7. 建立風險評估體系,評估安全服務能力"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技建立了貫穿政務數據共享開放全生命週期的數據安全風險評估體系。梳理出了匯聚、存儲、處理、傳輸、共享、開放、銷燬、備份等各環節的安全風險點,對各類風險進行量化分析(等級、百分比、數值),形成風險評估模型,定期對數據安全風險進行評估,防範數據安全隱患,對可能的風險進行監測預警。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"由政府數據主管部門牽頭,引入具有相關資質的第三方測評機構開展安全保障能力和安全風險評估,對測評中發現的風險事項限期整改,提高政務數據共享開放工作質量,減少數據安全隱患。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"8. 建立監督管理機制,形成安全管理閉環"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技輔助政府客戶建立完善的監督考評機制,確保政務數據共享開放的及時性、有效性和安全性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"主管部門定期對系統接入量、數據接入量、數據質量、數據引用量、安全告警量、安全評估等級等信息進行彙總,形成數據安全風險評估報告,並將政務數據共享、開放的數據質量、安全管理情況作爲績效考覈指標,要求各部門發佈年度工作報告,主管部門按照考評機制對相關部門進行考覈,動態監管數據安全管理制度執行情況,形成安全管理閉環,保障政務數據共享開放安全。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"結束語"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文從新型智慧城市建設面臨的數據安全挑戰出發,結合百分點新型智慧城市實踐經驗分享了數據安全管理理念和技術手段。政務數據共享融合與開放應用在創造新價值的同時,也帶來了新的挑戰。一方面需要推進數據開放利用; 另一方面數據安全是大數據發展的底線。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"百分點科技將積極與各政務管理部門一起完善頂層設計,細化數據安全管理事項,加強項目團隊安全保密知識培訓,切實有效地支撐政務信息化平臺的安全穩定運行,做好政務數據安全管理工作,積極構建政務數據健康發展的有利環境,推進新型智慧城市的建設,爲大數據產業的健康發展貢獻一份力量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"本文轉載自公衆號百分點科技(ID:baifendian_com)。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong"}],"text":"原文鏈接"},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"link","attrs":{"href":"https:\/\/mp.weixin.qq.com\/s\/hErEBn28cd7mS8GZIarn_A","title":"","type":null},"content":[{"type":"text","text":"政務數據安全管理實踐"}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章
愛奇藝數據湖實戰 - 實時湖倉一體化
01 概述 數據是洞察用戶、市場、運營決策的基礎資料,在愛奇藝被廣泛應用在推薦、廣告、用戶增長、營銷等場景中。愛奇藝大數據業務之前採用 Lambda 架構,滿足海量