数据安全国际标准研究  被引量：8

作　　者：刘贤刚[1,2] 孙彦 胡影 赵梓桐[1,2] LIU Xian-gang;SUN Yan;HU Ying;ZHAO Zi-tong(Information Security Research Center,China Electronics Standardization Institute,Beijing 100007,China;Secretariat of National Information Security Standardization Technical Committee,Beijing 100007,China)

机构地区：[1]中国电子技术标准化研究院信息安全研究中心,北京100007 [2]全国信息安全标准化技术委员会秘书处,北京100007

出　　处：《信息安全与通信保密》2018年第12期33-49,共17页Information Security and Communications Privacy

基　　金：国家重点研发计划项目"网络可信身份管理技术研究"课题三2016YFB0800503/课题四2016YFB0800504

摘　　要：云计算、大数据、物联网、人工智能等技术的迅速发展,带来数据滥用、个人信息泄漏、数据非法交易等一系列安全挑战。数据安全标准作为应对数据安全挑战的重要手段,已经成为信息安全研究的热点之一。围绕数据安全国际标准,本文从大数据安全和个人信息安全两个方面分析了数据安全面临的主要风险;梳理和分析包括ISO/IEC JTC1/WG9、ITU-T SG17、NIST、ISO/IEC JTC1/SC 27等标准化组织在数据安全标准领域的工作现状;从立项背景,标准技术内容和进展情况等方面,深入分析ISO/IEC JTC1/SC 27下由我国主导的ISO/IEC 20547-4《信息技术大数据参考架构第4部分:安全与隐私保护》,ISO/IEC 27045《大数据安全与隐私保护过程》,以及研究项目《大数据安全实现指南》和《数据安全》。基于分析结果给出数据安全国际标准化的工作建议。Accompanied with the rapid development of cloud computing,big data,Internet of Things,artificial intelligence,considerable security challenges such as data abuse,personal information leakage,illegal data exchange have emerged.Data security standards which provide methodologies to deal with security challenges,have already become one of the highlights in information security research.Focused on international data security standards,the paper reviews and analyzes the major risks in data security from two aspects,which are big data security and personal information security,the progress of data security standards in different standard developing organizations such as ISO/IEC JTC1/WG9,ITU-T SG17,NIST,ISO/IEC JTC1/SC27etc,and the background,technical contents,and the progress of ISO/IEC20547-4“Information technology-Big data reference architecture-Part4:Security and privacy”,ISO/IEC27045“Big data security and privacy-Processes”,Study Period“Guidelines for implementation of big data security”,and Study Period“Data Security”,which are led by China National Body in ISO/IEC JTC1/SC27.Based on the analysis results,the paper presents suggestions on future work in international standardization of data security.

关 键 词：数据安全 国际标准 大数据安全 个人信息 隐私保护 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]