机构地区:[1]国网山东省电力公司电力科学研究院,山东济南250003 [2]国网山东省电力公司潍坊供电公司,山东潍坊261000
出 处:《山东电力技术》2021年第12期1-10,共10页Shandong Electric Power
基 金:国家自然科学基金项目(51601106);国网山东省电力公司科技项目“智能电网中网络安全防护关键技术研究-课题3:面向大数据的数据安全分析及隐私保护关键技术研究”(52062619001P)。
摘 要:针对企业大数据环境下缺乏自动数据分级、细粒度访问控制、脱敏脱密措施等数据安全防护问题,提出一种基于安全标签的自动分级数据安全防护体系,设计实现了数据安全智能管控平台和大数据安全防护系统。首先,通过分级标签的形式对资产进行标识,制定电力数据“完全公开、内部公开、受限访问”三级管控原则,制定能源大数据分级模型,明确数据风险控制点和安全控制措施。其次,围绕数据传输、存储、使用等数据全生命周期,根据数据的重要性制定细粒度、差异化的安全防护策略。最后,在国网山东省电力公司潍坊寿光能源大数据中心进行数据安全分级防护试点应用,通过部署数据安全智能管控平台和大数据安全防护系统,进行自动数据资产发现、数据分级管理和数据资产可视化,对信息系统、设备和用户的数据访问进行身份鉴别、访问控制和脱敏脱密处理,实现数据全过程全方位安全防护。数据安全自动分级防护实验中,通过人工对300多张表中的14张表进行核对抽查,分级标注准确率达到90%,再调整系统匹配参数后,准确率达到100%。平台的实际应用表明,在安全可控的情况下,实现各应用系统数据在数据中心内部与外部的安全流转和共享,实现了数据全生命周期的可信、可管、可控、可追溯。In the enterprise big data environment,there is a lack of data security protection such as automatic data classification,fine⁃grained access control,desensitization and declassification measures.An automatic classification data security protection system based on security labels was proposed,and the data security intelligent management and control platform and big data security protection system were designed and implemented.Firstly,the assets were identified in the form of classified labels,and the three⁃level control principle of“full disclosure,internal disclosure and restricted access”of power data was formulated.The energy big data classification model was formulated to clarify the data risk control points and security control measures.Secondly,around the whole life cycle of data transmission,storage and use,and according to the importance of data,fine⁃grained and differentiated security protection strategies were formulated.Finally,the pilot application of classified protection of data security was carried out in Weifang Shouguang energy big data center of State Grid Shandong electric power company.The data security intelligent management and control platform and big data security protection system were deployed for automatic data asset discovery,data classified management and data asset visualization,identity identification,access control and desensitization of data access of information systems,equipment and users,so as to realize all⁃round security protection in the whole process of data.In the data security automatic grading protection experiment,14 of the more than 300 tables were checked and spot checked manually,and the accuracy of grading marking reached 90%.After adjusting the system matching parameters,the accuracy reached 100%.The practical application of the platform shows that under the condition of safety and controllability,the data of each application system can be safely circulated and shared inside and outside the data center,and the data life cycle can be trusted,managed,contr
关 键 词:安全标签 自动分级 数据安全防护 数据全生命周期 数据脱敏
分 类 号:TN520.1060[电子电信]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
