Stock Abbreviation : Topsec      Stock Code : 002212
7*24 hour service: 400-777-0777
Product Service
View all
  • Infrastructure Network
  • Data security
  • Industrial Internet Security
  • IoT
  • Safety service and operation
  • Cloud computing and cloud security
  • Zero Trust
Border Security
Application Security
Security Management
Safety Detection
Endpoint Security
Popular products
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
Consulting and support services
Security Operations
Red blue confrontation service
Security Cloud Service
New technology testing services
Security integration
Industry specific services
Popular products
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
Special Topics in Security
Security Research
About Us
About Topsec
China's leading cyber security, big data and cloud service provider
Learn about Topsec
About Us
Contact Us
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
EN

Data Security

Guarantees security and controllability within the data life cycle

Background

With the increasing use of information technology in people's everyday life, the in-depth development of digital transformation, and the rapid growth and massive convergence of various types of data, information security has generated significant and far-reaching impact on economic development, social security, and people's livelihood. With the issuance and implementation of the Cybersecurity Law of the People's Republic of China, the Personal Information Protection Law of the People's Republic of China, and other data security laws in 2021, China's data security development officially ushered in the "compliance" era of systematic construction.

Relevant Policies
June 2017
The Cybersecurity Law issued in June 2017 stipulated that "Those who build, operate or use the network to provide services shall take technical and other necessary measures in accordance with the provisions of laws, administrative regulations, and the mandatory requirements of national standards to ensure the network's safe and stable operation; effectively respond to cybersecurity incidents; prevent illegal and criminal network activities; and maintain the integrity, confidentiality, and availability of network data.”
View Details
September 2021
The Data Security Law of the People's Republic of China issued in September 2021 stipulated that "To maintain data security, involved parties shall adhere to the overall national security concept, establish and improve a data security governance system, and improve the data security guarantee capability."
View Details
November 2021
The Personal Information Protection Law of the People's Republic of China issued in November 2021 stipulated that personal information processors shall "formulate internal management systems and operating procedures; implement classified management of personal information; take corresponding security technical measures such as encryption and de-identification; reasonably determine the operation authority of personal information processing; regularly carry out security education and training for employees; formulate and organize the implementation of emergency plans for personal information security incidents; and take other measures stipulated by laws and administrative regulations."
View Details
June 2017
The Cybersecurity Law issued in June 2017 stipulated that "Those who build, operate or use the network to provide services shall take technical and other necessary measures in accordance with the provisions of laws, administrative regulations, and the mandatory requirements of national standards to ensure the network's safe and stable operation; effectively respond to cybersecurity incidents; prevent illegal and criminal network activities; and maintain the integrity, confidentiality, and availability of network data.”
View Details
September 2021
The Data Security Law of the People's Republic of China issued in September 2021 stipulated that "To maintain data security, involved parties shall adhere to the overall national security concept, establish and improve a data security governance system, and improve the data security guarantee capability."
View Details
November 2021
The Personal Information Protection Law of the People's Republic of China issued in November 2021 stipulated that personal information processors shall "formulate internal management systems and operating procedures; implement classified management of personal information; take corresponding security technical measures such as encryption and de-identification; reasonably determine the operation authority of personal information processing; regularly carry out security education and training for employees; formulate and organize the implementation of emergency plans for personal information security incidents; and take other measures stipulated by laws and administrative regulations."
View Details
Requirement Analysis
Lack of systematic data security planning
The data assets and data risks are uncertain and there is a lack of high-level data security system planning.
Lack of data security organization structure
There is no data security organization structure, and data security rights and responsibilities are not clearly defined.
Lack of data security management system
There is no full life cycle management system and a lack of basis for technology implementation.
Lack of data security protection technology
The data security capability is scattered, and there is a lack of full life cycle protection capability for data.
Lack of data security operation capability
There is a lack of a data security operation organization and technical capacity for data security operations.
Lack of data security monitoring capability
There is a lack of monitoring processes and specifications, which makes it difficult to meet the requirements of internal and external monitoring.
Technical System
After evaluating the gap between the user's organizational structure, management system, technical capability, and personnel capability, the data security professional service personnel design the data security governance system planning according to the actual data interaction process, data security risk scenarios, and risk points, referring to the GB/T 37988-2019 Information security technology - Data security capability maturity model. After planning the data security governance system, build the data security organization structure and establish the authority-responsibility relationships among multiple role organizations, such as the data security decision-making organization, the data security management organization, and the data security audit organization, to provide basic support for data security construction. In terms of data security system construction, on the premise of combining the user's actual data interaction scenarios, security risks, and compliance with the requirements of laws and regulations, put forward differentiated protection requirements for different levels of data, providing a basis for the implementation of technical capabilities. In terms of data security protection technology construction, according to the provisions of the data security management system, build basic data security protection capabilities such as access control, data leakage prevention, and data audit in the full life cycle, to implement the basic data security protection capabilities in the full life cycle. In terms of data security operation and control capacity construction, by combining the data security governance system with the data security protection system and paying equal attention to technology and management, build the data asset identification management, data classified management, data risk identification management, data security incident management, and data security audit capacity to realize a closed-loop operation process. In terms of data security monitoring capacity construction, from the perspective of internal and external monitoring, according to the authority-responsibility relationships as well as the relevant requirements of external industry monitoring and territorial monitoring, build a list of data assets, a list of classification, a list of sensitive data, and a list of data security risks, and develop interfaces, so as to achieve the ability to report monitoring data.
Comprehensive Strength
Topsec is one of the first cyber security companies to deploy in the field of data security. It took the lead in proposing the idea of building a "data-centric security system". It also proposed the idea of building a data security governance system in "six steps" based on years of experience in data security. These ideas have been implemented on a large scale among major customers in more than 10 sectors, including government, web service, energy, finance, and education. In terms of standard establishment and major national scientific research projects, Topsec has participated in the compilation of more than 90 data security standards and specifications and more than 50 major national scientific and technological projects, including national key R&D programs and industrial Internet innovation and development projects. In terms of talent cultivation, Topsec is the exclusive operating agency of Certified Information Security Professional - Data Security Governance (CISP-DSG) training. It has trained thousands of data security governance talents for the country. In 2022, Topsec and Guoce Group jointly launched the Certified Information Security Professional - Data Protection Officer (CISP-DPO) certification system developed on CISP-DSG to encourage Chinese data security talents to develop in the "professional", "comprehensive", and "systematic" trend.
Relevant Recommendations
RELIABLE NETWORK SAFE WORLD

Product Service

Security Research

Special Topics in Security

About Us
Hot products
Next Generation Firewall NGFW® Hyper-converged Management Emergency Response Service Data Security Management Platform
Typical cases
CNCC security construction project Loophole Scanning Project of a Communication Group Internet surface exposure detection project of a central ministry
More Recommendations
Data Security Cloud Computing Industrial Internet Internet of Vehicles
Copyright © 2022 Topsec Technologies Group. All Rights Reserved Privacy Policy