[go: up one dir, main page]

CN114531267B - Data asset management method and system - Google Patents

Data asset management method and system Download PDF

Info

Publication number
CN114531267B
CN114531267B CN202111662653.2A CN202111662653A CN114531267B CN 114531267 B CN114531267 B CN 114531267B CN 202111662653 A CN202111662653 A CN 202111662653A CN 114531267 B CN114531267 B CN 114531267B
Authority
CN
China
Prior art keywords
data
security
information
identification
policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111662653.2A
Other languages
Chinese (zh)
Other versions
CN114531267A (en
Inventor
黄涛
申大伟
谢云明
王晓磊
范伟宁
郭壮
支琛
刘森
郭晓超
管清鑫
史知贺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaneng Information Technology Co Ltd
Original Assignee
Huaneng Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaneng Information Technology Co Ltd filed Critical Huaneng Information Technology Co Ltd
Priority to CN202111662653.2A priority Critical patent/CN114531267B/en
Publication of CN114531267A publication Critical patent/CN114531267A/en
Application granted granted Critical
Publication of CN114531267B publication Critical patent/CN114531267B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention relates to the field of data assets, and particularly discloses a data asset management method and system. The embodiment of the invention manages the data registration of the data asset, generates data directory information in the data center station, and uploads and stores the data asset; exchanging the data directory information to a security center; in the security center, security identification of three dimensions of a secret domain, an application domain and an environment domain is carried out on the data directory information, and security identification data information is generated; and carrying out security policy calculation according to the security identification data information, generating a policy decision, and carrying out security release on the data asset according to the policy decision. The method can register and manage the data asset, perform security identification of three dimensions of a security domain, an application domain and an environment domain on the data directory information, further perform security policy calculation through the security identification, and perform security release according to policy decision, thereby effectively improving security protection of the data asset.

Description

Data asset management method and system
Technical Field
The invention belongs to the field of data assets, and particularly relates to a data asset management method and system.
Background
The security protection of data assets is mainly to schedule security capabilities through the execution of security policies, providing a secure environment for the data assets. To set security policies for a data asset, it is necessary to fully understand the details of the data asset. The existing data asset management method and system generally cannot accurately and fully analyze the data asset, cannot provide comprehensive safety identification for the data asset, cannot mobilize the arrangement, the scheduling and the execution of the safety strategy for the data asset, and causes low safety protection for the data asset.
Disclosure of Invention
The embodiment of the invention aims to provide a data asset management method and system, which aim to solve the problems in the background technology.
In order to achieve the above object, the embodiment of the present invention provides the following technical solutions:
a method of data asset management, the method comprising in particular the steps of:
managing data registration of data assets, generating data directory information in a data center station, and uploading and storing the data assets;
exchanging the data catalog information to a safe middle station in a data interface mode;
in the security center, security identification of three dimensions of a security domain, an application domain and an environment domain is carried out on the data directory information, and security identification data information is generated;
and carrying out security policy calculation according to the security identification data information, generating a policy decision, and carrying out security release on the data asset according to the policy decision.
As a further limitation of the technical solution of the embodiment of the present invention, the managing the registration of data of the data asset, generating data directory information in the data center station, and uploading and storing the data asset specifically includes the following steps:
acquiring data registration information of the data asset;
calling an interface of the data center station, and synchronizing the data registration information to the data center station;
processing the data registration information in the data center station to generate data directory information;
uploading and storing the data asset, generating a storage address, and hooking the storage address with the data directory information.
As a further limitation of the technical solution of the embodiment of the present invention, the processing the data registration information in the data center station, and generating data directory information specifically includes the following steps:
editing the data registration information to generate data editing information;
judging whether the data asset is registered according to the data editing information;
if the data asset is registered, canceling the data editing information;
and if the data asset is not registered, cataloging the data editing information to generate data cataloging information.
As a further limitation of the technical solution of the embodiment of the present invention, the exchanging, by means of a data interface, the data directory information to a security center station specifically includes the following steps:
performing interface release according to the storage address to generate a data interface;
and exchanging the data directory information to a security center through the data interface.
As a further limitation of the technical solution of the embodiment of the present invention, in the security center, performing security identification of three dimensions of a security domain, an application domain and an environment domain on the data directory information, and generating security identification data information specifically includes the following steps:
carrying out security identification of a security domain on the data directory information to generate first security identification information;
carrying out security identification of an application domain on the first security identification information to generate second security identification information;
and carrying out security identification of an environment domain on the second security identification information to generate security identification data information.
As a further limitation of the technical solution of the embodiment of the present invention, the performing security policy calculation according to the security identification data information, generating a policy decision, and performing security publishing on the data asset according to the policy decision specifically includes the following steps:
performing security policy calculation on the data asset through the security identification data information to generate a policy decision;
acquiring safety environment information;
generating a policy enforcement engine according to the security environment information and the policy decision;
and driving the safe release of the data asset according to the strategy execution engine.
A data asset management system, the system comprising a registration management storage unit, an interface information exchange unit, an information security identification unit, and a security policy issuing unit, wherein:
a registration management storage unit for managing data registration of the data asset, generating data directory information in the data center station, and uploading and storing the data asset;
the interface information exchange unit is used for exchanging the data directory information to the security center station in a data interface mode;
the information security identification unit is used for carrying out security identification of three dimensions of a secret domain, an application domain and an environment domain on the data directory information in the security center station to generate security identification data information;
the security policy issuing unit is used for performing security policy calculation according to the security identification data information, generating a policy decision, and performing security issuing on the data asset according to the policy decision.
As a further limitation of the technical solution of the embodiment of the present invention, the registration management storage unit specifically includes:
a registration information acquisition module for acquiring data registration information of the data asset;
the registration information synchronizing module is used for calling an interface of the data center station and synchronizing the data registration information to the data center station;
the registration information processing module is used for processing the data registration information in the data center station to generate data directory information;
and the uploading storage hooking module is used for uploading and storing the data asset, generating a storage address and hooking the storage address with the data directory information.
As a further limitation of the technical solution of the embodiment of the present invention, the information security identification unit specifically includes:
the security domain identification module is used for carrying out security identification of the security domain on the data directory information and generating first security identification information;
the application domain identification module is used for carrying out the security identification of the application domain on the first security identification information and generating second security identification information;
and the environment domain identification module is used for carrying out security identification of the environment domain on the second security identification information and generating security identification data information.
As a further limitation of the technical solution of the embodiment of the present invention, the security policy issuing unit specifically includes:
the security policy calculation module is used for carrying out security policy calculation on the data asset through the security identification data information to generate a policy decision;
the environment information acquisition module is used for acquiring the safety environment information;
the execution engine generation module is used for generating a policy execution engine according to the security environment information and the policy decision;
and the data security release module is used for driving the security release of the data asset according to the policy execution engine.
Compared with the prior art, the invention has the beneficial effects that:
the embodiment of the invention manages the data registration of the data asset, generates data directory information in the data center station, and uploads and stores the data asset; exchanging the data directory information to a security center; in the security center, security identification of three dimensions of a secret domain, an application domain and an environment domain is carried out on the data directory information, and security identification data information is generated; and carrying out security policy calculation according to the security identification data information, generating a policy decision, and carrying out security release on the data asset according to the policy decision. The method can register and manage the data asset, perform security identification of three dimensions of a security domain, an application domain and an environment domain on the data directory information, further perform security policy calculation through the security identification, and perform security release according to policy decision, thereby effectively improving security protection of the data asset.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following description will briefly introduce the drawings that are needed in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the present invention.
Fig. 1 shows a flowchart of a method provided by an embodiment of the present invention.
FIG. 2 illustrates a flow chart of data asset registration management and storage in a method provided by an embodiment of the invention.
Fig. 3 shows a flowchart of data registration information processing in the method provided by the embodiment of the invention.
Fig. 4 shows a flow chart of data directory information exchange in the method provided by the embodiment of the invention.
Fig. 5 shows a flowchart of a data directory information security identifier in a method according to an embodiment of the present invention.
FIG. 6 illustrates a flow chart of a secure distribution of data assets in a method provided by an embodiment of the invention.
Fig. 7 shows an application architecture diagram of a system provided by an embodiment of the present invention.
Fig. 8 is a block diagram showing a configuration of a registration management storage unit in the system according to the embodiment of the present invention.
Fig. 9 shows a block diagram of the information security identification unit in the system according to the embodiment of the present invention.
Fig. 10 is a block diagram illustrating a configuration of a security policy issuing unit in the system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
It can be appreciated that in the prior art, the data asset management method and system generally cannot accurately and sufficiently analyze the data asset, cannot provide a comprehensive security identifier for the data asset, and cannot mobilize the arrangement, scheduling and execution of the security policy for the data asset, resulting in low security protection for the data asset.
In order to solve the problems, the embodiment of the invention manages the data registration of the data asset, generates data directory information in the data center station, and uploads and stores the data asset; exchanging the data directory information to a security center; in the security center, security identification of three dimensions of a secret domain, an application domain and an environment domain is carried out on the data directory information, and security identification data information is generated; and carrying out security policy calculation according to the security identification data information, generating a policy decision, and carrying out security release on the data asset according to the policy decision. The method can register and manage the data asset, perform security identification of three dimensions of a security domain, an application domain and an environment domain on the data directory information, perform security policy calculation through the security identification, perform security release according to policy decision, and improve security protection on the data asset.
Fig. 1 shows a flowchart of a method provided by an embodiment of the present invention.
Specifically, a data asset management method specifically includes the following steps:
step S101, data registration of the data asset is managed, data directory information is generated in the data center station, and the data asset is uploaded and stored.
In the embodiment of the invention, the data registration information obtained by the data registration of the user according to the registered data resource catalog is obtained, the data registration information is managed, the data catalog information is generated in the data center station, the data asset is uploaded to the designated storage position, and the storage position of the data asset is hung with the data catalog information, so that the data catalog information is conveniently accessed to download the data asset file.
Specifically, fig. 2 shows a flowchart of data asset registration management and storage in the method provided by the embodiment of the invention.
In a preferred embodiment of the present invention, the managing the data registration of the data asset, generating data directory information in the data center station, and uploading and storing the data asset specifically includes the following steps:
step S1011, obtaining data registration information of the data asset.
In the embodiment of the invention, the data registration information obtained by the data registration of the data asset according to the registration data resource catalog by the user is obtained.
It will be appreciated that registering the data resource catalog includes: catalog classification, data resource name, data resource number, data resource storage format, data resource abstract, data type, storage capacity, record number, data consumption mode, data item name, data item type, data item length, update period, storage physical location, storage network location, data resource catalog consumption mode introduction, consumption mode example information, data materialization information and the like.
Step S1012, calling the interface of the data center station, and synchronizing the data registration information to the data center station.
In the embodiment of the invention, after the acquisition of the data registration information is completed, the data center station synchronously acquires the data registration information in an interface mode.
Step S1013, the data registration information is processed in the data center station to generate data directory information.
In the embodiment of the invention, the data registration information is edited, catalogued and the like in the data center station to generate data catalogue information.
Specifically, fig. 3 shows a flowchart of data registration information processing in the method provided by the embodiment of the invention.
In a preferred embodiment of the present invention, the processing the data registration information in the data center station, and generating data directory information specifically includes the following steps:
step S10131, edit the data registration information to generate data editing information.
In the embodiment of the invention, the data registration information is corrected by editing the data registration information, so as to generate the data editing information.
Step S10132, judge whether the said data asset is registered according to the said data editing information.
In an embodiment of the present invention, it is determined whether the data asset is registered by polling the data-in-station for data editing information.
Step S10133, if the data asset is registered, the data editing information is logged off.
In the embodiment of the invention, when the data asset is registered, the data editing information is logged off, and the corresponding data asset is logged off.
Step S10134, if the data asset is not registered, performing cataloging processing on the data editing information to generate data catalogue information.
In the embodiment of the invention, when the data asset is not registered, cataloging processing is carried out on the data editing information, and various cataloging information of the data editing information is arranged to generate the data cataloging information.
Further, the managing the data registration of the data asset, generating data directory information in the data center station, and uploading and storing the data asset further includes the following steps:
step S1014, uploading and storing the data asset, generating a storage address, and hooking the storage address with the data directory information.
In the embodiment of the invention, the data asset file is uploaded to the appointed storage position, the storage address is generated, the storage address is hung with the data directory information, and the data asset file can be downloaded from the data directory information when the data directory information is accessed.
Further, the data asset management method further comprises the following steps:
step S102, exchanging the data directory information to a security center station by means of a data interface.
In the embodiment of the invention, the security center provides a data interface, the data center calls the interface, the data directory information required by the security center is exchanged to the security center, and the exchange result is fed back after the exchange of the data directory information is completed.
Specifically, fig. 4 shows a flowchart of data directory information exchange in the method provided by the embodiment of the present invention.
In a preferred embodiment of the present invention, the exchanging the data directory information to the security center station by means of the data interface includes the following steps:
step S1021, performing interface release according to the storage address to generate a data interface.
In an embodiment of the invention, the security console provides the data interface according to the storage address of the data asset file.
Step S1022, exchanging the data directory information to the security center through the data interface.
In the embodiment of the invention, the data center calls the interface, exchanges the data directory information required by the security center to the security center, and after the exchange of the data directory information is completed, the security center calls back the interface of the data center to inform the exchange result of the data directory information.
Further, the data asset management method further comprises the following steps:
and step S103, in the security center, security identification of three dimensions of a security domain, an application domain and an environment domain is carried out on the data directory information, and security identification data information is generated.
In the embodiment of the invention, portrait operation is carried out on the data directory information, and security identification of three dimensions of a security domain, an application domain and an environment domain is carried out. Wherein the security domain is a security identifier for adding the security domain to the data directory information, comprising: secret registration, secret mode, etc.; the application domain is a secure identification for adding the application domain to the data directory information, comprising: data display, data analysis, production decision and the like; the environment domain is a security identification that adds an environment domain to the data directory information, including: encrypted transmission, authorized access, non-downloadable, etc.
Specifically, fig. 5 shows a flowchart of a data directory information security identifier in the method provided by the embodiment of the present invention.
In the preferred embodiment of the present invention, in the security center, security identification of three dimensions of a security domain, an application domain and an environment domain is performed on the data directory information by means of a data interface, and the generation of security identification data information specifically includes the following steps:
step S1031, performing security identification of the security domain on the data directory information, and generating first security identification information.
In the embodiment of the invention, a security identifier is added to data directory information through a security domain label component to generate first security identifier information, and the security domain security identifier comprises: secret registration, secret mode, etc.
Step S1032, performing security identification of the application domain on the first security identification information, and generating second security identification information.
In the embodiment of the invention, the security application domain label component adds the security identifier to the data directory information to generate the second security identifier information, and the application domain security identifier comprises: data presentation, data analysis, production decisions, and the like.
Step S1033, performing security identification of the environment domain on the second security identification information, and generating security identification data information.
In the embodiment of the invention, the security identifier is added to the data directory information through the security environment domain label component, the security identifier data information is generated, and the environment domain security identifier comprises: encrypted transmission, authorized access, non-downloadable, etc.
Further, the data asset management method further comprises the following steps:
step S104, carrying out security policy calculation according to the security identification data information, generating a policy decision, and carrying out security release on the data asset according to the policy decision.
In the embodiment of the invention, the security center calculates the security policy of the data asset through the security identification data information, calculates the security policy through four dimensions of the security identification data information, the user security identification, the endpoint security identification and the security equipment security identification, generates a policy decision by combining the information such as security event analysis, security information, security situation awareness and the like, and performs security release on the data asset according to the policy decision.
Specifically, fig. 6 shows a flowchart of data asset security publication in the method provided by the embodiment of the present invention.
In a preferred embodiment of the present invention, the performing security policy calculation according to the security identification data information, generating a policy decision, and performing security publishing on the data asset according to the policy decision specifically includes the following steps:
step S1041, performing security policy calculation on the data asset according to the security identification data information, and generating a policy decision.
In the embodiment of the invention, the security center calculates the security policy by combining the security identification data information with the user security identification, the endpoint security identification and the security equipment security identification to generate a policy decision.
In step S1042, security environment information is obtained.
In the embodiment of the invention, the safety environment information such as safety event analysis, safety information, safety situation awareness and the like is acquired.
Step S1043, generating a policy enforcement engine according to the security environment information and the policy decision.
In the embodiment of the invention, a strategy execution engine for arranging strategy decisions is generated according to the safety environment information and the strategy decisions.
Step S1044, driving the safe release of the data asset according to the policy enforcement engine.
In the embodiment of the invention, the data asset is driven to be published according to the strategy execution engine, so that the safety protection is carried out for the published process, and the safety protection capability of the data asset is improved.
Further, fig. 7 shows an application architecture diagram of the system provided by the embodiment of the present invention.
In another preferred embodiment, the present invention provides a data asset management system, comprising:
a registration management storage unit 101 for managing data registration of data assets, generating data directory information in a data center station, and uploading and storing the data assets.
In the embodiment of the present invention, the registration management storage unit 101 obtains the data registration information obtained by the user performing data registration according to the registered data resource directory, manages the data registration information, generates the data directory information in the data center, uploads the data asset to the designated storage location, and connects the storage location of the data asset with the data directory information, so as to facilitate accessing the data directory information to download the data asset file.
Specifically, fig. 8 shows a block diagram of the registration management storage unit 101 in the system provided by the embodiment of the present invention.
In a preferred embodiment of the present invention, the registration management storage unit 101 specifically includes:
a registration information acquisition module 1011 for acquiring data registration information of the data asset.
In the embodiment of the present invention, the registration information acquisition module 1011 acquires data registration information obtained by the user performing data registration on the data asset according to the registration data resource directory.
And the registration information synchronizing module 1012 is used for calling the interface of the data center station and synchronizing the data registration information to the data center station.
In the embodiment of the invention, the registration information synchronization module 1012 controls the data center station to synchronously acquire the data registration information through an interface.
The registration information processing module 1013 is configured to process the data registration information in the data center station and generate data directory information.
In the embodiment of the present invention, the registration information processing module 1013 performs editing, catalog materialization, and the like on the data registration information to generate data catalog information.
An upload store hooking module 1014 is configured to upload the data asset to store, generate a storage address, and hook the storage address with the data directory information.
In an embodiment of the present invention, the upload store hooking module 1014 uploads a data asset file to a designated storage location, generates a storage address, and hooks the storage address with data directory information from which the data asset file may be downloaded when the data directory information is accessed.
Further, the data asset management system further comprises:
and the interface information exchange unit 102 is used for exchanging the data directory information to the security center station by means of a data interface.
In the embodiment of the present invention, the interface information exchange unit 102 controls the security center to provide a data interface, the data center calls the interface, exchanges the data directory information required by the security center to the security center, and feeds back the exchange result after the exchange of the data directory information is completed.
And the information security identification unit 103 is configured to perform security identification of three dimensions of a secret domain, an application domain and an environment domain on the data directory information in the security center, and generate security identification data information.
In the embodiment of the invention, the information security identification unit 103 performs portrait operation on the data directory information, and performs security identification of three dimensions of a security domain, an application domain and an environment domain.
Specifically, fig. 9 shows a block diagram of the information security identifier 103 in the system according to the embodiment of the present invention.
In a preferred embodiment of the present invention, the information security identification unit 103 specifically includes:
the security domain identification module 1031 is configured to perform security identification of a security domain on the data directory information, and generate first security identification information.
In the embodiment of the present invention, the security domain identification module 1031 adds a security identifier to the data directory information through the security domain tag component, and generates first security identification information, where the security domain security identifier includes: secret registration, secret mode, etc.
The application domain identification module 1032 is configured to perform security identification of an application domain on the first security identification information, and generate second security identification information.
In the embodiment of the present invention, the application domain identification module 1032 adds, through the security application domain label component, a security identification to the data directory information, and generates second security identification information, where the application domain security identification includes: data presentation, data analysis, production decisions, and the like.
And an environment domain identification module 1033, configured to perform security identification of the environment domain on the second security identification information, and generate security identification data information.
In the embodiment of the present invention, the environment domain identification module 1033 adds a security identifier to the data directory information through the security environment domain label component, and generates security identifier data information, where the environment domain security identifier includes: encrypted transmission, authorized access, non-downloadable, etc.
Further, the data asset management system further comprises:
the security policy issuing unit 104 is configured to perform security policy calculation according to the security identification data information, generate a policy decision, and perform security issuing on the data asset according to the policy decision.
In the embodiment of the present invention, the security policy issuing unit 104 controls the security center to perform security policy calculation on the data asset through the security identification data information, performs security policy calculation through four dimensions of the security identification data information, the user security identification, the endpoint security identification, the security equipment security identification, and generates a policy decision by combining the security event analysis, the security information, the security situation awareness, and other information, and performs security issuing on the data asset according to the policy decision.
Specifically, fig. 10 shows a block diagram of the security policy issuing unit 104 in the system according to the embodiment of the present invention.
In a preferred embodiment of the present invention, the security policy issuing unit 104 specifically includes:
the security policy calculation module 1041 is configured to perform security policy calculation on the data asset according to the security identification data information, and generate a policy decision.
In the embodiment of the present invention, the security policy calculation module 1041 controls the security center to perform security policy calculation by combining the security identifier data information with the user security identifier, the endpoint security identifier, and the security device security identifier, so as to generate a policy decision.
The environment information acquiring module 1042 is configured to acquire security environment information.
In the embodiment of the present invention, the environment information acquiring module 1042 acquires security environment information such as security event analysis, security information, security situation awareness, etc.
The execution engine generating module 1043 is configured to generate a policy execution engine according to the security environment information and the policy decision.
In an embodiment of the present invention, the execution engine generation module 1043 generates a policy execution engine for scheduling policy decisions according to the security environment information and the policy decisions.
The data security publishing module 1044 is configured to drive security publishing of the data asset according to the policy enforcement engine.
In the embodiment of the invention, the data security publishing module 1044 drives the data asset to publish according to the policy execution engine, so as to perform security protection for the published process and improve the security protection capability for the data asset.
In summary, the embodiment of the invention can register, register and manage the data asset, and perform security identification of three dimensions of a security domain, an application domain and an environment domain on the data directory information, so as to perform security policy calculation through the security identification, and perform security release according to policy decision, thereby effectively improving security protection of the data asset.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in various embodiments may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the sub-steps or stages of other steps or other steps.
Those skilled in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a non-volatile computer readable storage medium, and where the program, when executed, may include processes in the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the invention and are described in detail herein without thereby limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention.

Claims (8)

1. A method of data asset management, the method comprising the steps of:
managing data registration of data assets, generating data directory information in a data center station, and uploading and storing the data assets;
exchanging the data catalog information to a safe middle station in a data interface mode;
in the security center, security identification of a security domain is carried out on the data directory information, and first security identification information is generated, wherein the security identification of the security domain comprises the following steps: a secret registration and a secret mode;
performing security identification of an application domain on the first security identification information to generate second security identification information, wherein the application domain security identification comprises: data display, data analysis and production decision;
performing security identification of an environment domain on the second security identification information to generate security identification data information, wherein the security identification of the environment domain comprises: encrypted transmission, authorized access, and not downloadable;
performing security policy calculation according to the security identification data information, generating a policy decision, and performing security release on the data asset according to the policy decision;
the method for carrying out security policy calculation according to the security identification data information to generate a policy decision, and carrying out security release on the data asset according to the policy decision specifically comprises the following steps of carrying out security policy calculation on the data asset through the security identification data information to generate a policy decision, wherein the security policy calculation method comprises the steps that a security center carries out security policy calculation through the security identification data information and combines a user security identifier, an endpoint security identifier and a security device security identifier;
acquiring safety environment information, wherein the environment information comprises safety event analysis, safety information and safety situation sense;
generating a strategy execution engine for arranging strategy decisions according to the safety environment information and the strategy decisions;
and driving the safe release of the data asset according to the strategy execution engine.
2. The method of claim 1, wherein the managing the data registration of the data asset, generating data directory information in the data center station, and uploading and storing the data asset specifically comprises the steps of:
acquiring data registration information of the data asset;
calling an interface of the data center station, and synchronizing the data registration information to the data center station;
processing the data registration information in the data center station to generate data directory information;
uploading and storing the data asset, generating a storage address, and hooking the storage address with the data directory information.
3. The method for managing data assets according to claim 2, wherein said processing said data registration information in said data center station, generating data directory information, specifically includes the steps of:
editing the data registration information to generate data editing information;
judging whether the data asset is registered according to the data editing information;
if the data asset is registered, canceling the data editing information;
and if the data asset is not registered, cataloging the data editing information to generate data cataloging information.
4. A method of managing data assets according to claim 2, wherein said exchanging said data directory information to a security center station by way of a data interface includes the steps of:
performing interface release according to the storage address to generate a data interface;
and exchanging the data directory information to a security center through the data interface.
5. A data asset management system, the system comprising a registration management storage unit, an interface information exchange unit, an information security identification unit, and a security policy issuing unit, wherein:
a registration management storage unit for managing data registration of the data asset, generating data directory information in the data center station, and uploading and storing the data asset;
the interface information exchange unit is used for exchanging the data directory information to the security center station in a data interface mode;
the information security identification unit is used for carrying out security identification of a security domain on the data directory information in the security center station to generate first security identification information, and the security domain security identification comprises: performing security registration and security mode, performing security identification of an application domain on the first security identification information, and generating second security identification information, wherein the security identification of the application domain comprises: performing data display, data analysis and production decision, performing security identification of an environment domain on the second security identification information, and generating security identification data information, wherein the security identification of the environment domain comprises: encrypted transmission, authorized access, and not downloadable;
the security policy issuing unit is used for performing security policy calculation according to the security identification data information to generate a policy decision, and performing security issuing on the data asset according to the policy decision, the security policy calculation is performed according to the security identification data information to generate a policy decision, and the security issuing on the data asset according to the policy decision specifically comprises the following steps of performing security policy calculation on the data asset through the security identification data information to generate a policy decision, wherein the security policy calculation method comprises the steps of performing security policy calculation by a security center station through the security identification data information and combining a user security identification, an endpoint security identification and a security equipment security identification to obtain security environment information, wherein the environment information comprises security event analysis, security information and security situational awareness, generating a policy execution engine for arranging the policy decision according to the security environment information and the policy decision, and driving the security issuing on the data asset according to the policy execution engine.
6. The data asset management system of claim 5, wherein said registration management storage unit specifically comprises:
a registration information acquisition module for acquiring data registration information of the data asset;
the registration information synchronizing module is used for calling an interface of the data center station and synchronizing the data registration information to the data center station;
the registration information processing module is used for processing the data registration information in the data center station to generate data directory information;
and the uploading storage hooking module is used for uploading and storing the data asset, generating a storage address and hooking the storage address with the data directory information.
7. The data asset management system of claim 5, wherein said information security identification unit comprises:
the security domain identification module is used for carrying out security identification of the security domain on the data directory information and generating first security identification information;
the application domain identification module is used for carrying out the security identification of the application domain on the first security identification information and generating second security identification information;
and the environment domain identification module is used for carrying out security identification of the environment domain on the second security identification information and generating security identification data information.
8. The data asset management system of claim 5, wherein said security policy issuing unit specifically comprises:
the security policy calculation module is used for carrying out security policy calculation on the data asset through the security identification data information to generate a policy decision;
the environment information acquisition module is used for acquiring the safety environment information;
the execution engine generation module is used for generating a policy execution engine according to the security environment information and the policy decision;
and the data security release module is used for driving the security release of the data asset according to the policy execution engine.
CN202111662653.2A 2021-12-31 2021-12-31 Data asset management method and system Active CN114531267B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111662653.2A CN114531267B (en) 2021-12-31 2021-12-31 Data asset management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111662653.2A CN114531267B (en) 2021-12-31 2021-12-31 Data asset management method and system

Publications (2)

Publication Number Publication Date
CN114531267A CN114531267A (en) 2022-05-24
CN114531267B true CN114531267B (en) 2024-01-23

Family

ID=81621352

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111662653.2A Active CN114531267B (en) 2021-12-31 2021-12-31 Data asset management method and system

Country Status (1)

Country Link
CN (1) CN114531267B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6499110B1 (en) * 1998-12-23 2002-12-24 Entrust Technologies Limited Method and apparatus for facilitating information security policy control on a per security engine user basis
JP2005004549A (en) * 2003-06-12 2005-01-06 Fuji Electric Holdings Co Ltd Policy server, policy setting method, access control method, program
CN104813337A (en) * 2012-12-21 2015-07-29 迈克菲公司 Hardware management interface
CN108965289A (en) * 2018-07-10 2018-12-07 北京明朝万达科技股份有限公司 A kind of network security collaboration means of defence and system
CN111597267A (en) * 2020-05-21 2020-08-28 中建材信息技术股份有限公司 A data middle platform and construction method based on multi-layer service engine
CN112687097A (en) * 2020-11-16 2021-04-20 招商新智科技有限公司 Highway highway section level data center platform system
CN112712286A (en) * 2021-01-15 2021-04-27 科技谷(厦门)信息技术有限公司 Data asset management method based on data middleboxes

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6499110B1 (en) * 1998-12-23 2002-12-24 Entrust Technologies Limited Method and apparatus for facilitating information security policy control on a per security engine user basis
JP2005004549A (en) * 2003-06-12 2005-01-06 Fuji Electric Holdings Co Ltd Policy server, policy setting method, access control method, program
CN104813337A (en) * 2012-12-21 2015-07-29 迈克菲公司 Hardware management interface
CN108965289A (en) * 2018-07-10 2018-12-07 北京明朝万达科技股份有限公司 A kind of network security collaboration means of defence and system
CN111597267A (en) * 2020-05-21 2020-08-28 中建材信息技术股份有限公司 A data middle platform and construction method based on multi-layer service engine
CN112687097A (en) * 2020-11-16 2021-04-20 招商新智科技有限公司 Highway highway section level data center platform system
CN112712286A (en) * 2021-01-15 2021-04-27 科技谷(厦门)信息技术有限公司 Data asset management method based on data middleboxes

Also Published As

Publication number Publication date
CN114531267A (en) 2022-05-24

Similar Documents

Publication Publication Date Title
CN108769212B (en) Data synchronization method and device, computer equipment and storage medium
CN112422544B (en) Machine room equipment information monitoring system based on MQTT communication protocol
US10185894B2 (en) Picture management method and device, picture synchronization method and device
CN110391906B (en) Data processing method based on block chain, electronic device and readable storage medium
CN111400367B (en) Service report generation method, device, computer equipment and storage medium
CN111626895B (en) Power equipment monitoring information recording method, system, device and computer equipment
CN108364242A (en) The copyright for preserving intermediate file really weighs method and device
CN112966042A (en) Law enforcement recorder information processing method and system based on block chain
CN108924258A (en) Background information method for pushing, device, computer equipment and storage medium
CN109544087A (en) Meeting schedule method and system
CN115085902A (en) Power grid dispatching log management method and system
CN111061798A (en) Configurable data transmission and monitoring method, equipment and medium
CN107294955B (en) Electronic file encryption middleware control system and method
CN116382596B (en) Space-time big data storage method and system based on distributed technology
CN117314471A (en) Standard substance traceability management method and system
CN114531267B (en) Data asset management method and system
CN119048979A (en) Bian Yun-collaborative AI technology-based intelligent warehouse cargo control system, device and medium
CN108234467B (en) A method and system for judging the authenticity of engineering construction photos
WO2019194794A1 (en) Social media content management
CN113094394B (en) Data access method, device, computer equipment and storage medium
CN113489705B (en) Method and device storage medium for capturing HTTP (hyper text transport protocol) communication data of application program
CN116089104A (en) Data synchronization method, device, computer equipment, storage medium and product
CN111984996A (en) Human resource information sharing processing method, device, computer and storage medium
CN116684282B (en) Method and device for initializing newly-added cloud server and computer equipment
CN111161055A (en) Data processing method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant