Data Security Management System
Under the guidance of corporate data security protection objectives, organize customer information data, establish a sensitive data view, and implement classified protection; identify potential leak risks throughout the entire lifecycle of customer sensitive data and implement closed-loop risk management; define roles and permissions related to the use and management of sensitive data and link them with user organizational structure, personnel, positions, and responsibilities; **or refine the data security management system documentation, including strategies, systems, standards, and processes, etc.; promote the implementation of the data security management system and continue to supervise and improve it.**
Data Protection
Utilize dynamic document encryption technology, identity authentication technology, hardware binding technology, and other techniques to provide real-time, mandatory, and transparent encryption and decryption for *type files. Implement granular access controls on documents to ensure encrypted information is only accessible for *operations within specific authorized scopes. Manage the output of files (including external distribution, sharing, printing, copying) through encryption, anonymization, watermarking, and other methods.
Protect customer sensitive information data stored in the business database system, including database permission management, database access control, database operation auditing, and production data anonymization (including dynamic data anonymization and static data anonymization).
Data Leak Protection
**Achieve data leakage protection during generation, use, and transmission, including:
Network Data Leak Protection: Identifying and controlling sensitive data in transit at network exit points or security domain boundaries, and controlling or monitoring the transmission of sensitive data via email, WEB, FTP, and other network protocols.
End-point Data Leak Protection: Detects, identifies, and monitors sensitive data on computer terminals; enforces policy controls over unauthorized use and transmission of sensitive data; monitors terminal usage behaviors of sensitive data.
Identify Sensitive Data Storage: Scan structured and unstructured data stored on servers, databases, and repositories, detect and log sensitive data according to policy, and alert on unauthorized storage incidents.
