荆州市洪湖市-土地管理业-宅基地使用权及房屋所有权首次登记

1.数据安全风险评估主要指识别和评估登记的数据资源、产 品和服务，在收集、存储、使用、流通、披露等全流程的安全风 险情况； 2.数据安全风险评估材料应包括以下要点： （1）信息系统安全。可从网络安全防护、开发运维管理、 云数据安全等方面进行评估； （2）数据安全管理。可从安全管理制度、安全组织机构、 分类分级管理、人员安全管理、合作方管理、安全审计等方面进 行评估； （3）数据安全技术。可从加密技术、身份鉴别与访问控制、 备份恢复、监测预警等方面进行评估； （4）数据处理活动安全。可从数据脱敏、数据防泄露、数 据接口安全、数据应用合规性等方面进行评估； （5）个人信息保护。含有个人信息的，说明个人信息告知、 同意、处理情况，以及个人信息主体权利保护措施等； （6）应急处置。可从应急预案和演练、安全事件处置等方 面进行评估。 3.数据安全风险评估材料需加盖公章，可由登记主体自行提 供，或由第三方专业机构出具。

1. Data security risk assessment mainly refers to the identification and evaluation of security risks in the entire process of collection, storage, use, circulation, disclosure and other stages of registered data resources, products and services; 2. The materials for data security risk assessment shall include the following key points: (1) Information system security: Assessments can be conducted from aspects such as cyber security protection, development and operation management, and cloud data security; (2) Data security management: Assessments can be conducted from aspects such as security management systems, security organizational structures, classified and graded management, personnel security management, partner management, and security audits; (3) Data security technology: Assessments can be conducted from aspects such as encryption technology, identity authentication and access control, backup and recovery, monitoring and early warning, etc.; (4) Data processing activity security: Assessments can be conducted from aspects such as data desensitization, data leakage prevention, data interface security, data application compliance, etc.; (5) Personal information protection: If personal information is involved, the notification, consent and processing status of personal information, as well as protection measures for the rights of personal information subjects, etc. shall be specified; (6) Emergency response: Assessments can be conducted from aspects such as emergency response plans and drills, security incident handling, etc.; 3. The materials for data security risk assessment shall be affixed with official seals, and may be provided by the registration subject itself or issued by a third-party professional institution.