荆州市洪湖市-土地管理业-更正登记

数据安全风险评估材料要点参考 1.数据安全风险评估主要指识别和评估登记的数据资源、产 品和服务，在收集、存储、使用、流通、披露等全流程的安全风 险情况； 2.数据安全风险评估材料应包括以下要点： （1）信息系统安全。可从网络安全防护、开发运维管理、 云数据安全等方面进行评估； （2）数据安全管理。可从安全管理制度、安全组织机构、 分类分级管理、人员安全管理、合作方管理、安全审计等方面进 行评估； （3）数据安全技术。可从加密技术、身份鉴别与访问控制、 备份恢复、监测预警等方面进行评估； （4）数据处理活动安全。可从数据脱敏、数据防泄露、数 据接口安全、数据应用合规性等方面进行评估； （5）个人信息保护。含有个人信息的，说明个人信息告知、 同意、处理情况，以及个人信息主体权利保护措施等； （6）应急处置。可从应急预案和演练、安全事件处置等方 面进行评估。 3.数据安全风险评估材料需加盖公章，可由登记主体自行提 供，或由第三方专业机构出具。

Reference Points for Data Security Risk Assessment Materials 1. Data security risk assessment mainly refers to the identification and evaluation of security risks of registered data resources, products and services throughout their whole life cycle, including collection, storage, use, circulation, disclosure and other links; 2. The following key points shall be included in data security risk assessment materials: (1) Information system security. The assessment can be conducted from the aspects of cybersecurity protection, development and operation management, cloud data security, etc.; (2) Data security management. The assessment can be conducted from the aspects of security management systems, security organizations, classified and graded management, personnel security management, third-party partner management, security audit and other aspects; (3) Data security technology. The assessment can be conducted from the aspects of encryption technology, identity authentication and access control, backup and recovery, monitoring and early warning, etc.; (4) Data processing activity security. The assessment can be conducted from the aspects of data desensitization, data leakage prevention, data interface security, data application compliance and other aspects; (5) Personal information protection. If personal information is involved, the notification, consent and processing status of personal information, as well as the protection measures for the rights of personal information subjects, etc., shall be specified; (6) Emergency response. The assessment can be conducted from the aspects of emergency plans and drills, security incident handling and other aspects. 3. The data security risk assessment materials shall be affixed with the official seal, and may be provided by the registering entity itself or issued by a third-party professional institution.