Based on the data life cycle of electronic data in the business scenarios of organizations in the big data environment, this standard constructs the normative data security capability maturity grading model and evaluation method of data security process from four aspects of organizational construction, institutional process, technical tools and personnel capacity.
This standard is applicable to the assessment of the data security capability of an organization by itself and to the assessment of the data security capability of an organization by a third party
This standard uses the capability Maturity Model (CMM) as a reference to measure the capability maturity level based on the general practice of the CMM. Based on the security requirements in the Requirements, it defines the data security process areas and basic practices to guide organizations on how to continuously meet the corresponding security requirements.
Based on fully definition and methodology of former framework of data security capability assessment of former framework of data security capability of information security Technology big Data Service (hereinafter referred to as the Requirements), the definition and methodology of former framework of data security capability assessment comes to shape. Defines big data service in the "requirements" ? donors should have ability to organize relevant basic safety related data and data life cycle services security ability, aimed at the requirements defined in this standard of each security requirements defined the basic practice, and according to the maturity level of the definition of general practice, this standard grade evaluation on the basic practice.
This standard describes the maturity model and methodology of data security capability assessment, which is completely consistent with the Requirements in the process area level and mapped to the Requirements in the basic practice level. The two standards can support and invoke each other. The definition of definition of former shape and definition of framework is fully defined in definition of former framework and assessment method of capability grade of realizing fully former safety process and meeting fully former safety requirement.