關(guān)于我們
書單推薦
新書推薦
|
鑄劍:電力行業(yè)數(shù)據(jù)安全保障之路 讀者對(duì)象:本書適合廣大數(shù)據(jù)安全愛好者、數(shù)據(jù)安全與網(wǎng)絡(luò)安全從業(yè)者學(xué)習(xí)和掌握數(shù)據(jù)安全相關(guān)技術(shù)和知識(shí),更適合電力行業(yè)信息技術(shù)從業(yè)人員開展數(shù)據(jù)安全業(yè)務(wù),還適用于本科院校數(shù)據(jù)安全相關(guān)課程的案例與實(shí)踐教學(xué)。
作為當(dāng)前國內(nèi)講述電力行業(yè)數(shù)據(jù)安全實(shí)踐的著作,本書以鑄造電力行業(yè)數(shù)據(jù)安全防御之劍,提高電力行業(yè)從業(yè)人員數(shù)據(jù)安全能力為目的,講述了塑模、鑄范、鍛造、淬火、拋光、出鞘、劍舞七個(gè)步驟的內(nèi)容,從基本概念到具體實(shí)踐,主要涵蓋了電力行業(yè)數(shù)據(jù)安全概述、數(shù)據(jù)安全政策法規(guī)、數(shù)據(jù)安全保護(hù)體系、數(shù)據(jù)安全防護(hù)技術(shù)、數(shù)據(jù)全生命周期安全風(fēng)險(xiǎn)分析及對(duì)策、數(shù)據(jù)安全典型事件、數(shù)據(jù)安全未來發(fā)展趨勢(shì)等方面的內(nèi)容。本書條理清晰,通俗易懂,語言流暢,內(nèi)容豐富、實(shí)用,將理論與實(shí)踐相結(jié)合。本書適合廣大數(shù)據(jù)安全愛好者、數(shù)據(jù)安全與網(wǎng)絡(luò)安全從業(yè)者學(xué)習(xí)和掌握數(shù)據(jù)安全相關(guān)技術(shù)和知識(shí),更適合電力行業(yè)信息技術(shù)從業(yè)人員開展數(shù)據(jù)安全業(yè)務(wù),還適用于大專及本科院校數(shù)據(jù)安全相關(guān)課程的案例與實(shí)踐教學(xué)。
周文婷,女,碩士研究生,正高級(jí)工程師,現(xiàn)任新疆思極信息技術(shù)有限公司總經(jīng)理,歷任國網(wǎng)新疆電力信息通信有限公司副總經(jīng)理、國網(wǎng)新疆電力有限公司科技數(shù)字化部副主任等職位,先后從事電網(wǎng)調(diào)度通信、客戶服務(wù)、企業(yè)發(fā)展、電網(wǎng)安全生產(chǎn)管理、科技創(chuàng)新等領(lǐng)域,從事重點(diǎn)工程 30余項(xiàng),組織開展科技項(xiàng)目50 多項(xiàng),獲得國網(wǎng)公司、新疆維吾爾自治區(qū)、國家能源學(xué)會(huì)、全國電子學(xué)會(huì)、新疆電機(jī)工程學(xué)會(huì)科技進(jìn)步獎(jiǎng) 15 項(xiàng)。榮獲國家電網(wǎng)公司、自治區(qū)、國網(wǎng)新疆電力有限公司各類榮譽(yù)稱號(hào)。
第一章 塑模:電力行業(yè)數(shù)據(jù)安全概述 ····································································.2
1.1 電力系統(tǒng)簡介 ·····················································································.2 1.1.1 傳統(tǒng)電力系統(tǒng)·············································································.3 1.1.2 新型電力系統(tǒng)·············································································.5 1.2 電力行業(yè)數(shù)據(jù)特點(diǎn) ···············································································.8 1.2.1 數(shù)據(jù)來源廣泛·············································································.8 1.2.2 數(shù)據(jù)應(yīng)用全面·············································································.9 1.2.3 數(shù)據(jù)特征顯著·············································································.9 1.3 做好電力行業(yè)數(shù)據(jù)安全保護(hù)為何重要 ·······················································10 1.4 電力行業(yè)數(shù)據(jù)安全風(fēng)險(xiǎn)與挑戰(zhàn) ································································12 1.4.1 數(shù)據(jù)泄露危及國家安全·································································12 1.4.2 非法入侵導(dǎo)致電力系統(tǒng)服務(wù)中斷·····················································13 1.4.3 數(shù)據(jù)濫用帶來違法與犯罪風(fēng)險(xiǎn)························································13 1.4.4 數(shù)字化技術(shù)蘊(yùn)含新的安全風(fēng)險(xiǎn)························································14 1.4.5 數(shù)據(jù)全生命周期管理不足引發(fā)短板效應(yīng)············································15 1.5 本章小結(jié) ···························································································16 第二章 鑄范:電力行業(yè)數(shù)據(jù)安全政策法規(guī) ······························································18 2.1 電力行業(yè)數(shù)據(jù)安全相關(guān)法律法規(guī)解讀 ·······················································18 2.1.1 《中華人民共和國網(wǎng)絡(luò)安全法》 ······················································19 2.1.2 《中華人民共和國數(shù)據(jù)安全法》 ······················································22 2.1.3 《中華人民共和國密碼法》 ····························································24 2.1.4 《中華人民共和國個(gè)人信息保護(hù)法》 ················································24 2.1.5 《最高人民法院、最高人民檢察院關(guān)于辦理侵犯公民個(gè)人信息刑事案件適用法律若干問題的解釋》····················26 2.1.6 《網(wǎng)絡(luò)安全審查辦法》 ··································································29 2.1.7 《信息安全技術(shù)—網(wǎng)絡(luò)安全等級(jí)保護(hù)基本要求》 ·································30 2.1.8 《關(guān)鍵信息基礎(chǔ)設(shè)施安全保護(hù)條例》 ················································33 2.2 電力行業(yè)數(shù)據(jù)安全相關(guān)政策要求 ·····························································35 2.2.1 《電力監(jiān)控系統(tǒng)安全防護(hù)規(guī)定》 ······················································35 2.2.2 《電力監(jiān)控系統(tǒng)安全防護(hù)總體方案》 ················································37 2.2.3 《加強(qiáng)工業(yè)互聯(lián)網(wǎng)安全工作的指導(dǎo)意見》 ··········································37 2.2.4 《工業(yè)和信息化領(lǐng)域數(shù)據(jù)安全管理辦法(試行)》································38 2.2.5 《關(guān)于加強(qiáng)電力行業(yè)網(wǎng)絡(luò)安全工作的指導(dǎo)意見》 ·································40 2.2.6 《電力行業(yè)網(wǎng)絡(luò)安全管理辦法》 ······················································41 2.2.7 《電力可靠性管理辦法(暫行)》·····················································42 2.2.8 《電力行業(yè)網(wǎng)絡(luò)安全等級(jí)保護(hù)管理辦法》 ··········································43 2.3 本章小結(jié) ···························································································44 第三章 鍛造:電力行業(yè)數(shù)據(jù)安全保護(hù)體系 ······························································46 3.1 如何做好電力企業(yè)的數(shù)據(jù)安全管理 ··························································48 3.1.1 至關(guān)重要的組織架構(gòu)····································································48 3.1.2 缺一不可的制度流程····································································50 3.1.3 必不可少的管理機(jī)制····································································52 3.1.4 不可或缺的人員管理····································································54 3.2 如何做好電力企業(yè)數(shù)據(jù)安全技術(shù)防護(hù) ·······················································56 3.2.1 數(shù)據(jù)分級(jí)分類安全防護(hù)·································································58 3.2.2 數(shù)據(jù)安全精準(zhǔn)防護(hù)·······································································59 3.2.3 數(shù)據(jù)交互開放可信·······································································60 3.3 如何做好電力企業(yè)數(shù)據(jù)安全運(yùn)營及服務(wù) ····················································61 3.3.1 數(shù)據(jù)安全監(jiān)測(cè)·············································································61 3.3.2 數(shù)據(jù)安全評(píng)估·············································································61 3.3.3 數(shù)據(jù)安全審計(jì)·············································································63 3.4 本章小結(jié) ···························································································63 第四章 淬火:電力數(shù)據(jù)安全防護(hù)技術(shù) ····································································65 4.1 傳統(tǒng)數(shù)據(jù)安全保護(hù)技術(shù) ·········································································65 4.1.1 邊界防護(hù)···················································································65 4.1.2 身份認(rèn)證及訪問控制····································································66 4.1.3 數(shù)據(jù)安全審計(jì)·············································································68 4.1.4 數(shù)據(jù)脫敏···················································································70 4.1.5 數(shù)據(jù)追蹤溯源·············································································71 4.1.6 數(shù)據(jù)加密···················································································72 4.1.7 數(shù)字簽名···················································································73 4.1.8 數(shù)據(jù)沙箱···················································································75 4.1.9 數(shù)據(jù)庫防火墻·············································································76 4.2 新型數(shù)據(jù)安全保護(hù)技術(shù) ·········································································77 4.2.1 基于人工智能的數(shù)據(jù)安全技術(shù)························································78 4.2.2 基于區(qū)塊鏈的數(shù)據(jù)安全技術(shù)···························································78 4.2.3 基于零信任架構(gòu)的數(shù)據(jù)安全技術(shù)·····················································79 4.2.4 基于安全多方計(jì)算的數(shù)據(jù)安全技術(shù)··················································81 4.2.5 基于差分隱私保護(hù)的數(shù)據(jù)安全技術(shù)··················································83 4.2.6 敏感數(shù)據(jù)識(shí)別技術(shù)·······································································84 4.2.7 基于 API 監(jiān)測(cè)的數(shù)據(jù)安全技術(shù) ·······················································86 4.2.8 基于數(shù)據(jù)流轉(zhuǎn)監(jiān)測(cè)的數(shù)據(jù)安全技術(shù)··················································87 4.3 本章小結(jié) ···························································································88 第五章 拋光:電力行業(yè)數(shù)據(jù)全生命周期安全風(fēng)險(xiǎn)分析及對(duì)策 ······································91 5.1 數(shù)據(jù)全生命周期概述 ············································································91 5.2 數(shù)據(jù)采集階段 ·····················································································92 5.2.1 電力行業(yè)數(shù)據(jù)采集方式·································································93 5.2.2 風(fēng)險(xiǎn)分析···················································································98 5.2.3 應(yīng)對(duì)措施···················································································99 5.3 數(shù)據(jù)傳輸階段 ··················································································.102 5.3.1 電力行業(yè)常用數(shù)據(jù)傳輸方式························································.102 5.3.2 風(fēng)險(xiǎn)分析················································································.107 5.3.3 應(yīng)對(duì)措施················································································.108 5.4 數(shù)據(jù)存儲(chǔ)階段 ··················································································.109 5.4.1 電力行業(yè)數(shù)據(jù)存儲(chǔ)方式······························································.109 5.4.2 風(fēng)險(xiǎn)分析················································································.111 5.4.3 應(yīng)對(duì)措施················································································.112 5.5 數(shù)據(jù)處理階段 ··················································································.114 5.5.1 電力行業(yè)常見數(shù)據(jù)處理場景························································.114 5.5.2 風(fēng)險(xiǎn)分析················································································.115 5.5.3 應(yīng)對(duì)措施················································································.116 5.6 數(shù)據(jù)交換階段 ··················································································.120 5.6.1 電力數(shù)據(jù)交換場景····································································.120 5.6.2 風(fēng)險(xiǎn)分析················································································.120 5.6.3 應(yīng)對(duì)措施················································································.122 5.7 數(shù)據(jù)銷毀階段 ··················································································.124 5.7.1 風(fēng)險(xiǎn)分析················································································.125 5.7.2 應(yīng)對(duì)措施················································································.126 5.8 運(yùn)維環(huán)節(jié)的安全風(fēng)險(xiǎn) ·········································································.128 5.8.1 風(fēng)險(xiǎn)分析················································································.128 5.8.2 應(yīng)對(duì)措施················································································.129 5.9 本章小結(jié) ························································································.129 第六章 出鞘:電力行業(yè)數(shù)據(jù)安全典型事件 ···························································.131 6.1 電力行業(yè)黑客攻擊典型案例 ································································.131 6.1.1 烏克蘭電力系統(tǒng)遭受攻擊···························································.132 6.1.2 委內(nèi)瑞拉電網(wǎng)遭受攻擊······························································.134 6.1.3 暴露的問題·············································································.135 6.1.4 應(yīng)對(duì)措施················································································.135 6.2 供應(yīng)鏈安全引發(fā)數(shù)據(jù)泄露事件 ·····························································.136 6.2.1 Equifax 公司信息泄露事件··························································.137 6.2.2 SolarWinds 供應(yīng)鏈攻擊事件························································.137 6.2.3 暴露的問題·············································································.138 6.2.4 應(yīng)對(duì)措施················································································.138 6.3 內(nèi)部人員由于安全意識(shí)淡薄導(dǎo)致數(shù)據(jù)泄露 ··············································.139 6.3.1 APT 黑客組織“蜻蜓”入侵美國電網(wǎng) ···········································.139 6.3.2 烏克蘭某核電廠發(fā)生重大網(wǎng)絡(luò)安全事故·········································.140 6.3.3 暴露的問題·············································································.141 6.3.4 應(yīng)對(duì)措施················································································.141 6.4 系統(tǒng)配置不當(dāng)造成數(shù)據(jù)泄露 ································································.142 6.4.1 美國德州電氣工程公司(PQE)服務(wù)器配置引發(fā)數(shù)據(jù)泄露 ·················.142 6.4.2 德國電網(wǎng)公司數(shù)據(jù)泄露事件························································.143 6.4.3 暴露的問題·············································································.144 6.4.4 應(yīng)對(duì)措施················································································.144 6.5 典型的電力行業(yè)成功防御網(wǎng)絡(luò)攻擊案例 ·················································.144 6.5.1 美國新墨西哥公共服務(wù)公司成功應(yīng)對(duì)網(wǎng)絡(luò)攻擊事件 ··························.144 6.5.2 愛爾蘭國家電網(wǎng)公司成功應(yīng)對(duì)網(wǎng)絡(luò)攻擊事件···································.145 6.6 本章小結(jié) ························································································.146 第七章 劍舞:電力行業(yè)數(shù)據(jù)安全未來發(fā)展趨勢(shì) ·····················································.148 7.1 電力行業(yè)數(shù)據(jù)安全面臨新挑戰(zhàn) ·····························································.148 7.1.1 電力數(shù)據(jù)主權(quán)維護(hù)面臨著“新數(shù)據(jù)孤島”挑戰(zhàn) ···································.148 7.1.2 個(gè)人信息和隱私保護(hù)成為電力數(shù)據(jù)保護(hù)的主戰(zhàn)場·····························.149 7.1.3 電力行業(yè)數(shù)據(jù)安全管控更加依賴新技術(shù)應(yīng)用···································.149 7.2 電力行業(yè)數(shù)據(jù)安全未來發(fā)展趨勢(shì) ··························································.149 7.2.1 數(shù)據(jù)安全政策法規(guī)和監(jiān)管措施將日趨完善······································.149 7.2.2 電力數(shù)據(jù)版權(quán)管理體系發(fā)展步入正軌············································.149 7.2.3 電力行業(yè)的安全體系建設(shè)逐步落地···············································.150 7.2.4 電力行業(yè)數(shù)據(jù)安全重要性日益突出···············································.150
你還可能感興趣
我要評(píng)論
|