鑄劍:電力行業(yè)數(shù)據(jù)安全保障之路
定 價:79 元
- 作者:周文婷
- 出版時間:2024/1/1
- ISBN:9787121472893
- 出 版 社:電子工業(yè)出版社
- 中圖法分類:TM7-39
- 頁碼:164
- 紙張:
- 版次:01
- 開本:16開
作為當前國內(nèi)講述電力行業(yè)數(shù)據(jù)安全實踐的著作���,本書以鑄造電力行業(yè)數(shù)據(jù)安全防御之劍�,提高電力行業(yè)從業(yè)人員數(shù)據(jù)安全能力為目的,講述了塑模���、鑄范���、鍛造、淬火�、拋光、出鞘���、劍舞七個步驟的內(nèi)容�,從基本概念到具體實踐��,主要涵蓋了電力行業(yè)數(shù)據(jù)安全概述�、數(shù)據(jù)安全政策法規(guī)、數(shù)據(jù)安全保護體系���、數(shù)據(jù)安全防護技術�����、數(shù)據(jù)全生命周期安全風險分析及對策�����、數(shù)據(jù)安全典型事件����、數(shù)據(jù)安全未來發(fā)展趨勢等方面的內(nèi)容���。本書條理清晰�����,通俗易懂�����,語言流暢��,內(nèi)容豐富�、實用����,將理論與實踐相結合。本書適合廣大數(shù)據(jù)安全愛好者���、數(shù)據(jù)安全與網(wǎng)絡安全從業(yè)者學習和掌握數(shù)據(jù)安全相關技術和知識��,更適合電力行業(yè)信息技術從業(yè)人員開展數(shù)據(jù)安全業(yè)務��,還適用于大專及本科院校數(shù)據(jù)安全相關課程的案例與實踐教學�。
周文婷,女���,碩士研究生�,正高級工程師�����,現(xiàn)任新疆思極信息技術有限公司總經(jīng)理��,歷任國網(wǎng)新疆電力信息通信有限公司副總經(jīng)理�����、國網(wǎng)新疆電力有限公司科技數(shù)字化部副主任等職位����,先后從事電網(wǎng)調(diào)度通信、客戶服務、企業(yè)發(fā)展�����、電網(wǎng)安全生產(chǎn)管理��、科技創(chuàng)新等領域�����,從事重點工程 30余項�����,組織開展科技項目50 多項�����,獲得國網(wǎng)公司����、新疆維吾爾自治區(qū)��、國家能源學會���、全國電子學會�、新疆電機工程學會科技進步獎 15 項。榮獲國家電網(wǎng)公司����、自治區(qū)、國網(wǎng)新疆電力有限公司各類榮譽稱號��。
第一章 塑模:電力行業(yè)數(shù)據(jù)安全概述 ····································································.2
1.1 電力系統(tǒng)簡介 ·····················································································.2
1.1.1 傳統(tǒng)電力系統(tǒng)·············································································.3
1.1.2 新型電力系統(tǒng)·············································································.5
1.2 電力行業(yè)數(shù)據(jù)特點 ···············································································.8
1.2.1 數(shù)據(jù)來源廣泛·············································································.8
1.2.2 數(shù)據(jù)應用全面·············································································.9
1.2.3 數(shù)據(jù)特征顯著·············································································.9
1.3 做好電力行業(yè)數(shù)據(jù)安全保護為何重要 ·······················································10
1.4 電力行業(yè)數(shù)據(jù)安全風險與挑戰(zhàn) ································································12
1.4.1 數(shù)據(jù)泄露危及國家安全·································································12
1.4.2 非法入侵導致電力系統(tǒng)服務中斷·····················································13
1.4.3 數(shù)據(jù)濫用帶來違法與犯罪風險························································13
1.4.4 數(shù)字化技術蘊含新的安全風險························································14
1.4.5 數(shù)據(jù)全生命周期管理不足引發(fā)短板效應············································15
1.5 本章小結 ···························································································16
第二章 鑄范:電力行業(yè)數(shù)據(jù)安全政策法規(guī) ······························································18
2.1 電力行業(yè)數(shù)據(jù)安全相關法律法規(guī)解讀 ·······················································18
2.1.1 《中華人民共和國網(wǎng)絡安全法》 ······················································19
2.1.2 《中華人民共和國數(shù)據(jù)安全法》 ······················································22
2.1.3 《中華人民共和國密碼法》 ····························································24
2.1.4 《中華人民共和國個人信息保護法》 ················································24
2.1.5 《最高人民法院�、最高人民檢察院關于辦理侵犯公民個人信息刑事案件適用法律若干問題的解釋》····················26
2.1.6 《網(wǎng)絡安全審查辦法》 ··································································29
2.1.7 《信息安全技術—網(wǎng)絡安全等級保護基本要求》 ·································30
2.1.8 《關鍵信息基礎設施安全保護條例》 ················································33
2.2 電力行業(yè)數(shù)據(jù)安全相關政策要求 ·····························································35
2.2.1 《電力監(jiān)控系統(tǒng)安全防護規(guī)定》 ······················································35
2.2.2 《電力監(jiān)控系統(tǒng)安全防護總體方案》 ················································37
2.2.3 《加強工業(yè)互聯(lián)網(wǎng)安全工作的指導意見》 ··········································37
2.2.4 《工業(yè)和信息化領域數(shù)據(jù)安全管理辦法(試行)》································38
2.2.5 《關于加強電力行業(yè)網(wǎng)絡安全工作的指導意見》 ·································40
2.2.6 《電力行業(yè)網(wǎng)絡安全管理辦法》 ······················································41
2.2.7 《電力可靠性管理辦法(暫行)》·····················································42
2.2.8 《電力行業(yè)網(wǎng)絡安全等級保護管理辦法》 ··········································43
2.3 本章小結 ···························································································44
第三章 鍛造:電力行業(yè)數(shù)據(jù)安全保護體系 ······························································46
3.1 如何做好電力企業(yè)的數(shù)據(jù)安全管理 ··························································48
3.1.1 至關重要的組織架構····································································48
3.1.2 缺一不可的制度流程····································································50
3.1.3 必不可少的管理機制····································································52
3.1.4 不可或缺的人員管理····································································54
3.2 如何做好電力企業(yè)數(shù)據(jù)安全技術防護 ·······················································56
3.2.1 數(shù)據(jù)分級分類安全防護·································································58
3.2.2 數(shù)據(jù)安全精準防護·······································································59
3.2.3 數(shù)據(jù)交互開放可信·······································································60
3.3 如何做好電力企業(yè)數(shù)據(jù)安全運營及服務 ····················································61
3.3.1 數(shù)據(jù)安全監(jiān)測·············································································61
3.3.2 數(shù)據(jù)安全評估·············································································61
3.3.3 數(shù)據(jù)安全審計·············································································63
3.4 本章小結 ···························································································63
第四章 淬火:電力數(shù)據(jù)安全防護技術 ····································································65
4.1 傳統(tǒng)數(shù)據(jù)安全保護技術 ·········································································65
4.1.1 邊界防護···················································································65
4.1.2 身份認證及訪問控制····································································66
4.1.3 數(shù)據(jù)安全審計·············································································68
4.1.4 數(shù)據(jù)脫敏···················································································70
4.1.5 數(shù)據(jù)追蹤溯源·············································································71
4.1.6 數(shù)據(jù)加密···················································································72
4.1.7 數(shù)字簽名···················································································73
4.1.8 數(shù)據(jù)沙箱···················································································75
4.1.9 數(shù)據(jù)庫防火墻·············································································76
4.2 新型數(shù)據(jù)安全保護技術 ·········································································77
4.2.1 基于人工智能的數(shù)據(jù)安全技術························································78
4.2.2 基于區(qū)塊鏈的數(shù)據(jù)安全技術···························································78
4.2.3 基于零信任架構的數(shù)據(jù)安全技術·····················································79
4.2.4 基于安全多方計算的數(shù)據(jù)安全技術··················································81
4.2.5 基于差分隱私保護的數(shù)據(jù)安全技術··················································83
4.2.6 敏感數(shù)據(jù)識別技術·······································································84
4.2.7 基于 API 監(jiān)測的數(shù)據(jù)安全技術 ·······················································86
4.2.8 基于數(shù)據(jù)流轉(zhuǎn)監(jiān)測的數(shù)據(jù)安全技術··················································87
4.3 本章小結 ···························································································88
第五章 拋光:電力行業(yè)數(shù)據(jù)全生命周期安全風險分析及對策 ······································91
5.1 數(shù)據(jù)全生命周期概述 ············································································91
5.2 數(shù)據(jù)采集階段 ·····················································································92
5.2.1 電力行業(yè)數(shù)據(jù)采集方式·································································93
5.2.2 風險分析···················································································98
5.2.3 應對措施···················································································99
5.3 數(shù)據(jù)傳輸階段 ··················································································.102
5.3.1 電力行業(yè)常用數(shù)據(jù)傳輸方式························································.102
5.3.2 風險分析················································································.107
5.3.3 應對措施················································································.108
5.4 數(shù)據(jù)存儲階段 ··················································································.109
5.4.1 電力行業(yè)數(shù)據(jù)存儲方式······························································.109
5.4.2 風險分析················································································.111
5.4.3 應對措施················································································.112
5.5 數(shù)據(jù)處理階段 ··················································································.114
5.5.1 電力行業(yè)常見數(shù)據(jù)處理場景························································.114
5.5.2 風險分析················································································.115
5.5.3 應對措施················································································.116
5.6 數(shù)據(jù)交換階段 ··················································································.120
5.6.1 電力數(shù)據(jù)交換場景····································································.120
5.6.2 風險分析················································································.120
5.6.3 應對措施················································································.122
5.7 數(shù)據(jù)銷毀階段 ··················································································.124
5.7.1 風險分析················································································.125
5.7.2 應對措施················································································.126
5.8 運維環(huán)節(jié)的安全風險 ·········································································.128
5.8.1 風險分析················································································.128
5.8.2 應對措施················································································.129
5.9 本章小結 ························································································.129
第六章 出鞘:電力行業(yè)數(shù)據(jù)安全典型事件 ···························································.131
6.1 電力行業(yè)黑客攻擊典型案例 ································································.131
6.1.1 烏克蘭電力系統(tǒng)遭受攻擊···························································.132
6.1.2 委內(nèi)瑞拉電網(wǎng)遭受攻擊······························································.134
6.1.3 暴露的問題·············································································.135
6.1.4 應對措施················································································.135
6.2 供應鏈安全引發(fā)數(shù)據(jù)泄露事件 ·····························································.136
6.2.1 Equifax 公司信息泄露事件··························································.137
6.2.2 SolarWinds 供應鏈攻擊事件························································.137
6.2.3 暴露的問題·············································································.138
6.2.4 應對措施················································································.138
6.3 內(nèi)部人員由于安全意識淡薄導致數(shù)據(jù)泄露 ··············································.139
6.3.1 APT 黑客組織“蜻蜓”入侵美國電網(wǎng) ···········································.139
6.3.2 烏克蘭某核電廠發(fā)生重大網(wǎng)絡安全事故·········································.140
6.3.3 暴露的問題·············································································.141
6.3.4 應對措施················································································.141
6.4 系統(tǒng)配置不當造成數(shù)據(jù)泄露 ································································.142
6.4.1 美國德州電氣工程公司(PQE)服務器配置引發(fā)數(shù)據(jù)泄露 ·················.142
6.4.2 德國電網(wǎng)公司數(shù)據(jù)泄露事件························································.143
6.4.3 暴露的問題·············································································.144
6.4.4 應對措施················································································.144
6.5 典型的電力行業(yè)成功防御網(wǎng)絡攻擊案例 ·················································.144
6.5.1 美國新墨西哥公共服務公司成功應對網(wǎng)絡攻擊事件 ··························.144
6.5.2 愛爾蘭國家電網(wǎng)公司成功應對網(wǎng)絡攻擊事件···································.145
6.6 本章小結 ························································································.146
第七章 劍舞:電力行業(yè)數(shù)據(jù)安全未來發(fā)展趨勢 ·····················································.148
7.1 電力行業(yè)數(shù)據(jù)安全面臨新挑戰(zhàn) ·····························································.148
7.1.1 電力數(shù)據(jù)主權維護面臨著“新數(shù)據(jù)孤島”挑戰(zhàn) ···································.148
7.1.2 個人信息和隱私保護成為電力數(shù)據(jù)保護的主戰(zhàn)場·····························.149
7.1.3 電力行業(yè)數(shù)據(jù)安全管控更加依賴新技術應用···································.149
7.2 電力行業(yè)數(shù)據(jù)安全未來發(fā)展趨勢 ··························································.149
7.2.1 數(shù)據(jù)安全政策法規(guī)和監(jiān)管措施將日趨完善······································.149
7.2.2 電力數(shù)據(jù)版權管理體系發(fā)展步入正軌············································.149
7.2.3 電力行業(yè)的安全體系建設逐步落地···············································.150
7.2.4 電力行業(yè)數(shù)據(jù)安全重要性日益突出···············································.150
書單推薦
