On November 1, 2023, the China Information Association issued the "Scientific Data Security Capability Maturity Assessment Specification" group standard, and began to implement on November 1. As the main writing unit, Netyu Nebula is deeply involved in the preparation of standards, leading a series of work such as drafting and revising standards.

At present, China's science and technology is developing vigorously, and the value of scientific data is increasing rapidly. It has gradually become an important basic strategic resource for scientific and technological innovation and economic and social development, and has a profound impact on national security, economic development and scientific and technological progress.

However, with the increasingly severe global network situation, China's cyber security is facing unprecedented risks. How to ensure the safe sharing, circulation and application of scientific data is a key issue that needs to be solved urgently. As far as the current situation is concerned, there are obvious deficiencies in the management and application of scientific data in China, which is one of the shortcomings in entering the powerful country of science and technology and needs to be made up. At present, China's assessment of data security capabilities mainly refers to the relevant requirements in GB/T 37988 "Information Security Technology Data security Capability Maturity Model".

Although scientific data has the general characteristics of data and information, it also has its resource characteristics and business field characteristics, and it is difficult to meet the practical needs only by referring to the requirements of GB/T 37988 for evaluation.

The release of this standard defines the scientific data security capability maturity assessment requirements, and effectively promotes the implementation of the scientific data security capability maturity model by developing a standardized assessment process and quantifiable assessment methods, and provides standardized guidance for the national and industry authorities to organize the scientific data security assessment.

It provides a set of data security assessment and scientific data security capability enhancement program for scientific data institutions and evaluation institutions, and provides support and guarantee for comprehensively improving scientific data security.

Over the years, Netyu Nebula has continued to deepen the field of data security, aiming at different data scenarios such as data life cycle security, data development security, and data circulation security, and building scenario-based solutions combined with systematic security construction ideas to help users improve their data security capabilities.

As shown in the figure, the data security protection architecture of Netyu Nebula follows the construction principle of "synchronous planning, synchronous construction and synchronous operation", and is developed with a systematic architecture design idea. A series of protection capabilities such as data asset identification, classification and classification, risk monitoring and security control are built on the technical system to consolidate the security foundation and realize the effective support of technical capabilities.

Improve the management system in the management system, standardize the behavior of personnel, and improve the level of data security; In the operation system, through the integration of technology, personnel, management and other means, the development of scenario-based operation process, focusing on data application scenarios to build monitoring, early warning, response and disposal capabilities closed-loop, to achieve continuous security.

Finally, through the systematic security capability delivery, the data security protection system based on the technical system, the management system as the starting point, and the operation system as the support is built, and the data sharing and application are continuously empowered.

In the future, the company will adhere to the principle of "integration of knowledge and action and security", continue to deepen the field of data security, and provide effective support for data security protection in various industries such as government, public security and finance through the delivery of diversified products and service capabilities, and escort the security of economic and social digital scenarios.