-
“甫瀚专项咨询服务速览”系列基于甫瀚最新的成功案例与您分享最受欢迎和认可的创新服务内容,以及甫瀚可为您带来的价值所在。本次,我们向您介绍的专项咨询服务为——《网络安全法》合规评估。
点击“下载”阅读全文。
-
2023年5月,国家标准化管理委员会和国家市场监督管理总局联合发布了国标GB/T 42574-2023《信息安全技术 个人信息处理中告知和同意的实施指南》,对告知与同意的适用情形、基本原则等进行规定。
-
于本期专业视角,甫瀚咨询通过数据安全标准总览列举相关数据安全国家标准;总结归纳合规难点与诉求;提供数安合规建设思路。旨在基于企业困惑,对数据安全合规建设的思路与方法进行阐述。
-
OT (Operational Technology),或称运营技术,通常指工业生产环境中检测和控制的物理设备,以及工艺流程中涉及的各种硬件和软件。其核心组件包括数据采集与监控系统 (SCADA)、集散控制系统 (DCS)、可编程逻辑控制器 (PLC) 等。随着信息化的发展,越来越多的攻击或瞄准了OT环境中特有的漏洞。如何确保OT环境中系统的安全性、数据的可用性及保密性、环境的稳定性等等,是OT安全急需考虑的。 近年来,相较于传统的IT安全,OT安全在各大企业中越来越受到重视,尤其是在后疫情时代,日趋复杂的网络环境和攻击手段,使得越来越多的企业将目光聚焦于生产与运营安全之上。本期专业视角从多个角度切入,详尽阐述了OT安全主题的方方面面,包括OT安全的概念定义、OT安全趋势、OT安全范围、常见OT安全威胁状况和OT安全框架、加强OT系统管理的必要性、企业的应对之道,…
-
As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this fifth installment focuses on the cross-border transfer of data — or data localization — that is outlined in Article 37. This article covers the transfer and access of personal information and important data collected by critical information infrastructure (CII) operators in mainland…
-
As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this fourth installment focuses on the requirements in Section Two, Chapter Three, pertaining to Critical Information Infrastructure (CII) operators. According to the Cybersecurity Law, CII is defined as any information infrastructure that can endanger national security, national strategy…
-
In part one of our Point of View series Interpretations of the updates to China’s Cybersecurity Law, we highlighted the updated legal requirements that impact organizations looking to do business in mainland China. One of these is the Multi-Level Protection Scheme (MLPS), an administrative requirement found in Article 21 of the Cybersecurity Law. Initially introduced in 1994, an updated MLPS…
-
As part of our series providing insights into the Cybersecurity Law of the People’s Republic of China (PRC), this Point of View (POV) highlights a key area pertaining to personal information protection.
Personal information is defined as information that can be used individually or in combination with other information to identify a person. Requirements around the …
-
All companies incorporated within Mainland China are required to abide by the Cybersecurity Law of The People's Republic of China (PRC), which went into effect 1 June 2017. Given the complex business relationships within the international market, the Cybersecurity Law will continue to have important political, economic, and technical implications for both domestic and multinational corporations (…
-
2021年对于企业数字化转型工作来说,是充满了机遇和挑战的一年。随着国家不断出台推动企业数字化转型的系列政策,宏观环境对于企业数字化转型工作的扶持、鼓励力度正不断加大。
现代企业在日常经营中将无可避免地采集、储存并处理用户产生的各类数据。由于客户数据的潜在敏感性,不当收集及处理相关数据可能侵害数据主体的权益,导致企业遭遇监管机构的处罚,产生财务及声誉损失。因此,如何兼顾数据应用效率和合规性,成为了近期企业数字化转型工作的重要议题。如何合规使用,合理保护客户数据以减少客户的负面观感,成为了现代数字化企业的一大挑战。有效的数据隐私保护可获取客户的信赖,最终增加品牌声誉,加大用户粘性。甫瀚认为,有效的隐私保护是解决相关挑战的重要抓手。
本期专业视角从《个人信息保护法》角度切入,围绕法律框架与主要条文予以解读,比较中外隐私保护法律存在的差异,同时就个保法背景下重点行业的主要隐私风险、…
