证券日报网讯 2月12日，山石网科在互动平台回答投资者提问时表示，当前，网络安全行业仍然面临下 游需求疲软和市场竞争加剧的态势，为应对行业调整，公司在技术创新、营销、产品研发、组织等多方 面积极实施举措，尤其是ASIC芯片的研发与量产，为公司提供了核心竞争优势；同时积极打造数据安 全治理、安全运营及安全服务业务，拓展出海业务，已经取得一定成效。公司目前正全力推进ASIC安 全产品营销工作，将前期投入逐渐转化为商业价值，后续将重点聚焦盈利改善，努力缩小与行业优秀企 业的差距，切实维护股东权益。 （编辑 丛可心） ...

日前，反欺诈数据调研机构威胁猎人发布《2025年数据泄漏风险态势报告》（以下简称"《报告》"）。 数据显示，2025年全球数据泄露事件总量达41644起，较2024年上升10.83%。其中，金融行业成为数据 泄露的集中行业——银行业风险连续三年位居行业榜首，消费金融、支付、证券等泛金融板块在前五高 风险行业中占据四席。 一家位于华南地区的持牌消费金融机构从业者向《中国经营报》记者表示，目前行业内存在"敌暗我 明"的监管难点。非法机构常通过诱导用户填写信息、伪装成合法消费金融公司等手段实施诈骗。由于 此类违规链接极具隐蔽性，在使用一段时间后即失效，导致消费者起诉成本居高不下。 在非法手段隐蔽化、团伙化，以及权益保护难度增大的背景下，如何做好数据安全治理工作，正成为重 要课题。 数据黑产"精准化"推高诈骗成功率 在非法数据交易生态中，公共群聊这类群组在黑产链条中充当着"担保方"的角色，作为黑产交易的核心 枢纽，这些群组沉淀了海量的交易履约记录，客观反映了地下市场对数据的真实需求与资金流向。 2025年1月至12月期间，威胁猎人情报运营团队对社交工具Telegram平台上的数据交易公群进行监测， 累计覆盖1209个 ...

当前，金融科技正经历从"工具应用"到"生产力革新"的关键跨越。泰康在线信息科技负责人徐章健指 出："金融机构在推进应用拓展的同时，必须建立完善的数据治理与合规框架，确保技术应用的稳健与 可持续。"随着数据要素价值日益凸显，数据安全已不再局限于单一技术保障，更跃升为关乎企业存续 与竞争优势的核心议题。 在这一背景下，泰康在线以科技破题，积极探索可持续的数据安全路径。近期，其"数据安全运营实 践"荣获中国信息通信研究院表彰，获得了业内高度认可。 体系破局：泰康在线构建智能数据系统 该实践以沃土大数据平台为核心底座，贯穿数据运营周期，致力于筑牢数字时代的安全防线。 首先，做好数据梳理，筑牢安全基础。通过全景梳理数据资产，按照客户、业务、经营、系统四大维度 进行分类分级管理与标签化治理，为每一类数据建立清晰的安全画像；绘制完整的数据资产地图，明确 权限配置，确保各自只可识别本领域所涉及的数据资产，且必须按规定路径操作。 其次，强化管控措施，搭建安全防线。建立了包含关键要素的多维度数据目录，实现数据的可识别、可 追溯、可管控，对敏感数据实施"入库即加密"的保护措施；同时精细权限管理，通过对元数据的规范化 管理夯实访问控 ...

Core Insights - Recent penalties imposed on Shangrao Bank and Xingtai Bank highlight the inadequacies in information security management within the banking sector [1][2] - The evolving regulatory landscape emphasizes that data security is now a critical component of corporate governance and comprehensive risk management in the banking industry [1][6] Regulatory Environment - The National Financial Regulatory Administration will implement the "Data Security Management Measures for Banking and Insurance Institutions" by December 2024, followed by the People's Bank of China issuing the "Data Security Management Measures in the Business Field" by May 2025 [1] - Data security is transitioning from a technical issue to a focal point of regulatory scrutiny, indicating a long-term trend in the banking sector [1] Challenges Faced by Banks - Small and medium-sized banks are struggling with a significant gap between increasing regulatory demands and their limited technical capabilities, management levels, and resource investments [1][4] - The shift from traditional network security management to data security governance presents a challenge, as many banks have not yet integrated data management with their IT infrastructure effectively [3][4] Operational Shortcomings - Many small and medium-sized banks prioritize business operations over information security, often viewing security as a compliance cost rather than a core competency [4] - There is a lack of collaboration between IT departments and business units, leading to blurred responsibilities and difficulties in accountability during security incidents [4] Recommendations for Improvement - The regulatory focus is on embedding data and network security into corporate governance and daily operations, moving from reactive compliance to proactive management [6] - Banks are encouraged to adopt a unified governance framework that integrates data lifecycle management with network protection to enhance security and business development [3][6] - Smaller banks may benefit from partnering with security service providers to enhance their monitoring and response capabilities, allowing them to focus on core risk management [6]

Core Viewpoint - The proposal by Zhou Hongyi, founder of 360 Group, focuses on constructing a data circulation security infrastructure platform to support the high-quality development of digital China, addressing core pain points in data circulation security [1][2][3] Industry Growth - The establishment of the National Data Bureau and the implementation of foundational systems are leading to explosive growth in China's data factor market, with the national data market transaction scale expected to reach 160 billion yuan in 2024, representing a year-on-year growth of over 30% [1][2] - The on-site market transaction scale has doubled, indicating a significant increase in data circulation activities [1][2] Security Challenges - As data circulation scales expand, security challenges are becoming increasingly severe, with Zhou identifying three major shortcomings in current data security governance [3] - Many market entities adopt isolated protection models, leading to "information islands" and weak overall situational awareness [3] - There is a lack of unified security construction and operational standards across regions, resulting in resource waste due to redundant investments [3] - The absence of cross-industry and cross-regional coordination mechanisms makes it difficult to respond to complex threats such as APT attacks [3] Proposed Solutions - Zhou's proposal includes three key recommendations to address the identified pain points [2][3] - Construct a data circulation security infrastructure platform to break down "information islands" and establish a comprehensive security monitoring mechanism [2][3] - Develop unified security standards to regulate access certification, data desensitization, and ensure controlled circulation throughout the process [2][3] - Create a multi-entity collaborative operation system to integrate resources from regulatory bodies and data supply and demand sides, achieving dynamic lifecycle management [2][3]

Core Viewpoint - The article highlights that Ping An Good Doctor has successfully passed the second evaluation of the Data Security Management Capability (DSMC) certification, becoming the first in the healthcare sector to achieve this milestone, which underscores the importance of data security and privacy protection in the company's sustainable development strategy [1][4]. Group 1: DSMC Certification and Evaluation - The DSMC assessment is a dynamic and ongoing process aimed at ensuring that certified companies maintain the effectiveness and advancement of their data security management systems over a three-year period [3]. - The recent re-evaluation was based on the updated T/ISC0059—2024 standards, which impose higher requirements on the completeness of management systems, effectiveness of technical tools, and compliance of process execution [3]. Group 2: Data Security Achievements - As of 2024, Ping An Good Doctor has obtained multiple information security management system certifications, including ISO 27001, ISO 27701, and ISO 27799, covering 100% of its business operations [3]. - The company has enhanced its self-developed business system's comprehensive security defense capabilities, achieving a 35% improvement in alert detection compared to previous commercial products [3]. Group 3: Commitment to Sustainable Development - The company emphasizes that data security and personal information protection are fundamental responsibilities for compliance and sustainable development [4]. - Ping An Good Doctor's sustainable development strategy focuses on comprehensive sustainability, advanced technology empowerment, robust information security protection, and extensive social responsibility [4]. Group 4: Future Directions and Industry Collaboration - The company plans to use its certification as a starting point to deepen privacy protection practices and build a solid digital trust for users [4]. - The China Academy of Information and Communications Technology (CAICT) aims to enhance the DSMC evaluation system by integrating the latest national standards, encouraging more companies, especially those in data processing, to participate in DSMC evaluations [5].

Group 1 - Digital security is crucial for national security, economic development, and social stability, with digitalization becoming a key feature for high-quality development across various industries, including finance [1] - The rapid advancement of technology in digital finance has led to increased risks, such as cyberattacks and data breaches, particularly with the integration of AI, which can facilitate more frequent and lower-barrier attacks on financial institutions [1] - There is a consensus in the industry that regulatory bodies must enhance planning and oversight, while technology companies and financial institutions need to collaborate to strengthen technical safeguards and establish a comprehensive protection system for data integrity, confidentiality, and availability [1] Group 2 - Data security governance is essential for the stable operation of financial institutions, the healthy development of financial markets, and the interests of consumers, with increasing emphasis on data governance and security issues in the digital finance sector [2] - Recent government policies, such as the "Network Data Security Management Regulations" and the "Data Security Management Measures for Banking and Insurance Institutions," outline the direction for data security protection and emphasize the establishment of a governance system aligned with business goals [2] - Despite the growing attention to data security governance and the continuous improvement of related policies, there are still significant challenges in the practical implementation within the financial sector [2] Group 3 - The central economic work conference emphasizes the need for coordinated efforts to combat illegal financial activities, particularly those exploiting technology for unlawful purposes [3] - Enhancing computing power security is identified as a critical step in ensuring digital financial security, with plans to strengthen data classification and protection, and to implement strict management of important data [3] - Financial institutions are encouraged to establish monitoring mechanisms, improve standardization and regulation, and invest in talent development to enhance their data security risk assessment and management capabilities [3]

Group 1 - The national data standardization technical committee is soliciting public opinions on seven technical documents related to integrated computing power network construction, including requirements for computing power networking and resource management [1][2] - The Central Committee and the State Council have issued opinions to deepen the market-oriented allocation of data elements, supporting Shenzhen in exploring data trading and trusted circulation mechanisms [2][3] - The National Development and Reform Commission emphasizes four key measures to promote high-quality development of the real economy through finance, technology, and data, while supporting Shenzhen's comprehensive reform pilot [3] Group 2 - Anhui Province has established a pricing mechanism for public data resources, allowing free access for public governance and charging fees for industrial use, with a focus on cost recovery and reasonable profit [4][5] - Shanxi Province is seeking public opinions on a draft implementation plan for data circulation safety governance, proposing specific safety management measures to ensure compliant data circulation [6][7] - Wuhan has released a three-year action plan for the development of the data labeling industry, aiming to establish several data labeling industrial parks and support small and medium-sized enterprises [7][8]

Core Insights - The Beijing government is exploring data security governance for personal, enterprise, and public data to enhance service delivery and convenience [3][4] Group 1: Personal Data - The core issue with personal data is the lack of unified anonymization standards, which creates concerns for data circulation among enterprises [3] - Beijing is collaborating with hospitals to create public datasets from chest X-ray imaging data, aiming to balance patient safety and research needs [3] Group 2: Public Data - Balancing public interest and commercial utilization of public data is a key challenge, with no unified regulations on authorization and pricing [3][4] - The Beijing government has adopted a decentralized authorization approach for public data, particularly in the financial sector, and is considering whether to expand this or shift to centralized authorization [3] Group 3: Enterprise Data - Trust is crucial for enterprise data circulation, and external factors significantly influence its value [5] - Beijing is utilizing blockchain technology to establish a value-added collaboration network to enhance trust among enterprises, particularly in the steel industry where strong interconnections exist [5]