Research on data security management strategy of t

  • Detail

Research on data security management strategy in product development process

Abstract: This paper studies the data security management strategy based on product development process. Firstly, based on the analysis of the organization model, process and security permission management of the object-oriented PDM system, the data security permission management policy model of the system is proposed. Finally, some prospects for the data security management strategy of PDM system in the future are given

key words: organization model, product development process, security authority, product life cycle, enterprise authority matrix

0 introduction

with the intensification of market competition and the development of computer technology, various advanced product development ideas have been put forward, such as CE (Concurrent Engineering), am (Agile Manufacturing), MC (mass customization), etc. The key to the implementation of these engineering philosophies in product design and development is to effectively organize and manage the product development process, the development team and the third feature of data. The underlying goal is to ensure that the correct data is transmitted to the right people at the right time in the right way, that is, the reasonable and orderly flow of information. In the management of ensuring the correct transmission and exchange of information, an important consideration is the security management of data. At the same time, this is also a problem faced by many enterprises. For example, on the one hand, it is required to strengthen the flow and sharing of information and speed up product development, on the other hand, it is also required to consider the security and confidentiality of enterprise information and other resources. In addition, the security management of data is closely related to all links of the whole product development, which must be considered and solved together

traditionally, when enterprises organize product development, the consideration of security authority management caused by data flow is mainly realized manually. With the proposal of the above development ideas and the application of some development systems, it is considered to realize the automatic management of security authority through computer network technology, which not only promotes the coordination of product development, but also realizes the expected purpose of data confidentiality

therefore, based on the above factors, from the perspective of the overall product development organization, it is quite feasible and practical to consider the dynamic full life cycle data security and confidentiality to achieve management

1 introduction to product development organization

the main contents of product development organization are team personnel organization, process management, data management, etc. The following is a detailed introduction one by one

first, product development needs to define the organizational model of the development team. The realization of various advanced development ideas is based on flexible product development team organization. Generally, the organization of a team is defined at the level of personnel, users, roles and working groups. People and actual developers are one-to-one correspondence; People and users generally have a one-to-one relationship, but they can also have a one to many correspondence; The definition of roles can be associated with users or work. Associating with workgroups is to assign a role to some development teams as a whole. Generally, personnel permission management is defined for roles, so that personnel with corresponding roles have defined permissions

the main content of process management is to plan the graphene materials for product development, which makes "photodynamic" flight possible as a form of deployment process. At present, such as concurrent engineering and mass customization development, all need the support of flexible development process. With the progress of technology and the actual demand, the definition and management of process have tended to the planning of networked parallel development process. The relationship between various links within a process, between different processes and even between internal links of different processes also has certain requirements for logical implementation. Of course, information flows with the process

data management mainly refers to the management of the generation and flow of data in various formats during product development. It includes version management and status management associated with the product life cycle. Data security control is an important part of data management, but this management does not exist in isolation. It must be comprehensively considered and planned in combination with the management of processes and personnel teams. The goal of security management is to realize the confidentiality control of data on the premise of ensuring the smooth progress of product development, which can only be achieved through good planning. The intermediary association between security control and personnel team is realized through roles, the association with process is realized through the status of production batch data and product development data, and the association with data management is completed through the division of data types

the security management strategy studied in this paper is aimed at the object-oriented system. The object-oriented product development system plans product development through the organization of a series of objects, and the core is the organization of object-oriented product data. The object-oriented system has its own data side and operation method side. The data side mainly manages how to organize data, and the operation method side manages various methods of how to operate data

2 security permission management

security permission management is a management content that needs to be fully considered. It mainly includes the following points:

1) security permission management of whether a team or personnel can operate certain data

2) security permission management of the methods that a team or personnel can operate on certain data

3) the management of security authority caused by the change of data status with the development process

4) management of security authority of personnel flow due to multiple corresponding relationships between different personnel and working groups in the personnel organization

from the above, it can be seen that security permission management is closely related to the organization of personnel teams, the implementation of processes and the management of data, and is nested among each other

2.1 data security permission management

in the object-oriented development system, data management is organized and managed by object type. There are two types of system data. One is the object directly related to the data, such as document, and the other is the object that provides product development support, such as item, folder, and EC. No matter what kind of object it is, it has corresponding data side and operation method side

for the security permission management of the data side of the object directly related to the data, the following two strategies are mainly adopted. The first is to define the security level according to the sensitivity of the data, and should realize the nesting of levels. The data with high security level can be compatible with the data with low security level. The other is to define data categories according to the range of product data. Different categories represent the data of different parts of the product

no matter what type of object it is, it has certain operation method definitions. The strategy adopted in this regard is to divide these operation methods into two types. One is the open method, that is, the operation methods under this management can be used by any user in the development system. It is a method that requires authorization, that is, the operation method under this management must be authorized accordingly before it can be operated according to our view of Jinan hengsi Shanda

the security level and security category of the corresponding data are defined when the data object is created, and the security permission of the operation method of the data object is defined in system management

2.2 security permission management of personnel team organizations

security permission management of personnel team organizations mainly refers to the management of roles and their permissions. The security and authority management strategy adopted in this paper is mainly realized through the management of the personnel team, because the personnel team organization directly operates on various data objects. The personnel organization is to organize various development teams according to the development tasks to form various collaborative teams

the security permission management of the development team is to authorize some operation methods of data objects of a certain security level (with nested relationship) and security category. The same person can belong to different development teams, and the combination of security permissions of each development team is the corresponding permissions of the person

within each development team, different levels should be determined according to the responsibility status of the task. For this problem, the method adopted in this paper is to separate the corresponding working groups, divide them according to certain standards, generate some sub working groups, and then authorize the security permissions of the corresponding working groups

2.3 process security permission management

product development is gradually completed with the gradual progress of the process. The flow of data is an important goal of the process. At the same time, with the progress of development, the status of each data is gradually changing. It is the development team or personnel defined according to the task that executes each link of the process. Whether they can correctly operate the flowing data, It requires certain security permission control. In other words, process management ensures that the correct data is transferred to the right people in the right way, but whether each person can correctly operate the data is the goal of security permission management. In addition, because of the flow of data, the management of this security permission is dynamic, and the permission management must be planned in detail

firstly, it discusses the security authority management strategy adopted for data exchange between process links. Different process phases are different tasks performed by different personnel, accompanied by design actions such as data addition, modification and deletion. Because the definition of data is independent, that is, the security level and security category of the data object are specified. Therefore, the personnel in the next phase only need to have the correct role to have the corresponding operation permission assigned to them. As for the data with different levels, it is necessary to treat the situations separately, and arrange the team members belonging to the sub working group with corresponding permissions to implement the corresponding situations

the status of data is an important content in product development, and it is also a consideration for product life cycle management. The security permission management associated with the status of product data must also be considered. Generally speaking, data in product development mainly includes development status, engineering change status, release application status, archiving status, etc. In view of this situation, the following strategies are proposed. For data of a certain security category, define the change of corresponding permissions when its status changes. The operation of data with different status and permissions is different

2.4 overall security permission management model of the development system

the overall security permission management model of the development system is shown in the figure below

2.5 conclusion and outlook

the above describes the organization model and security authority management mode of the traditional PDM system. With the gradual deepening and comprehensive implementation of enterprise informatization, some new ideas need to be reflected in it. Some of the key technologies are prospected below

(1) static to dynamic transformation

the traditional organization model and security permission management are basically a static management process, and there is no good management for the change of security permission caused by the data flow demand. The important carrier of data flow is the workflow of product development. Therefore, a permission change driven change should be designed

Copyright © 2011 JIN SHI