,Teng Zhang

DOI: https://doi.org/10.55574/fhbx7722

2024-08-30

Abstract:With the rapid development of China’s digital economy and increasingly stringent global data protection regulations, corporate data security and compliance have become key factors that determine the competitiveness and sustainable development of enterprises. However, China’s data compliance governance still faces three main challenges: inadequate self-regulation of corporate data compliance, imperfect internal management system, and the risk of violations throughout the entire data lifecycle. To address these issues, China needs to comprehensively improve data security and compliance of Chinese enterprises by improving the system to strengthen corporate behavior guidance, intensifying internal compliance mechanisms, and identifying the compliance process for data processing. Based on the world’s most typical legal systems related to data security and corporate compliance, and drawing on local Chinese judicial cases, this paper provides an in-depth analysis of the current challenges faced by Chinese enterprises in data security compliance. Finally, the paper explores and proposes a comprehensive governance path. Through the implementation of the comprehensive measures proposed in this study, Chinese enterprises now have practical guidance in the increasingly complex data security environment, thereby promoting their stable and sustainable development. Keywords: Data Compliance, Chinese Enterprises, Corporate Governance, Information Security, Compliance

Yi Zhu

DOI: https://doi.org/10.26689/pbes.v7i2.6592

2024-04-29

Proceedings of Business and Economic Studies

Abstract:With the background of enterprise compliance management, this paper discusses how to improve the level of enterprise legal service and reduce enterprise legal risks by optimizing the compliance management system. It aims to analyze the current situation and existing problems of enterprise legal services through the analysis of the importance of compliance management. Furthermore, it delves into the case of enterprise legal service strategy based on compliance management optimization to verify the effectiveness and feasibility of enterprise legal service strategy.

Yawen Wang,Weixian Xue,Anqi Zhang

DOI: https://doi.org/10.4018/jgim.324465

2023-06-09

Journal of Global Information Management

Abstract:Nowadays, the application of enterprise management information has been deeply rooted in daily business activities, and the management risk of enterprise information security (EIS) has also increased. The use of advanced means to provide security protection for it has become the top priority. To optimize the EIS management system, and carry on the risk assessment (RA), firstly, this study analyzes the current situation of the enterprise's internal information management and summarizes the shortcomings and security risks faced by the system. In the era of big data (BD), the security risks of database information systems show a diversified trend. Secondly, to explore the application of BD technology in EIS management, the characteristics of this technology and security control measures for risks are summarized to strengthen the enterprise's information management innovation and implement the application of data security technology.

information science & library science

Zixuan Tian,Chenhao Wen,Jinfeng Fan

DOI: https://doi.org/10.62051/ijsspa.v2n3.22

2024-04-17

Abstract:The primary objective of this research is to ensure the secure and compliant transmission of personal information from China. To this end, the Chinese government has implemented the "Standard Contract Measures for the Export of Personal Information." This study employs both literature review and factor analysis methods to meticulously examine the potential risks in the practical implementation of these measures, and further suggests strategies to address the current challenges. Additionally, the study introduces foreign systems for reference, aiming to guide Chinese enterprises in circumventing legal risks associated with cross-border data flows and ensuring the security and compliance of personal information departing from the country. The findings of this research reveal that the existing legal framework for cross-border data flows in China has certain shortcomings, providing valuable insights for the improvement of China's legal framework and related regulatory systems. Furthermore, it offers practical cautionary value for Chinese enterprises in their operations.

Rui Mei,Han-Bing Yan,Yongqiang He,Qinqin Wang,Shengqiang Zhu,Weiping Wen

DOI: https://doi.org/10.1007/978-981-19-8285-9_4

2022-01-01

Abstract:With the continuous growth of enterprises' digital transformation, business-driven cloud computing has seen tremendous growth. The security community has proposed a large body of technical mechanisms, operational processes, and practical solutions to achieve cloud security. In addition, diverse jurisdictions also present regulatory requirements on data protection to mitigate possible risks, for instance, unauthorized access, data leakage, sensitive information and privacy disclosure. In view of this, several practical standards, frameworks, and best practices in the industry are proposed to evaluate and improve the protection level of cloud data. However, few evaluation models can conduct a comprehensive quantitative evaluation for cloud data protection that includes security, privacy, and even ethical considerations. In this paper, we first make a comprehensive review of cloud data security and privacy issues, especially also including ethical concerns that we consider as a type of specific risks caused by human factors, which refers to acting honorably, honestly, justly, and legally, due diligence, and due care. Then, we propose a novel evaluation model for cloud data protection that can quantitatively assess the protection level. Finally, based on the parallel evaluation between manual assessment by experts and our evaluation model, results show that our evaluation model is consistent with the manual evaluation conclusion.

Ran Wei,Sheng Yao

DOI: https://doi.org/10.1155/2021/7188327

2021-09-06

Mobile Information Systems

Abstract:With the deepening of business informatization, all kinds of business application data are rapidly gathering, which promotes enterprises to enter the era of big data. Enterprises begin to build the concept of big data, deepen the understanding of big data, extract potential data value, and improve the operation ability of enterprises and information systems. At the same time, big data brings internal control information to the system, which is becoming more and more challenging, so enterprises pay more and more attention to the security of the information system. This paper aims to introduce the enterprise financial risk identification and information security management and control under the big data environment and master the enterprise financial risk identification method so that the enterprise can adapt to the needs of the times competition faster and better. This paper introduces the method of identifying financial risk in the background of big data by classifying the methods of financial risk identification and designing the factor model. Through the experimental investigation of the company's financial asset rate, the enterprise financial risk situation is displayed, and the enterprise can improve the internal management to control the financial risk within a certain range. The experimental results show that from 2016 to 2020, the internal control and asset rate of the enterprise affect the financial risk of the enterprise, 82% of the operators only have a reasonable debt structure and sufficient solvency, the operator can operate in a safe state and then maintain a low financial risk, and the operator should also take measures to prevent the occurrence of risk in advance and realize the business goal of maximizing benefits.

computer science, information systems,telecommunications

Wenqin Li,Rongmin Liu,Linhui Sun,Zigu Guo,Jie Gao

DOI: https://doi.org/10.3390/ijerph192316038

IF: 4.614

2022-12-01

International Journal of Environmental Research and Public Health

Abstract:Employee security compliance behavior has become an important safeguard to protect the security of corporate information assets. Focusing on human factors, this paper discusses how to regulate and guide employees' compliance with information security systems through effective methods. Based on protection motivation theory (PMT), a model of employees' intention to comply with the information security system was constructed. A questionnaire survey was adopted to obtain 224 valid data points, and SPSS 26.0 was applied to verify the hypotheses underlying the research model. Then, based on the results of a regression analysis, fuzzy set qualitative comparative analysis (fsQCA) was used to explore the conditional configurations that affect employees' intention to comply with the information security system from a holistic perspective. The empirical results demonstrated that perceived severity, perceived vulnerability, response efficacy, and self-efficacy all positively influenced the employees' intention to comply with the information security system; while rewards and response costs had a negative effect. Threat appraisal had a greater effect on employees' intention to comply with the information security system compared to response appraisal. The fsQCA results showed that individual antecedent conditions are not necessary to influence employees' intention to comply with an information security system. Seven pathways exist that influence an employees' intention to comply with an information security system, with reward, self-efficacy, and response cost being the core conditions having the highest probability of occurring in each configuration of pathways, and with perceived severity and self-efficacy appearing in the core conditions of configurations with an original coverage greater than 40%. Theoretically, this study discusses the influence of the elements of PMT on employees' intention to comply with an information security system, reveals the mechanism of influence of the combination of the influencing factors on the outcome variables, and identifies the core factors and auxiliary factors in the condition configurations, providing a new broader perspective for the study of information security compliance behavior and providing some theoretical support for strengthening enterprise security management. Practically, targeted suggestions are proposed based on the research results, to increase the intention of enterprise employees to comply with information security systems, thereby improving the effectiveness of enterprise information security management and the degree of information security in enterprises.

public, environmental & occupational health,environmental sciences

Excel G Chukwurah,Samuel Aderemi

DOI: https://doi.org/10.51594/csitrj.v5i4.1044

2024-04-17

Computer Science & IT Research Journal

Abstract:Data protection compliance is a critical issue for U.S. technology companies, especially in light of increasingly stringent regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Achieving compliance requires a harmonized approach that aligns internal teams and processes with regulatory requirements. This review explores strategies for U.S. technology companies to harmonize teams and regulations to ensure data protection compliance. The first key strategy is to establish a cross-functional team dedicated to data protection compliance. This team should include representatives from legal, IT, security, and other relevant departments. By bringing together experts from different areas, companies can ensure a comprehensive approach to compliance that takes into account legal requirements, technical capabilities, and organizational policies. Secondly, companies should invest in training and education for all employees on data protection principles and compliance requirements. This includes raising awareness about the importance of data protection, as well as providing specific training on how to handle personal data in accordance with regulations. By ensuring that all employees are informed and knowledgeable about data protection, companies can reduce the risk of non-compliance. Another important strategy is to implement privacy by design and by default principles in product development and business processes. This means building privacy considerations into products and services from the outset, rather than trying to retrofit them later. By incorporating privacy into the design process, companies can ensure that their products and services are compliant with regulations and protect user data. Finally, companies should establish a culture of continuous improvement and accountability when it comes to data protection compliance. This includes regularly reviewing and updating data protection policies and procedures, as well as conducting regular audits and assessments to identify and address compliance gaps. By making data protection a priority at all levels of the organization, companies can reduce the risk of data breaches and non-compliance with regulations. Keywords: Data Protection, Compliance, Strategies, Technology, Regulations.

Wanxiu Xu,Shuo Wang,Xiaodong Zuo

DOI: https://doi.org/10.1016/j.clsr.2024.106061

IF: 2.707

2024-10-02

Computer Law & Security Review

Abstract:China and the United States have traditionally represented the 'security paradigm' and 'freedom paradigm' in their regulatory approaches to cross-border data flow. However, with the introduction of new rules governing these flows in both countries, this article challenges that perspective and explores the potential implications of this shift for global data governance. Specifically, it analyzes how the recent regulations in China and the United States serve as critical turning points affecting the transition between these paradigms, focusing on the overall regulatory frameworks and institutional developments in both nations. The article provides legal, institutional, and case-based examples to illustrate these changes. Furthermore, it offers a comparative analysis of the existing models for cross-border data flow regulation between China and the United States. Targeted compliance advice is provided for multinational corporations and other businesses frequently engaging in international operations that may be impacted by these regulatory changes. This research aims to deliver comprehensive insights into the latest regulatory developments in both countries and their existing models for cross-border data governance, thereby assisting enterprises in developing effective compliance strategies in practice.

law

Ahmed Alkalbani,Hepu Deng,Booi Kam

DOI: https://doi.org/10.48550/arXiv.1606.00875

2016-05-28

Computers and Society

Abstract:The increase reliance on information systems has created unprecedented challenges for organizations to protect their critical information from different security threats that have direct consequences on the corporate liability, loss of credibility, and monetary damage. As a result, the security of information has become a top priority in many organizations. This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees from different organizations, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance in organizations. The study contributes to the information security compliance research by exploring the criticality of socio-organizational factors at the organizational level for information security compliance.

Jiaxing Zhang,Anuo Yang,Feng Shuaishuai

DOI: https://doi.org/10.13052/jwe1540-9589.21314

2022-03-22

Journal of Web Engineering

Abstract:With the development of big data technology, processed data has become an important source of value. Data has played a pivotal role in the development of enterprises, especially internet enterprises. However, Internet enterprise platform companies generally infringe on personal privacy in various stages of information collection, processing and application, and Internet enterprise platform data protection research is of great significance. The study found that the current problems of data protection on Internet enterprise platforms include: extremely weak user data protection measures, intellectual property risks throughout the whole process of big data processing, and infringements that have both new and high-tech characteristics. The high ambiguity in the definition and attribution of “data rights”, the low cost and high concealment of infringements, and the value difference between intellectual property protection and digital economy are the main causes of these problems. As far as the protection path is concerned, we should start from the three aspects of technology empowerment, governance empowerment and legal empowerment, and work together to promote the proper protection of Internet enterprise platform data.

computer science, theory & methods, software engineering

Charlette Donalds,Corlane Barclay

DOI: https://doi.org/10.1080/0960085X.2021.1978344

2021-09-23

European Journal of Information Systems

Abstract:The evolving sophistication of threats and the impact of security breaches have caused managers to continually grapple with strategies to reduce these risks. One common security control is the adoption of information security policies (ISPs) geared at improving employees' compliance behaviour. However, there is mounting empirical evidence that shows that ISP compliance is a challenging undertaking with less than satisfactory outcomes. Further, little attention is placed on developing economies in the study of this phenomenon. This research adopts a values-based methodology to determine fundamental and means objectives in maximising employees' compliance with ISPs in a developing economy context. The research identifies 30 objectives and demonstrates that risk mitigation, people, technical and organisational factors are essential to improving compliance. The results contribute objectives, contextualised to the people for whom the results are relevant, thus promoting deeper understanding. The research offers utility to managers in the design and implementation of InfoSec strategies and policies. The findings can also inform investment decisions regarding compliance tools, methods and technologies. Recognising that security (information and cyber) threats are a global dilemma, we contend that investigating forms of security risks and potential solutions can mitigate the social and economic costs of security incidents.

information science & library science,management,computer science, information systems

Fengyan Wang,Ziyu Hou,Ronaldo Juanatas,Jasmin Niguidula

DOI: https://doi.org/10.26689/pbes.v6i6.5696

2023-12-22

Proceedings of Business and Economic Studies

Abstract:This study explores the risk control and response strategies of state-owned enterprises in the context of big data. Global economic uncertainty poses new challenges to state-owned enterprises, necessitating innovative risk management approaches. This article proposes response strategies from four key aspects: establishing a proactive risk management culture, building a foundation in technology and data, conducting big data-driven risk analysis, and implementing predictive analysis and real-time monitoring. State-owned enterprises can foster a proactive risk management culture by cultivating employee risk awareness, demonstrating leadership, and establishing transparency and open communication. Additionally, data integration and analysis, leveraging the latest technology, are crucial factors that can help companies better identify risks and opportunities.

Jun Tang,Yong Cui,Qi Li,Kui Ren,Jiangchuan Liu,Rajkumar Buyya

DOI: https://doi.org/10.1145/2906153

IF: 16.6

2016-01-01

ACM Computing Surveys

Abstract:With the rapid development of cloud computing, more and more enterprises/individuals are starting to outsource local data to the cloud servers. However, under open networks and not fully trusted cloud environments, they face enormous security and privacy risks (e.g., data leakage or disclosure, data corruption or loss, and user privacy breach) when outsourcing their data to a public cloud or using their outsourced data. Recently, several studies were conducted to address these risks, and a series of solutions were proposed to enable data and privacy protection in untrusted cloud environments. To fully understand the advances and discover the research trends of this area, this survey summarizes and analyzes the state-of-the-art protection technologies. We first present security threats and requirements of an outsourcing data service to a cloud, and follow that with a high-level overview of the corresponding security technologies. We then dwell on existing protection solutions to achieve secure, dependable, and privacy-assured cloud data services including data search, data computation, data sharing, data storage, and data access. Finally, we propose open challenges and potential research directions in each category of solutions.

Juan Du

DOI: https://doi.org/10.1109/mlbdbi54094.2021.00067

2021-12-01

Abstract:With the development of information technology, extracting important data that people need from the vast information has become the key to a successful era. Therefore, big data technology is increasingly recognized by the public. While creating a lot of commercial value for enterprises, it also brings huge challenges to information security and privacy. In the big data environment, data has become an important medium for corporate decision-making, and information security and privacy protection have become the “army battleground” in corporate competition. Therefore, information security and privacy protection are getting more and more attention from enterprises, which also determines whether enterprises can occupy a place in the fiercely competitive market. This article analyzes the information security and privacy protection issues of enterprises in the big data environment from three aspects. Starting from the importance and significance of big data protection, it analyzes the security and privacy issues of big data in enterprise applications, and finally conducts information security and privacy protection for enterprises. Privacy protection puts forward relevant suggestions.

Pan Yang,Naixue Xiong,Jingli Ren

DOI: https://doi.org/10.1109/access.2020.3009876

IF: 3.9

2020-01-01

IEEE Access

Abstract:The new development trends including Internet of Things (IoT), smart city, enterprises digital transformation and world's digital economy are at the top of the tide. The continuous growth of data storage pressure drives the rapid development of the entire storage market on account of massive data generated. By providing data storage and management, cloud storage system becomes an indispensable part of the new era. Currently, the governments, enterprises and individual users are actively migrating their data to the cloud. Such a huge amount of data can create magnanimous wealth. However, this increases the possible risk, for instance, unauthorized access, data leakage, sensitive information disclosure and privacy disclosure. Although there are some studies on data security and privacy protection, there is still a lack of systematic surveys on the subject in cloud storage system. In this paper, we make a comprehensive review of the literatures on data security and privacy issues, data encryption technology, and applicable countermeasures in cloud storage system. Specifically, we first make an overview of cloud storage, including definition, classification, architecture and applications. Secondly, we give a detailed analysis on challenges and requirements of data security and privacy protection in cloud storage system. Thirdly, data encryption technologies and protection methods are summarized. Finally, we discuss several open research topics of data security for cloud storage.

computer science, information systems,telecommunications,engineering, electrical & electronic

Abhishek Pant

DOI: https://doi.org/10.22214/ijraset.2023.56862

2023-11-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: In an era characterized by an unprecedented proliferation of digital information, the safeguarding of sensitive data has emerged as a paramount concern for individuals, businesses, and governments alike. This abstract delves into the critical importance of data security and privacy compliance in contemporary society. As technological advancements continue to redefine the landscape of data generation, collection, and utilization, the potential risks and vulnerabilities associated with unauthorized access and misuse of information have escalated. This paper highlights the multifaceted significance of data security and privacy compliance across various domains. Firstly, it explores the imperative of protecting personal information to uphold individual privacy rights and maintain public trust. The escalating frequency and sophistication of cyber threats underscore the necessity for robust data security measures to thwart unauthorized access, data breaches, and identity theft.

Harrison Stewart,Jan Jürjens

DOI: https://doi.org/10.1108/ics-07-2016-0054

2017-11-13

Information and Computer Security

Abstract:Purpose The aim of this study is to encourage management boards to recognize that employees play a major role in the management of information security. Thus, these issues need to be addressed efficiently, especially in organizations in which data are a valuable asset. Design/methodology/approach Before developing the instrument for the survey, first, effective measurement built upon existing literature review was identified and developed and the survey questionnaires were set according to past studies and the findings based on qualitative analyses. Data were collected by using cross-sectional questionnaire and a Likert scale, whereby each question was related to an item as in the work of Witherspoon et al. (2013). Data analysis was done using the SPSS.3B. Findings Based on the results from three surveys and findings, a principle of information security compliance practices was proposed based on the authors’ proposed nine-five-circle (NFC) principle that enhances information security management by identifying human conduct and IT security-related issues regarding the aspect of information security management. Furthermore, the authors’ principle has enabled closing the gap between technology and humans in this study by proving that the factors in the present study’s finding are interrelated and work together, rather than on their own. Research limitations/implications The main objective of this study was to address the lack of research evidence on what mobilizes and influences information security management development and implementation. This objective has been fulfilled by surveying, collecting and analyzing data and by giving an account of the attributes that hinder information security management. Accordingly, a major practical contribution of the present research is the empirical data it provides that enable obtaining a bigger picture and precise information about the real issues that cause information security management shortcomings. Practical implications In this sense, despite the fact that this study has limitations concerning the development of a diagnostic tool, it is obviously the main procedure for the measurements of a framework to assess information security compliance policies in the organizations surveyed. Social implications The present study’s discoveries recommend in actuality that using flexible tools that can be scoped to meet individual organizational needs have positive effects on the implementation of information security management policies within an organization. Accordingly, the research proposes that organizations should forsake the oversimplified generalized guidelines that neglect the verification of the difference in information security requirements in various organizations. Instead, they should focus on the issue of how to sustain and enhance their organization’s compliance through a dynamic compliance process that involves awareness of the compliance regulation, controlling integration and closing gaps. Originality/value The rapid growth of information technology (IT) has created numerous business opportunities. At the same time, this growth has increased information security risk. IT security risk is an important issue in industrial sectors, and in organizations that are innovating owing to globalization or changes in organizational culture. Previously, technology-associated risk assessments focused on various technology factors, but as of the early twenty-first century, the most important issue identified in technology risk studies is the human factor.

Qingni Shen,Yahui Yang,Zhonghai Wu,Dandan Wang,Min Long

DOI: https://doi.org/10.1504/ijguc.2013.057118

2013-01-01

International Journal of Grid and Utility Computing

Abstract:With the growth of business, an enterprise would like to make its PSC private storage cloud approach an infrastructure service in a partner/public cloud. In such PSCs, there are some new data security issues, First, how to keep the data rest in the PSC isolated from internal and external attackers; second, how to make secure intra-cloud data migration within the enterprise; third, how to secure inter-cloud data migrating between the PSC and the partner/public cloud. In this paper, we propose an architecture design for enforcing data security services on the layer of HDFS in the PSC, including secure data isolation service, secure intra-cloud data migration service, and secure inter-cloud data migration service. Finally, it gives the prototype implemented as pluggable security modules in accord with our custom security policies through AOP Aspect-Oriented Programming method. The time cost is given and evaluated efficiently.

Yanqing Chen

DOI: https://doi.org/10.1155/2022/5994628

2022-01-15

Wireless Communications and Mobile Computing

Abstract:At present, many companies have many problems such as high financial costs, low financial management capabilities, and redundant frameworks; at the same time, the SASAC requires that the enterprise’s financial strategy transfer from “profit-driven” to “value-driven”, finance separate from accounting to improve the operational efficiency of the company. Under this background, more and more enterprise respond to the call of the SASAC; in order to achieve the goals of corporate financial cost savings and financial management efficiency improved, we began to provide services through financial sharing. The research of information fusion theory involves many basic theories, which can be roughly divided into two large categories from the algorithmic point of view: probabilistic statistical method and artificial intelligence method. The main task of artificial intelligence is to realize the computer for some learning, thinking process, and wisdom formation of simulation, and an important goal of information integration is the human brain comprehensive processing ability simulation, so artificial intelligence method will have broad application prospects in the field of information fusion; the common methods have D-S evidence reasoning, fuzzy theory, neural network, genetic algorithm, rough set, and other information fusion methods. The purpose of this paper is to proceed from the internal financial situation of the enterprise, analyze data security issues in the operation of financial shared services, and find a breakthrough in solving problems. But, with constantly expanding of enterprise group financial sharing service scale, the urgent problem to be solved is how to ensure the financial sharing services provided by enterprises in the cloud computing environment. This paper combines financial sharing service theory and information security theory and provides reference for building financial sharing information security for similar enterprises. For some enterprise that have not established a financial shared service center yet, they can learn from the establishment of the financial sharing information security system in this paper and provide a reference for enterprise to avoid the same types of risks and problems. For enterprise that has established and has begun to practice a financial shared information security system, appropriate risk aversion measures combined with actual situation of the enterprise with four dimensions related to information security system optimization was formulated and described in this paper. In summary, in the background of cloud computing, financial sharing services have highly simplified operational applications, and data storage capabilities and computational analysis capabilities have been improved greatly. Not only can it improve the quality of accounting information but also provide technical support for the financial sharing service center of the enterprise group, perform financial functions better, and enhance decision support and strategic driving force, with dual practical significance and theoretical significance.

computer science, information systems,telecommunications,engineering, electrical & electronic