| With the accelerated innovation of Internet,big data,cloud computing,blockchain and other technologies,new technologies are gradually integrated into the whole process of economic and social development.Countries are competing to formulate digital economy development strategies and introduce incentive policies."Accelerating Digital Development and Building a Digital China" is also a separate chapter in the Party’s 14 th five-year Plan and the outline of the long-term goal of 2035.With the support of technology and policy,big data’s reserves have increased explosively,the storage mode,speed and manifestation of information have changed greatly,and privacy has been violated inadvertently.In addition,incidents such as telecom fraud case,tampering and reselling of personal information data have also emerged one after another,and data governance has become a new topic.China’s first Personal Information Protection Law was promulgated on November 1st,2021,which clearly defines the rules of personal information processing and the obligations of personal information processors.At the same time,it is clearly stated in articles 54 and 64 that personal information processors should receive personal information compliance audits on a regular basis.The New Audit Law was officially implemented on January 1st,2022,it added the expression of personal privacy and personal information to some articles,and personal privacy and personal information were added as confidential content in auditing.In addition,the protection of private data also has multiple basis in laws and regulations.Through the privacy protection audit of information system,it plays a certain role in curbing the illegal collection,abuse and leakage of personal information,and protecting the legitimate rights and interests of individuals and social and public interests.However,at present,the information system privacy protection audit is still in the exploratory stage,and the development of information system privacy protection audit by many auditors is still in a vague state,so this paper constructs the information system privacy protection audit framework,it makes up for the lack of personal information protection audit theory at present.After clarifying the relationship between privacy and security and comparing the domestic and foreign information system audit standards,this paper constructs the information system privacy protection audit framework based on COBIT 2019 by determining the information system privacy protection audit objectives,on the basis of audit-related theories and privacy management theories,and according to China’s current information system audit standards and relevant laws and regulations.At the same time,combined with the relevant laws and regulations,technical specifications and other documents on the protection of personal information,add some control points and risk points.Finally,combined with the case,the application of the framework to the information system privacy protection audit proves that the framework is feasible and effective,in order to have a certain reference significance for other departments to carry out information system privacy protection audit.Through case analysis and practice summary,the information system privacy protection audit framework based on COBIT 2019 is feasible and effective at both theoretical and application levels,found the shortcomings of the audited units in the protection of personal information,and put forward targeted suggestions.The audit content of the information system privacy protection audit framework based on COBIT 2019 is comprehensive,and the audit process design is scientific and reasonable,but there are also some shortcomings,for example,due to limited practical experience,the author only applied the framework to the housing provident fund sector.The application scenarios have certain limitations,and there may be problems such as insufficient consideration,lack of depth and breadth,etc. |
PDF Full Text Request