Data is of ever-growing importance and is widely considered to be a company’s most valuable asset. Since data is becoming the main driver of business value, data quality and, specifically, data security are of paramount importance to companies. Various regulations related to data cybersecurity have been drawn up, such as the GDPR and the Cybersecurity Act, thus proving the importance placed on data cybersecurity by influential legislative institutions. Several standards related to security have emerged in recent years, most notably those of the ISO/IEC 27000 series. They are, however, focused on management systems and security infrastructure and ignore the security of the data itself. Other standards related to data quality, such as ISO 8000, also fail to address data security in depth. This paper, therefore, proposes a framework for the evaluation of data cybersecurity, consisting of a quality model, an evaluation process, and a tool for the visualization of the assessment results. This evaluation framework has been employed as the basis for a data cybersecurity certification scheme, which complements other certifiable standards related to data and security, such as ISO/IEC 27001 and ISO 8000. This work additionally presents the results of a pilot project in which the data cybersecurity of a commercial product was evaluated. The results of this pilot application allowed us to validate the feasibility of the evaluation framework defined.

中文翻译：

---

使用 ISO/IEC 25012 评估数据网络安全

数据越来越重要，被广泛认为是公司最宝贵的资产。由于数据正在成为商业价值的主要驱动力，因此数据质量，特别是数据安全性对公司来说至关重要。GDPR 和网络安全法等与数据网络安全相关的各种法规已经制定，从而证明了有影响力的立法机构对数据网络安全的重视。近年来出现了一些与安全相关的标准，最著名的是 ISO/IEC 27000 系列标准。然而，他们专注于管理系统和安全基础设施，而忽略了数据本身的安全性。其他与数据质量相关的标准，例如 ISO 8000，也未能深入解决数据安全问题。因此，本文 提出了数据网络安全评估框架，包括质量模型、评估过程和评估结果可视化工具。该评估框架已被用作数据网络安全认证计划的基础，该计划补充了与数据和安全相关的其他可认证标准，例如 ISO/IEC 27001 和 ISO 8000。这项工作还提供了一个试点项目的结果，其中评估了商业产品的数据网络安全。该试点应用程序的结果使我们能够验证所定义的评估框架的可行性。该评估框架已被用作数据网络安全认证计划的基础，该计划补充了与数据和安全相关的其他可认证标准，例如 ISO/IEC 27001 和 ISO 8000。这项工作还提供了一个试点项目的结果，其中评估了商业产品的数据网络安全。该试点应用程序的结果使我们能够验证所定义的评估框架的可行性。该评估框架已被用作数据网络安全认证计划的基础，该计划补充了与数据和安全相关的其他可认证标准，例如 ISO/IEC 27001 和 ISO 8000。这项工作还提供了一个试点项目的结果，其中评估了商业产品的数据网络安全。该试点应用程序的结果使我们能够验证所定义的评估框架的可行性。