Talent Data Information Security Management System Based on Human Resources Platform
By generating a talent information record database, extracting sensitive fields, performing in-depth content scanning and anomaly pattern detection, and combining comprehensive threat quantification with the risk assessment module, the problem of lacking multi-dimensional security risk assessment in existing technologies has been solved. This enables dynamic adjustment of access control policies and improves the ability to discover and determine security risks.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- FUJIAN FUYA TECHNOLOGY CO LTD
- Filing Date
- 2026-03-18
- Publication Date
- 2026-07-10
AI Technical Summary
Existing technologies lack a multi-dimensional, integrated security risk assessment mechanism in human resources platforms, resulting in access control policies failing to respond in real time to dynamic risk changes, lagging permission adjustments, and an inability to accurately quantify the overall security risk level of talent data.
The data processing module generates a talent information record database, the security assessment module extracts sensitive fields, performs in-depth content scanning and anomaly pattern detection, the risk assessment module performs comprehensive threat quantification, and the access control module builds a dynamic authorization mapping table based on a comprehensive security risk profile to generate contextualized access control policies.
It enables multi-dimensional risk correlation analysis of talent data, dynamically adjusts access control policies, improves the ability to discover and judge complex security risks, and realizes the transformation from static to dynamic access control.
Smart Images

Figure CN122367413A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of talent data security technology, and in particular to a talent data information security management system based on a human resources platform. Background Technology
[0002] In data security management of human resources platforms, existing technologies typically employ layered or isolated protection strategies. For structured talent profile data, protection is primarily achieved through field-level access control or data masking techniques; for unstructured attachments such as resumes and certificates, content keyword filtering or simple file permission management is relied upon; monitoring user behavior often involves log auditing based on fixed rules to identify anomalies; and the management of data tags focuses on the standardization and validation of the tag system itself. These measures provide protection for specific types of data or behaviors.
[0003] The existing technical solutions described above have shortcomings. Various security measures operate independently, lacking information sharing and collaborative analysis mechanisms. This prevents the platform from correlating and comprehensively analyzing security information from multiple dimensions, including structured data, unstructured content, user behavior logs, and data tags. Consequently, it is difficult to accurately quantify the overall security risk level of a specific talent data record or user operation. Furthermore, the platform's access control policies are mostly based on preset, static user roles and data classifications, resulting in lagging permission adjustments and an inability to adaptively adjust to the dynamic security risk level assessed in real time. When the risk of the data content itself changes, or when abnormal user behavior patterns emerge, the static permission system cannot respond promptly and accurately.
[0004] The key issues to be addressed are how to conduct multi-dimensional and integrated security risk assessments of talent data, and how to implement dynamic and fine-grained real-time access control based on the assessment results. Summary of the Invention
[0005] The purpose of this invention is to address the shortcomings of existing technologies by proposing a talent data information security management system based on a human resources platform.
[0006] To achieve the above objectives, the present invention adopts the following technical solution: a talent data information security management system based on a human resources platform, comprising: The data processing module collects raw talent data from the human resources platform, and after format standardization and content cleaning, generates a talent information record database containing structured core talent files, unstructured attachment material sequences, operation behavior logs, and sensitive tag sets. The security assessment module performs sensitive field extraction on the structured talent core file to generate a sensitive field list, performs deep content scanning on the unstructured attachment material sequence to identify privacy content fragments, performs abnormal pattern detection on the operation behavior log to generate an abnormal behavior sequence, and performs tag compliance verification on the sensitive tag set to generate tag verification results. The risk assessment module inputs the sensitive field list, the privacy content fragments, the abnormal behavior sequence, and the tag verification results into the risk assessment engine for comprehensive threat quantification and generates a comprehensive security risk profile. The permission management module, based on the comprehensive security risk profile, constructs a dynamic authorization mapping table to perform real-time permission mapping, forming a four-tuple permission matrix that includes personnel roles, data objects, operation types, and allowed time periods. Based on the four-tuple permission matrix, the policy compilation module generates contextualized access control policies for different user identities.
[0007] As a further aspect of the present invention, sensitive fields are extracted from the structured talent core file to generate a list of sensitive fields, including: Based on a pre-defined sensitive data identification rule base, the structured core talent file is matched field by field, and all matching fields are marked as initial sensitive fields. Based on the current business scenario context, the initial sensitive fields are reviewed for necessary verification, and exempted fields that do not need to be processed as sensitive information in the current scenario are selected. After removing the exempted fields from the initial set of sensitive fields, a final list of sensitive fields is generated, which includes field identifiers, the data table to which they belong, and sensitivity level information.
[0008] As a further aspect of the present invention, a content depth scan is performed on the unstructured attachment material sequence to identify privacy content fragments, including: Each document in the attached material sequence is formatted and parsed, and then converted into a unified internal text and metadata representation. Using a preset privacy information pattern, full-text regular expression matching and natural language understanding analysis are performed on the internal text to locate all potential privacy information description content; Analyze the contextual semantics of the potential privacy information description content, and combine it with the file attributes in the metadata representation to determine whether the description content constitutes a substantial exposure of personal privacy; The text or image regions that constitute substantial exposure of personal privacy are located and recorded to form the privacy content fragment containing location information and a content summary.
[0009] As a further aspect of the present invention, abnormal pattern detection is performed on the operation behavior log to generate an abnormal behavior sequence, including: Extract the operation subject, operation object, operation type, timestamp, and operation result sequence from the operation behavior log; A dynamic behavior baseline model is established based on historical normal operating behavior. The dynamic behavior baseline model includes the common operating patterns and frequency ranges of different roles at different time periods. The operation subject, operation object, operation type, timestamp, and operation result sequence are compared with the dynamic behavior baseline model in real time to identify behaviors that deviate from the dynamic behavior baseline model. The abnormal behavior sequence is generated by combining consecutively occurring deviations or single severe deviations in chronological order.
[0010] As a further aspect of the present invention, a tag compliance verification is performed on the sensitive tag set to generate a tag verification result, including: Obtain currently effective data security regulations and platform internal data tagging management specifications, and extract information on sensitive data definitions, classification and grading standards, and usage restrictions. Each label in the sensitive label set is compared with the definition, standard and clause one by one to check the accuracy of the label classification, the rationality of the classification and whether the additional restrictive conditions are complete; Record the verification conclusion for each label, including whether it is correct, incorrect in classification, incorrect in grading, or missing in restriction. Summarize the verification conclusions of all labels to form the label verification result.
[0011] As a further aspect of the present invention, the sensitive field list, the privacy content fragment, the abnormal behavior sequence, and the tag verification result are input into a risk assessment engine for comprehensive threat quantification, generating a comprehensive security risk profile, including: A multidimensional risk factor quantification model is established, which receives the sensitive field list, privacy content fragments, abnormal behavior sequences, and tag verification results as inputs. For the aforementioned list of sensitive fields, calculate the sensitive data exposure risk value based on the field identifiers, the data tables they belong to, and the sensitivity level information. For the privacy content fragment, a privacy leakage risk value is calculated based on the location information it contains and the sensitivity of its content summary; For the aforementioned abnormal behavior sequence, an internal threat risk value is calculated based on the degree and frequency of its behavioral deviation; For the label verification results, a compliance risk value is calculated based on the severity and quantity of errors or omissions. The risk values of sensitive data exposure, privacy leakage, internal threat, and compliance are weighted and fused together, and combined with risk correlation analysis, to generate a comprehensive security risk profile indexed by talent identifiers.
[0012] As a further aspect of the present invention, based on the comprehensive security risk profile, a dynamic authorization mapping table is constructed for real-time permission mapping, forming a four-tuple permission matrix containing personnel roles, data objects, operation types, and permitted time periods, including: Obtain the current role information of all system users and the current comprehensive security risk profile level of all talent data objects; A risk-based access control rule base is pre-defined, which defines the types of operations that users with different roles are allowed to perform on data objects with different risk levels, as well as the time periods during which access is allowed. Based on the access control rule base, and using the current role information and the comprehensive security risk profile level as input, temporary allowed operations and time periods are mapped for each pair of users and data objects through querying and calculation; User roles, data object identifiers, mapped permitted operations, and time periods are organized into independent permission entries, and all permission entries together constitute the four-tuple permission matrix.
[0013] As a further aspect of the present invention, based on the four-tuple permission matrix, a policy compilation module generates contextualized access control policies for different user identities, including: The contextualized access control policy includes a list of permitted operations and mandatory de-identification rules; For each user who logs into the system, extract all permission entries related to the user's role from the four-tuple permission matrix; The extracted permission entries are aggregated and optimized, and entries that target the same data object and have similar operations and time periods are merged to generate a set of permissions for each user. Based on the permission set, a structured policy file is generated for the user. The policy file clearly lists the specific operation types that the user can perform when accessing each type of talent data and the corresponding time window, i.e., the list of permitted operations. Simultaneously, from the permission set, data objects that users have the right to access but have a high data security risk profile level are identified, and data desensitization processing instructions are generated for specific fields of the data objects, namely the mandatory desensitization rules.
[0014] As a further aspect of the present invention, it also includes: The policy execution module parses the contextualized access control policy into specific access control point instructions and data processing action commands, and distributes the access control point instructions and data processing action commands to the data access interface and data processing pipeline of the human resources platform. The contextualized access control policy is parsed into specific access control point instructions and data processing action commands, specifically including: The list of permitted operations in the contextualized access control policy is parsed, and each permitted operation is translated into a corresponding access control point intercept or allow instruction. The access control points are located in the data query interface, file download interface and data export interface of the human resources platform. The mandatory desensitization rules in the contextualized access control policy are parsed, and each desensitization rule is translated into a specific data processing action command when the data flows through the data processing pipeline. The data processing action command includes field masking, data generalization, or content replacement.
[0015] As a further aspect of the present invention, the access control point instructions and data processing action commands are distributed to the data access interface and data processing pipeline of the human resources platform, including: The translated access control point instructions are pushed to the access control agents of each data access interface in real time. The access control agents perform real-time permission decisions based on the received instructions when a user request arrives. The translated data processing action commands are deployed to the rule execution engine of the data processing pipeline. When the talent data is called and flows through the data processing pipeline, the rule execution engine performs corresponding desensitization or transformation operations on the data content according to the data processing action commands.
[0016] Compared with the prior art, the advantages and positive effects of the present invention are as follows: By comprehensively quantifying the sensitive field list from structured core archives, privacy content fragments from unstructured attachments, abnormal sequences from operation behavior logs, and tag compliance verification results, a unified risk profile is generated. This method breaks down the barriers of isolated data analysis in traditional security assessments, enabling multi-dimensional risk correlation analysis of the same data subject or access behavior. Security threat determination no longer relies on a single signal but is based on the aggregation and cross-validation of multiple pieces of evidence, thereby improving the ability to discover and determine complex and hidden security risks.
[0017] Based on real-time generated comprehensive security risk profiles, a four-tuple permission matrix is dynamically constructed, including personnel roles, data objects, operation types, and permitted time periods. This enables access control policies to be adjusted and adapted automatically in real time according to dynamic changes in risk levels. The granting and revocation of permissions are directly linked to the current risk assessment results, realizing a shift from a static, coarse-grained pre-authorization model to a dynamic, precise, real-time authorization model. The granularity of access control is refined to specific data objects and operation actions, and time-based constraints are introduced, thereby effectively enforcing the principle of least necessary permissions in complex business scenarios. Attached Figure Description
[0018] Figure 1 This is a sequence diagram of the talent data information security management system based on a human resources platform as described in this invention; Figure 2 A flowchart for extracting sensitive fields from core structured talent files; Figure 3 A flowchart for detecting abnormal patterns in operation behavior logs; Figure 4 A heatmap showing the access frequency of each role at different times; Figure 5 A multi-dimensional assessment diagram to create a comprehensive security risk profile. Detailed Implementation
[0019] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the invention.
[0020] In the description of this invention, it should be understood that the terms "length," "width," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," and "outer," etc., indicating orientation or positional relationships, are based on the orientation or positional relationships shown in the accompanying drawings and are only for the convenience of describing the invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, or be constructed and operated in a specific orientation, and therefore should not be construed as a limitation of the invention. Furthermore, in the description of this invention, "a plurality of" means two or more, unless otherwise explicitly specified.
[0021] See Figure 1The data management layer, running on the human resources platform, manages talent data throughout its entire lifecycle through collaborative modules. The system's core modules include a data processing module, a security assessment module, a risk assessment module, and a permissions management module. In implementation, the data processing module collects raw talent data from the human resources platform's database, file storage service, and log system. This data includes structured personal files, unstructured resumes and certificate attachments, user operation records, and various sensitive data tags added by the platform. This module performs format standardization and content cleaning on the collected raw data, such as standardizing date formats, removing invalid characters, and supplementing key fields. Ultimately, it generates and maintains a centralized talent information record library, which includes structured core talent files, unstructured attachment material sequences, operation logs, and a set of sensitive tags. The security assessment module performs specific security analyses on each type of data in the record library. This module extracts sensitive fields from structured talent core files, generating a detailed list of sensitive fields; performs deep content scanning on unstructured attachment material sequences to identify fragments of private information; performs anomaly pattern detection on operation behavior logs, extracting suspicious abnormal behavior sequences; and performs tag compliance verification on sensitive tag sets, generating tag verification results reflecting the accuracy of the tags. The risk assessment module integrates a risk assessment engine, receiving four outputs from the security assessment module: a list of sensitive fields, fragments of private information, abnormal behavior sequences, and tag verification results. The engine internally constructs a multi-dimensional risk factor quantification model, transforming these inputs into quantifiable risk values, and performing weighted fusion and correlation analysis. The final output is a comprehensive security risk profile indexed by each talent's unique identifier, depicting the overall security threat level faced by the talent's data. The access control module makes dynamic access authorization decisions based on the aforementioned comprehensive security risk profile. This module first constructs a dynamic authorization mapping table based on the risk profile level and user role information, by querying a preset rule base. This map permissions in real-time into quadruplets consisting of personnel role, data object identifier, allowed operation type, and allowed access time period. All the four-tuples form a global permission matrix. Subsequently, the policy compilation submodule within the permission management module generates a personalized, executable, contextualized access control policy for each user logging into the system based on this permission matrix. This policy directly guides subsequent access control and data anonymization operations.
[0022] See Figure 2In one embodiment of the present invention, the sensitive field extraction function automatically processes the structured talent core file based on a preset sensitive data identification rule library. The sensitive data identification rule library defines field pattern matching rules related to personal privacy and trade secrets. These rules include, but are not limited to, field names that exactly match the keyword "ID number" and field names that fuzzily match strings containing "mobile phone". The system traverses each database field of the structured talent core file, performs field-by-field matching using patterns in the rule library, and marks all successfully matched fields as initial sensitive fields. The necessity of the initial sensitive fields is reviewed in conjunction with the current business scenario context. For example, in the employee salary payment business scenario, although the field "bank_account_number" matches the rules about bank accounts in the rule library, this field is necessary information for executing salary transfers in the current scenario, so this field is filtered as an exempted field. After the initial sensitive field set is processed to remove all exempted fields, a final list of sensitive fields is generated. The sensitive field list records in a structured format that includes field identifiers, the name of the data table to which it belongs, and sensitivity level information determined according to the rule library. The sensitivity level information can be divided into three levels: high, medium, and low.
[0023] In practice, a deep scan of the unstructured attachment material sequence is performed to identify fragments of privacy content. The system performs format recognition and content parsing operations on each independent file in the attachment material sequence. For a file named "Medical Examination Report.pdf", the system parses the PDF document content and converts it into a unified plain text internal text representation, while simultaneously extracting the file's metadata representation, which includes the filename "Medical Examination Report.pdf", the file type "PDF", and the creation time "2026-02-15". A full-text scan of the internal text is performed using a preset privacy information pattern, which includes regular expressions for accurately matching ID card number formats and a natural language understanding model for recognizing disease diagnosis descriptions. The scan locates a segment of internal text containing the content "Diagnosis Conclusion: Suffering from hypertension (Level 2)", which is identified as potential privacy information. The contextual semantics of the potential privacy information description are analyzed, and a judgment is made based on the file attribute "Medical Examination Report.pdf" in the file's metadata representation. The file attribute "Medical Examination Report" is highly semantically related to the disease diagnosis content "suffering from hypertension," therefore, this description is determined to constitute substantial exposure of personal privacy. The system will locate and record the text area that constitutes a substantial exposure of personal privacy, forming a privacy content fragment. The privacy content fragment records the starting character position, ending character position, and content summary "Diagnosis: Suffering from hypertension (grade 2)" in the original file.
[0024] In some embodiments, the matching process of the sensitive data identification rule base supports regular expression validation based on field values. Besides field name matching, the rule base also includes validation rules for field content format. For example, a rule might be defined as: when a field name contains "id" or "ID" and the field value conforms to the resident ID card number validation rules, the field is marked as an initial sensitive field. During the field-by-field matching process, the system not only checks the field name but also samples the data content within the field. For example, it applies the ID card number regular expression to the content "110101199003071234" of the field "user_id_number". If the match is successful, the field "user_id_number" is marked as an initial sensitive field. In some embodiments, the natural language understanding analysis of privacy information patterns employs a context-based named entity recognition model. When scanning internal text, the model can identify and associate scattered privacy entities. For example, it identifies the entities "Zhang San" and "liver cancer" in the internal text and further analyzes the semantics of the sentence "Patient Zhang San was diagnosed with liver cancer," determining from the context that the sentence constitutes an exposure of personal health privacy. Therefore, the entire text area of the sentence "Patient Zhang San was diagnosed with liver cancer" was located and recorded as a private content fragment.
[0025] Optionally, a scenario configuration file is introduced for necessity verification during sensitive field extraction. The scenario configuration file defines a list of sensitive field types that can be exempted under different business scenarios. In the recruitment screening business scenario, the scenario configuration file specifies that the fields "age" and "gender" are exempt from sensitive processing. When performing necessity verification, the system queries the currently active scenario configuration file. If the initial sensitive field "age" exists in the exemption list of the scenario configuration file, then the field "age" is selected as an exempted field. Optionally, the processing of image format attachments during content depth scanning integrates optical character recognition and image sensitive area detection technologies. For a "Holding ID Card Photo.jpg" file, the system first extracts the text content in the image using optical character recognition technology and converts it into an internal text representation. Simultaneously, a pre-trained image recognition model detects whether the photo contains sensitive areas such as faces and ID documents. The system determines that the image contains clear personal facial features and ID document information, constituting substantial exposure of personal privacy. Therefore, the entire image file is recorded as a privacy content fragment, with the content summary of the privacy content fragment being "image containing face and ID document".
[0026] It is understandable that generating the sensitive field list is a dynamic process. In practice, when the data structure of the human resources platform changes or new regulatory requirements are introduced, the sensitive data identification rule base will be updated synchronously. The next time the system executes a sensitive field extraction task, it will re-perform field-by-field matching and necessity verification based on the updated sensitive data identification rule base, thereby generating a sensitive field list reflecting the latest requirements. It is also understandable that the accuracy of identifying privacy content fragments depends on the completeness of privacy information patterns. The privacy information pattern library needs continuous maintenance and expansion to cover newly emerging privacy information description methods. For example, when new ways of expressing personal health information emerge, the corresponding pattern needs to be added to the privacy information pattern library to ensure that deep content scanning can continuously and effectively identify text or image areas that constitute substantial exposure of personal privacy.
[0027] See Figure 3 In one embodiment of the present invention, abnormal pattern detection is performed on the operation behavior log to generate an abnormal behavior sequence. The system first extracts structured operation sequence information from the operation log of the human resources platform. The operation behavior log contains the original log entry "Timestamp: 2026-02-26 03:15:00, User: user_x, Operation: Batch Export, Object: Talent Pool A, Result: Success". The system parses the operation subject "user_x", operation object "Talent Pool A", operation type "Batch Export", timestamp "2026-02-26 03:15:00", and operation result "Success" from the operation behavior log. A dynamic behavior baseline model is established based on historical normal operation behavior. The dynamic behavior baseline model is constructed by analyzing the operation records of the role "Recruitment Specialist" to which "user_x" belongs in the past 90 days. The dynamic behavior baseline model records that the average frequency of the "Batch Export" operation for the "Recruitment Specialist" role is 0.5 times per day during the weekday period from 9:00 to 18:00, and it has never occurred at 03:00 in the early morning. During the real-time detection phase, the system compares the newly extracted operation sequence with the dynamic behavior baseline model in real time. The operation "batch export" occurred at 03:15 AM, and the operator was a "recruitment specialist." The "recruitment specialist" role in the dynamic behavior baseline model never performed a "batch export" operation during this time period. Therefore, the system determines that the "batch export" operation deviates significantly from the dynamic behavior baseline model in terms of timestamp. The system combines consecutively occurring deviations or single severe deviations in chronological order. This single severe deviation is generated as an independent abnormal behavior sequence, recorded as "[Timestamp: 2026-02-26 03:15:00, Operator: user_x, Behavior: Batch data export during non-working hours]".
[0028] In practice, the system performs compliance checks on the sensitive tag set to generate tag verification results. The system retrieves currently effective data security regulations and the platform's internal data tag management specifications. The retrieved data security regulations explicitly define "personal biometric information" as sensitive personal information, and the platform's internal data tag management specifications stipulate that such information must be categorized as "PII_Sensitive_Biometric" and its classification must be "Level_3_Confidential". The sensitive tag set contains a tag "face_photo_tag", whose label content is "Category: PII, Classification: Level_2_Internal". The system compares each tag in the sensitive tag set with the definitions, standards, and clauses in the regulations and specifications one by one. The classification "PII" of the tag "face_photo_tag" is compared with the "PII_Sensitive_Biometric" classification required by the regulations for "personal biometric information," and the two are inconsistent. The classification "Level_2_Internal" of the tag "face_photo_tag" is compared with the standard "Level_3_Confidential," and the two are also inconsistent. The verification conclusion records that the tag "face_photo_tag" is incorrectly classified and incorrectly graded. The system summarizes the verification conclusions of all tags to form the tag verification results. The tag verification results are presented in the form of a structured list, which contains the entries "Tag ID:face_photo_tag, Verification Conclusion: Incorrect Classification & Incorrect Grade, Suggested Correct Classification: PII_Sensitive_Biometric, Suggested Correct Grade: Level_3_Confidential".
[0029] In some embodiments, the establishment of a dynamic behavior baseline model considers multi-dimensional behavioral characteristics. The dynamic behavior baseline model not only includes common operational patterns and frequency ranges for different roles at different times, but also the data risk level of the operational object and the historical distribution of operational results. For example, the dynamic behavior baseline model records the threshold number of times a "department manager" role accesses a "high-risk" talent file within a day. When the system detects that the operational subject "department manager A" accesses a high-risk talent file more than the threshold number of times in a short period, even if the operation occurs during regular working hours, the system will identify this series of accesses as a deviation from the dynamic behavior baseline model and combine these consecutively occurring deviations to generate an abnormal behavior sequence. In some embodiments, the label compliance verification process integrates a completeness check of the restrictions attached to the label. The platform's internal data label management specifications require that sensitive data labels classified as "Level_3_Confidential" must have a "prohibition of cross-border transmission" usage restriction clause attached. When the system checks the label "face_photo_tag," it finds that its classification should be "Level_3_Confidential," but the label attributes lack the "prohibition of cross-border transmission" restriction condition. The verification conclusion records the classification error and the classification error, and also adds a record of "restriction missing." The corresponding entry in the tag verification result is updated to "Tag ID: face_photo_tag, Verification conclusion: Classification error & Grading error & Restriction missing".
[0030] Optionally, frequency deviation calculation in abnormal pattern detection employs sliding window statistics compared to a baseline. The system defines a time sliding window, e.g., one hour, and counts the occurrences of a specific operation type within the sliding window. The real-time frequency obtained from the statistics is compared with the reasonable frequency range for that time period defined in the dynamic behavior baseline model. The frequency deviation is then calculated. The formula is as follows:
[0031] in: Indicates frequency deviation. This indicates the actual frequency of operations observed within the sliding window. This represents the standard operating frequency for the corresponding time period defined in the dynamic behavior baseline model. When the frequency deviates... When the preset threshold is exceeded, the system determines that the behavior deviates from the dynamic behavior baseline model.
[0032] It is understandable that the dynamic behavior baseline model needs to be updated regularly to adapt to the normal evolution of business behavior patterns. As the functions of the HR platform iterate or the organizational structure is adjusted, the normal operating patterns of user roles may change. The dynamic behavior baseline model is retrained and updated at a set period, such as weekly, using the operation logs of the most recent historical period, enabling the dynamic behavior baseline model to reflect the latest normal behavior patterns and reduce false alarms for normal business changes. Similarly, it is understandable that the generation of tag verification results relies on the accurate parsing of regulatory and normative texts. The extraction process of regulatory and normative texts uses natural language processing technology to automatically extract structured definitions, standards, and clauses from unstructured regulatory documents. These rules are converted into machine-readable verification logic for automated comparison with tag attributes in the sensitive tag set, thereby automating the tag compliance verification process.
[0033] In one embodiment of the present invention, the risk assessment engine built into the risk assessment module includes a multi-dimensional risk factor quantification model. This model receives four data items output by the security assessment module: a list of sensitive fields for talent Zhang San, a list containing fragments of Zhang San's privacy-related content, a sequence of abnormal behaviors involving Zhang San's data operations, and a tag verification result for sensitive data labels related to Zhang San. For the list of sensitive fields, the multi-dimensional risk factor quantification model calculates the sensitive data exposure risk value based on the list's content. The sensitive field list shows that Zhang San's structured file contains three highly sensitive fields and two medium-sensitive fields. The field "ID number" is marked as highly sensitive and has a high weight coefficient in the data table "Core Employee Table." The multi-dimensional risk factor quantification model calculates the sensitive data exposure risk value using a weighted formula. For privacy content fragments, the multidimensional risk factor quantification model calculates the privacy leakage risk value based on a list of privacy content fragments. This list contains two records: one record locates a text fragment related to a hypertension diagnosis in the file "Medical Examination Report.pdf," marked as "High" sensitivity; the other record locates the name and school information appearing in the file "Education Certificate.jpg," marked as "Low" sensitivity. The multidimensional risk factor quantification model weights the sensitivity and location depth of all fragments in the privacy content fragment list to arrive at the privacy leakage risk value. For abnormal behavior sequences, the multidimensional risk factor quantification model calculates the internal threat risk value based on these sequences. The abnormal behavior sequence records involving Zhang San's data show three abnormal access behaviors within the past 24 hours: the first behavior deviated from the baseline by 0.8, the second by 0.6, and the third by 0.9. The multidimensional risk factor quantification model combines the degree of deviation and frequency to calculate the internal threat risk value. Based on the label verification results, the multidimensional risk factor quantification model calculates the compliance risk value. The label verification results show that Zhang San's data contains one classification error and one restriction missing error in the sensitive label set. The severity level of the classification error is "medium," and the severity level of the restriction missing error is "high." The multidimensional risk factor quantification model calculates the compliance risk value based on the number and severity levels of the errors.
[0034] In its implementation, the risk assessment engine weights and fuses the calculated sensitive data exposure risk value, privacy leakage risk value, insider threat risk value, and compliance risk value. The weighting coefficients are pre-configured based on business security policies: sensitive data exposure risk value has a weight of 0.4, privacy leakage risk value has a weight of 0.3, insider threat risk value has a weight of 0.2, and compliance risk value has a weight of 0.1. This weighted fusion yields a preliminary comprehensive risk score. The risk assessment engine further performs risk correlation analysis, examining the relationships between different risk dimensions. For example, it checks whether a high sensitive data exposure risk value is temporally correlated with recent abnormal access behavior. The risk correlation analysis revealed that within two hours of Zhang San's sensitive data exposure risk value being marked as "high," a sequence of abnormal access behaviors targeting Zhang San's data occurred. The risk correlation analysis determined a risk superposition effect and corrected the preliminary comprehensive risk score based on correlation rules. Ultimately, the risk assessment engine generates a comprehensive security risk profile indexed by the talent identifier "ZhangSan_001". The comprehensive security risk profile includes a quantified comprehensive risk level of "high risk" and a detailed breakdown of the risk sources. The detailed breakdown of the risk sources records "Sensitive data exposure risk contribution: 45%, privacy leakage risk contribution: 25%, internal threat risk contribution: 20%, compliance risk contribution: 10%".
[0035] In some embodiments, the calculation of sensitive data exposure risk value considers not only the sensitivity level but also the scope of data diffusion. The multidimensional risk factor quantification model introduces a diffusion coefficient when calculating the sensitive data exposure risk value. This diffusion coefficient is determined based on how many business systems or interfaces query the data table containing the sensitive field. For example, the field "phone number" might be marked as highly sensitive, but if its associated "contact information table" is only accessed by one internal system, the diffusion coefficient would be low. The multidimensional risk factor quantification model combines the sensitivity level weight with the diffusion coefficient, calculating the final sensitive data exposure risk value through weighted averages. In some embodiments, the calculation of privacy leakage risk value considers the file sharing status of the privacy content fragments. When processing the list of privacy content fragments, the multidimensional risk factor quantification model queries the current sharing or access permission settings of the original attachment file that generated the privacy content fragment. For example, a medical examination report containing highly sensitive health information, if its file permissions are mistakenly set to "publicly readable within the company," will have a higher privacy leakage risk value multiplier factor assigned by the multidimensional risk factor quantification model, thereby improving the final calculated privacy leakage risk value.
[0036] Optionally, the calculation of the internal threat risk value incorporates both the severity and temporal clustering of behavioral deviations. When analyzing anomalous behavior sequences, the multidimensional risk factor quantification model not only calculates the degree of deviation for individual behaviors but also analyzes the clustering density of multiple deviations over time. For example, multiple instances of moderate deviations occurring consecutively within a short period may result in a higher internal threat risk value than a single isolated, high-degree deviation. The multidimensional risk factor quantification model calculates the internal threat risk value using a time decay function and a clustering enhancement function. The calculation method is as follows:
[0037] in: Indicates the internal threat risk value. This indicates the number of anomalous behaviors within the analysis time window. Indicates the first The degree of deviation of each abnormal behavior, Indicates the current time. Indicates the first The time of occurrence of the abnormal behavior, Indicates the time decay coefficient. Indicates at a point in time A fixed time window nearby The number of abnormal behaviors occurring within, This represents the aggregation enhancement coefficient. The formula is derived from... Assigning lower weights to earlier-occurring behaviors, through Give higher weight to behaviors that aggregate over time.
[0038] Optionally, the calculation of compliance risk value incorporates label coverage as an influencing factor. When calculating the compliance risk value, the multi-dimensional risk factor quantification model considers not only the severity of errors and omissions in the label verification results but also the completeness of the sensitive label set's coverage of the target data. For example, Zhang San's talent data contains 10 sensitive fields that should be labeled, but the sensitive label set only labels 7 of them, resulting in a label coverage rate of 70%. The multi-dimensional risk factor quantification model adds an additional risk penalty item to the compliance risk value based on the number and importance of the uncovered sensitive fields, thus more comprehensively reflecting the compliance risks caused by poor label management. It can be understood that the weighting coefficients of the weighted fusion can be dynamically adjusted based on different security strategy focuses. In scenarios emphasizing data content protection, the weights of sensitive data exposure risk value and privacy leakage risk value can be increased. In scenarios emphasizing internal behavior monitoring, the weight of internal threat risk value can be increased. The risk assessment engine allows administrators to modify the weighting coefficients of each risk value in the multi-dimensional risk factor quantification model through the configuration interface to adapt to the security control requirements of different periods or different business units.
[0039] In one embodiment of the present invention, the access control module makes dynamic authorization decisions based on a comprehensive security risk profile. The access control module first obtains the current role information of all system users; for example, user "Li Si" is currently a "department manager," and user "Wang Wu" is currently a "recruitment specialist." Simultaneously, the access control module obtains the current comprehensive security risk profile level of all talent data objects; for example, talent Zhang San's comprehensive security risk profile level is "high risk," and talent Zhao Liu's comprehensive security risk profile level is "medium risk." The access control module internally pre-defines a risk-based access control rule base, which defines the types of operations allowed for different risk levels of data objects to users with different roles, as well as the allowed access periods. Refer to Table 1, which shows a fragment example of the risk-based access control rule base.
[0040] Table 1: Fragment of Risk-Based Access Control Rule Base
[0041] Based on a risk-based access control rule base, and using the user's current role information and the comprehensive security risk profile level of the data object as input, the permission management module maps temporary allowed operations and time periods for each user-data object combination through querying and calculation. For example, using user "Li Si" (role: department manager) and talent data object "Zhang San" (risk level: high risk) as input, querying the rule base in Table 1 maps the allowed operation type to "read" and the allowed time period to "weekdays 9:00-18:00". The system organizes the user role, data object identifier, and mapped allowed operation and time period into an independent permission entry. All permission entries generated for different user-data object combinations together constitute a four-tuple permission matrix. The four-tuple permission matrix is a dynamically changing matrix that contains records such as the entry "(personnel role: department manager, data object: Zhang San_001, operation type: read, allowed time period: weekdays 9:00-18:00)".
[0042] In practice, the policy compilation module generates contextualized access control policies for different user identities based on the four-tuple permission matrix. The policy compilation module provides services to every user who logs into the system. Taking user "Li Si" logging in as an example, the policy compilation module extracts all permission entries related to user "Li Si's" role "Department Manager" from the four-tuple permission matrix. The extracted permission entries may include read permissions for data object "Zhang San_001", read and edit permissions for data object "Zhao Liu_002", and read permissions for data object "Qian Qi_003". The policy compilation module aggregates and optimizes these extracted permission entries, merging entries that target the same data object and have similar operations and time periods. For example, if there are two permission entries for data object "Zhao Liu_002", one allowing "read" operations for "all day" and the other allowing "edit" operations for "all day", the policy compilation module merges these two entries into one, allowing the combined operations to "read, edit", while maintaining the "all day" time period. After aggregation and optimization, the policy compilation module generates a permission set for user "Li Si". Based on this permission set, the module generates a structured, contextualized access control policy file for "Li Si". The contextualized access control policy consists of two parts: a list of permitted operations and mandatory data masking rules. The list of permitted operations clearly specifies the specific operations that user "Li Si" can perform when accessing each type of talent data, along with the corresponding time windows. For example, the list might include the entry "Data Object: Zhao Liu_002, Permitted Operations: Read, Edit, Time Window: All Day". Simultaneously, the policy compilation module identifies data objects from user "Li Si's" permission set that the user has access to but which have a high data security risk profile. For example, data object "Zhang San_001" has a risk level of "High Risk", but user "Li Si" has "Read" permission for it. The module then generates data masking instructions, i.e., mandatory data masking rules, for specific fields of such data objects. For example, generate a mandatory desensitization rule for the data object "Zhang San_001" that "the field 'ID number' will be masked and displayed as '110101********1234'".
[0043] In some embodiments, the risk-based access control rule base supports more complex logical conditions. Besides data object risk levels and user roles, the risk-based access control rule base can also include other contextual attributes, such as the user's geographical location and the type of device requesting access. A rule can be defined as: when the data object risk level is "high-risk" and the user role is "department manager," only "read" operations are allowed within the "company intranet IP address range." When mapping temporarily allowed operations to time periods, the permission management module needs to evaluate whether these additional contextual conditions are met. Only when all conditions are met will the corresponding permission entry be generated. In some embodiments, the aggregation and optimization process of permission entries considers the inheritance and mutual exclusion relationships between operation types. The policy compilation module maintains an operation type relationship model, which defines that an "edit" operation implicitly includes a "read" operation, while "delete" and "read" operations are independent. When the extracted permission entries contain both "edit" and "read" permissions for the same data object, the policy compilation module can remove the "read" operation from the aggregation result and retain only the "edit" operation based on the operation type relationship model, since "edit" already implies "read" capability, thereby optimizing the simplicity of the policy file.
[0044] Optionally, the dynamic authorization mapping table is constructed using real-time calculation rather than full pre-calculation. The permission management module does not always construct the complete four-tuple permission matrix during system initialization; instead, it triggers real-time mapping calculation when a user initiates an access request or when the risk profile of a data object is updated. When user "Wang Wu" attempts to access data object "Zhang San_001," the permission management module obtains user "Wang Wu's" current role "Recruitment Specialist" and data object "Zhang San_001's" current comprehensive security risk profile level "High Risk" in real time. It then queries the risk-based access control rule base, instantly calculates the allowed operation and time period, and generates a temporary permission entry for this access decision. This real-time calculation method can adapt to rapid changes in permissions and risk levels. Optionally, the generation of mandatory desensitization rules introduces differentiated management based on field sensitivity and user roles. After identifying high-security-risk data objects, the policy compilation module does not apply uniform desensitization rules to all sensitive fields. Instead, the policy compilation module uses a field desensitization rule table, which defines the desensitization strength for different sensitive levels of fields for different user roles. For example, for the "ID number" field, a masking rule of "retaining the first six and last four digits" might be applied for the "department manager" role, while a "complete masking" rule would be applied for the "recruitment specialist" role. The strategy compilation module queries the field masking rule table based on the user "Li Si's" role and the field's sensitivity level to generate specific data masking instructions. The calculation strength of the mandatory masking rules... It can be determined by a function:
[0045] in: This represents the desensitization strength value, used to select a specific desensitization algorithm. It is an adjustment coefficient. This represents the quantitative value of the comprehensive risk profile of the data object. This represents the trust metric for a user's role. Role Trust Level High desensitization strength value for users (such as security administrators) It may be lower, thus allowing more information to be seen.
[0046] It is understandable that contextualized access control policy files need to be generated in a standardized format that the system can parse. Policy files generated by the policy compilation module typically use structured data formats such as JSON or XML to ensure accurate parsing by downstream policy execution modules. The structured design of the policy files ensures that the list of permitted operations and mandatory anonymization rules can be explicitly extracted and executed. It is also understandable that the maintenance of the four-tuple permission matrix needs to be synchronized with changes in user roles and updates to data risk profiles. When the role of user "Li Si" in the human resources platform changes from "department manager" to "ordinary employee," the permission management module needs to detect this change event and trigger a recalculation and update of all permission entries related to user "Li Si" in the four-tuple permission matrix. This ensures that the data in the matrix is consistent with the actual state, thereby guaranteeing the correctness of subsequently generated contextualized access control policies.
[0047] See Figure 4 This is a heatmap showing the access frequency of different roles at different times within the Human Resources Platform's Talent Data Information Security Management System. It visually illustrates the access frequency of different user roles at different times. Security administrators have the most dispersed access times, with high frequency throughout weekdays and weekends, reflecting their 24 / 7 operational nature. Department managers have extremely high access frequency between 9:00 AM and 6:00 PM on weekdays, consistent with core business operations. Recruitment specialists' access behavior is highly concentrated during weekday working hours, with almost no access on weekends and outside of working hours. Ordinary employees have generally low access frequency and strictly adhere to working hour restrictions. The peak access time for all roles is between 2:00 PM and 6:00 PM on weekdays, coinciding with peak business processing times. After 6:00 PM on weekends and weekdays, access frequency drops sharply for all roles except security administrators, consistent with the time-based restrictions in the access policy.
[0048] In one embodiment of the present invention, the policy execution module receives a contextualized access control policy generated by the permission management module for a specific user. Taking the contextualized access control policy for user "Li Si" as an example, the policy file includes a list of permitted operations and a mandatory de-identification rule. The list of permitted operations includes the entry "Data object: Zhao Liu_002, Permitted operations: Read, Edit, Time window: All day". The mandatory de-identification rule includes the entry "Data object: Zhang San_001, Field: ID card number, De-identification instruction: Mask, Mode: Keep the first six and last four digits, replace the remaining characters with ''". The policy execution module parses the list of permitted operations in the contextualized access control policy and translates each permitted operation into a corresponding access control point instruction. For the entry "Data Object: Zhao Liu_002, Allowed Operations: Read, Edit, Time Window: All Day" in the permitted operation list, the policy execution module translates it into an access control point instruction deployed on the data query interface of the human resources platform. The instruction content is "When user 'Li Si' requests to 'read' or 'edit' data object 'Zhao Liu_002', and the current time is within the allowed time period, the access control point allows it; otherwise, it blocks it." The policy execution module parses the mandatory de-identification rules in the contextualized access control policy, translating each de-identification rule into a specific data processing action command when the data flows through the data processing pipeline. For the entry "Data object: Zhang San_001, Field: ID card number, Desensitization instruction: Mask, Mode: Keep the first six and last four characters, and replace the rest with ''" in the mandatory desensitization rule, the policy execution module translates it into a data processing action command. The command content is "When the data of the 'ID card number' field of data object 'Zhang San_001' flows through the data processing pipeline and the target user is 'Li Si', perform a masking operation on the field value: extract the first 6 and last 4 characters, and fill the middle part with '*' to the original length".
[0049] In implementation, the policy execution module distributes the translated access control point instructions and data processing action commands to the human resources platform. The policy execution module pushes the access control point instructions to the access control agents of each data access interface in real time. Upon receiving the instructions, the access control agent deployed at the data query interface performs real-time permission adjudication when user "Li Si's" request arrives at the data query interface. When user "Li Si" initiates a request to query the details of talent "Zhao Liu_002", the access control agent of the data query interface checks the user role, request operation type, data object identifier, and current time based on the received instructions. If the request meets the permission conditions, it allows the request to proceed to the backend business logic. The policy execution module deploys the translated data processing action commands to the rule execution engine of the data processing pipeline. After user "Li Si's" request is allowed, the backend business logic retrieves the data of talent "Zhang San_001" from the database, including the ID number "110101199003071234". Before returning the data to user "Li Si", the data flows through the data processing pipeline. The rule execution engine of the data processing pipeline performs a specified masking operation on the ID number field of the data object "Zhang San_001" based on the deployed data processing action commands for user "Li Si". The field value is transformed into "110101********1234", and then the de-identified data is returned to user "Li Si".
[0050] In some embodiments, the distribution of access control point (ACCP) instructions is differentiated for different types of interfaces. The data export interface of a human resources platform typically involves batch data operations. When the policy execution module parses the "export" operation permission in the permission operation list, the generated ACCP instructions not only contain permission adjudication logic but may also include additional restrictions. For example, the instructions may include additional instructions such as "the maximum number of data objects exported at one time is 100" or "exporting data objects containing the 'high-risk' level is prohibited." These specific restrictions are also encoded into the ACCP instructions and pushed to the access control agent of the data export interface. In some embodiments, data processing action commands support complex combinations and conditional logic. The mandatory desensitization rules parsed by the policy execution module may not be simple field replacements but involve multi-field association desensitization or conditional desensitization. For example, a mandatory desensitization rule might be defined as "when the user role is 'recruitment specialist' and the data object risk level is 'high-risk,' the 'phone number' field is completely masked, and the 'email' field is partially masked by the domain name." The policy execution module needs to translate this rule into a set of data processing action commands with execution condition judgments. The commands will be deployed to the rule execution engine. When processing the data stream, the rule execution engine needs to dynamically assess the current user role and the risk level of the data object before deciding which specific set of de-identification actions to execute.
[0051] Optionally, the translation of access control point instructions is standardized using an intermediate description language. To adapt to the various heterogeneous data access interfaces that may exist on the human resources platform, a unified access control policy description language is defined internally within the policy execution module. The policy execution module compiles the list of permitted operations in contextualized access control policies into an instruction set of this intermediate description language, which includes attributes such as subject, resource, action, and environment. Each data access interface's access control agent has a built-in lightweight interpreter capable of parsing and executing this intermediate description language instruction set, thereby achieving unified cross-interface distribution and execution of policies. The degree of standardization of access control point instructions... It can be measured by one indicator:
[0052] in: This indicates the degree of standardization of the instructions, with a value between 0 and 1. This indicates the number of instructions that require customized conversion logic for a specific interface. This indicates the total number of operation permission entries in the contextualized access control policy. The higher the value, the more universal the instructions generated by the strategy execution module are, and the less work is required to adapt them to different interfaces.
[0053] Optionally, the rule execution engine of the data processing pipeline employs a content-aware dynamic masking strategy. For unstructured attachments, the mandatory masking rule may not target a specific field, but rather the document content pattern. For example, a mandatory masking rule might be "mask all ID card numbers appearing in the file." The strategy execution module translates this rule into a data processing action command: "Enable content-aware masker, pattern: ID card number regular expression, action: global mask." Upon receiving this command, the rule execution engine dynamically scans the text content, identifies, and masks all information matching the ID card number pattern when processing unstructured data streams such as resume documents.
[0054] It's understandable that the real-time adjudication process of the access control agent needs to be closely tied to the user session state. When the policy enforcement module pushes access control point instructions to the access control agent, the instructions take effect on a specific user session. The access control agent needs to maintain a mapping between user session identifiers and corresponding permission instructions. During user "Li Si's" session, the access control agent makes adjudications based on the mapped instruction set; when user "Li Si" logs out or the session times out, the access control agent clears the relevant instruction mappings to ensure that no permissions remain.
[0055] See Figure 5This is a multi-dimensional assessment chart of comprehensive security risks, which quantifies and scores overall security risks across four key dimensions. Sensitive data exposure scores approximately 8 points, the highest risk among the four dimensions, indicating the exposure of numerous highly sensitive core personnel file fields within the system. Privacy leakage scores approximately 7 points, the second highest risk, reflecting substantial exposure of personal privacy fragments in unstructured attachments. Compliance scores approximately 8 points, a relatively high risk, indicating numerous errors or omissions in the classification, grading, or restrictions of sensitive labels. Insider threat scores approximately 7 points, also a prominent risk, meaning that numerous abnormal behaviors deviating from the baseline were detected in the operational behavior logs. The scores across all four dimensions are at a high level, forming a balanced but overall high risk profile.
[0056] The above are merely preferred embodiments of the present invention and are not intended to limit the present invention in any other way. Any person skilled in the art may make changes or modifications to the above-disclosed technical content to create equivalent embodiments that can be applied to other fields. However, any simple modifications, equivalent changes, and modifications made to the above embodiments based on the technical essence of the present invention without departing from the scope of the present invention shall still fall within the protection scope of the present invention.
Claims
1. A talent data information security management system based on a human resources platform, characterized in that: The system includes: The data processing module collects raw talent data from the human resources platform, and after format standardization and content cleaning, generates a talent information record database containing structured core talent files, unstructured supplementary material sequences, operation behavior logs, and sensitive tag sets. The security assessment module performs sensitive field extraction on the structured talent core file to generate a sensitive field list, performs deep content scanning on the unstructured attachment material sequence to identify privacy content fragments, performs abnormal pattern detection on the operation behavior log to generate an abnormal behavior sequence, and performs tag compliance verification on the sensitive tag set to generate tag verification results. The risk assessment module inputs the sensitive field list, the privacy content fragments, the abnormal behavior sequence, and the tag verification results into the risk assessment engine for comprehensive threat quantification and generates a comprehensive security risk profile. The permission management module, based on the comprehensive security risk profile, constructs a dynamic authorization mapping table to perform real-time permission mapping, forming a four-tuple permission matrix that includes personnel roles, data objects, operation types, and allowed time periods. Based on the four-tuple permission matrix, the policy compilation module generates contextualized access control policies for different user identities.
2. The talent data information security management system based on a human resources platform according to claim 1, characterized in that, Sensitive fields are extracted from the structured talent core files, generating a list of sensitive fields, including: Based on a pre-defined sensitive data identification rule base, the structured core talent file is matched field by field, and all matching fields are marked as initial sensitive fields. Based on the current business scenario context, the initial sensitive fields are reviewed for necessary verification, and exempted fields that do not need to be processed as sensitive information in the current scenario are selected. After removing the exempted fields from the initial set of sensitive fields, a final list of sensitive fields is generated, which includes field identifiers, the data table to which they belong, and sensitivity level information.
3. The talent data information security management system based on a human resources platform according to claim 2, characterized in that, A deep content scan was performed on the unstructured attachment material sequence to identify privacy content fragments, including: Each document in the attached material sequence is formatted and parsed, and then converted into a unified internal text and metadata representation. Using a preset privacy information pattern, full-text regular expression matching and natural language understanding analysis are performed on the internal text to locate all potential privacy information description content; Analyze the contextual semantics of the potential privacy information description content, and combine it with the file attributes in the metadata representation to determine whether the description content constitutes a substantial exposure of personal privacy; The text or image regions that constitute substantial exposure of personal privacy are located and recorded to form the privacy content fragment containing location information and a content summary.
4. The talent data information security management system based on a human resources platform according to claim 3, characterized in that, Perform abnormal pattern detection on the operation behavior log to generate an abnormal behavior sequence, including: Extract the operation subject, operation object, operation type, timestamp, and operation result sequence from the operation behavior log; A dynamic behavior baseline model is established based on historical normal operating behavior. The dynamic behavior baseline model includes the common operating patterns and frequency ranges of different roles at different time periods. The operation subject, operation object, operation type, timestamp, and operation result sequence are compared with the dynamic behavior baseline model in real time to identify behaviors that deviate from the dynamic behavior baseline model. The abnormal behavior sequence is generated by combining consecutively occurring deviations or single severe deviations in chronological order.
5. The talent data information security management system based on a human resources platform according to claim 4, characterized in that, Perform tag compliance verification on the set of sensitive tags and generate tag verification results, including: Obtain currently effective data security regulations and platform internal data tagging management specifications, and extract information on sensitive data definitions, classification and grading standards, and usage restrictions. Each label in the sensitive label set is compared with the definition, standard and clause one by one to check the accuracy of the label classification, the rationality of the classification and whether the additional restrictive conditions are complete; Record the verification conclusion for each label, including whether it is correct, incorrect in classification, incorrect in grading, or missing in restriction. Summarize the verification conclusions of all labels to form the label verification result.
6. The talent data information security management system based on a human resources platform according to claim 5, characterized in that, The sensitive field list, the privacy content fragments, the abnormal behavior sequence, and the tag verification results are input into the risk assessment engine for comprehensive threat quantification, generating a comprehensive security risk profile, including: A multidimensional risk factor quantification model is established, which receives the sensitive field list, privacy content fragments, abnormal behavior sequences, and tag verification results as inputs. For the aforementioned list of sensitive fields, calculate the sensitive data exposure risk value based on the field identifiers, the data tables they belong to, and the sensitivity level information. For the privacy content fragment, a privacy leakage risk value is calculated based on the location information it contains and the sensitivity of its content summary; For the aforementioned abnormal behavior sequence, an internal threat risk value is calculated based on the degree and frequency of its behavioral deviation; For the label verification results, a compliance risk value is calculated based on the severity and quantity of errors or omissions. The risk values of sensitive data exposure, privacy leakage, internal threat, and compliance are weighted and fused together, and combined with risk correlation analysis, to generate a comprehensive security risk profile indexed by talent identifiers.
7. The talent data information security management system based on a human resources platform according to claim 6, characterized in that, Based on the comprehensive security risk profile, a dynamic authorization mapping table is constructed for real-time permission mapping, forming a four-tuple permission matrix that includes personnel roles, data objects, operation types, and permitted time periods, including: Obtain the current role information of all system users and the current comprehensive security risk profile level of all talent data objects; A risk-based access control rule base is pre-defined, which defines the types of operations that users with different roles are allowed to perform on data objects with different risk levels, as well as the time periods during which access is allowed. Based on the access control rule base, and using the current role information and the comprehensive security risk profile level as input, temporary allowed operations and time periods are mapped for each pair of users and data objects through querying and calculation; User roles, data object identifiers, mapped permitted operations, and time periods are organized into independent permission entries, and all permission entries together constitute the four-tuple permission matrix.
8. The talent data information security management system based on a human resources platform according to claim 7, characterized in that, Based on the aforementioned four-tuple permission matrix, the policy compilation module generates contextualized access control policies tailored to different user identities, including: The contextualized access control policy includes a list of permitted operations and mandatory de-identification rules; For each user who logs into the system, extract all permission entries related to the user's role from the four-tuple permission matrix; The extracted permission entries are aggregated and optimized, and entries that target the same data object and have similar operations and time periods are merged to generate a set of permissions for each user. Based on the permission set, a structured policy file is generated for the user. The policy file clearly lists the specific operation types that the user can perform when accessing each type of talent data and the corresponding time window, i.e., the list of permitted operations. Simultaneously, from the permission set, data objects that users have the right to access but have a high data security risk profile level are identified, and data desensitization processing instructions are generated for specific fields of the data objects, namely the mandatory desensitization rules.
9. The talent data information security management system based on a human resources platform according to claim 8, characterized in that, Also includes: The policy execution module parses the contextualized access control policy into specific access control point instructions and data processing action commands, and distributes the access control point instructions and data processing action commands to the data access interface and data processing pipeline of the human resources platform. The contextualized access control policy is parsed into specific access control point instructions and data processing action commands, specifically including: The list of permitted operations in the contextualized access control policy is parsed, and each permitted operation is translated into a corresponding access control point intercept or allow instruction. The access control points are located in the data query interface, file download interface and data export interface of the human resources platform. The mandatory desensitization rules in the contextualized access control policy are parsed, and each desensitization rule is translated into a specific data processing action command when the data flows through the data processing pipeline. The data processing action command includes field masking, data generalization, or content replacement.
10. The talent data information security management system based on a human resources platform according to claim 9, characterized in that, Distributing the access control point instructions and data processing action commands to the data access interface and data processing pipeline of the human resources platform includes: The translated access control point instructions are pushed to the access control agents of each data access interface in real time. The access control agents perform real-time permission decisions based on the received instructions when a user request arrives. The translated data processing action commands are deployed to the rule execution engine of the data processing pipeline. When the talent data is called and flows through the data processing pipeline, the rule execution engine performs corresponding desensitization or transformation operations on the data content according to the data processing action commands.