| 商业银行信息科技风险评估研究与实施 |
| |
| 引用本文: | 毛南,姚沛年,曹玉磊,丁辉.商业银行信息科技风险评估研究与实施[J].信息安全与通信保密,2012(5):66-68,71. |
| |
| 作者姓名: | 毛南 姚沛年 曹玉磊 丁辉 |
| |
| 作者单位: | 中国农业银行软件开发中心,北京,100073 |
| |
| 摘 要: | 银行业数据大集中导致风险大集中,一旦发生信息安全事件,可能导致银行一夜关门。通过开展信息科技风险评估工作,提前发现和消除风险隐患显得尤为重要。简要总结ISO 27001、ISO 15408、ISO 13335、NIST风险管理框架、GB/T 20984这5个国内外风险评估标准,介绍了基线风险评估、重要系统风险评估、流程风险评估、资产风险评估的评估方法和管理类、技术类、辅助类风险评估工具,希望能推动银行业风险评估工作。
|
| 关 键 词: | 银行 信息科技 风险评估 |
Research and Implementation of Risk Assessment for Commercial Bank Information Technology |
| |
| MAO Nan,YAO Pei-nian,CAO Yu-lei,DING Hui.Research and Implementation of Risk Assessment for Commercial Bank Information Technology[J].China Information Security,2012(5):66-68,71. |
| |
| Authors: | MAO Nan YAO Pei-nian CAO Yu-lei DING Hui |
| |
| Affiliation: | (Software Development Center, Agricultural Bank of China, Beijing 100073, China) |
| |
| Abstract: | Banking data concentration leads to risk concentration, and an information security incident would lead to the bankruptcy of the bank Information technology risk assessment could help identify and eliminate potential risks in advance. The paper summarizes five domestic and foreign risk assessment standards, including ISO27001, ISO15408, ISO13335, NIST Risk management framework and GB/T 20984, then gives the four risk assessment methods, including baseline risk assessment, important system risk assessment, process risk assessment and asset risk assessment, and finally describes three tools, including management tools, technical tools and auxiliary tool. The authors hope that these could promote the banking risk assessment. |
| |
| Keywords: | bank information technology risk assessment |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
