| 商业银行敏感数据识别与风险分析 |
| |
| 引用本文: | 王衍锋,陈典友,姜帆,关磊,范瑾辉.商业银行敏感数据识别与风险分析[J].计算机安全,2013(10):25-30. |
| |
| 作者姓名: | 王衍锋 陈典友 姜帆 关磊 范瑾辉 |
| |
| 作者单位: | 中国农业银行,北京100073 |
| |
| 基金项目: | 银监会“2013年度银行业信息科技风险管理立项课题”(2013_2-008) |
| |
| 摘 要: | 有效识别商业银行的敏感数据,分析敏感数据在传输与存储等过程中可能存在的泄漏风险,对于制定有针对性的数据安全保护策略有极其重要的意义。在对我国商业银行信息系统充分调研的基础上,提出一种面向安全标的的敏感数据识别方法,对商业银行应该重点保护的敏感数据进行分类识别,并采用全生命周期信息风险防范与控制的方法,分析银行金融系统由于研发过程中设计考虑不充分而导致系统运行过程中可能面临敏感数据信息泄露的风险,结合监管部门、银行行业管理规范及银行机构实际情况,提出商业银行敏感数据保护与控制的建议,为商业银行建立敏感数据安全保护控制相关管理制度和措施奠定必要的基础。
|
| 关 键 词: | 敏感数据 面向安全标的的识别方法 敏感数据分析定义 生命周期风险分析 防范建议 |
Identification and Risk Analysis of Sensitive Data in Commercial Banks |
| |
| Affiliation: | WANG Yan-feng,CHEN Dian-you, JIANG Fan, GUAN Lei, FAN din hui (Agricultural Bank of China, Beijing, 100073) |
| |
| Abstract: | To effectively identify sensitive data of commercial banks and analyze the risk of leakage during theprocess of transmissio and storage, may have very important significance to develop a targeted data security protection strategy. Based on full investigation o our country' s commercial bane information system, a security oriented method for identification of sensitive data is proposed to classif the data which commercial banks should focus on.The paper uses the full--life-cycle information risk prevention and controlling metho to analysis the risk of information leakage cause by insufficient research and development design considerations in the process of systel operation. The paper also concludes with recommendations to the sensitive data protection and control,which will lay the necessary foundatia for the commercial bank to build sensitive data security protection and control measures . |
| |
| Keywords: | sensitive data security-oriented target identification methods definition of sensitive data analysis lifecycle risk analysis~prevention recommendations |
| 本文献已被 维普 等数据库收录! |
|
