本文關(guān)鍵詞： 風(fēng)險(xiǎn)評(píng)估 風(fēng)險(xiǎn)管理 IS027001標(biāo)準(zhǔn) 信息安全管理體系 J2EE技術(shù)　出處：《電子科技大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著計(jì)算機(jī)技術(shù)高速發(fā)展,網(wǎng)絡(luò)安全也面臨著重大挑戰(zhàn),特別是金融行業(yè)。金融行業(yè)中的網(wǎng)絡(luò)安全問(wèn)題是隨著銀行策略、組織架構(gòu)、信息系統(tǒng)和操作流程的改變而改變。為了防止和減少風(fēng)險(xiǎn),需要新的安全管理體系去預(yù)防金融網(wǎng)絡(luò)安全的方法。全面風(fēng)險(xiǎn)管理作為金融業(yè)乃至信息安全也是新的管理方法,它采用了定性與定量考評(píng)方法的風(fēng)險(xiǎn)管理的模式實(shí)現(xiàn)銀行內(nèi)外環(huán)境變化風(fēng)險(xiǎn)評(píng)估。本論文以對(duì)金融類公司的調(diào)研為基礎(chǔ),結(jié)合金融類公司的實(shí)際需求進(jìn)行了系統(tǒng)的需求分析,并可以根據(jù)用戶的具體要求和未來(lái)可能需要添加的功能,該系統(tǒng)在體系結(jié)構(gòu)上采用基于三層的B/S模式,數(shù)據(jù)層采用oracle數(shù)據(jù)庫(kù)作為數(shù)據(jù)存儲(chǔ)與管理,利用oracle管理系統(tǒng)大容量數(shù)據(jù)與保持?jǐn)?shù)據(jù)一致性。Oracle強(qiáng)大的安全性與易用性為系統(tǒng)設(shè)計(jì)與數(shù)據(jù)存儲(chǔ)提供了基礎(chǔ)條件,在加上與J2EE技術(shù)的集合,使網(wǎng)頁(yè)數(shù)據(jù)更新與后臺(tái)數(shù)據(jù)庫(kù)更新同步成為可能,有效擴(kuò)展了金融業(yè)對(duì)外提供實(shí)時(shí)服務(wù)的可能性,在結(jié)構(gòu)上采用基于SOA的多層軟件設(shè)計(jì)和基于Struts和Hibernate的數(shù)據(jù)庫(kù)中間件,并定義了統(tǒng)一的數(shù)據(jù)訪問(wèn)接口實(shí)現(xiàn)上層應(yīng)用訪問(wèn)底層數(shù)據(jù)庫(kù),同時(shí)進(jìn)行了基于UDDI注冊(cè)服務(wù)中心的信息系統(tǒng)服務(wù)訪問(wèn)實(shí)現(xiàn)。在功能上,系統(tǒng)提供了良好的業(yè)務(wù)模塊管理、數(shù)據(jù)庫(kù)管理、數(shù)據(jù)容災(zāi)管理、風(fēng)險(xiǎn)計(jì)算管理、項(xiàng)目風(fēng)險(xiǎn)管理、項(xiàng)目信息管理頁(yè)面,通過(guò)該頁(yè)面可以實(shí)現(xiàn)信息增加、刪除、修改,數(shù)據(jù)庫(kù)容災(zāi)備份與恢復(fù),自動(dòng)生成項(xiàng)目風(fēng)險(xiǎn)報(bào)表,實(shí)現(xiàn)項(xiàng)目信息編集操作等。在論文最后通過(guò)IS027001評(píng)估用例與測(cè)試架構(gòu)對(duì)金融信息安全風(fēng)險(xiǎn)評(píng)估測(cè)試。本系統(tǒng)主要研究ISO27001風(fēng)險(xiǎn)評(píng)估與風(fēng)險(xiǎn)管理相關(guān)理論,并結(jié)合銀行風(fēng)險(xiǎn)評(píng)估與風(fēng)險(xiǎn)管理實(shí)際需求完成銀行風(fēng)險(xiǎn)評(píng)估與風(fēng)險(xiǎn)指標(biāo)量化,并重點(diǎn)將網(wǎng)絡(luò)資產(chǎn)細(xì)化表、威脅明細(xì)表、網(wǎng)絡(luò)安全威脅的風(fēng)險(xiǎn)系數(shù)矩陣的參考表用于銀行安全風(fēng)險(xiǎn)、信息資產(chǎn)、系統(tǒng)脆弱性、安全預(yù)警、安全響應(yīng)、網(wǎng)絡(luò)安全管理、安全時(shí)間管理中,從而實(shí)現(xiàn)銀行威脅及其脆弱性進(jìn)行定性、定量的風(fēng)險(xiǎn)分析,對(duì)于研究銀行信息安全具有普遍的意義。
[Abstract]:With the rapid development of computer technology, network security is also facing major challenges, especially in the financial industry. The network security problem in the financial industry is with the banking strategy, organizational structure. Changes in information systems and operating procedures. To prevent and mitigate risks. A new security management system is needed to prevent the financial network security. The overall risk management is also a new management method as the financial industry and even information security. It adopts the risk management model of qualitative and quantitative evaluation methods to realize the risk assessment of the change of internal and external environment of banks. This paper is based on the investigation of financial companies. Combined with the actual needs of financial companies, the system needs analysis, and according to the specific requirements of users and possible future needs to add functions, the system in the architecture of the system based on the three-tier B / S model. Data layer uses oracle database as data storage and management. Make use of oracle management system large capacity data and maintain data consistency. Oracle strong security and ease of use for the system design and data storage provides the basic conditions. With the combination of J2EE technology, it is possible to synchronize the update of web page data with the update of background database, which effectively expands the possibility of the financial industry providing real-time services to the outside world. In the structure, multi-tier software design based on SOA and database middleware based on Struts and Hibernate are adopted. The unified data access interface is defined to realize the upper application access to the underlying database. At the same time, the information system service access implementation based on UDDI registration service center is carried out. The system provides good business module management, database management, data disaster recovery management, risk calculation management, project risk management, project information management page, through which information can be added and deleted. Modify, database disaster recovery and backup, automatically generate project risk report. At the end of this paper, we test the financial information security risk assessment by using IS027001 evaluation case and test architecture. This system mainly studies ISO27001 risk assessment and testing. Theory of risk management. And combined with the actual needs of bank risk assessment and risk management to complete the bank risk assessment and risk index quantification, and focus on the network assets detailed table, threat list. The reference table of the risk coefficient matrix of network security threat is used in bank security risk, information assets, system vulnerability, security early warning, security response, network security management, security time management. Therefore, the qualitative and quantitative risk analysis of bank threat and its vulnerability is of universal significance for the study of bank information security.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08
，

本文編號(hào)：1467691