發(fā)布時間：2018-01-27 05:26

  本文關(guān)鍵詞： 風(fēng)險評估 風(fēng)險管理 IS027001標(biāo)準(zhǔn) 信息安全管理體系 J2EE技術(shù)　出處：《電子科技大學(xué)》2014年碩士論文　論文類型：學(xué)位論文

【摘要】：隨著計算機技術(shù)高速發(fā)展,網(wǎng)絡(luò)安全也面臨著重大挑戰(zhàn),特別是金融行業(yè)。金融行業(yè)中的網(wǎng)絡(luò)安全問題是隨著銀行策略、組織架構(gòu)、信息系統(tǒng)和操作流程的改變而改變。為了防止和減少風(fēng)險,需要新的安全管理體系去預(yù)防金融網(wǎng)絡(luò)安全的方法。全面風(fēng)險管理作為金融業(yè)乃至信息安全也是新的管理方法,它采用了定性與定量考評方法的風(fēng)險管理的模式實現(xiàn)銀行內(nèi)外環(huán)境變化風(fēng)險評估。本論文以對金融類公司的調(diào)研為基礎(chǔ),結(jié)合金融類公司的實際需求進行了系統(tǒng)的需求分析,并可以根據(jù)用戶的具體要求和未來可能需要添加的功能,該系統(tǒng)在體系結(jié)構(gòu)上采用基于三層的B/S模式,數(shù)據(jù)層采用oracle數(shù)據(jù)庫作為數(shù)據(jù)存儲與管理,利用oracle管理系統(tǒng)大容量數(shù)據(jù)與保持數(shù)據(jù)一致性。Oracle強大的安全性與易用性為系統(tǒng)設(shè)計與數(shù)據(jù)存儲提供了基礎(chǔ)條件,在加上與J2EE技術(shù)的集合,使網(wǎng)頁數(shù)據(jù)更新與后臺數(shù)據(jù)庫更新同步成為可能,有效擴展了金融業(yè)對外提供實時服務(wù)的可能性,在結(jié)構(gòu)上采用基于SOA的多層軟件設(shè)計和基于Struts和Hibernate的數(shù)據(jù)庫中間件,并定義了統(tǒng)一的數(shù)據(jù)訪問接口實現(xiàn)上層應(yīng)用訪問底層數(shù)據(jù)庫,同時進行了基于UDDI注冊服務(wù)中心的信息系統(tǒng)服務(wù)訪問實現(xiàn)。在功能上,系統(tǒng)提供了良好的業(yè)務(wù)模塊管理、數(shù)據(jù)庫管理、數(shù)據(jù)容災(zāi)管理、風(fēng)險計算管理、項目風(fēng)險管理、項目信息管理頁面,通過該頁面可以實現(xiàn)信息增加、刪除、修改,數(shù)據(jù)庫容災(zāi)備份與恢復(fù),自動生成項目風(fēng)險報表,實現(xiàn)項目信息編集操作等。在論文最后通過IS027001評估用例與測試架構(gòu)對金融信息安全風(fēng)險評估測試。本系統(tǒng)主要研究ISO27001風(fēng)險評估與風(fēng)險管理相關(guān)理論,并結(jié)合銀行風(fēng)險評估與風(fēng)險管理實際需求完成銀行風(fēng)險評估與風(fēng)險指標(biāo)量化,并重點將網(wǎng)絡(luò)資產(chǎn)細化表、威脅明細表、網(wǎng)絡(luò)安全威脅的風(fēng)險系數(shù)矩陣的參考表用于銀行安全風(fēng)險、信息資產(chǎn)、系統(tǒng)脆弱性、安全預(yù)警、安全響應(yīng)、網(wǎng)絡(luò)安全管理、安全時間管理中,從而實現(xiàn)銀行威脅及其脆弱性進行定性、定量的風(fēng)險分析,對于研究銀行信息安全具有普遍的意義。
[Abstract]:With the rapid development of computer technology, network security is also facing major challenges, especially in the financial industry. The network security problem in the financial industry is with the banking strategy, organizational structure. Changes in information systems and operating procedures. To prevent and mitigate risks. A new security management system is needed to prevent the financial network security. The overall risk management is also a new management method as the financial industry and even information security. It adopts the risk management model of qualitative and quantitative evaluation methods to realize the risk assessment of the change of internal and external environment of banks. This paper is based on the investigation of financial companies. Combined with the actual needs of financial companies, the system needs analysis, and according to the specific requirements of users and possible future needs to add functions, the system in the architecture of the system based on the three-tier B / S model. Data layer uses oracle database as data storage and management. Make use of oracle management system large capacity data and maintain data consistency. Oracle strong security and ease of use for the system design and data storage provides the basic conditions. With the combination of J2EE technology, it is possible to synchronize the update of web page data with the update of background database, which effectively expands the possibility of the financial industry providing real-time services to the outside world. In the structure, multi-tier software design based on SOA and database middleware based on Struts and Hibernate are adopted. The unified data access interface is defined to realize the upper application access to the underlying database. At the same time, the information system service access implementation based on UDDI registration service center is carried out. The system provides good business module management, database management, data disaster recovery management, risk calculation management, project risk management, project information management page, through which information can be added and deleted. Modify, database disaster recovery and backup, automatically generate project risk report. At the end of this paper, we test the financial information security risk assessment by using IS027001 evaluation case and test architecture. This system mainly studies ISO27001 risk assessment and testing. Theory of risk management. And combined with the actual needs of bank risk assessment and risk management to complete the bank risk assessment and risk index quantification, and focus on the network assets detailed table, threat list. The reference table of the risk coefficient matrix of network security threat is used in bank security risk, information assets, system vulnerability, security early warning, security response, network security management, security time management. Therefore, the qualitative and quantitative risk analysis of bank threat and its vulnerability is of universal significance for the study of bank information security.
【學(xué)位授予單位】：電子科技大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2014
【分類號】：TP393.08
，

本文編號：1467691