The Research On Risk Management Of Commercial Bank Data Center

Nowadays,the trend of globalization is becoming more and more obvious.Information technology has become a necessary condition for the survival and development of commercial banks.The production,operation and maintenance risk of commercial bank data center information system has become the only major risk that can paralyze the banking business in an instant,which is related to financial stability,social stability and even national security.At the same time,with the globalization of banking business,the production and operation of data centers will face different regulatory requirements from different countries and regions,which poses a higher challenge to the compliance risk control of data centers.Faced with the above two kinds of risks,how to further promote the transformation of risk management system in data center,how to effectively control the operation and maintenance risks of information system after global centralization,how to ensure that the operation and maintenance work fully complies with domestic and foreign regulatory requirements,how to achieve new breakthroughs in high-quality service and compliance operation,and how to strongly support the implementation of global integration strategy,have become the information technology work of commercial banks.There is an urgent problem to be solved.This paper studies the risk management of data centers in the context of the global integration of commercial bank information systems.Based on the analysis of the relevant theories at home and abroad and the current practice of risk management of commercial bank data centers,this paper establishes a wind suitable for the operation and maintenance characteristics of commercial bank data centers,aiming at the two major types of risks faced by commercial bank data centers: operation and maintenance risks and compliance risks.Based on this,a set of risk management system implementation methods for data center global integration operation and maintenance are proposed,including a management framework,a set of risk baseline,three control measures and three types of improvement mechanisms.The existing problems in the integrity of risk identification and risk control refinement are solved,and the global integration of information systems has been selected.A Bank of Centralized Operations and Maintenance(hereinafter referred to as "Bank A")carried out case studies.The specific research contents and innovations of this paper are as follows:(1)Based on the traditional risk management theory and best practices of information technology,this paper puts forward a risk management model of data center with risk baseline as the core,comprehensive risk control mechanism and continuous improvement mechanism of risk management as the support,and a specific risk management system implementation method around the risks of operation and compliance faced by commercial bank data center.Under the guidance of this model,a data center risk management framework with three layers of coverage,target and control is established to realize the unified management and control of compliance risk and operation and maintenance risk under the same management system.(2)The risk baseline model of data center is studied,and three kinds of baselines,compliance risk baseline,operation and maintenance risk baseline and safety standard baseline,are proposed.The corresponding risk baseline model and risk assessment model are established.Through risk baseline,solidify risk assessment experience,standardize risk assessment work,reduce the dependence on personnel experience and skills,and improve the efficiency of risk assessment.Based on the case of Bank A,this paper explores the application of compliance risk baseline in data centers under 78 regulatory bodies in 35 countries and regions at home and abroad,and analyses the differences in information technology supervision at home and abroad.At the same time,a semi-quantitative operational risk assessment model is proposed for the operational risk baseline in the context of massive information assets in large-scale data centers.(3)The comprehensive risk control mechanism of data center is studied,which covers three ways: institutional norms,technical tools and risk acceptance.In terms of system specification,the system model of data center including seven fields is proposed,which covers the requirements of operation and maintenance process management and asset security protection.In terms of technical tools,this paper comprehensively analyses the security threats faced by data centers.Based on the latest research results of the industry security model,a commercial bank data center security technology system is proposed,which realizes the in-depth defense of data center risks from six areas: data,terminal,application,system,network and physics.(4)The long-term mechanism of risk management for sustainable improvement is studied.Based on the quality management principles and ideas of PDCA,a continuous optimization mechanism covering regular improvement mechanism and security audit mechanism is put forward.A framework of data center security audit system is designed,and a construction method of automated security audit management platform is proposed.In order to evaluate the sustainability of risk management system in data center,a sustainable evaluation model is proposed,which covers five indicators: PDCA implementation,safety awareness education for all staff,linkage with first-line production team,effectiveness of risk control and safety audit,and evaluation matrix and synthesis algorithm to quantify the effect of risk management.The high sustainability of the risk management system of commercial bank data center designed in this paper is verified by an example calculation.