| The commercial banks as the core of modern economy think highly of information construction for many years. In the process of information construction, the commercial bank are increasingly concerned how to ensure that information technology projects are rationality, effectiveness and economy, and how to ensure the availability and security of information systems. In such a trend, the information system auditing and risk assessment on the prospects for risk control of information system are an important part of information project government of the commercial bank.This article discussed the development direction and the application condition of information system risk assessment in domestic and foreign countries. The major researches are information system risk assessment theory, technology and appraisal standard, as well as the bank information system risk control and appraisal method, technology. From system security strategy and organizational security, the physical system environment, system personnel management, access control systems, operating systems, software development and maintenance, business continuity and disaster backup, accord with requirements for the eight-depth analysis, it has established the mode of information systems control and risk assessment in China CITIC Bank.China CITIC Bank is the large joint-stock commercial bank, has established branches in more than 20 provinces throughout the country. The variety and complete service, advanced platform support of information systems, information systems security and control assessment in China CITIC Bank have strong representation in the commercial banks of China. This article took the two-plane backup of China CITIC Bank's production system and the example of system monitoring risk assessment as the basis, suggested risk assessment methodologies and the assessment process, main including information systems strategy and risk flow analysis, framework based on risk assessment, techniques and steps used in risk assessment, risk assessment report and risk problems the five major tracking process.The establishment of risk control and assessment model of China CITIC Bank information systems as well as the realization of the risk assessment methodologies and assessment process, evaluates the effectiveness and application of information system internal management, discover weakness and the hidden security danger of internal control, enhance the safety consciousness of information technology persons, strengthen the information system risk control, improve the internal control system,... |
PDF Full Text Request