The Designing And Carrying Out Of The Security Evaluate Platform Of Information Technology System In Finance Industry

Together with our country's growing economy, the finance industry has entereda whole new reforming period; nevertheless, the industry is also facing more andmore threats on their information system. Information is an asset that, like otherimportant business assets, is essential to the business of an organization andconsequently needs to be carefully protected. This is especially important in theincreasingly interconnected business environment. As a result, information is nowexposed to a growing number and a wider variety of threats and vulnerabilities.We need a security Evaluation Platform of Information Technology System inFinance Industry to protect the finance system. ISO/IEC 17799 is an extremelycomprehensive and detailed standard. Compliance, therefore, will require both amethodical and measured approach. It will also require commitment, as well asaccess to appropriate tools and products. ISO/IEC 17799 has been accepted by ourgovernment as our national standard: GB/T 19716-2005.This article establishes an information system security evaluation platformbased on ISO/IEC 17799. This platform is made up of two parts: The first part isabout security regulation based on both our country's reality and the ISO/IEC 17799.The second part concerns security evaluation software, which will put part one intopractice. The main researches are as follow: ●The requirement Analysis of Security Regulation7 requirements in security are to be raised, through the analysis of a great dealof information in the security structure of our country, esp. according to the demandof practice. They are: system management, application software management,network management, server management, software developing management,equipment and environment management, safety producing and comprehensivemanagement.●The Realizing of Security RegulationAccording to the ISO/IEC 17799 and the demand of companies in reality, thesecurity regulation is to be raised, including: security regulation, organizationsystem, the sorting and controlling of capital, personnel safety, equipment andenvironment security, operation and communication management, visiting control,system maintenance, persistence and legal evaluation, audit, and so on.●The Requirement Analysis of Security Evaluation SoftwareThis platform is divided into: project management function, analysis andevaluation function, category management function, printing function, optionfunction, and so on. 12 requirements are to be raised: copyright confirmationfunction, starting and welcoming screen, project management function, securityevaluation function, project security evaluation function, analysis of security level,function management, function designing and modifying, installing of new function,printing style and configuration function.●The realizing of Security Evaluation SoftwareA whole system of security evaluation software is to be established according to therequirement analysis, including a complete security regulation, which will meet theneeds of safety evaluation in finance corporations. This software has a completesystem of functions, clear GUI, low demands in equipment, fast speed, which willsurely meet the needs of expected aims, and designing standards. The software hasalready been put into practice, and has achieved good effects.