Information Risk Asseesment And Application On Financial Corporation

The financial corporation ,as the none-bank financial organization developes very quickly recently for it's business relying on the information systems.The china bank regulation organization has also the information security guide and form to the financial corporation.In order to give it's customers more convenient and trustful finance service and satisify its wardship's demands,so the corporation take actions to assess the information system's security and manage to find the risk and fix it.So based on such background,this thesis researchs such contens as follows:(1)Based on the information system's grading protect request and security area partition principle , study the best financial corporation information system architecture.Study the method of the financial corporation's information system grading calculation.Give the financial corporation information system's grading assessment index serials and assessment method determining the nature.And then applying such method to the huaneng financial corporation's information system grading assessment.(2)Study the risk assessment method of the financial corporation's core infortaion system.Give out the financial corporation's information system risk assessment index.Take the financial corporation's Net Bank system for example,study the application of fuzzy method and AHP method on the financial corporation 's information system risk assessment.Based on such method,this thesis give a security assessment model on such important information system.(3)Study the problem of the financial corporation's host computer system.There is a improvement on the traditional threat tree model.Add one more node to the threat tree and give index to measure the node's happening probability.Give a method based on improvement threat tree.Such method can be better to assess the main computer's vulnerability by fix quantify.(4) Study how to implement the risk assessment by the software tools.Based on UML tools,this thesis takes the UML case modle,activity model,statement model and class model to specificly analyze the tools main fountion models.Design the risk assessment information database and knowledge database and develop a prototype.