Design And Implementation Of Financial Information Security System Based On ISO20071

Network security of the financial industry has faced challenges with the high-speed development of computer technology, network security problem of the financial industry changes with what the changing of bank strategy, organizational structure, information system and operation process of the financial sector. therefore we need a new safety management system to prevent the financial method of network security and reduce the risk.the comprehensive risk management which is a financial and information security is a new management method which has used the qualitative and quantitative evaluation method of risk management model to realize bank internal and external environment risk assessment.We have carryed on the system requirements analysis which based on the research of financial companies and the actual needs of financial companies, and have designed a security system what the system functions can be changed according to customer’s specific requirements and future, and the system have use three layers of B/S system structure mode to achieve loose coupling system, and the system has used the oracle database for the data storage and management in the data layer, used oracle large capacity data management system and maintain data for keeping consistency and designed data storage conditions with oracle’s powerful security and ease of use provides a basis for system.the system also has used a set of plus and J2 EE technology to make possible for the web data updating and background database update synchronization, and provided effectively expands the financial industry to provide the possibility of real-time services.on the function of the system including a good disaster business module, database management, data management, risk management, project risk management, project information management page, we can implement information increase, delete, modify, data capacity of disaster backup and recovery, automatic generation of project risk statements by the web page, and we compiled financial information security risk assessment test by implementation project information by the thesis through IS027001 evaluation cases and the test framework.This system main research ISO27001 risk assessment and related risk management theory, and completed the bank risk assessment and risk index quantification combined with the bank’s risk assessment and risk management needs, and had taken schedule of refining table network assets, threat and the risk of network security threat coefficient matrix of the reference table into bank security risks, information assets, system vulnerability, the safe warning, security response time, network security management, security management, so as to realize the bank threat and vulnerability of qualitative and quantitative risk analysis, it is a general significance for studying bank information security.