Research Of Risk Management Strategy About ZS Banking Information Security

At present, Internet technology and information technology has made great development and improvement, the popularization and application of these techniques makes all walks of life has been greatly improved in quality and efficiency, but at the same time bring many information security problems inevitably. In recent years, the banking industry information security risk events happen frequently, research on management, evaluation and control of bank information security has great scientific and social significance.Based on the actual ZS banking information security management, information security risk management by learning the theory, learn from the advanced domestic and international information security management standards, specifications and related systems and the CBRC regulations and practices in the banking information security management, the use of qualitative analysis law from the organization, personnel, operations, technology and external analyzes five ZS banking information security risk management; and the use of law to establish a hierarchy of risk ZS banking information security risk assessment model and to assess its organization, personnel, operations, technology and five sections of the outer size of the risk, the risk was found in the technical, operational, personnel three relatively large; secondly combine the industry’s best practice and information security management theory, set goals and guidelines ZS banking information security risk management, and targeted to start from the technical, operational, personnel of the three weaknesses presented the best overall strategy for its information security management. Finally, combined with the PDCA theory, from four aspects of policy standards system, organization personnel management mode, operation management mode and technical system, establish the security system. Providing theoretical support for ZS bank to improve the ability of information security risk management, ensure the safety of the whole line of information system, to ensure the efficient operation of business operations.Because space is limited, it cannot use the methodology of this paper in the information security risk management practices of a number of commercial banks. The next step will use the methodology of this paper in more commercial banks, so that in practice, constantly improve and enrich it.