Research On Financial Information Security Index Modeling Based On Threat Intelligence

In the current era of big data,the financial sector organizations are also actively changing.The threat intelligence and network security posture awareness technology are more and more used in this area.At the same time organizations both at home and abroad failed to establish a unified standard for the financial sector model to achieve the assessment of the security status of financial institutions.The paper based on the above situation made the following research:This paper introduces the background of the establishment of related standards in the field of security and describes the development of each standard.The paper discusses the basic connotation of threat intelligence and network security situational awareness technology,explains the background of the two technologies and the definitions and explanations of the two concepts by various authoritative agencies.It simply describes the evolution of the models established by the early experts,describes the unique characteristics and advantages of the two technologies,describes the steps in the process of realization,the capabilities they possess and the improvements compared with the traditional technologies,and expounds the differences between the two technologies in the current big data,the values embodied in the environment.It reflects the pivotal position of the two in the current technological architecture.Efforts have been made to study the relevant authoritative standards,norms and practices currently recognized in the field of security at home and abroad.This paper introduces the development history of ISO / IEC 27001 standard,describes the major differences and advances between each updated version of the predecessor of the standard and the old version and the new version,and then elaborates the standard core idea,the main frame of the standard and the main concerns.This paper introduces the network security assessment tools developed by the Federal Financial Institutions Inspection Committee(FFIEC),elaborates on how the two major modules of inherent risk profile and network security maturity of the code evaluate the security status of the organization,the main content of the two modules and the main steps to produce the assessment results process.It states the background of the key safety management measures(CSC)that guarantee network security.It outlines the five key principles embodied in the code and the areas covered by the control measures it addresses,and clarifies the content of the standard on metrics.It analyzes the NIST competency framework model,describes the main contents of the four components and their interrelationships,and illustrates the process of model risk management.The analysis of all the involved standards,the extraction of common concerns,their inadequacies or inadequacies with financial institutions,and the establishment of a preliminary indicator model based on the study of standards.Based on the relevant standards,norms and practices in the field of information security,this paper designed a hierarchical model with three levels of monitoring,12 dimensions,25 first-level indicators and many second-level indicators based on the characteristics of the financial industry,establishes the time axis structure and the organizational structure,and comprehensively covers the security entry points that should be taken into account in the security posture of the financial sector organizations.It provides relevant methods for determining the weight of each indicator in the model,achieves the purpose of the quantitative security posture.