Financial Information Security Detection And Assessment Based On Threat Intelligence

The current Internet plus financial structure brings new and convenient patterns of financial management and consumption.Meanwhile,it also makes financial information system the target of various cyber attacks and threat incidents.In order to take precautionary measures,financial institutions have to keep an accurate and in-time grasp of the security situation of their own system,the external network environment,the threats they are facing or may face and so on.All of these requires the ability of system security detection and assessment.Based on the technology of threat intelligence and the characteristics of financial systems,this paper designs a financial information system security evaluation index system based on threat intelligence through the research and interaction of the existing safety standards and safety assessment systems at home and abroad,such as ISO27001,security value,information security classified protection,IPDRR framework and so on.The system evaluates the overall security status of an information system from the 3 dimensions of threat incident management,vulnerability management and intelligence management.With the 3 dimensions taken as first-level indicators,the system is further divided into 12 second-level indicators and 40 third-level indicators.A three-level index system has been established.Based on the three-level index system,this paper then builds a quantitative index model.Firstly,the analytic hierarchy process based on the exponential scale method is used to construct the judgment matrices and to pass the consistency test.Secondly,this paper calculates the single-layer weight of each level indicators in turn,and then works out the comprehensive weight of indicators in each level.Finally,the consistency of the single-layer and comprehensive weights of each indicator in all levels is checked,and the indicators in the same level are sorted by comprehensive weights.The quantization and calculation of the security evaluation system of this financial information system has been completed.At last,based on these research results,this paper puts forward suggestions for improvement of future work,to help optimize the financial information system security detection and assessment techniques.