Study Of The Optimization Of Financial Information Security Management Policy Of S Bank

With the rapid development of China's economy and information industry in recent years,more and more banks in China adopt centralized operation by which they can put the banking services into one to more data centers for processing.Due to the different attributes data,the requirements for information security also differ,which leads to frequent cases of inefficiency of information security management.This thesis takes the operation center of S-bank as the research object,focuses on setting up effective information management strategies and minimizing the unwise investment in information security management.Based on the analysis of the business scope and procedure of its financial transaction department and the regulatory requirements of information security risk management in China,this thesis studies and proposes a information security risk management framework.Based on the research literature,summarizes the various threats in the field of information security,collects the opinions of the industry extensively through the questionnaire survey,selects the comprehensive and reasonable risk and threat items,and identifies the risk classification through factor analysis,so as to provide the basis for the development of information security risk management.At the same time,this thesis puts forward that information security elements should be used as evaluation indexes and a framework suitable for financial industry information security risk assessment is established.On this basis,according to the requirements of the evaluation framework,this thesis adopts the expert interview method to carry out the risk assessment of the case institution,analyzes the risks and threats faced by the institution through the entropy weight method,gray relation and the TOPSIS method,finds out the existing weak sectors in the current and the weight of the risk classification.This thesis proposes a new information security management strategy including the core layer,the element layer and the operation layer.Practice indicates that the new management policy can improve the organization's information security.