Information Security Risk Management Research Of China S Bank

The development and application of information technology have brought a profound influence on the development of China S bank in recent years. At the same time ,the bank is also becoming more and more dependent on information technology, which results in that the security, reliability and validity of information system affect the security and stability of S Bank directly. The risk management of S bank information security is now still in the initial stage and the external security situation that we are facing now is very complex and ever-changing, so how to build an efficient bank information risk management system has become an increasingly outstanding problem.The main research and study contents in this paper are as follows: 1) studyed on the theories of risk mangements,information security mangements;2) studyed on the international regulations, standards and norms of information security(such as the new Basel Accord, the Sarbanes-Oxley Act, ISO27000 series of standards, ISO13335, COBIT, IATF), the methods of PDCA and HTP, as well as the rank of protection systems in China and the relevant regulations of banking information security management issued by China Banking Regulatory Commission;3)researched on the hidden problem of information security risk in S Bank by means of decomposition analysis and vulnerability scanning;4) proposed the new solutions of the information security risk management for S Bank based on the results of risk analysis and the above research results.In this paper, the idea of risk management has been applied into the practices of S bank's information security management. According to the best practices of bank industry,the main framework of the bank S's information security has been established.This paper also puts forword many methods as follows:1)the methods on how to establish the information security policies and how to build the institutional framework of S bank including policies, regulations and standards, guidelines and the details;2)the methods on how to establish the organizational and personal systems with security awareness and how to build the security organizational structure;3)the method on how to establish the operation system of information including the information security management processes and operational targets;4) the method on how to establish the information security technology framework containing the main information security technology.