Business Information System Security Management Solution On The Branch Of Agricultural Bank Of China Province

This paper is a case study and analysis of security management for business information systems of commercial banks. It applies the theories of management economics to analyze the information system, establish the management procedures, and construct a security management framework. The subject of this study is a provincial branch of the Agricultural Bank of China, one of the four major nation-owned commercial banks in China.The bank has provincial level centralized data management. All businesses are conducted in a uniform way through the information network system. In order to allocate resources properly and efficiently, multiple levels of risk management procedures should be applied to subjects with different risk levels. A practical solution for multiple levels of risk management investment is needed after analyzing the risk factors of the information system security.The author has studied both domestic and foreign security management theories, as well as the current security situation of the banking industry. By applying the methodology of system analysis and following the thread of finding, analyzing and finally solving problems, this paper is organized into four chapters. The first chapter emphasizes on the importance of information system security. It introduces modern security management theories and the BS7799 security management standard. The second chapter analyzes the current situation of the information system of the provincial bank branch in order to find the existing advantages and problems. In the third chapter, based on the problems found and the current situation, the author applies detailed analysis to the risk factors of the system. This chapter describes thestrategy of security management, proposes the idea of multiple levels of security management, defines the security levels, establishes the objectives of security management, and outlines the procedures. A framework of security management for the bank information system is established. As a result of the analysis and discussion in these three chapters, the last chapter proposes practical application procedures and security investment structures. It further improves the security management framework.As a case study, this paper will be a good reference for applying security management in commercial banks.