Research On The Information System Security Audit Of Commercial Bank

With the extensive application of information technology in various practices of commercial banks,information system has penetrated into various aspects such as strategic management,marketing,operation and so on.It provides a strong support for the operation and development of various business.With the increasing complexity of the operation and management of the commercial bank information system,the information system provides the banks with the driving force to expand the new business,and also brings great risks to the development of itself.Commercial banks can evaluate the integrity and effectiveness of internal control related to the security of information systems through information system audit,and then point out the various problems in the security management and control of information systems,thus helping to achieve the objectives of the security,confidentiality,availability and reliability of the information system.However,the traditional information system audit method can not fully apply to the changing risks of the information system security of commercial banks.Therefore,it is an important problem for commercial banks to build an information system security audit process and method to effectively prevent the security risk of the information system.This paper first analyzes the characteristics and risks of the information system of commercial banks,aiming at providing the necessary risk guidance for information system security audit.The third chapter studies the theory and methods,summarizes the objectives,contents and methods of the information system security audit,and introduce the standards.The fourth chapter,starting with the theoretical basis of COBIT standard,combined with the characteristics of the security risk of commercial bank information system,constructed the target system for the security control of the commercial bank information system,and provided reference for the IT security audit work.Finally,taking the C Bank Data Center information system security audit as the research case,according to the security risk of the Data Center information system,and referring to the COBIT control standard,selected the important,key process and control of the commercial bank to carry out the information system security audit,and put forward the information system based on the COBIT standard.The security audit framework can improve the efficiency and effect of the IT audit work,and can effectively control the risks of all aspects of the commercial bank information system,and help to promote the healthy,stable and safe development of commercial banks.