长城证券信息安全风险评估研究

发布时间：2018-04-02 14:24

本文选题：长城证券　切入点：信息安全　出处：《天津大学》2013年硕士论文

【摘要】：证券市场在我国经济发展中具有举足轻重的位置。证券行业的业务主要是信息数据和资金数据的流动。一旦证券行业发生信息安全事故，，不仅会对数以万计的投资者造成影响，而且会传导到其他行业，给国民经济、社会秩序造成混乱。在这种情况下，研究如何做好信息安全管理，提前做好预防工作是必要而且现实的。风险评估是风险管理的基础。信息安全管理就是对风险识别、风险评估、风险控制的过程。信息安全风险评估的研究由来已久，在评估流程、方法、以及相关工具的研究上都取得了很多成果。但同时在理论上和方法上都存在很大的争议，也还有很多进一步研究的地方。本文首先对信息安全风险评估的发展状况进行了研究。并且深入分析了各种评估方法的差异。本文指出了国内证券市场信息安全存在的主要问题，同时本文详细介绍了基于资产、脆弱性、威胁三个风险要素的风险评估原理和评估模型，在对信息资产识别赋值和对脆弱性和威胁进行识别的基础上，计算风险影响和发生可能性，并完成对风险值的计算。本文重点研究了利用风险评估理论实现风险评估在证券行业的应用。本文设计了适合证券公司的风险计算方法来完成对信息安全风险的评估和分级。本文最后对风险评估在长城证券的应用做了整体介绍，并对风险评估在长城证券的应用效果进行了阐述。通过风险评估，长城证券对信息安全风险有了一个全面地认识，风险管理水平得到全面地提升，风险控制能力得到了有效提高。同时此案例也给证券同业提供了一个有益的借鉴。
[Abstract]:The securities market plays an important role in the economic development of our country.The main business of the securities industry is the flow of information data and capital data.Once the information security accident occurs in the securities industry, it will not only affect tens of thousands of investors, but also be transmitted to other industries, causing chaos to the national economy and social order.In this case, it is necessary and realistic to study how to manage the information security and do the prevention work well in advance.Risk assessment is the basis of risk management.Information security management is the process of risk identification, risk assessment and risk control.Information security risk assessment has been studied for a long time, and many achievements have been made in the evaluation process, methods and related tools.But at the same time, there is a lot of controversy in theory and method, and there are many further studies.Firstly, this paper studies the development of information security risk assessment.The differences of various evaluation methods are also analyzed in depth.This paper points out the main problems of information security in domestic securities market, and introduces in detail the risk assessment principle and evaluation model based on three risk elements: assets, vulnerability and threat.Based on the identification of information assets and the identification of vulnerability and threat, the risk impact and possibility are calculated, and the calculation of risk value is completed.This paper focuses on the application of risk assessment theory in securities industry.In this paper, a risk calculation method suitable for securities companies is designed to evaluate and classify the risk of information security.Finally, the paper introduces the application of risk assessment in the Great Wall securities, and expounds the application effect of risk assessment in the Great Wall securities.Through risk assessment, the Great Wall Securities has a comprehensive understanding of information security risks, the level of risk management has been comprehensively improved, and the ability of risk control has been effectively improved.At the same time, this case also provides a useful reference for the securities industry.
【学位授予单位】：天津大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：F832.39

【参考文献】