石油企业IT风险管理体系研究

发布时间：2018-06-07 18:41

本文选题：石油企业 + 信息技术　；参考：《西南石油大学》2016年博士论文

【摘要】：以信息技术为代表的现代科学技术的迅猛发展,深刻地影响和改变着现代石油企业的发展和运行。以“数字油田”为核心的上游企业利用数据自动采集、生产流程自动监控、数据集中共享、远程实时监控等对勘探、采油、加工等环节进行数字平台上的集中管理,中游企业通过业务控制系统、实时通信系统等对石油的存储、运输以及炼化进行全过程的监测和控制,下游企业基于ERP体系对石油产品进行网络化、智能化地统一调度、储运和销售,石油企业信息化程度的不断提高,现代石油企业对信息技术高度依赖。伴随着信息技术与石油业务高度融合,以及云计算、大数据和移动互联等信息技术的不断发展和应用,石油企业的IT风险日益增大。对石油企业来说,研究IT风险管理是一个崭新的课题,对石油企业IT风险管理具有一定的理论和现实意义,可以丰富石油企业IT风险管理理论,促进石油企业IT风险管理水平的提高。鉴于石油企业IT风险管理现状,本文以石油企业的IT风险管理体系为研究对象,借助风险管理理论的研究成果,结合石油企业IT风险与IT风险管理的理论和实践,构建了石油企业IT风险管理体系;通过定性与定量相结合的方法,研究了石油企业IT风险识别、评估、应对和预警,并通过案例研究,证明其适用性和科学性。第一,在文献研究的基础上,归纳界定了石油企业IT风险与IT风险管理体系的概念,即石油企业IT风险是在石油企业内使用、拥有、操作、参与、应用信息科技所造成的业务风险,包括由于使用计算机硬件、软件、网络等系统所引发的各种不利情况,并阐述了其内涵和外延,明确了研究的主体和边界。第二,收集、整理、分析石油企业IT建设、IT风险管理和一些石油企业IT风险事故的信息资料,依据现有的理论和石油企业IT风险管理的实践,对石油企业IT风险进行分类,将石油企业IT风险分为五类:IT风险管理类风险、信息安全风险、IT服务风险、业务连续性风险和IT技术外包风险;总结出了石油企业IT风险的特征和表现形式;明确了石油企业IT风险管理的现状:目前石油企业已具备了 IT风险管理的基本框架,有一定风险防范能力,但石油企业IT风险管理现状仍不容乐观,存在很多缺陷和漏洞,石油企业IT规划建设不完善,IT风险管理隐患大,自主可控方面的IT风险管理现状堪忧等等。通过分析石油企业IT风险典型事件的诱因耦合与演化机制,探讨了典型IT风险事件对石油企业IT风险管理体系构建的启示,要严格流程化、系统化管理,注重IT风险管理事件的识别与评估和IT风险事件的预警。第三,在必要性分析的基础上,结合系统论的观点构建了石油企业IT风险管理体系,体系由主体、层次和流程三个维度构成,包含由内而外、由上至下四个相互关联的子系统:战略目标、战略支撑、风险管理、整合管理。石油企业IT风险管理体系足由战略层的战略目标、职能层的风险控制目标和执行层IT风险的实时监测与预警目标组成的三层结构的目标体系,各层目标又有与之相宜的、有效的方法,这就构成了IT风险管理体系的方法体系。结合管理体系与体制、机制、法制的内涵辨析,分析了体制、机制、法制与四个子系统功能层次之间的对应关系,明确了石油企业IT风险管理体系是基于体制、机制和法制三个维度的综合体系,其中最为重要的方法是面向职能层的IT风险识别、评估和应对,以及同时面对职能层和执行层的IT风险预警。第四,定性地分析了石油企业IT风险识别、评估、应对面临的困境,在风险管理核心子系统的基础上,系统地研究了石油企业IT风险的识别、评估和应对方法,建立了基于风险识别组合方法的石油企业IT风险识别方法和基于云模型的石油企业IT风险评估方法,并针对石油企业不同IT风险类别,提出了石油企业IT风险应对策略。相应的方法、模型和策略通过大庆石化的实际案例进行了应用,通过识别出大庆石化大部分的IT风险,验证了石油企业IT风险识别的组合方法的可行性和有效性,而风险评估得到了与定性评估一致的、量化的大庆石化IT风险期望值,表明了基于云模型的石油企业IT风险评估方法的可行性。第五,引入异常点识别理论和遗传算法优化的神经网络,通过定性与定量相结合的方法,构建面向两个层面的两个预警模型:基于异常点识别理论的石油企业IT风险预警模型和基于GA_BP神经网络的石油企业IT风险态势预警模型,与IT风险预警模型和IT风险态势预警模型两层预警结构相一致,建立了石油企业两个层次的IT风险预警方法。石油企业IT风险预警平台的系统架构分两层,由两个系统构成,一是“IT风险预警系统”,基于IT风险预警模型,用于石油企业对本企业IT基础环境的风险监测和预警,二是“风险态势监测系统”,基于IT风险态势预警模型,用于石油企业IT风险态势监测和预警,二者的数据可以互通互联。以大庆石化为案例,研究证明了 GA_BP的评价结果更好,能够更好地满足IT风险预警的需要。
[Abstract]:The rapid development of modern science and technology, represented by information technology, has deeply influenced and changed the development and operation of modern petroleum enterprises. The upstream enterprises with "Digital Oilfield" as the core use automatic data acquisition, automatic monitoring of production process, data centralized sharing, remote real-time monitoring and so on for exploration, oil production, processing and other links. The centralized management on the digital platform, the middle reaches of the enterprise through the business control system, the real-time communication system to monitor and control the whole process of oil storage, transportation and refining. The downstream enterprises are based on the ERP system to network the petroleum products, intelligent and unified scheduling, storage and transportation, and the continuous improvement of the information degree of the petroleum enterprises. High, modern oil enterprises are highly dependent on information technology. Along with the high integration of information technology and oil business, and the continuous development and application of information technology such as cloud computing, large data and mobile interconnection, the IT risk of oil enterprises is increasing. For petroleum enterprises, the study of IT risk management is a new subject, and the petroleum enterprise IT Risk management has a certain theoretical and practical significance, which can enrich the IT risk management theory of petroleum enterprises and promote the improvement of IT risk management level of petroleum enterprises. In view of the current situation of IT risk management in petroleum enterprises, this paper takes the IT risk management system of petroleum enterprises as the research object, with the help of the research results of the risk management theory, combined with the oil enterprises. IT risk and IT risk management theory and practice, construction of the petroleum enterprise IT risk management system, through the combination of qualitative and quantitative method, the petroleum enterprise IT risk identification, assessment, response and early warning, and through case study, to prove its applicability and scientific. The concept of industry IT risk and IT risk management system, that is, the IT risk of oil enterprises is used, owned, operated, involved, and applied in the oil enterprises, and the business risks caused by the application of information technology, including the various adverse circumstances caused by the use of computer hardware, software, network and other systems, and the connotation and extension of the system are expounded, and the master of the research has been clarified. Second, second, collect, collate, analyze the information of petroleum enterprise IT construction, IT risk management and some oil enterprise IT risk accident information. According to the existing theory and the practice of IT risk management of petroleum enterprise, the IT risk of petroleum enterprise is classified, and the IT risk of petroleum enterprise is divided into five categories: IT risk management risk, information security wind Risk, IT service risk, business continuity risk and IT technology outsourcing risk, summarize the characteristics and forms of IT risk in petroleum enterprises, and make clear the current situation of IT risk management in Petroleum Enterprises: at present, petroleum enterprises have already possessed the basic framework of IT risk management, and have certain risk prevention ability, but the present situation of IT risk management in petroleum enterprises is still not allowed. There are many defects and loopholes, the IT planning and construction of petroleum enterprises are not perfect, the risk management of IT is big, and the status of IT risk management in the independent and controllable aspects is worried, and so on. Through the analysis of the inducement coupling and evolution mechanism of the typical IT risk events of the petroleum enterprises, the paper probes into the construction of the typical IT risk management system of the IT risk management system of the petroleum enterprise. The inspiration, we should strictly process, systematized management, pay attention to the identification and evaluation of IT risk management events and the early warning of IT risk events. Third, on the basis of the analysis of the necessity, the paper constructs the petroleum enterprise IT risk management system based on the viewpoint of the system theory. The system consists of the three dimensions of the main body, the level and the process, including from the inside to the bottom. Four interrelated subsystems: strategic objectives, strategic support, risk management, integrated management. The IT risk management system of oil enterprises is full of strategic objectives, the target of the risk control of the functional level and the target system of the three layers of realtime monitoring and early warning targets of the risk of the executive layer, and the objectives of each level are appropriate. The effective method, which constitutes the method system of the IT risk management system, analyzes the corresponding relationship between the system, mechanism, legal system and the functional levels of the four subsystems by analyzing the connotation of management system and system, mechanism and legal system. It is clear that the IT risk management system of petroleum enterprises is based on the synthesis of the three dimensions of system, mechanism and legal system. The most important method is the IT risk identification, evaluation and response to the functional level, and the IT risk early warning at the same time. Fourth, it qualitatively analyzes the risk identification, evaluation and predicament of the petroleum enterprise IT, and systematically studies the petroleum enterprise IT on the basis of the core subsystem of the risk management. The risk identification, evaluation and coping methods are established, and the IT risk identification method based on risk identification combination method and the IT risk assessment method based on cloud model are established. According to the different IT risk categories of the petroleum enterprises, the corresponding countermeasures are put forward for the IT risk of oil enterprises. The corresponding method, model and strategy are carried out through Daqing petrochemical. The practical case is applied. By identifying most of the IT risk of Daqing petrochemical, the feasibility and effectiveness of the combination method of IT risk identification of oil enterprises is verified, and the risk assessment is consistent with the qualitative assessment, and the quantitative risk expectation value of the Daqing petrochemical IT is clear, and the IT risk assessment party based on the cloud model is clear. The feasibility of the method. Fifth, with the introduction of abnormal point recognition theory and the neural network optimized by genetic algorithm, two early warning models facing two levels are constructed through the combination of qualitative and quantitative methods: IT risk early warning model of oil enterprises based on abnormal point recognition theory and the early warning model of IT risk situation based on GA_BP neural network In accordance with the IT risk early warning model and the two layer early warning structure of IT risk situation early warning model, the two levels of IT risk early warning method for oil enterprises are established. The system architecture of the IT risk early warning platform for petroleum enterprises is divided into two layers, composed of two systems, one is "IT risk early warning system", and based on the IT risk early warning model, it is used in oil enterprises. The risk monitoring and early warning of the enterprise IT basic environment, two is the "risk situation monitoring system", based on the IT risk situation early warning model, used for monitoring and early warning of the risk situation of the petroleum enterprise IT, the data of the two are interconnected. The case of Daqing Petrochemical is a case study. The research proves that the result of the GA_BP evaluation is better and can better meet the IT wind. The need for risk early-warning.
【学位授予单位】：西南石油大学
【学位级别】：博士
【学位授予年份】：2016
【分类号】：F426.22;F270.7;F272.3

【参考文献】