【作者】 温涛；

【导师】 杨清明；

【作者基本信息】 重庆大学 ， 公共管理， 2008， 硕士

【摘要】 人类在信息的海洋中生存和发展,正是通过信息来区别不同事物、认识不同事物和改造世界的。信息安全,尤其是金融行业的信息安全,一直是上至国家领导、下至黎民百姓都十分关注的话题。随着我国信息化的日益推进,国民经济和社会发展对网络和信息系统的依赖越来越紧密,尤其是银行、证券等行业的信息系统已经成为国家重要基础设施,这些信息系统的安全运行直接关系到国家的安全、人民的利益和社会的稳定。然而,我国金融行业信息系统安全问题并不容乐观。当前,虽然我国出台了一些相关政策和管理办法,但据专家分析,由于专职的安全监管机构的缺失,使得信息系统安全工作很难落实。近些年来,国内外发生的一系列事件表明,如果重要信息系统没有一定的安全防范能力,一旦发生重大事故或遭遇突发事件,将会造成无可挽回的经济损失。我国相关部门对信息安全工作十分重视,国务院信息化工作办公室司长王渝次曾指出,灾难恢复是信息安全保障的重要的基础性工作,做好国家重要信息系统灾难恢复工作,提高其抵御灾难和重大事故的能力,对于确保重要信息系统数据安全和业务的连续性,保障社会经济的稳定是非常重要的。2003年颁发的《国家信息化领导小组关于加强信息安全保障工作的意见》,对重要信息系统的安全做出了明确要求。2004年,国务院信息办又组织起草了《重要信息系统灾难恢复指南》,并印发给各基础信息网络和重要信息系统主管部门。然而,金融行业的信息化虽然取得了快速发展,但其背后隐藏着可怕的问题:虽然在实现了数据大集中的银行企业中,有80%的企业都做了系统灾难备份中心的建设,但真正能实现业务连续管理的,估计只有15%左右。最近,银行业系统故障不断。就在2006年,中国建设银行总行转账系统发生通信故障,数小时后系统才恢复正常。此事件殃及在中国建设银行投资证券公司全国70余家营业部开户的200万股民,致使股民们因无法进行转账交易而受到经济损失。而在这之后,银联因通信网络和主机出现故障造成全国多省市无法刷卡长达7小时,究竟造成了多大的损失,尚无可靠数据。而近期发生的网银大盗横行网络的一系列事件,也再一次为网络银行系统的信息安全敲响了警钟。随着银行业务系统顺应趋势的开放和互连,其信息安全范畴已经突破了以业务系统物理隔离和协议隔离为基础的传统银行信息安全。我们必须在一个日趋开放的系统平台上重新审视银行的信息安全问题。金融系统(银行、保险、证券)是国家政策要求实施安全等级保护的11大类关键信息基础设施的重点系统。因此,如何建立一个高效的现代信息安全体系,日益成为突出的问题。更多还原

【Abstract】 People are surviving and developing in the ocean of information, it is through the information that people are distinguishing different things, recognize different things and reconstruct the world. Information security, especially in financial industry, is always the focus theme of both national leaders and common people. As the increasing advance of informationization in our country, the development of national economy and society are more and more depending on network and information system, even the information system of some industries such as bank and securities has become important basic facilities, of which the safe status is directly related to security of our country, people’s interest and stability of the society. However, the information security of the financial industry in our country is cloudy. At present, our country has issued some concerned policies and administration measures, but according to experts’analysis, the lack of professional security supervision organs has resulted in ineffectiveness information system security. In recent years, a series of affairs happened in domestic and overseas indicate that if without certain security precaution ability on important information system, once suffering from big accidents or sudden matters, it will lead to irreparable economic losses. The interrelated departments in our country pay much attention to information security. The chairman of State Department informationization office Wang Yuci has pointed out that disaster restoration is an important base job for information security guarantee. In addition, to do the restoration job well, to improve prevention ability against disaster and sudden affaires have significant sense for the safety of important information system data, the continuity of business and the stability of social economy.“The opinion of national information leadership team on enhancement of information security”, issued in 2003, providing clearly about the security of important information system. In 2004, the State Department information office has again drawn up“manual on disaster restoration of important information system”and dispensed to the superintended departments of basic information network and important information system. However, the rapid development of informationization in financial industry has brought terrible problems behind: among all the banks realized data concentrated, 80% have constructed system disaster duplicate centers, but only about 15% have actualized business continuous administration. Lately, faults are appearing continuously in banks. In 2006, China Construction Bank had correspondence breakdown in investment account system in the chief bank and it recovered after several hours, incurring great losses to 2 million shareholders due to not being able to transferring transaction in about 70 sales departments of China Construction Bank investment securities companies. Subsequently, China UnionPay had great faults in communication network and host computer, people in most provinces could not use credit card up to 7 hours, how huge losses it caused, not having the reliable data till now. And a great deal of network bank theft affairs happened recently knocked the alarm bell for information security of network bank system.With the trend of opening and interconnection of the bank system, the category of information security was wider than that of the traditional bank system which based on the physical isolation of business system and isolation by agreement. We must review again the information safety of the bank by means of a gradually developing system platform. Financial system (bank, insurance, securities) is the critical system among 11 categories of key information foundational facilities which required by the national government to implement grade protection. Therefore, how to set up an efficient modern information security system becomes a highlighted question increasingly.更多还原