【作者】 张丰胜；

【导师】 戚桂杰；

【作者基本信息】 山东大学 ， 工商管理， 2011， 硕士

【摘要】 信息科技在银行的广泛应用,使其成为银行稳健运营和提高竞争力的基础和保障。但是信息科技在促进银行业务发展的同时,也使银行业面对巨大的技术风险,旦信息科技方面发生问题,将会直接影响到银行业务的连续性,甚至会影响到银行的安全。因此,商业银行加强银行信息科技风险管理,确保银行信息系统的安全、稳定、持续有效运行,己经直接关系到银行的运营和发展。工商银行认识到信息系统安全对全行运营和发展的重要性,已经开始将信息科技风险管理纳入到全面风险管理之中,并做了一些基础性的工作,但仍然缺乏统一全局的信息科技风险管理体系。基于工商银行信息科技风险管理的现状,本文提出工商银行需要建立一套统一全局的信息科技风险管理体系,提升对信息科技风险的防控能力,从而促进工商银行持续、健康、稳定发展。本文从内容上分为五个章节,第一章概要介绍本文的选题背景、逻辑框架和研究方法以及论文研究的创新之处；第二章主要介绍目前国内外信息科技风险领域相关研究及发展综述,以及当前通用的信息科技风险评估标准与规范；第三章介绍国内银行业信息科技风险管理普遍存在的共性问题,结合工商银行信息化建设过程分析工商银行信息科技风险管理存在的个性化问题,提出解决方案-构建信息科技风险管理体系；第四章阐述信息科技风险管理体系的含义以及建立信息科技风险管理体系的目的和意义,对体系进行架构设计,并逐层阐述设计思想；第五章在体系架构设计的基础上,制定具体的体系实施方案；第六章总结本论文研究的意义、创新点和不足。本文共有两个创新之处。一是借鉴国际上通用的信息科技风险管理标准,结合工商银行信息科技风险管理实践,创新地提出了包含“信息科技管理、信息科技风险管理、信息科技审计”等三个层次的信息科技风险管理三道防线体系的概念,并以此构建统一全局的信息科技风险管理体系架构；二是以架构为指导,结合工商银行的信息科技发展战略、信息化水平和信息科技风险管理现状,制定了较为详细具体的建设实施方案。本文的研究思路和内容,对于工商银行及国内其他商业银行的信息科技风险管理,均具有理论指导和实践参考意义。更多还原

【Abstract】 Through the information technology in banking, the wide application of information technology becomes the foundation and guarantee of bank operations and improving the competitive. While Information technology promoting banking development, it also makes the banking face more technical risks and once it happens, and affects the banking business continuity directly, even affects the safety of the bank. Therefore, the commercial Banks must strengthen the information technology risk management, ensure that the bank information system security, stability, effective operation, and directly related to the operation and development of commercial Banks.Icbc has recognized the importance of the information system security, and begun to bring information technology risk management into comprehensive risk management, although it has made some basic works, but still lacks overall risk management system of information technology. Based on the above, icbc needs to establish a comprehensive risk management system of information technology to improve the ability of prevention and the control of the information technology risk management and promote the realization of core-competitiveness and strategic target.This thesis will be divided into five chapters. The first chapter introduces the background, logical framework, research methods and research innovation of the thesis. The second chapter introduces the description of related research and development of information technology risk management field and the general information technology risk assessment standards and norms. In the third chapter, we investigated the current information technology risk management status of the banking industry and ICBC, and analyzed the common problems of the information technology risk management in the whole banking industry and the individual problems of ICBC, and then we proposed the construction of the information technology risk management system. The fourth chapter explains the connotation of the information technology risk management system, and designs the architecture and elaborates the purposes and meanings of the system architecture step by step. The main content of the fifth chapter is to formulate the specific implementation of system based on the architecture design. The sixth chapter summarizes the results, the significance, innovation and the insufficiency of the paper, and look forward to the future of the ICBC.The innovations of this thesis are mainly focused on two aspects. The first aspect is based on the investigation of the international information technology risk management practical standards and the analysis of the information technology risk exist in the different layers of the ICBC’s overall work, and proposed a comprehensive three-layer information technology risk management architecture which including "IT Manager, IT Risk Manager and IT Audit". The second aspect is that, the detailed construction solution is defined not only based on the ICBC’s development strategy, but also with the guidance of the three-layer architecture. This thesis has important theory guiding and practical referring role for the information technology risk management of ICBC and other banks.更多还原