a国产,中文字幕久久波多野结衣AV,欧美粗大猛烈老熟妇,女人av天堂

基于ISO20071的金融信息安全系統(tǒng)設計與實現(xiàn)

發(fā)布時間:2018-01-27 05:26

  本文關鍵詞: 風險評估 風險管理 IS027001標準 信息安全管理體系 J2EE技術 出處:《電子科技大學》2014年碩士論文 論文類型:學位論文


【摘要】:隨著計算機技術高速發(fā)展,網(wǎng)絡安全也面臨著重大挑戰(zhàn),特別是金融行業(yè)。金融行業(yè)中的網(wǎng)絡安全問題是隨著銀行策略、組織架構、信息系統(tǒng)和操作流程的改變而改變。為了防止和減少風險,需要新的安全管理體系去預防金融網(wǎng)絡安全的方法。全面風險管理作為金融業(yè)乃至信息安全也是新的管理方法,它采用了定性與定量考評方法的風險管理的模式實現(xiàn)銀行內外環(huán)境變化風險評估。本論文以對金融類公司的調研為基礎,結合金融類公司的實際需求進行了系統(tǒng)的需求分析,并可以根據(jù)用戶的具體要求和未來可能需要添加的功能,該系統(tǒng)在體系結構上采用基于三層的B/S模式,數(shù)據(jù)層采用oracle數(shù)據(jù)庫作為數(shù)據(jù)存儲與管理,利用oracle管理系統(tǒng)大容量數(shù)據(jù)與保持數(shù)據(jù)一致性。Oracle強大的安全性與易用性為系統(tǒng)設計與數(shù)據(jù)存儲提供了基礎條件,在加上與J2EE技術的集合,使網(wǎng)頁數(shù)據(jù)更新與后臺數(shù)據(jù)庫更新同步成為可能,有效擴展了金融業(yè)對外提供實時服務的可能性,在結構上采用基于SOA的多層軟件設計和基于Struts和Hibernate的數(shù)據(jù)庫中間件,并定義了統(tǒng)一的數(shù)據(jù)訪問接口實現(xiàn)上層應用訪問底層數(shù)據(jù)庫,同時進行了基于UDDI注冊服務中心的信息系統(tǒng)服務訪問實現(xiàn)。在功能上,系統(tǒng)提供了良好的業(yè)務模塊管理、數(shù)據(jù)庫管理、數(shù)據(jù)容災管理、風險計算管理、項目風險管理、項目信息管理頁面,通過該頁面可以實現(xiàn)信息增加、刪除、修改,數(shù)據(jù)庫容災備份與恢復,自動生成項目風險報表,實現(xiàn)項目信息編集操作等。在論文最后通過IS027001評估用例與測試架構對金融信息安全風險評估測試。本系統(tǒng)主要研究ISO27001風險評估與風險管理相關理論,并結合銀行風險評估與風險管理實際需求完成銀行風險評估與風險指標量化,并重點將網(wǎng)絡資產(chǎn)細化表、威脅明細表、網(wǎng)絡安全威脅的風險系數(shù)矩陣的參考表用于銀行安全風險、信息資產(chǎn)、系統(tǒng)脆弱性、安全預警、安全響應、網(wǎng)絡安全管理、安全時間管理中,從而實現(xiàn)銀行威脅及其脆弱性進行定性、定量的風險分析,對于研究銀行信息安全具有普遍的意義。
[Abstract]:With the rapid development of computer technology, network security is also facing major challenges, especially in the financial industry. The network security problem in the financial industry is with the banking strategy, organizational structure. Changes in information systems and operating procedures. To prevent and mitigate risks. A new security management system is needed to prevent the financial network security. The overall risk management is also a new management method as the financial industry and even information security. It adopts the risk management model of qualitative and quantitative evaluation methods to realize the risk assessment of the change of internal and external environment of banks. This paper is based on the investigation of financial companies. Combined with the actual needs of financial companies, the system needs analysis, and according to the specific requirements of users and possible future needs to add functions, the system in the architecture of the system based on the three-tier B / S model. Data layer uses oracle database as data storage and management. Make use of oracle management system large capacity data and maintain data consistency. Oracle strong security and ease of use for the system design and data storage provides the basic conditions. With the combination of J2EE technology, it is possible to synchronize the update of web page data with the update of background database, which effectively expands the possibility of the financial industry providing real-time services to the outside world. In the structure, multi-tier software design based on SOA and database middleware based on Struts and Hibernate are adopted. The unified data access interface is defined to realize the upper application access to the underlying database. At the same time, the information system service access implementation based on UDDI registration service center is carried out. The system provides good business module management, database management, data disaster recovery management, risk calculation management, project risk management, project information management page, through which information can be added and deleted. Modify, database disaster recovery and backup, automatically generate project risk report. At the end of this paper, we test the financial information security risk assessment by using IS027001 evaluation case and test architecture. This system mainly studies ISO27001 risk assessment and testing. Theory of risk management. And combined with the actual needs of bank risk assessment and risk management to complete the bank risk assessment and risk index quantification, and focus on the network assets detailed table, threat list. The reference table of the risk coefficient matrix of network security threat is used in bank security risk, information assets, system vulnerability, security early warning, security response, network security management, security time management. Therefore, the qualitative and quantitative risk analysis of bank threat and its vulnerability is of universal significance for the study of bank information security.
【學位授予單位】:電子科技大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.08
,

本文編號:1467691

資料下載
論文發(fā)表

本文鏈接:http://www.wukwdryxk.cn/guanlilunwen/ydhl/1467691.html


Copyright(c)文論論文網(wǎng)All Rights Reserved | 網(wǎng)站地圖 |

版權申明:資料由用戶b9a45***提供,本站僅收錄摘要或目錄,作者需要刪除請E-mail郵箱bigeng88@qq.com
福利一区二区三区视频在线观看 | 亚洲国产精品久久人人爱| 香蕉网| 久久无码字幕中文久久无码| 日本亲与子乱人妻hd| 久久久国产乱子伦精品| 日韩免费无码人妻波多野| 欧美激情综合亚洲一二区| 欧美饥渴熟妇高潮喷水水| 国产亚洲情侣一区二区无| 亚洲AV无码成人网站在线观看 | 国产精品久久久久无码AV| 暖暖在线视频日本| 99久久精品无码一区二区M男| 国产成人精品高清在线观看99 | 91精品国产高清一区二区三区| 午夜小视频| 日本午夜| 久久99精品美女网站色夜夜嗨| 亚洲图片一区| 国产精品操| 国产精品国产对白熟妇| 久久aa| 中文字幕一区二区三区| 欧美丰满熟妇XXXX性ppX人交| 亚洲国产精品无码久久久秋霞2| 粉嫩小泬视频无码视频软件| 婷婷五月综合色中文字幕| 亚洲欧美中文字幕在线一区| 蜜桃AV噜噜一区二区三区 | 国产精品自在线拍国产电影| 国产无遮挡又黄又爽免费视频| | 欧美日韩成人| 日本在线一区二区| 隆子县| 国产亚洲精品岁国产微拍精品 | 亚洲中文字幕久久精品无码喷水| 天天爱天天做天天添天天欢| 国产女人乱子对白AV片| 精品亚洲成A人在线观看青青|