摘要
2013年,备受全球瞩目的美国棱镜门事件和Struts2漏洞引爆的网站“泄密’’
门,让众多企业和个人意识到了信息安全的重要性。随着科学技术的发展,信
息科技技术进一步融入到了银行业务的各个层面,商业银行对IT和信息安全系
统的依赖程度日益增强。商业银行重要信息安全系统的正常运转与各家银行的
日常生产经营活动密切相关,信息系统的任何一点风吹草动,都有可能对银行
业务产生重要的影响,各家银行已经逐渐意识到信息安全应急管理对银行业务
的重要性。信息安全风险已经成为瞬间导致银行瘫痪的唯一系统性风险,银行
信息系统的应急管理也日益受到银行信息科技部门的重视。
本文通过对信息安全应急管理的理论知识进行综合分析,结合JG商业银行
信息安全应急管理工作的实际情况,综合分析了 JG商业银行信息安全应急管理
现状,针对其存在的主要问题提出了应该建立商业银行信息安全应急管理体系
的概念,从应急管理预瞀机制,应急预案,灾备体系建设,应急管理组织构成,
应急管理的信息披露及后勤保障等几个方面重点论述了商业银行应该如何建立
信息安全应急管理体系,同时结合应急管理的九大过程组就信息安全应急管理
体系如何有效的实施提出了对策建议。希望通过理论联系实际的分析研究,对
JG商业银行信息安全应急管理方面提供有价值的参考。
关键词:商业银行;信息安全;应急管理
ABSTRACT
In 2013, the American prism incident and the divulgation caused by Struts2 ha
ve attracted the global attention, so that many companies and individuals are aware of
the importance of information's security. With the development of the science and tec
hnology, the information technology has entered in all areas of th banking. The comm
ercial bank relies more and more on IT and the information system. To guarantee the
security of the bank's system of main information is so related to the normal daily ope
ration of banking. The very problem of the information system would have a big influ
ence on the banking. So the banks have realized the importance of the emergency ma
nagement of the information security. The risk of information security becomes the on
ly system's danger that could lead to the paralysis of the bank. The bank's informatio
n technology department pays more and more attention to the management of emerge
ncy in the area of the system of information.
This article makes an analysis of the management of emergency for the
information security, combined with JG commercial bank's actual situation in this
area. It tries to provide some concepts that should be established in order to solve the
main problems in the information security. It demonstrates how to build the system of
management for emergency of information security, from the points of emergency
management's warning mechanism, contingency plans, recovery system of disasters,
the organization of emergency management, the disclosure of information and the
logistical support. At the same time, it offers several advices to establish the system of
emergency management, combined with the nine process groups of emergency
management. It hopes, through analysis of theory and practice, to provide a valuable
reference for JG's information security emergency management.
Key words: commercial bank; Information Security; emergency management