摘 要

作为国内商行前三甲的c银行信用卡中心,其业务发展离不开信息化支撑,信息化

迅猛扩张必然会带来较多信息安全风险,为了确保业务稳健发展,如何防范信息外泄、

黑客攻击、网络欺诈等信息安全风险,将是C银行信用卡中心风险管理要解决的重要问

题。

本文以C银行信用卡中心为研究对象,分析了 C银行信用卡中心信息安全管理问

题,并有针对性的提出了解决方案。全文共分六章,第一章是绪论部分;第二章是国内

外信息安全理论;第三章是C银行信用卡中心信息安全现状;第四章是C银行信用卡

中心信息安全管理存在的问题;第五章是C银行信用卡中心信息安全管理解决方案。第

六章是本文结论。

本文研究重点有三:一、C银行信用卡中心缺失信息安全领导小组带来的弊端;二、

C银行信用卡中心分中心信息安全无专人负责导致信息安全事件频发的问题;三、C银

行信用卡中心信息安全新风险防范能力较差,给新业务幵展带来的负面影响。

本文特色:一是针对c银行信用卡中心缺失信息安全领导小组导致执行效率不高

的现状问题,提出了设置“信息安全专项管理领导小组”的建议,通过明确“信息安全

专项管理领导小组”审定信息安全风险政策,设定部门信息安全管理范围、协调部门信

息安全资源等职责,进一步提高了 C银行信用卡中心信息安全管理效率。二是针对C

银行信用卡分中心行政部的信息外泄、员工擅自上外网导致银行计算机中毒等信息安全

事件无专人负责的现状,提出了对分中心行政部门实行信息外泄发生率、上外网计算机

中毒发生率等指标考核的建议,解决了分中心行政部门信息安全权责利不对称的问题。

三是针对C银行信用卡中心,缺失对于黑客攻击、支付欺诈等新信息风险提前甄别防范

的能力,提出了由风险管理部与信息技术部,共同设立新技术新业务风险防范研究小组,

通过定期跟踪学习反黑客木马攻击,防网络支付安全漏洞等新银行技术风险防范措施,

提高了 c银行信用卡中心对新信息安全风险提前防控的能力。

关键词:信用卡中心;信息安全;风险管理

I

c银行信用卡中心信息安全管理研究

Research on Information Security Magagement System of C Bank Credit

Card Center

Abstract

As the top three C Bank Credit Card Center, its business development cannot do without

supporting information, information rapid expansion will bring more information security risk,

in order to ensure the steady and healthy development of the business, how to prevent

information leakage, hacker attacks,network fraud information security risk, will be an

important problem of C Bank Credit Card Center risk management to solve.

In this paper. C Bank Credit Card Center as the research object,analysis of the C Bank

Credit Card Center, information security management, and the corresponding solutions are

put forward too. The full text is divided into six chapters, the first chapter is the introduction:

the second chapter is the domestic and foreign information security theory; the third chapter is

the C bank credit card information security center; the fourth chapter is the existence of C

bank credit card center of information security management issues; the fifth chapter is the C

bank credit card information security management center solution. The sixth chapter is the

conclusion of the article.

This research focuses on three problems; A. C Bank Credit Card Center missing

information safety leading group brought: two, C Bank Credit Card Center, center of

information security personnel responsible for causing no information safety incidents; three,

C bank credit card center of new information security risk prevention ability is poor, to carry

out the negative impact for new business.

In this paper, the characteristics and innovations: a C Bank Credit Card Center missing

information safety leading group lead to the implementation status of efficiency is not high,

put forward a set of special infonnation safety leading group recommendations, through the

clear information safety leading group for approval of information security risk policy making

departments, information,safety management and Coordination Department of infonnation

security resources duties, to further improve the C Bank Credit Card Center, efficiency of

information security management. The two is for C bank credit card center administrative

department of infonnation leakage, the staff to network lead poisoning status of bank

computer information security incident nobody responsible, puts forward the central

administrative departments to implement a information leakage rate, the network computer

poisoning occurrence rate of assessment,solves the central administrative department of

information security and benefits asymmetries the problem. The three is for C Bank Credit

-II -