SUN Wei,WANG Yan,CAO Yu-lei,CHEN Chu-xin

DOI: https://doi.org/10.3969/j.issn.1009-8054.2013.12.021

2013-01-01

Abstract:The establishment of information system R&D risk control training system is a powerful measure to ensure the information security of commercial bank.This paper summarizes the status and problem of R & D risk control training for commercial bank information system,and in combination of relevant regulatory requirements,the goals and principles in the establishment of training system for commercial bank information system are proposed,and the schemes for system construction are expounded from three aspects of course offering,training object and system constitution.Finally, this paper treats of the related guarantee measures such as integration of training teachers and training forms,perfection of check and incentive mechanism,ensuring of resources throw-in and archives management.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

XIE Wei,ZHAO Songzheng,XU Lin

DOI: https://doi.org/10.3969/j.issn.1000-7695.2013.13.012

2013-01-01

Abstract:Information technology risk plays an important part in the financial risks of commercial banks.The paper is based on the events study method,combines with information technology risk testing assessment system from China banking regulatory commission,and builds information technology risk assessment model for commercial banks.Based on this model.The paper takes X bank in Liaoning province as an example,carries on the information technology risk assessment for commercial banks,verifies the validity of the evaluation model,in order to provide powerful decision tools for information technology risk management of commercial banks.

Li Hetian,Liu Yun,He Dequan

DOI: https://doi.org/10.1007/bf02831895

2006-01-01

Wuhan University Journal of Natural Sciences

Abstract:A fuzzy set-based evaluation approach is demonstrated to assess the security risks for Internet-banking System. The Internet-banking system is semi-formally described using Unified Modeling Language (UML) to specify the behavior and state of the system on the base of analyzing the existing qualitative risk assessment methods. And a quantitative method based on fuzzy set is used to measure security risks of the system. A case study was performed on the WEB server of the Internet-banking System using fuzzy-set based assessment algorithm to quantitatively compute the security risk severity. The numeric result also provides a method to decide the most critical component which should arouse the system administrator enough attention to take the appropriate security measure or controls to alleviate the risk severity. The experiments show this method can be used to quantify the security properties for the Internet-banking System in practice.

QIAO Li-xin,YUAN Ai-ling,FENG Ying-jun

DOI: https://doi.org/10.3969/j.issn.1001-148x.2005.24.045

2005-01-01

Abstract:The paper utilizes the game theory to analyze the strategies and actions about attack and defense between commercial banks hackers.It suggests that commercial banks should play a permant game with hackers to reduce their investment for protecting the system security.This strategy can make commercial banks build up a good reputation on network system security,which,in turn,accounts for social network security.

YU Zhi-wei,TANG Ren-zhong

DOI: https://doi.org/10.3785/j.issn.1008-973x.2007.11.026

2007-01-01

Abstract:In order to overcome the shortcomings of the existing information system models,an information system security model was proposed to protect business activities and describe information systems from security view.Through analyzing the characteristic and security of information systems,this work presented the fundamental elements and their operation relationships,and the need,permit,can security constraints between the elements.The security relationships of the fundamental elements were described with formal method.The security model substantially reflects the security relationship between the assets of information systems,explicitly posts the essence that the information system supports the business operation,and clarities the relationship between business activities and the assets of information systems.Finally a case of security model of a manufacturing enterprise information system was given.

Li Bo,Xu Congwei

DOI: https://doi.org/10.1109/ifita.2009.92

2009-01-01

Abstract:With the rapid on-line business development of the commercial banks and the great changes of management circumstances and operating modes which make the traditional risk management confronted with challenges, the e-commerce risk management becomes an important issue of theory and practice. This paper outlines several kinds of e-commerce security risks of commercial banks, and analyzes in detail two kinds of risk analysis methods of the e-commerce security which measure and assess the e-commerce security risk. And then the risk management strategies of e-commerce security of the commercial banks are addressed. In the end, it is pointed out that the study of the risk analysis methods and the management strategies provides an available security framework for Chinese commercial banks to implement the e-commerce and manage the risk.

Zhang Lianhua,Zhang Jie,Bai Yingcai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2006.08.047

2006-01-01

Abstract:Security model need the feature attributes of the protected information system.For example,alert correlation analysis can evaluate whether the alert is false or not by comparing the attack prerequisite with the configuration information of attacked destination information system.A new information system model from the security view is proposed in this paper,which include both the static structure and dynamic activity.The model incorporates the present related information model such as NERD,Netmap etc.and,more inportantly,it provides a bridge between the security theory research and engineering practice.

L(U) Hui-ying,CAO Yuan-da,SHI Cui-xia

2008-01-01

Abstract:Network security analysis must identify vulnerabilities in network and intruder's intention.A novel network risk analysis model is proposed based on simulation attacks.First,the information about target network and intruder is studied and described.By correlating the system's vulnerabilities and attacker's behaviors,attack state graph(ASG) was introduced,and its generating algorithm presented.In ASG the state transfer during the attack process is simulated.Then the ASG is used to find out all the routes of the attacker's pervasion,and then to evaluate the threatened location and risk degree,which provides a useful evidence and guidance for making risk decision.Finally a virtual network environment is given to illustrate the applicability of this risk analysis model,and validate its effectiveness to network security analysis and quantitative assessment.

XiaoLin Cui,Xiaobin Tan,Yong Zhang,Hongsheng Xi

DOI: https://doi.org/10.1109/CSSE.2008.949

2008-01-01

Abstract:Risk assessment is a very important tool to acquire a present and future security status of the network information system. Many risk assessment approaches consider the present system security status, while the future security status, which also has an impact on assessing the system risk, is not taken into consideration. In this paper we propose a novel risk assessment model based on Markov game theory. In this model, all of the possible risk in the future will impact on the present risk assessment. The farther away from now, the smaller impact on the risk assessment it has. After acquiring the system security status, we proposed an automatic generated reinforcement scheme which will provide a great convenience to the system administrator. A software tool is developed to demonstrate the performance of the risk assessment of a network information system and a simulation example shows the effectiveness of the proposed model. © 2008 IEEE.

ZHANG Yong-Zheng,FANG Bin-Xing,CHI Yue,YUN Xiao-Chun

DOI: https://doi.org/10.1360/jos180137

2007-01-01

Journal of Software

Abstract:To assess the security risk of network information systems, this paper proposes a risk propagation model including a risk network and a risk propagation algorithm. A representative example is given to illustrate the application of this model to network risk assessment and validate the correctness of the propagation algorithm. The analysis of the example indicates that the evaluating method using the risk propagation model is superior to the traditional methods in the accuracy of evaluating conclusions and making cost-effective security advices.

ZHANG Qiang,ZHANG Rui-huai

DOI: https://doi.org/10.3969/j.issn.1003-7217.2006.02.004

2006-01-01

Abstract:In recent years,the increase of security market risks and irregular operations of banks has led to the shift and transformation of market risk to bank risk,which has become a main resource of risks of banks beyond the traditional ones.Banks' unreasoning over granting of credit to listed companies and irregular operations in the business with stockjobbers are the main routines causing the shift and transformation.To avoid such kind of shift and transformation,banks are required to enhance their risk management concept,regular their finance performance,establish their early alarm system of risk in their business with stockjobbers.

王兴芬,崔宝灵,李一军

DOI: https://doi.org/10.3969/j.issn.1007-3221.2004.02.011

2004-01-01

Abstract:At first, this paper analyzes the problems for current information system security strategy. Then, after SSE-CMM is explained, a risk-analysis-centric model of information system security engineering is established using system engineering theory. Moreover, an risk analysis method based on global risk information deposit (GRID) is proposed. Meanwhile, the relations of GRID components are explained. At last, the conclusion and further research are given.

ZHANG Cheng-hu,SUN Jing,Jing CHEN

DOI: https://doi.org/10.3969/j.issn.1009-9190.2006.02.003

2006-01-01

Abstract:As a "double-edged sword," financial computerization brings to banks various competitive advantages and benefits and at the same time all IT-related risks--bank technical risks. To avert such risks, commercial banks and regulatory authorities in developed countries have established standards for technical risk identification, rating, management, control and supervision. This paper, drawing on the experience, approaches and achievement of foreign countries in banking technical risk management, attempts to design a China-specific banking technical risk rating system, including a rating model, an index design, an index weight design and a rating approach and addresses the problems that should be considered once the rating system is applied.

Yan Wong,Xiuying Chui,Jin Qing

DOI: https://doi.org/10.53935/jomw.v2023i4.260

2023-10-01

Abstract:By partnering with the business, the operational-risk discipline can create a more secure and profitable institution. Successful banks embrace risks while developing powerful mechanisms to prevent or manage risk and stay ahead. This study is devoted to the problems of improving the banking risk management, taking into account the new regulatory and technological requirements based on the use of modern technology and combining the latest achievements in numerical mathematics, statistics and information technology. Focusing on literature and by conducting a case study on operational risk management on one of largest retail banks, this paper aims on answering how operational risk management can be improved by implicating risk governance and internal control frameworks. It was concluded that although improvements have taken place in how operational risks are being managed, there is still room for improvements. An intersection of risk type and business/functional area of focus, prioritized based on the business environment is critical when fulfilling this life cycle of risk management activities. When too linear, the steps are not agile enough, so the cycle needs to be performed on a micro-level and aggregated for macro-level insights/risk decision-making. The suggested model outlines the understanding of the safe and prudent management of risks under the current prudential framework. It also demonstrates the ability of appropriate operations management techniques to reduce operational risk losses in the banking industry significantly.

Zhang Aimin,Zhu Chunshan,Xu Jian,Wang Jiancheng,Tang Huanwen,Liu Yundao,Wu Chong

2010-01-01

Abstract:Credit risk is the main risk faced by commercial bank during operation, how to manage credit risk is a focus for financial specialists. Therefore effective assessment of credit risk is very important. The risks faced by banks during operation can be regarded as a kind of research of uncertain problems’ study. The essence of multi-sensor data integration is as follows: to have a best decision according to much information from different sensors. A kind of credit risk assessment model based on information integration is developed depending on the idea of multi-sensor information integration. This model includes three algorithms, as follows: BP neural network, SVM and DS evidence theory. This model has not only the classifying capacity of BP neural network and SVM, but also the decision ability of DS evidence theory. The essence of the model has two key steps, first we can obtain elementary decision, then we depend on DS evidence theory has a integration of processed outputs data by BP neural network and SVM. Depending on some data of certain bank, we have a simulation aiming at three models: BP model, SVM model and new developed model. The results show the developed new model can obtain better assessment compared with two models at same conditions.

Yue Chi,Yongzheng Zhang,Xiaochun Yun

2005-01-01

Abstract:With the rapid development of Internet technology, malicious attacks to network or host information systems become diversification and complication. An active security technology-risk assessment is developed to feedback the confidence on information system security, and to eliminate the hidden trouble in time. Therefore, this paper firstly illuminates the basic conceptions in risk assessment, then establishes a general risk assessment model (GRAM) using Petri Net, analyzes each process and the run mechanism of this model, and finally proves that this model is bounded and active. This model has the generality, so contributes to understanding the risk assessment technology on the whole, and further guiding researches for special assessment methods.

Wu Qingxiao,Liu Hailong

2008-01-01

Abstract:Uniform style of risk management can't take care of the risk that modern commercial banks are confronted with. Integrated risk management becomes the trend. This paper cites the research on risk correlation in integrated risk management, integrated technology, and constructs the risk management model of commercial banks. Finally it points out the deficiency of research on the integrated risk management of commercial banks.

Sung -Do Chi,Jong Sou Park,Ki -Chan Jung,Jang -Se Lee

DOI: https://doi.org/10.1007/3-540-47719-5_26

2001-01-01

Abstract:The major objective of this paper is to develop the network security modeling and cyber attack simulation that is able to classify threats, specify attack mechanisms, verify protection mechanisms, and evaluate consequences. To do this, we have employed the advanced modeling and simulation concepts such as System Entity Structure / Model Base framework, DEVS (Discrete Event System Specification) formalism, and experimental frame concept underlying the object-oriented S/W environment. Our approach is to show the difference from others in that (i) it supports a hierarchical and modular modeling environment, (ii) it generates the command-level behavior of cyber attack scenario, (iii) it provides an efficient model building environment based on the experimental frame concept, and (iv) it supports the vulnerability analysis of given node on the network. Simulation test performed on sample network system will illustrate our techniques.

YUAN Liang,HUO Xue-xi,WU Hou-kuan

DOI: https://doi.org/10.3969/j.issn.1009-9107.2005.02.013

2005-01-01

Abstract:VAR model play important roles in the risk management of commercial banks,as a way of risk measurement.Having been applied by financial supervision organization, VAR model can be used in bank interior management and bank evaluation of outstanding achievement,can be a important way to exposure information, can be used to promote the bank image in public and to structure the alarm system of crediting risk of commercial banks.The commercial banks are the main body of financial organizations of China,so its financial risk is mainly exhibited as bank risk. Therefore, on the basis of international experience, it is important to select the degree of confidence and the target interval which is fit for the economic conditions of China, and to apply the VAR model to the risk measurement of commercial banks in order to improve the level of risk management of commercial banks and safeguard the financial cosmos of the country.