cool hit counter Financial Information Security Protection - Basic Principles and System Security in Detail_Intefrankly

Financial Information Security Protection - Basic Principles and System Security in Detail


guiding principleand system security requirements, Applicable to the traditional financial industry、 Internet finance industry、 Companies or institutions in the consumer finance industry, etc.。 As part of the standard, Learn and apply, In addition to meeting compliance requirements, Better able to enhance their information security capabilities and levels。

guiding principle

information( data、 command、 information、 Report etc.) guiding principle:

1. Accuracy

Accuracy is how close the information and data are to the truth. Financial information service providers shall ensure that the financial information provided is true and accurate, that the information is presented in a manner that does not give rise to ambiguity, that it reflects the true state of the information, and that there are no false statements or misleading representations.

2. Integrity

Integrity is the property that information can be stored and transmitted without unauthorized modification, destruction, insertion, delay, disorder, or loss. Financial information service providers shall collect, process, handle and provide financial information in such a way as to ensure that the information elements are complete and that there are no material omissions or distortions in the information. 3.

3. Availability

Availability is the nature of an authorized entity to be accessible and available when needed. Financial information service providers shall ensure that networks and information systems providing financial information services are readily available so that legally authorized users can access the financial information they need in a timely manner.

Basic principles of information services (provision of information, data, software and related information technology that may affect financial activities and financial markets to financial industries engaged in analysis, decision-making, trading, clearing, etc., as well as to related institutions and individuals)

1. Timeliness

Timeliness is the property that information is valuable for decision making only for a certain period of time. Financial information service providers should ensure that financial information is available and updated in a timely manner. Priority levels can be assigned for different levels of users.

2. Credibility

Trustworthiness is the combined ability to provide a truly credible service. Financial information service providers shall ensure that the sources of the financial information provided are clear and that the processing of the financial information is audited and confirmed.

3. Compliance

Compliance is the ability to meet and comply with laws, policies, regulations, procedures, and contracts. Financial information service providers should not violate the requirements of intellectual property rights, copyright and other laws and regulations when collecting, processing, handling and providing information.

Basic information security requirements.

1. Non-repudiation

Undeniability is the ability for an activity or event to have occurred and to be undeniable. Financial information service providers shall ensure that the financial information services provided are non-repudiation through technologies such as identity authentication and digital signature, and that information such as the provider, time of provision and recipient of financial information can be traced.

2. Confidentiality

Confidentiality is the property that information is not available or cannot be divulged to unauthorized persons, entities or processes. Financial information service providers should ensure that unauthorized persons cannot use the information through a complete information security system and that the information will not be spread by illegal leakage during use and transmission.

3. Controllability

Controllability is the property of having control over the dissemination of information and its content. Financial information service providers must have control over and control the flow of information, scope of use, etc. for review by the relevant state regulatory authorities. This includes, but is not limited to, information controllability, where the authorized authority can control the confidentiality of information at any time; access controllability, where each user can only access information that he or she is authorized to access; and hierarchical controllability, where the information and resources available in the system should be classified as confidential.

Financial Information

Financial Information Services System Security

1. Infrastructure security

In terms of network security, financial information service providers should follow the Administrative Measures for the Security Protection of the International Network of Computer Information Networks to carry out information system security management in accordance with the relevant national network security regulations and the requirements of the national information security level protection system. This includes, but is not limited to, the following.

a) In terms of computer hardware facilities, financial information service providers should take measures to secure WEB servers, application servers, database servers, etc., establish sound network security facilities and security management programmes, and establish timely and updated anti-virus systems to protect the security of systems and databases.

b) Financial information service providers should have relatively complete information security facilities, such as network firewalls, intrusion detection, virus prevention, data encryption and disaster recovery and other information security hardware and software systems, and have specialized personnel for daily management and maintenance.

a) The location of the server rooms of franchised financial information service providers such as exchanges and central registry and settlement companies should comply with relevant national regulations.

b) Computer systems related to the business of the financial information service provider shall not process operations that are not related to the business of the system. If special circumstances require the undertaking of other operations, they shall be approved by the competent authority.

2. Software security

Financial information service providers should have a complete software security solution in place, including, but not limited to, the following.

a) Perform regular backups of system software, application software and their configurations on the server side and keep appropriate records.

b) Keeping abreast of software vulnerabilities announced in systems and applications, and updating them for correction.

c) Perform audit logs of all system software and application software operations and analyze the logs on a regular basis to identify problems and address them in a timely manner.

3. Network security

Financial information service providers should be aware of cybersecurity protection and have cybersecurity protection capabilities. This includes, but is not limited to, the following.

a) Protection against network attacks such as port scanning, Trojan backdoor attacks, denial of service attacks, buffer overflow attacks, IP fragmentation attacks and network worm attacks.

a) Adopt technical measures such as system access control, data protection and system security and confidentiality monitoring and management, and databases without security and confidentiality measures should not be networked.

(b) Computer information systems that have been networked with international computer networks should establish a strict management system; the networked units should designate a person to check the confidentiality of information on the Internet.

c) Any financial information related to national security shall not be stored, processed or transmitted in computer information systems networked with international networks.

4. Data security

Financial information service providers should have a complete data security solution in place, including, but not limited to, the following.

a) Technical measures for the classified storage, recovery, recall, encryption, etc. of financial information data materials.

b) Detecting whether the integrity of financial information and data has been compromised during their capture, processing, handling, storage, transmission and use, and taking the necessary recovery measures when integrity errors are detected.

c) Provide local data backup and recovery functions, using real-time backup and asynchronous backup or incremental backup and full backup. (a) Backup media should be stored and secured.

d) Have a secure data transfer solution to ensure data security and data transfer security with secure networking, session management and recovery features, etc.

5. Operational safety

The financial information service provider shall develop and carry out daily work based on the operation and maintenance system, which includes the overall security policy, security technology framework, security management policy, server room management system, system maintenance system, security requirement analysis and detailed design plan, etc.

Financial information service providers should have an emergency work plan that provides for matters related to failure recovery.

6. Disaster tolerance and recovery

The financial information service provider shall formulate a complete disaster recovery plan and regulate the mode, frequency, storage media and retention period of disaster recovery backup. This includes, but is not limited to, the following.

a) Develop a disaster-tolerant backup strategy and recovery strategy for data based on the importance of the data, and the backup strategy should specify where the disaster-tolerant backup data should be placed, file naming rules, frequency of media replacement, etc..

(b) The validity of disaster-tolerant backup data is checked regularly and backup data should be kept off-site.

c) Establish procedures to control the disaster-tolerant data backup and recovery process and conduct regular data disaster recovery switchover exercises.

Security of financial information systems


Recommended>>
1、Charging like this is dangerous and can steal all the information in your phone in minutes
2、The future of parking can make a lot of money without charging for parking This big data report says yes
3、Server measures for heavy traffic requests
4、Worlds Smallest Angular Resolution MEMS Solid State Lidar Publicly Demonstrated Sutem Polytron Seizes the High Ground of Autonomous Driving
5、CentOS7 adds nginxpushstreammodule to an already installed Nginx

    已推荐到看一看 和朋友分享想法
    最多200字,当前共 发送

    已发送

    朋友将在看一看看到

    确定
    分享你的想法...
    取消

    分享想法到看一看

    确定
    最多200字,当前共

    发送中

    网络异常,请稍后重试

    微信扫一扫
    关注该公众号