目 录
第 1 章 导论1
1.1 研究背景和意义1
1.1.1 研究背景2
1.1.2 研究的理论意义2
1.1.3 研究的实际意义3
1.2 信息科技风险管理相关概念和界定 3
1.2.1 信息科技风险相关定义3
1.2.2 商业银行信息科技风险的类别和特点 4
1.3 国内外信息科技风险研究综述5
1.3.1 国外信息科技风险的研究5
1.3.2 国内信息科技的研究和发展 6
1.4 研究内容与方法7
1.4.1 研究的主要内容7
1.4.2 研究的方法7
第 2 章 江西 RC 银行信息科技风险管理现状10
2.1 江西省 RC 银行信息科技风险管理基本情况 10
2.1.1 信息科技发展概况10
2.1.2 信息科技风险管理现状10
2.2 信息科技风险评估与识别13
2.2.1 风险管理识别的依据13
2.2.2 风险管理审计结果15
2.3 信息科技风险管理中存在的问题16
2.3.1 组织风险16
2.3.2 保障风险16
2.3.3 制度风险17
2.3.4 技术和信息安全风险17
2.3.5 业务连续性风险18
2.3.6 人员风险18
2.3.7 外部风险19
第 3 章 信息科技风险管理问题成因分析 21
3.1 信息科技风险管理的影响因素分析 21
3.1.1 商业银行传统管理等不良因素影响 21II
3.1.2 体系制度复杂且缺乏统一和规范的行业标准指导 21
3.1.3 体系实施受制于各种困难因素而难以推进 21
3.2 江西 RC 银行信息科技风险管理中存在的主要问题分析22
3.2.1 信息科技风险管控职能部门职责有待进一步明确落实 22
3.2.2 业务连续性和应急管理仍需不断完善 22
3.2.3 开发与运行维护控制需加强 22
3.2.4 信息安全管控需加强23
3.2.5 安全审计有待加强23
第 4 章 信息科技风险管理对策25
4.1 构建信息科技风险管理基础体系25
4.1.1 夯实基础设施管理水平25
4.1.2 提升信息安全管理能力26
4.1.3 加强业务连续性管理能力27
4.1.4 强化研发体系建设能力29
4.1.5 加强信息科技队伍建设30
4.2 构建信息科技风险管理审计体系30
4.2.1 建立外包管理体系30
4.2.2 加强风险审计水平31
4.2.3 提高风险审计管理意识32
第 5 章 信息科技风险管理保障体系建设 34
5.1 组织体系建设34
5.2 制度体系建设35
5.3 防范体系建设37
第 6 章 结论与展望39
6.1 研究结论39
6.2 展望 40
参考文献41
致 谢43III
Contents
Chapter 1 Introduction ........... 1
1.1 Research background and significanc...... 1
1.1.1 Research background ......... 2
1.1.2 Theoretical significance ..... 2
1.1.3 Practical significance ......... 3
1.2 Concepts and definitions.. 3
1.2.1 Definition of information technology risk . 3
1.2.2 Categories and characteristics of risk......... 4
1.3 Review of information technology at home and abroad.. 5
1.3.1 Study on the risk of information technology abroad.......... 5
1.3.2 Research and development of information technology...... 6
1.4 Research contents and methods ... 7
1.4.1 Main Research Contents .... 7
1.4.2 Research methods .. 8
Chapter 2 Information technology risk management status ......... 10
2.1 Basic situation of information technology risk management .... 10
2.1.1 Development of information technology . 10
2.1.2 Present situation of risk management ...... 10
2.2 Information technology risk assessment and identification....... 13
2.2.1 Recognition of risk management . 13
2.2.2 Risk management audit results .... 15
2.3 Problems in risk management.... 16
2.3.1 Organizational risk........... 16
2.3.2 Security risk ......... 16
2.3.3 Institutional risks.. 17
2.3.4 Technology and information security risk ........... 17
2.3.5 Business continuity risk ... 18
2.3.6 Personnel risk....... 19
2.3.7 External risk ......... 19
Chapter 3 Analysis of information technology risk management. 21
3.1 Influence of information technology risk managemen .. 21
3.1.1 Effect of the traditional management and factors21IV
3.1.2 Lack of standardized industry standards.. 21
3.1.3 Various factors ..... 21
3.2 Analysis of the main problems of risk management...... 22
3.2.1 Strengthen the functions of the departments........ 22
3.2.2 Improve continuity and contingency management .......... 22
3.2.3 Maintenance of development and operation ........ 22
3.2.4 Strengthen information security management ..... 23
3.2.5 Strengthen the security audit........ 23
Chapter 4 Information technology risk management countermeasures.. 25
4.1 Construction of risk management system .......... 25
4.1.1 Solid infrastructure management . 25
4.1.2 Enhance the ability of information security management ........... 26
4.1.3 Strengthen business continuity management ability........ 27
4.1.4 Strengthen the construction of the research system ......... 29
4.1.5 Strengthen the information technology team .... 29
4.2 Construction of risk management audit system . 30
4.2.1 Establishment of outsourcing management system ......... 30
4.2.2 Strengthen the level of risk audit . 31
4.2.3 Enhance the consciousness of risk management.. 32
Chapter 5 Information technology risk management security system..... 34
5.1 Organization system construction.......... 34
5.2 System construction ....... 35
5.3 Prevention system construction . 37
Chapter 6Conclusion and Prospect . 39
6.1research conclusion......... 39
6.2expectation .......... 40
Reference ........ 41
Acknowledgements .... 431
摘 要
随着信息科技的日新月异，促进了商业银行业务的高速发展。银行取得业务
竞争优势必须依赖于信息科技的应用，参与行业竞争的核心是信息化的规模和信
息技术的融合。信息科技在支撑商业银行提升核心价值和业务创新的同时，逐渐
暴露了潜在的信息科技安全隐患。信息科技风险管理的缺失将直接影响商业银行
的业务连续性运行，对银行业务发展的可持续性造成阻碍。银行业信息科技风险
导致的业务中断、风险事件近年频频见诸报端，造成极为恶劣的社会影响，严重
损害商业银行信誉，造成巨大的经济损失。商业银行信息科技风险管理不善是业
内普遍存在的安全隐患，风险管理压力日趋严峻，严重制约了商业银行开展创新
业务、束缚了快速占领市场的步伐，甚至影响了银行赖以生存的根基业务。所以，
调研信息科技风险状况，分析商业银行信息科技风险成因，提出风险应对策略，
构建信息科技风险管理保障体系，保障信息系统连续高效运转，多种措施的有效
实施是保障银行基础业务，提质增效的催化剂

江西 RC 银行作为全省网点最多、业务规模最大、客户资源最广的地方银行机
构，信息科技风险管理决定其业务发展的延续性。风险管理缺失可能引发金融风
险，造成区域范围内的经济震荡，波及民生稳定，银行多年积累的信誉将毁于一
旦。所以，研究银行信息科技风险管理，有重要的现实意义

本文借鉴业内发展历史和运行现状，充分研究了银行业风险管理的概念和论
点，全面概况了信息科技风险的理念、文化、制度和策略。以江西区域经济特点
为基础，分析了金融行业发展态势，深入了解江西 RC 银行信息科技风险管理面临
的契机和机遇，探索了现行信息科技运行模式，提出了解决方案。文章全面概述
了信息科技风险管理的全面特征，充分调研了江西 RC 银行现行的管理实践，分析
组织架构、研发体系、运维模式、科技审计的特征，提出信息安全管理策略、业
务连续性措施、研发体系建设、人力资源保障、基础设施建设方面的风险应对措
施，得出构建信息科技风险管理的组织架构体系建设、防御体系建设和制度体系
建设的构想，从而有效达成江西 RC 银行有效落实风险防范的目标

论文借鉴国际通行信息科技风险标准，以国内监管部门指引文件为指导，通
过审计识别问题，提出应对策略，构建覆盖组织体系、防范体系和制度体系的保
障体系架构。以建设信息科技风险管理体系为最终目标，分析现状，提出有效风
险控制措施，规划了今后风险保障体系架构建设的方案。本文的研究方法、理念
和措施具有普遍适用性。文中所构建体系架构和保障建设是以监管部门的指引条
款、国内外先进银行的管理实践作为依据，能够成为江西 RC 银行提升信息科技管
理水平、完善信息科技风险防范架构、建立业务连续性体系的研究思路和方法

关键词：商业银行；信息科技；风险管理2
Abstract
With the rapid development of information technology, the rapid development of
commercial banking. It is necessary for the bank to gain the competitive advantage in
the application of the information technology, and the core of the competition in the
industry is the integration of the scale of the information technology and the information
technology. Information technology to support commercial banks to enhance the core
values and business innovation at the same time, gradually exposed the potential of
information technology security risks. The lack of risk management of information
technology will directly affect the business continuity of commercial banks, and hinder
the sustainable development of the banking business. Bank information technology risk
caused by interruption of business, the risk of an event in recent years are frequently
reported in the newspapers, resulting in a very bad social influence, serious damage to
the commercial bank39;s credit, resulting in huge economic losses. Information
technology risk management of commercial bank bad is prevalent in the industry
security risks, risk management is becoming more and more serious, seriously
restricting the pace of commercial banks to carry out business innovation and hindered
the rapid occupation of the market, and even affect the basic business bank to survive.
So research information technology risk status. Analysis commercial bank information
technology risk causes, proposed risk response strategy and constructing information
technology risk management guarantee system, guarantee continuous and efficient
operation of the information system, the effective implementation of the various
measures is to safeguard the bank based business, quality and efficiency of the catalyst.
Jiangxi RC bank as the province39;s largest network, the largest business, customer
resources, the most extensive local banking institutions, information technology risk
management determines the continuity of its business development. Lack of risk
management may lead to financial risks, cause regional economic shock, affecting
people39;s livelihood and stable, bank for many years of accumulated reputation will be
destroyed. Therefore, the study of bank information technology risk management, has
important practical significance.
Based on the history and current situation of the industry, this paper studies the
concept and the argument of the risk management in the banking industry, and
comprehensively summarizes the concept, culture, system and strategy of information
technology risk. In Jiangxi regional economic characteristics as the basis, analyzes the3
development trend of financial industry, in-depth understanding of Jiangxi RC bank
information technology risk management is facing opportunities and opportunities,
explore the current mode of information technology and put forward the solution. The
comprehensive overview of the information technology risk management of the overall
characteristics and full investigation of the RC Bank of Jiangxi current management
practice and analysis features of organizational structure, system, research and
development, mode of operation and maintenance, technical audit, information security
management strategy, measures, research and development system building, human
resources and social security, infrastructure construction aspects of business continuity
measures to cope with the risks that to construct the information technology risk
management organization system construction, defense system construction and the
system construction, so as to effectively reach Jiangxi RC bank effective
implementation of risk prevention goals.
With the help of the international standard of information technology risk, to
domestic regulatory guidance documents as a guide, by identifying auditing problem
proposed coping strategies, building covering the organization system and prevention
system and the system39;s security architecture. With the construction of information
technology risk management system as the ultimate goal, analysis of the status quo, put
forward effective risk control measures, planning the construction of the future risk
protection system. The research methods, ideas and measures of this paper have
universal applicability. In this paper the construction of architecture and security
building is to the management practice of regulatory authorities of the terms of the
guidelines, the domestic and foreign advanced banks as the basis, to become Jiangxi RC
bank to enhance the information technology management level, improve the
information technology risk prevention structure, established the research ideas and
methods of business continuity system.
Key words: Commercial bank; information technology; risk management第 1 章 导论第 1 章 导论
1.1 研究背景和意义
信息科技已经成为商业银行发展的重要依赖手段。无论是作为业务发展、行
业竞争的基本手段，或者是满足互联网金融挑战、提高核心竞争力的需求。商业
银行充分应用信息技术手段，拓展了银行业务系统的功能性和普遍性。信息科技
广泛应用于电子银行
。。。。。。以上简介无排版格式，详细内容请下载查看