I 摘要 我国的金融行业已经全面进入互联网时代，互联网金融对传统金融业形成 了革命性的冲击，潜移默化地改变着银行业在金融市场中的地位，据统计，2012 年移动支付占全球支付市场比例已达到 2.2%，并且以年均 40%的速度继续增长； 第三方互联网支付行业增长迅猛，增速一度达到 100%；网上银行的快速发展， 对传统柜台业务替代率超过了 50%。互联网金融的便捷与高效特点，极大地促进 了金融改革体系的前进步伐。然而对比传统金融领域，互联网金融因其同时具 备着金融和互联网双层属性特征，因而决定了其引发的安全风险更广泛，既有 传统金融领域的资金流动风险、利率波动风险、市场经营风险，又有互联网信 息技术层面的技术平台风险、系统安全风险及虚拟金融引发的业务类风险，风 险产生的因素更加复杂，扩散速度更快。 大数据平台在互联网金融行业应用广泛，通过借助于大数据技术的运用， 有助于掌握不同类型客户信用、借贷历史、购买兴趣爱好、性别年龄等数据信 息，根据这些掌握的数据信息进行加工处理，可以更好的服务于网络借贷风控 处理，同时为企业提供更加精准的营销活动支持，为客户提供更加丰富多样的 服务与产品。 大数据作为互联网金融行业最核心宝贵的资产信息，一旦被外部黑客成功 入侵窃取、或者内部员工的非法盗取，将一方面给广大用户造成巨大的个人隐 私信息泄露、金融财产安全受损的潜在风险；另一方面作为大数据平台运营维 护主体--互联网金融企业也必将受到来自国家法律监管部门的强力惩处。 本文通过对大数据在互联网金融行业的运用场景进行分析，并通过与实际 案例相结合分析互联网金融企业面临存在的数据安全层面风险挑战。针对这些 信息安全风险挑战制定实施相关信息安全防护策略，为大数据背景下的互联网 金融企业在信息安全治理建设层面提供相应借鉴思路，不断改进和提升互联网 金融企业信息安全的整体防护水平。 关键词：互联网金融 大数据 安全Abstract II Abstract China's financial industry has fully entered the Internet era, the internet finance has formed a revolutionary impact on the traditional financial industry, imperceptibly changing the position of banking in the financial market , according to statistics, mobile payments accounted for the global payment market ratio has reached 2.2% , and continues to grow at an annual 40% rate; The third-party internet payment industry grew rapidly, and the growth rate reached 100%; The rapid development of the bank, the traditional counter-business replacement rate of more than 50%. The convenience and efficiency of internet finance have greatly promoted the progress of financial reform system. However, compared with the traditional financial field, Internet finance has the characteristics of double-layer property of finance and Internet, so it decides that the security risk is more extensive, which includes the risk of capital flow, the risk of interest rate fluctuation, the risk of market operation in the traditional financial field, the risk of technology platform in Internet information technology, The risk of system security and the business class risk caused by virtual finance are more complicated and spread faster. Big Data platform in the Internet finance industry widely used, through the use of big data technology, help to grasp the different types of customer credit, borrowing history, purchase interests, sex age and other data information, according to the information of these mastered data processing, can better serve the loan wind control processing, At the same time for enterprises to provide more accurate marketing campaign support, to provide customers with more diversified services and products. Big data as the most valuable asset information of Internet financial industry, once the successful invasion and stealing by external hackers, and the illegal theft of internal employees, will give the vast number of users of personal privacy information disclosure, financial property security damage potential risk; On the other hand, as a big data platform operating maintenance body -Internet financial enterprises are bound to be severely punished by the national legal regulatory authorities.Abstract III This paper analyzes the application background of big data in the whole Internet financial industry, and analyzes the challenges of information security risk faced by enterprises through the combination of practical cases. In view of these information security risk challenges, the implementation of relevant information security protection strategy, for the big data background of the Internet financial enterprises in the information security governance construction level to provide the corresponding ideas, and constantly improve and improve the Internet financial Enterprise Information security overall protection level. Key words: Internet Financial Big data security目 录 IV 目 录 摘要 ...............................................I Abstract ............................................ II 第一章 绪论 ..........................................1 第一节 研究背景与研究内容 ......................................1 一、研究背景.......................................................................................................1 二、研究内容.......................................................................................................1 第二节 研究目的与意义 ..........................................2 一、研究目的.......................................................................................................2 二、研究意义.......................................................................................................3 第三节 研究方法与技术路线 ......................................3 一、研究方法.......................................................................................................3 二、技术路线.......................................................................................................4 第二章 数据安全与互联网金融相关理论及文献综述.........6 第一节 互联网金融与大数据概念特征 ..............................6 一、互联网金融概念与特征...............................................................................6 二、大数据概念与特征.......................................................................................6 第二节 信息安全相关理论 ........................................7 一、ISMS 信息安全管理体系.............................................................................7 二、数据安全能力成熟度模型...........................................................................8 第三节 国内外大数据安全法规标准 ...............................10 一、欧盟数据安全法规标准.............................................................................10 二、美国数据安全法规标准.............................................................................11 三、我国数据安全法规标准.............................................................................11 第三章 互联网金融企业信息安全风险分析和防护策略研究..13 第一节 充分运用数据安全能力成熟度模型 .........................13 第二节 互联网金融企业数据安全风险分析 .........................14 一、数据安全风险分析意义.............................................................................14 二、数据安全风险分析方法.............................................................................14目 录 V 第三节 互联网金融企业数据安全防护策略 .........................15 一、积极响应国家监管法律法规政策.............................................................15 二、构建科学合理数据安全组织机构.............................................................15 三、制定规范易执行的安全规范流程.............................................................16 四、运用实用稳定数据安全技术工具.............................................................17 五、加强提升数据安全岗位人员能力.............................................................17 第四章 以 SZXH 互联网金融公司作为案例研究分析.........18 第一节 SZXH 互联网金融公司大数据运用现状分析...................18 一、SZXH 互联网金融公司简介......................................................................18 二、SZXH 公司大数据应用现状分析..............................................................21 第二节 SZXH 互联网金融公司大数据安全风险分析...................22 一、监管政策风险.......................................................................................