摘要
威胁情报作为信息安全领域抵御攻击和反映安全态势的有力武器未能在金融领域发挥其应有的作用,目前国内外现有的标准、规范、最佳实践不能很好地适用于金融领域。基于威胁情报建立一个全面的、符合金融机构自身特点的信息安全指标模型迫在眉睫。文中分析了安全领域现有标准的优势与不足,结合金融机构特点,建立了一个覆盖范围广且可以很好使用于金融领域的信息安全指标模型,可以反映出金融机构存在的安全问题及其态势走向。
As a powerful weapon to resist attacks and reflect security situations in the field of information security,threat intelligence can not play its due role in the financial field. At present,the existing standards,norms and best practices home and abroad can not be well applied to the financial field either.To establish a comprehensive information security index model based on the threat intelligence,which is in line with the characteristics of financial institutions,it is imminent. This paper analyzes the advantages and disadvantages of the existing standards in the security field. Combining with the characteristics of the financial institutions,this paper establishes an information security index model with wide coverage which can be used in the financial field,so that the model can reflect the existence of security issues and their trend of the financial institutions.
作者
段越
林蓉
刘翔
薛质
施勇
DUAN Yue;LIN Rong;LIU Xiang;XUE Zhi;SHI Yong(Shanghai Jiaotong University,Shanghai 200240,China;Center of Data,China Bank,Shanghai 201201,China;Shanghai Key Laboratory of Information Security Integrated Management Technology Research,Shanghai 200240,China)
出处
《信息技术》
2018年第6期1-6,共6页
Information Technology
基金
国家自然科学基金重点项目(61332010)
关键词
威胁情报
信息安全标准
金融信息安全
threat intelligence
information security standard
financial information security
