支付系统安全控制研究

现代支付系统最主要特征之一就是充分利用现代化信息技术,实现支付信息的高效传输、处理和存储。随着科学技术的高速发展和信息技术的广泛运用,支付系统面临的运行风险也日益严重。近日美国信用卡个人数据信息泄露事件,为支付系统安全控制敲响了警钟。本文根据国际信息安全管理标准,分析和总结了我国支付系统存在的弱点与威胁,研究了对威胁进行评估的定量方法,并提出了我国支付系统安全控制方案。     

基于区块链技术的互联网信用体系框架构建

互联网环境下,传统信用体系存在信息壁垒严重、信息交易不畅、信息安全堪忧等诸多不足。区块链技术在解决信息共享、信息交易和信息安全等方面的问题上具有优势。基于区块链技术构建互联网信用体系,并作为社会信用体系的重要组成部分,可以较好地解决互联网环境下传统信用体系存在的问题。构建包含政府机构、征信机构、企业和个人用户等运行主体的互联网信用体系框架,分析其运行模式,对比互联网信用体系与传统信用体系的差异,建议强化管理体制,发挥政府主导作用,创新监管制度,健全激励机制等,以促进互联网信用体系的构建。     

论建立我国网络信息安全保险体系

互联网的广泛应用在促进世界交流与发展的同时也给信息资产安全带来隐患,我国网络信息安全保险体系尚未建立。本文首先从信息资产重要性和国外相关实践等方面分析了建立我国网络信息安全保险体系的必要性,对网络信息安全保险风险管理的特点和步骤进行构思,探讨如何在当前的市场环境中从政策、监管、法律、人才培养、技术合作和产品研发创新等角度推进我国网络信息安全保险体系的建立。     

银行资本管理工程化的逻辑框架与实施策略

银行资本管理是基于风险管理、财务管理基础上的战略管理,是衡量与协调风险、收益、规模和成长性的最有效工具之一,在现代银行经营管理中作用日益重要。本文首先总结了资本管理的相关理论,阐述了以经济资本管理为主,账面资本管理和资本充足率管理为辅的现代商业银行资本管理的总体架构。在此基础上提出了以工程化方式,统筹协调、循序渐进,逐步构建现代银行资本管理体系。现代银行资本管理体系建设内容主要包括过程管理、制度体系和信息系统三方面,其中,过程管理是资本管理体系的核心;现代化银行资本管理体系实施途径主要包括组织因素和阶段因素。     

Under threat. Lay thinking about terrorism and the three‐dimensional model of personal involvement: a social psychological analysis

Global ‘standards’ in social security are set by the UN Specialist Agency, the International Labour Organization (ILO). The ILO ‘Standards’ prioritize one model of social security system in particular; namely, contributions‐financed social insurance. Specifically, social insurance systems are designed to mitigate the negative impacts of formal labour market risks. Accordingly, social security systems typically fail to address adequately many informal labour market and nonlabour market risks. The inherently limited focus of social protection provided by many social security systems is recognized to be of major concern for least developed countries (LDCs) in particular for whom western‐centric definitions of life‐cycle risk remain largely inappropriate for the majority. This realization has led the World Bank to experiment with a reconceptualized definition of social protection; Social Risk Management (SRM). Seeking to encourage wider debate across the multidisciplinary field of risk management research, this article outlines critically the tenets underpinning SRM and highlights the policy limitations of this innovative World Bank venture in two key respects. First, by outlining the likely policy implications of World Bank approaches to social protection for global social security standards and practice. Second, by questioning the short‐term contribution that SRM can make to poverty reduction, not least amongst the elderly poor.     

征信信息安全管理的国际经验借鉴

征信信息安全管理是征信业务管理的重心。目前,我国征信信息安全管理面临法律法规有待健全、征信信息供需失衡、征信系统接入机构管理水平有待提高、征信信息跨境流动风险日益显现等问题。借鉴日本和韩国征信信息安全管理的成功经验,为加强我国征信信息安全管理,应进一步完善法律法规,强化监督管理,增加征信产品与服务供给,推动金融科技在征信领域的应用,加强国际交流合作。     

伊斯兰银行的内部风险管理

风险是银行经营管理的核心。伊斯兰银行在业务种类及业务流程上与商业银行存在显著区别,在构建风险管理体系时,也应有别于商业银行。由于各国伊斯兰银行的管理标准及风险数据不统一,再加之风险模型构建复杂,伊斯兰银行风险管理框架还很不成熟。本文对伊斯兰银行内部风险管理存在的问题进行了分析,并对今后努力方向做了进一步展望。     

A framework for selection of strategy for management of security measures

In this paper, we present and discuss a framework for security risk management, focusing on the selection of a management strategy for decision-making on security measures in particular. The framework provides guidance on the selection of a suitable type of management strategy for various types of decision-making contexts. An Information and Communication Technology case study is used to illustrate the practical implications of the framework.     

商业银行保卫信息系统的设计和开发

本文介绍了商业银行省级保卫信息系统的分析和设计,描述了系统需求、保卫信息数据特点、分布数据库设计、系统结构及程序设计要点等。     

Intelligent finance—an emerging direction

Intelligent finance represents a new direction recently emerging from the confluence of several distinct disciplines in financial market analysis, investing and trading, removing any historical or artificial barrier between them. It is conceived as the science, technology and art of the comprehensive, predictive, dynamic and strategic analysis of global financial markets, towards a unification and integration of academic finance and professional finance. As a comprehensive approach, it is a quest for absolute positive and non-trivial returns in investing and trading by exploiting complete information about financial markets from all general perspectives, drawing ideas, theories, models and techniques from many related academic disciplines, such as macroeconomics, microeconomics, academic finance, financial mathematics, econophysics, behavioural finance and computational finance, and from professional schools of thought, such as macrowave investing, trend following, fundamental analysis, technical analysis, mind analysis, active speculation, etc. In terms of risk management, intelligent finance is expected to minimize the very last risk—the incompleteness of an investing or trading method or system. The theoretical framework of intelligent finance consists of four major components: financial information fusion, multilevel stochastic dynamic process models, active portfolio and total risk management, and financial strategic analysis. We first provide the background from which intelligent finance has recently emerged as a new direction in finance research and industry, and then provide a brief theoretical review of the predictability of financial markets since Bachelier. After these background discussions, we clarify the major research directions of intelligent finance.     

征信信息系统风险评估问题探析

阐述开展征信信息系统风险评估的必要性和可行性,通过对人民银行征信信息系统资产的统计、分析系统可能遭受的威胁和系统的脆弱性,提出开展征信信息系统风险评估的主要方法、实施步骤和加固系统的原则,期望通过风险评估能够最大限度保障系统安全,降低系统自身风险。     

A multi-attribute approach to assess homeland security risk

The United States Department of Homeland Security manages a wide spectrum of risks involving crime, terrorism, accidents, and natural disasters. This paper supports disaster management by identifying which attributes should be used to describe risks comprehensively and assessing the need to incorporate such multiattribute information into risk management processes. Attributes for describing homeland security risks were selected through a literature review. These attributes were then used in a risk assessment of homeland security hazards that informed risk ranking sessions conducted with members of the general public. The results taken together support the use of a range of attributes and perspectives. While aspects of life/health and economic damage were considered most important by both experts and the lay public, other attributes were of widespread importance, including attributes related to dread and uncertainty. These results demonstrate how to present risks in a deliberative risk management process and the importance of doing so using a complete set of attributes to describe the risks.     

Post-audits for managing cyber security investments: Bayesian post-audit using Markov Chain Monte Carlo (MCMC) simulation

With increasing security spending in organizations, evaluation of the quality and effectiveness of IT security investments has become an important component in managing these projects. The academic literature, however, is largely silent on post-audit of such investments, which is a formal evaluation of IT resource allocation decisions. IT post-audits are considered a useful risk management tool for organizations and are often emphasized in security certifications and standards. To fill this research gap and contribute to practice, we suggest post-auditing of IT security investments using the generic Markov Chain Monte Carlo (MCMC) simulation approach. This approach does not place stringent conjugate assumptions and can handle high-dimensional Bayesian post-audit inference problems often associated with information security resource allocation decisions. We develop two Bayesian post-audit models using the MCMC method: (1) measuring the effectiveness of an IT security investment using posterior mean score ratios (MSR), and posterior crossover error rates (CER); and (2) measuring the effectiveness through detection of a denial of service (DOS) attack using Bayesian estimation to statistically compare the degree of divergence using the concept of entropy. We demonstrate the utility of the proposed methodology using an email intrusion detection system application.     

我国社保基金运营管理的统计分析与审计监管思考

在对我国社会保障基金的构成与管理,从理论和实践两个层面进行剖析的基础上,以1989-2007年为时间窗口,着重对我国社会保险基金的运营状况进行了统计分析。研究结果显示,我国社保基金覆盖面之广、种类繁多、资金量之大、运营环节多而复杂的现实,为有效监管提出了新的要求,而加强社保资金审计则是社保基金监管效率实现的必然选择。     

社会保障制度改革的国际借鉴及其完善

发达国家社会保障制度模式及改革措施为我国进一步完善现行的社会保障制度提供了借鉴。建立与我国经济发展水平相适应的社会保障体系，开征社会保险税，设立社会保障预算，加快立法建设是改革的必然选择。     

美国金融安全审查的新趋向、影响及应对——以《外国公司问责法》为切入

美国作为金融发达国家,也是金融安全审查十分严厉的国家,其建立了从准入前、准入时到准入后直到市场化退出的全过程安全审查机制。其金融安全审查因《外国公司问责法》经过参众两院通过而进一步强化。通过实证分析美国安全审查实践和制度演变,能够清晰发现其金融安全审查范围不断扩张、审查标准模糊性愈发明显、歧视性针对性愈加增强,且美国将法律作为其金融霸权和政治打压的制度性工具之特质。这一核心观点突出表现在该法的政治化倾向和长臂管辖实质、商业问题及其监管政治化内核等层面。我国金融开放新阶段下,美国金融安全审查的新趋向需要我们依法积极应对。     

An information security control assessment methodology for organizations' financial information

In an era where dependence of information systems is significantly high, the threat of incidents related to information security that could jeopardize financial information held by organizations is serious. Alarming facts within the literature point to inadequacies in information security practices, particularly the evaluation of information security controls in organizations. Research efforts have resulted in various methodologies developed to deal with the information security controls assessment problem. A closer look at these traditional methodologies highlights various weaknesses that prevent an effective information security controls assessment in organizations. This paper develops a methodology that addresses such weaknesses when evaluating information security controls in organizations' financial systems. The methodology uses the fuzzy set theory which allows for a more accurate assessment of imprecise criteria than traditional methodologies. It is argued that using the fuzzy set theory to evaluate information security controls in organizations addresses existing weaknesses identified in the literature and leads to a more precise assessment. This, in turn, results in a more effective selection of information security controls and enhanced information security in organizations. The main contribution of this research is the development of a fuzzy set theory-based assessment methodology that provides for a thorough evaluation of information security controls in organizations. Overall, the methodology presented herein proved to be a feasible technique for evaluating information security controls in organizations' financial systems.     

对资产证券化会计问题的探讨

资产证券化是国际资本市场上创新金融革命的一部分。作为一种创新的融资手段,资产证券化给会计带来了冲击和挑战。到目前为止,我国还没有关于资产证券化信息披露全面、系统的规定。我国应在借鉴国际惯例的基础上,尽量按照我国会计的传统习惯做出相应的规定,以便指导我国资产证券化的会计实践,促进我国资产证券市场的发展。     

论深化税收信息化管理

先进的技术和科学的管理，是现代税收管理的标志，我国目前应当通过创新税收管理理念和管理体制，加快建立全国统一的税收管理信息网络系统，推广应用全国统一的征管软件，完善与税收信息化管理相适应的人才培养机制，才能最终实现在信息化支持下的税收专业化管理。     

基于风险-收益均衡控制的信用风险管理研究

风险—收益均衡是风险和收益同时实现最优的一个状态。风险优化是风险—收益均衡控制的具体过程。我国商业银行正处于财务目标和风险目标约束同时增强的风险管理制度转型阶段,制度转型的方向是改革单向风险管理制度,建立风险—收益均衡控制的信用风险管理制度。本文以《巴塞尔新资本协议》框架下的信用风险计量、经济资本和风险优化理论为指导,探讨在缺乏有效资本管理制度条件下,如何建立基于风险—收益均衡控制的过渡性信用风险管理模式,重点研究了RAROC风险管理思想和风险控制技术,并展开了实证分析。RAROC修正模型与过渡方案具有可行性,并有很强的信贷政策指向意义。