Thoughts and Suggestions on Strengthening Computer Management in Grassroots Financial Institutions

With the rapid development of China's financial electronic construction, the scope of application of computers in the People's Bank of China has become wider and wider, and its status has become more and more important, from accounting, treasury, issuance, financial statistics, credit registration, foreign exchange management, to wages, pension insurance, etc. Business management is widely used in business. However, computer technology is a "double-edged sword". While bringing huge development to the financial business, it also brings huge risks, such as the insecurity of the computer system itself, man-made attack damage, and security management system. The imperfections, etc., lurk many security risks, which can lead to system paralysis, which in turn affects the business and reputation of the grassroots financial institutions, causing huge economic losses and adverse social impacts. In recent years, our emphasis on computer security work has been raised to an unprecedented level, and the standardization of computer security management has been greatly improved. However, due to the relatively weak scientific and technological strength of grassroots financial institutions, computer management has not completely followed the information system security management regulations. There are many security risks, mainly in:

1. There is a widespread phenomenon of emphasis on application and light safety management. Computer security management is not the focus of daily work. The internal control system is not fully implemented or can not be strictly enforced. It relies heavily on the self-discipline of technicians and business operators. The safety management system lags behind business development, lacks specific advanced safety equipment and safety technology, and lacks intelligent supervision software. The computer security management team is weak.
2. The scientific and technical personnel are seriously inadequate and the management lacks effectiveness. With the widespread use of computer-based systems in various businesses, the tasks of science and technology are becoming more and more important. The scientific and technical personnel have been in the highly stressful daily work for a long time. There are few opportunities to learn new knowledge and new business. When working with computers and exercising scientific and technological management functions, they often lose sight of one another and work cannot be carried out effectively. At the same time, the scientific and technical personnel also serve as computer security officers. The supervisors are the same as the supervised ones. All the work is also clear, and computer security management cannot be discussed.
3. The system construction is not in place and lacks pertinence. Although the basic financial institutions have also developed a computer management system, in order to cope with inspections and plagiarize more, the system formulated by the unit, the department, and the system is often difficult to implement, and the system is out of touch with the management.
4. The system data files are incomplete and the management is not standardized. The management of stored data is not in place. The user licenses of some application systems are not effectively managed, and there is a phenomenon in which personnel are handed over without replacing the operation code and password. At the same time, due to the lack of grassroots personnel, the post setting has conflicts with personnel, and there is no mutual Restricted. Individual important business application systems have the phenomenon of serial and mixed posts, which may present security risks at any time.
5. The equipment is not perfect. Due to various reasons, the computer equipment of the basic financial institutions has lower grades and equipments are aging. Most of the office machines have no backup power supply, and there are cases where the UPS fails to work normally after power failure or power failure, resulting in the loss of files or data.
6, computer virus prevention awareness is poor, measures are not effective. Mainly manifested in: poor prevention, management confusion, and did not establish a complete set of virus prevention measures and systems. Virus detection, diagnosis, and elimination of the heart are not enough, mainly to check the anti-virus software update is not timely, can not keep up with the pace of virus development.

Faced with the rapid development of financial electronicization and the new situation of computer cybercrime, we should fully understand the serious challenges faced and take financial and computer crime prevention as an important security guarantee for grassroots financial institutions to perform their functions and conduct business. On the one hand, we must continue to do a good job in science and technology services and continuously improve service standards. On the other hand, we should comprehensively inspect existing technical facilities and technical means, effectively improve computer security standards, comprehensively prevent risks introduced by science and technology facilities, and build financial computer security. embankment".

1. Raise awareness and change concepts. From management to technical personnel and business personnel, we must highly understand the awareness of computer crimes on the credibility and financial harm of grassroots financial institutions, take computer crime prevention as an important task, and seriously deploy computer security and preventive capabilities. Organize business personnel to change their mindsets, consciously strengthen the learning of computer and network knowledge, continuously improve their own quality, make full use of and play the role of science and technology, strengthen internal management, increase supervision, and ensure the safe and rapid development of financial business.

2. Strengthen the system construction. The grassroots line should establish a sound computer security system and operating procedures, so that there are rules to follow, the operating procedures should be scientific, forward-looking, and operability. It must be carried out in strict accordance with the system and operating procedures, so that there are rules to follow. Each business department formulates relevant business operation specifications, and the existing existing system can be modified according to computer security management requirements. Establish and improve various business application system management and maintenance systems, such as various computer operating procedures, regular inspection systems, and key management systems. And adhere to the principle of strict discipline, strict management, and strict division of labor, so that personnel of important business application systems are not allowed to be on the job or not allowed to be mixed. The terminal operator must exit the login screen when leaving the terminal to prevent other personnel from entering the terminal illegally. The full-time computer security management personnel shall be responsible for the implementation of the computer security policy, responsible for the security maintenance of the entire system, authorization, modification, privilege, password, violation report, alarm record processing, and log review. For computers accessing the international Internet, security management should be strengthened; a comprehensive computer virus protection system should be established, with dynamic protection as the mainstay and static anti-virus as the supplement, and the system should copy, run, rename, establish, and send and receive electronic Before the operation of the mail, it is automatically detected whether the file is infected with the virus, and the virus is automatically eliminated or selected by the user. Regularly implement static anti-virus, anti-virus treatment of computers and a large number of floppy disks.

3. Strengthen personnel management and improve supervision mechanism. Computer crime does not necessarily have high-definition computer expertise, but it can detect and exploit some weaknesses in computers or surveillance systems. Therefore, personnel management is an important part of preventing computer crimes in financial institutions. It is necessary to carry out the necessary review, assessment, education and training for computer operators, establish and continuously improve the management system for key personnel, strive to do a good job in educating employees on political and moral qualities, and educate employees to establish a correct outlook on world outlook. In the management, the division of labor should be clear, strict rules and regulations, and the necessary supervision and control mechanism should be formed. The scientific and technical personnel and computer security personnel should take appropriate measures to conduct regular inspections and implement regular rotation system for computer security personnel, scientific and technical personnel and operators. . At the same time, any use of each computer requires the authorization of a superuser to control who uses the machine and the purpose of the machine.

4. Carry out computer security inspections and strengthen the implementation of the system. Under the leadership of the Computer Security Management Leading Group, strengthen daily computer management and risk control, find loopholes in computer security management, and regularly check the security of computer rooms, computer centers and their various management and business computers on a regular basis. The contents of the inspection include: the status of the computer room security protection facilities, fire prevention, personnel access; computer password and password confidentiality; computer software, programs and other electronic files and financial institution card storage and use. Through regular safety inspections, problems can be discovered in a timely manner, and rectifications can be carried out in time to eliminate potential computer safety hazards.

5. Strengthen departmental coordination and cooperation to prevent computer risks. The security of computer systems involves a wide range of aspects, including operating system security, database security, network security, virus protection, access control, authentication and many other factors. It depends on various departments such as business, technology, security, internal audit, and supervision. Close cooperation, joint efforts, and joint management can be done well. All departments should clarify their respective security responsibilities, strengthen information exchange and security technology exchanges, formulate scientific security strategies, take effective measures and steps, form an overall prevention force, and build a strong banking computer security system.