With the development of the Internet, people's demand for online shopping and e-commerce is increasing, which urges the banking industry to vigorously develop online business and provide financial services to the public through Internet channels such as mobile payment and online banking. At the same time, how to ensure the normal operation of these infrastructure assets and the non disclosure of core data, It has become a big problem in the banking industry to avoid unauthorized access by internal personnel and intrusion and attack by external hackers. A bank is a national joint-stock commercial bank approved by the CBRC. With the implementation of cross regional development strategy, continuous expansion of business and continuous development and growth of scale, once a business interruption accident occurs, even in a very short time, it will cause great losses; The large amount of transaction data stored in the database not only involves economic interests, but also contains personal privacy information. Once leaked, it will cause irreparable damage to the bank's reputation. The risks and threats of it information technology are increasing day by day. How to ensure the stable and safe operation of the whole IT system has also become an urgent challenge for decision-makers and management.

Industry demand

In order to ensure the safety of the financial industry, the CBRC has also strengthened the supervision of banks, issued various conditions and guidance documents to guide the information security construction and standardization of banks, so as to take precautions and prevent data security incidents. It focuses on the operation and maintenance operational risk management, which requires the unit to keep records of all operations in the background of the data center. The CBRC found many problems in the risk assessment of the information technology risk supervision and inspection of the commercial bank, mainly as follows:

1. Account sharing and cross Management: since multiple maintenance personnel use one account for operation and maintenance at the same time, in case of misoperation, the specific operator cannot be determined;

2. Authorization management: for high authority accounts, there is no good control method for authority. As long as the network is accessible and has a user name and password, you can log in and operate the background of the data center at any time;

3. Operation behavior control: the operation and maintenance personnel (maintenance agent) are opaque to the background operation of the data center. The person in charge of the information center does not know who did what operation in the background at what time, and there is no good monitoring method;

4. Data leakage: protocols such as RDP and FTP have disk mapping function. If the transmission control of maintenance protocol cannot be well controlled, the core confidential data has the risk of foreign exchange;

5. The source of database access is complex, and it is difficult to determine the real visitors of database operation;

6. The log record information of the database system is incomplete, and the violation events cannot be found in time and accurately;

7. The database operation process is completely in the "dark box", so it is difficult to understand the details.