In this paper we propose a full-lifecycle security assurance framework of information system development suitable for local small and medium-sized banks through studying the SDL of Microsoft and GB 20274 and combining the information system construction practices at Jiangnan Rural Commercial Bank .The framework integrates the software security protection into five phases of information system lifecycle with detail descriptions of the security control measures for each phase , which ensures the safety and reliability of the system development .%通过研究微软安全开发生命周期SDL( Security Development Lifecycle )和《GB 20274信息系统安全保障评估框架》,结合江南农村商业银行信息系统建设的实践,提出适合国内中小银行信息系统开发的全生命周期安全保障框架。该框架将软件安全保障集成到信息系统开发生命周期的五个阶段中,详细阐述每个阶段要进行的安全控制措施,确保系统开发的安全性和可靠性。
展开▼