System risk management method and apparatus, terminal device, and storage medium
By configuring rules and classifying risk signals for information in the bank's custody business system, the problem of failing to assess the importance of risks in existing technologies has been solved, enabling focused and efficient management of key businesses.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA MERCHANTS BANK
- Filing Date
- 2023-06-20
- Publication Date
- 2026-06-23
AI Technical Summary
Existing systemic risk management methods fail to assess the importance of each risk, resulting in a lack of focus on key business areas. Abnormal risks in non-key business areas may trigger unnecessary warnings, wasting time and resources.
By acquiring information from the bank's custody business system, configuring rules based on pre-set configuration rules, classifying risk signals, generating risk classification signals, and managing business system risks based on these signals, adjusting the risk classification signals of non-key businesses to focus on key businesses.
It enables the assessment of the importance of risks in business systems and allows for sequential processing based on the level of risk classification signals, ensuring timely response to key business operations and reducing resource waste in non-key business operations.
Smart Images

Figure CN116702008B_ABST
Abstract
Description
TECHNICAL FIELD
[0001] The present application relates to the field of risk management, and in particular to a system risk management method and device, a terminal device and a storage medium. BACKGROUND
[0002] In the banking industry, with the continuous development of technology, "intelligentization" gradually replaces "online", which is the mainstream development direction of current system tools. Intelligent system tools bring many conveniences to business personnel, and the coupling degree of business personnel's operation and system tools is also higher and higher. However, this also brings new challenges to banks, such as system risk problems.
[0003] In order to deal with system risk problems, some effective system risk management methods have been formed in the banking industry. However, the common system risk management method has a defect that the importance of each risk is not evaluated, so that the focus of key business is lacking. For example, when non-key business appears abnormal risk, unnecessary early warning will be issued, and the development or business personnel may waste time and energy to deal with these unnecessary early warnings, and delay the processing of abnormal key business. SUMMARY
[0004] The main purpose of the present application is to provide a system risk management method, device, terminal device and storage medium, which aims to solve the problem that the importance of each risk is not evaluated in the current risk management method, so that the focus of key business is lacking.
[0005] To achieve the above purpose, the present application provides a system risk management method, which is applied to a bank custody business system, and the method comprises the following steps:
[0006] Obtaining business system information of the bank custody business system;
[0007] Performing rule configuration on the business system information based on a pre-set configuration rule;
[0008] Performing risk signal classification on the business system information after rule configuration to obtain a risk classification signal;
[0009] Managing business system risk based on the risk classification signal.
[0010] Optionally, the step of obtaining the business system information of the bank custody business system comprises:
[0011] Obtaining the system side information and the user side information, specifically comprising:
[0012] Obtaining early warning signals of the application type system and the data type system;
[0013] collecting data related to user operations and not requiring monitoring in the unified log platform as behavior data;
[0014] performing data processing on the early warning signals of the application type system and the data type system and the behavior data to obtain system side information;
[0015] collecting user data, and arranging the user data to obtain user side information.
[0016] Optionally, the step of obtaining the early warning signals of the application type system and the data type system comprises:
[0017] accessing data requiring monitoring in the unified log platform and the performance monitoring platform to the foreknowledge early warning platform, and monitoring the data requiring monitoring based on pre-set early warning rules through the foreknowledge early warning platform;
[0018] when the data requiring monitoring meets the pre-set early warning rules, obtaining the early warning signals of the application type system issued by the foreknowledge early warning platform;
[0019] performing data quality verification on data in the job scheduling platform;
[0020] when the data in the job scheduling platform has abnormal risks, obtaining the early warning signals of the data type system.
[0021] Optionally, the step of arranging the user data to obtain user side information comprises:
[0022] arranging user data based on operations of systems, functions and users in different time periods to obtain high-frequency operation functions and high-frequency operation time periods, and taking the high-frequency operation functions and the high-frequency operation time periods as user side information.
[0023] Optionally, the step of collecting user data and arranging the user data to obtain user side information comprises:
[0024] associating the early warning signals of the application type system and the data type system with the user data to generate a business code;
[0025] when the early warning signals of the application type system and / or the data type system are obtained next time, the user data is found based on the business code.
[0026] Optionally, the pre-set configuration rules comprise at least one of:
[0027] in a certain time interval, an index in the business system information has a change trend;
[0028] The comparison between the indicators in the business system information and the corresponding indicator thresholds;
[0029] The performance of the system or platform where the business system information is located has continuously declined, and / or the occupancy rate of the system or platform where the business system information is located has increased exponentially.
[0030] The functions to which the business system information belongs have user attention;
[0031] The information from the business system is within a critical time period.
[0032] Optionally, the step of managing the risks of the business system based on the risk classification signal includes:
[0033] Based on the risk classification signal, the risks of the business system are handled by the R&D side;
[0034] The risk classification signal is confirmed by the business side and the R&D side to obtain the confirmation result;
[0035] If the confirmation result indicates that the risk classification signal needs to be corrected, then perform at least one of the following steps:
[0036] The configuration rules are iterated through the business side;
[0037] The early warning rules are iterated through the R&D side;
[0038] The risk classification signal is adjusted through the business side.
[0039] This invention also proposes a system risk management device, the device comprising:
[0040] The information acquisition module acquires the business system information of the bank custody business system;
[0041] The risk signal classification module configures rules for the business system information based on pre-set configuration rules; and classifies the risk signals of the business system information after rule configuration to obtain risk classification signals.
[0042] The rules management module manages the risks of the business system based on the risk classification signals.
[0043] This invention also proposes a terminal device, which includes a memory, a processor, and a system risk management program stored in the memory and executable on the processor. When the system risk management program is executed by the processor, it implements the system risk management method described above.
[0044] This invention also proposes a computer-readable storage medium storing a system risk management program, which, when executed by a processor, implements the system risk management method described above.
[0045] This invention proposes a system risk management method, apparatus, terminal device, and storage medium to acquire business system information of a bank custody business system; configure rules for the business system information based on pre-set configuration rules; classify the business system information after rule configuration using risk signals to obtain risk classification signals; and manage business system risks based on the risk classification signals. This invention classifies the business system information after rule configuration using risk signals to obtain risk classification signals, thereby assessing the importance of the risks associated with the business system information. Furthermore, the information can be processed sequentially according to the level of the risk classification signals. Since the risk classification signals for key businesses are higher than those for non-key businesses, the focus can be more concentrated on key businesses. In addition, this invention manages system risks based on risk classification signals, allowing adjustment of the risk classification signals for non-key businesses, thus enabling a more targeted focus on key businesses. Attached Figure Description
[0046] Figure 1 This is a schematic diagram of the functional modules of the terminal equipment belonging to the risk management device of the present invention;
[0047] Figure 2 This is a flowchart illustrating the first embodiment of the system risk management method of the present invention;
[0048] Figure 3 This is a schematic diagram of the system risk management process in the system risk management method of the present invention.
[0049] The realization of the objective, functional features and advantages of the present invention will be further explained in conjunction with the embodiments and with reference to the accompanying drawings. Detailed Implementation
[0050] It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
[0051] The main solution of this invention is as follows: acquiring business system information of the bank's custody business system; configuring rules for the business system information based on pre-set configuration rules; classifying the business system information after rule configuration using risk signals to obtain risk classification signals; and managing business system risks based on the risk classification signals. This invention classifies the business system information after rule configuration using risk signals to obtain risk classification signals, thereby assessing the importance of the risks associated with the business system information. Furthermore, information can be processed sequentially according to the level of the risk classification signals. Since the risk classification signals for key businesses are higher than those for non-key businesses, the focus can be more concentrated on key businesses. In addition, this invention manages system risks based on risk classification signals, allowing adjustment of the risk classification signals for non-key businesses, thus enabling a more targeted focus on key businesses.
[0052] This invention takes into account that current common system risk management methods do not assess the importance of each risk, thus lacking an awareness of focusing on key business operations. For example, when non-key business operations experience abnormal risks, unnecessary warnings may be issued. R&D or business personnel may waste time and energy dealing with these unnecessary warnings, delaying the handling of key business operations that have experienced abnormalities.
[0053] Therefore, this invention proposes a solution to classify business system information after rule configuration using risk signals, thereby obtaining risk classification signals and assessing the importance of the risks associated with the business system information. Furthermore, information can be processed sequentially based on the risk classification signals; since the risk classification signals for key businesses are higher than those for non-key businesses, the focus can be more concentrated on key businesses. In addition, this invention manages system risks based on risk classification signals, allowing for adjustments to the risk classification signals of non-key businesses, thus enabling a more targeted focus on key businesses.
[0054] Specifically, refer to Figure 1 , Figure 1 This is a functional module diagram of the equipment to which the system risk management device of this invention belongs. The system risk management device can be a data processing device independent of the equipment, which can be carried on the equipment in the form of hardware or software. This device can be a smart mobile terminal with data processing capabilities, such as a mobile phone or tablet computer, or it can be a fixed device or server with data processing capabilities.
[0055] In this embodiment, the risk management device of the system includes at least an output module 110, a processor 120, a memory 130, and a communication module 140.
[0056] The memory 130 stores the operating system and system risk management program; the output module 110 may be a display screen, etc. The communication module 140 may include a WIFI module and a Bluetooth module, etc., and communicates with external devices or servers through the communication module 140.
[0057] When the system risk management program in memory 130 is executed by the processor, it performs the following steps:
[0058] Obtain the business system information of the bank's custody business system;
[0059] Configure rules for the business system information based on pre-set configuration rules;
[0060] The risk signal classification is performed on the business system information after rule configuration to obtain the risk classification signal;
[0061] The business system risks are managed based on the aforementioned risk classification signals.
[0062] Furthermore, when the system risk management program in memory 130 is executed by the processor, it also performs the following steps:
[0063] Obtaining the system-side information and the user-side information specifically includes:
[0064] Obtain the early warning signals from the application system and the data system;
[0065] Collect user-operated data from the unified log platform that does not require monitoring as behavioral data;
[0066] Data processing is performed on the warning signals and behavioral data of the application system and the data system to obtain system-side information;
[0067] Collect user data, organize the user data, and obtain user-side information.
[0068] Furthermore, when the system risk management program in memory 130 is executed by the processor, it also performs the following steps:
[0069] The data that needs to be monitored in the unified logging platform and the performance monitoring platform are connected to the Prophet Early Warning Platform, and the data that needs to be monitored is monitored through the Prophet Early Warning Platform based on the pre-set early warning rules;
[0070] When the data to be monitored meets the pre-set early warning rules, the early warning signal of the application system issued by the early warning platform is obtained;
[0071] Perform data quality verification on the data in the job scheduling platform;
[0072] When there is an abnormal risk in the data of the job scheduling platform, the early warning signal of the data system is obtained.
[0073] Furthermore, when the system risk management program in memory 130 is executed by the processor, it also performs the following steps:
[0074] Based on the system, functions, and user operations in different time periods, user data is organized to obtain high-frequency operation functions and high-frequency operation time periods, which are then used as user-side information.
[0075] Furthermore, when the system risk management program in memory 130 is executed by the processor, it also performs the following steps:
[0076] The warning signals from the application system and the data system are associated with the user data to generate a service code;
[0077] When the warning signal of the application system and / or the data system is obtained again, the user data is retrieved based on the business code.
[0078] Furthermore, when the system risk management program in memory 130 is executed by the processor, it also performs the following steps:
[0079] Within a certain time interval, the indicators in the business system information show a changing trend;
[0080] The comparison between the indicators in the business system information and the corresponding indicator thresholds;
[0081] The performance of the system or platform where the business system information is located has continuously declined, and / or the occupancy rate of the system or platform where the business system information is located has increased exponentially.
[0082] The functions to which the business system information belongs have user attention;
[0083] The information from the business system is within a critical time period.
[0084] Furthermore, when the system risk management program in memory 130 is executed by the processor, it also performs the following steps:
[0085] Based on the risk classification signal, the risks of the business system are handled by the R&D side;
[0086] The risk classification signal is confirmed by the business side and the R&D side to obtain the confirmation result;
[0087] If the confirmation result indicates that the risk classification signal needs to be corrected, then perform at least one of the following steps:
[0088] The configuration rules are iterated through the business side;
[0089] The early warning rules are iterated through the R&D side;
[0090] The risk classification signal is adjusted through the business side.
[0091] This embodiment, through the above-described scheme, specifically obtains the business system information of the bank's custody business system; configures the business system information according to pre-set configuration rules; classifies the business system information after rule configuration using risk signals to obtain risk classification signals; and manages the business system risk based on the risk classification signals. This embodiment of the invention classifies the business system information after rule configuration using risk signals to obtain risk classification signals, thereby assessing the importance of the risk of the business system information. Furthermore, the information can be processed sequentially according to the level of the risk classification signals. Since the risk classification signals for key businesses are higher than those for non-key businesses, the focus can be more concentrated on key businesses. In addition, this embodiment of the invention manages system risk based on risk classification signals, allowing adjustment of the risk classification signals for non-key businesses, thereby enabling a more targeted focus on key businesses.
[0092] Based on, but not limited to, the above-described device architecture, embodiments of the method of the present invention are proposed.
[0093] The executing entity of the method in this embodiment can be a system risk management device. This system risk management device can be a data processing device independent of the equipment, which can be carried on the equipment in the form of hardware or software. The executing entity of the method in this embodiment can also be a bank custody business system. This embodiment uses a bank custody business system as an example to realize business system information acquisition, rule configuration, risk signal classification, and system risk management.
[0094] Reference Figure 2 , Figure 2 This is a flowchart illustrating the first embodiment of the system risk management method of the present invention. The system risk management method includes:
[0095] Step S10: Obtain the business system information of the bank custody business system.
[0096] In order to better explain the devices and architecture used in this solution, a bank custody business system can be introduced, and this implementation method is applied to the bank custody business system.
[0097] The bank custody business system includes the system side, user side, R&D side, and business side.
[0098] The system side refers to the infrastructure and services that support the business systems within the bank's custody business system. The system side includes application systems and data systems.
[0099] Application systems refer to the system platforms within the bank's custody business system that support application systems. These platforms provide functions such as log collection, storage, and querying; performance monitoring and evaluation; and intelligent early warning and anomaly detection. Application systems include a unified log platform, a performance monitoring platform, and a predictive early warning platform.
[0100] Data-related systems refer to platforms within bank custody business systems that handle data processing and management. The core objective of data-related systems is the automated management and processing of data. Data-related systems include job scheduling platforms.
[0101] In addition, the user side refers to the user interface and interaction platform in the bank's custody business system. That is, the front-end interactive interface used by users of the system. This interactive interface can provide users with various functions, information queries, data analysis and other services, and collect user data, user behavior and other information, providing a basis and basis for subsequent user behavior analysis and system optimization.
[0102] The R&D side refers to the technology R&D side of the bank custody business system, including the design and development of all systems, such as requirements analysis, system design, coding development, testing and debugging, rule modification, etc.
[0103] The business side refers to the business operation side of the bank's custody business system, including all business functions and processes that use the system for operation, such as customer management, asset management, transaction settlement, risk signal confirmation and modification, rule modification, etc.
[0104] In addition, the bank's custody business system also includes a risk closed-loop management platform. This platform is used to configure rules for the business system information within the bank's custody business system.
[0105] Step S10: Obtain the business system information of the bank custody business system.
[0106] The business system information of the bank custody business system includes system-side information and user-side information.
[0107] Step S20: Configure rules for the business system information based on pre-set configuration rules.
[0108] In the risk closed-loop management platform, in order to better classify risk signals of business system information, rule configuration is performed on the business system information based on pre-set configuration rules.
[0109] Step S30: Perform risk signal classification on the business system information after rule configuration to obtain risk classification signals.
[0110] Among them, the risk classification signal is a risk identifier given after risk assessment of business system information after rule configuration, based on risk signal classification rules.
[0111] Specifically, as one implementation method, a risk grading signal can include three aspects of information: risk level, risk type, and risk description. Risk levels can be divided into high, medium, and low, corresponding to the urgency of the risk. Risk types are categorized according to different business scenarios and functions, such as transaction risk, credit risk, and market risk. The risk description is a detailed description of the risk so that business and R&D personnel can understand and handle it.
[0112] Among them, the risk signal classification is performed on the business system information after the rule configuration is performed according to the risk signal classification rules.
[0113] Specifically, as one implementation method, the risk signal classification rule can be:
[0114] 1. For each configuration rule that triggers a business system information violation, an assessment and score are performed. For example, in a configuration rule comparing an indicator in the business system information with its corresponding threshold, if the indicator in the business system information is 80% of the corresponding threshold, then the risk score for that business system information is 8 points (out of 10). If the configuration rule triggers a business system information violation because the indicator in the business system information shows a changing trend within a certain time interval, and if the indicator in the business system information increases by 30% compared to the previous month in monthly statistics, then the risk score for that business system information is 3 points (out of 10). After assessing and scoring the configuration rule that triggers the business system information violation, the risk score for that business system information is accumulated. If the risk score of the business system information is between 1 and 20, the risk level of the business system information is determined to be low, and the corresponding risk classification signal is obtained; if the risk score of the business system information is between 21 and 40, the risk level of the business system information is determined to be medium, and the corresponding risk classification signal is obtained; if the risk score of the business system information is between 41 and 50, the risk level of the business system information is determined to be high, and the corresponding risk classification signal is obtained.
[0115] 2. Count the number of rule hits and determine the risk level of the business system information based on the number of rule hits. For example, if the number of rule hits is 1, the risk level of the business system information is determined to be low, and the corresponding risk classification signal is obtained; if the number of rule hits is 2-3, the risk level of the business system information is determined to be medium, and the corresponding risk classification signal is obtained; if the number of rule hits is 4-5, the risk level of the business system information is determined to be high, and the corresponding risk classification signal is obtained.
[0116] It should be noted that the risk signal classification rules are not limited to the two items mentioned above, and risk signal classification rules can also be formulated based on practical experience and actual needs.
[0117] Step S40: Manage the risks of the business system based on the risk classification signal.
[0118] After the business and R&D personnel obtain the risk classification signal, the R&D personnel handle the business system risks corresponding to the risk classification signal.
[0119] Then, to ensure that the risk grading signal more accurately reflects the risks of the business system and meets the needs of the business side, business and R&D personnel confirm the risk grading signal and obtain confirmation results. If the confirmation results indicate that the risk grading signal needs to be corrected, the business and R&D personnel will perform different operations to correct the risk grading signal according to the actual situation.
[0120] This embodiment, through the above-described scheme, specifically obtains the business system information of the bank's custody business system; configures the business system information according to pre-set configuration rules; classifies the business system information after rule configuration using risk signals to obtain risk classification signals; and manages the business system risk based on the risk classification signals. This embodiment of the invention classifies the business system information after rule configuration using risk signals to obtain risk classification signals, thereby assessing the importance of the risk of the business system information. Furthermore, the information can be processed sequentially according to the level of the risk classification signals. Since the risk classification signals for key businesses are higher than those for non-key businesses, the focus can be more concentrated on key businesses. In addition, this embodiment of the invention manages system risk based on risk classification signals, allowing adjustment of the risk classification signals for non-key businesses, thereby enabling a more targeted focus on key businesses.
[0121] Furthermore, this embodiment is based on the above. Figure 2 The embodiment shown refines the above steps S10, S20 and S40.
[0122] Reference Figure 3 , Figure 3This is a schematic diagram of the system risk management process in the system risk management method of the present invention.
[0123] The bank custody business system includes a system side and a user side. The system side includes application systems and data systems, and the application systems include a unified log platform.
[0124] In this embodiment, step S10, obtaining the business system information of the bank custody business system, may include:
[0125] Step S11: Obtain the system-side information and the user-side information.
[0126] Specifically, step S11, obtaining the system-side information and the user-side information, includes:
[0127] Step S111: Obtain the warning signals of the application system and the data system.
[0128] The application systems include a performance monitoring platform and a pre-warning platform, while the data systems include a job scheduling platform.
[0129] Specifically, step S111, obtaining the early warning signals of the application system and the data system, includes:
[0130] Step S1111: Connect the data that needs to be monitored in the unified log platform and the performance monitoring platform to the Prophet Early Warning Platform, and monitor the data that needs to be monitored through the Prophet Early Warning Platform based on the pre-set early warning rules.
[0131] The data that needs to be monitored in the unified logging platform and performance monitoring platform can be selected according to actual needs.
[0132] Specifically, as one implementation method, the data that needs to be monitored can be various data that record the operation of application systems, including system performance indicators, application running information, network traffic statistics, access logs, etc. This data is crucial for maintaining the stability and high availability of application systems.
[0133] The early warning rules can be formulated based on the types of data that need to be monitored. For example, if the monitored data is system performance metrics, the platform will issue an early warning signal when metrics such as CPU, memory, or disk I / O exceed preset thresholds. If the monitored data is application runtime information, the platform will issue an early warning signal when user request response time or the number of program crashes exceeds preset thresholds, or when error logs are generated. It should be noted that the early warning rules are not limited to the examples above and can be set based on practical experience and actual needs.
[0134] Furthermore, to ensure that the risk grading signals more accurately reflect the risks of the business system and meet the needs of the business side, both business and development personnel need to confirm the risk grading signals and obtain confirmation results. If the confirmation results indicate that the risk grading signals need to be corrected, the business and development personnel will perform different operations to correct the risk grading signals based on the actual situation. Among these operations, development personnel can set or adjust the warning rules to correct the warning signals, thereby correcting the risk grading signals.
[0135] Step S1112: When the data to be monitored meets the pre-set early warning rules, obtain the early warning signal of the application system issued by the Prophet Early Warning Platform.
[0136] Specifically, when the data to be monitored conforms to the pre-set early warning rules, the Prophet Early Warning Platform will issue an early warning signal for the application system.
[0137] Specifically, as one implementation method, an early warning signal can include three aspects of information: early warning level, early warning type, and early warning description. The early warning level can be divided into three levels: high, medium, and low, corresponding to the urgency of the warning. The early warning type is categorized according to different business scenarios and functions, such as system performance warnings and application operation warnings. The early warning description is a detailed description of the warning so that business and R&D personnel can understand and handle it.
[0138] Step S1113: Perform data quality verification on the data in the job scheduling platform.
[0139] The job scheduling platform is a tool used to manage and schedule various types of jobs, enabling centralized management, scheduling, monitoring, and early warning of these jobs.
[0140] Data quality verification refers to a comprehensive inspection and quality assessment of the data in the job scheduling platform to ensure the integrity, consistency, accuracy, and timeliness of the data.
[0141] Specifically, as one implementation method, data quality verification includes, but is not limited to, the following aspects:
[0142] 1. Integrity check: Check whether the data in the job scheduling platform is missing or has duplicate records.
[0143] 2. Consistency check: Check the keywords of the data in the job scheduling platform, such as customer name and contact information, to see if they are consistent.
[0144] 3. Accuracy check: Check the keywords of the data in the job scheduling platform to ensure the accuracy of the data.
[0145] 4. Timeliness check: Check the update time field of the data in the job scheduling platform to ensure the timeliness and timeliness of the data.
[0146] Step S1114: When there is an abnormal risk in the data of the job scheduling platform, obtain the early warning signal of the data system.
[0147] When performing data quality verification on the job scheduling platform, if the data quality verification detects any abnormal risks in the data of the job scheduling platform, the bank custody business system will issue a warning signal for the data system.
[0148] Step S112: Collect user operation data from the unified log platform that does not require monitoring as behavioral data.
[0149] The data in the unified log platform that involves user operations but does not require monitoring can be selected based on actual needs. Specifically, as one implementation method, data involving user operations that does not require monitoring can include user behavior path data, user preference data, user activity data, etc.
[0150] Step S113: Process the warning signals and behavioral data of the application system and the data system to obtain system-side information.
[0151] In one implementation method, the warning signals and behavioral data of the application system and the data system can be cleaned and then aggregated to obtain system-side information.
[0152] Data cleaning refers to the processing, cleaning, filtering, and transformation of early warning signals and behavioral data from application systems and data systems to remove noise, errors, and redundant information from the data and ensure its accuracy.
[0153] Data aggregation refers to summarizing and statistically analyzing data from multiple data sources to obtain information from the system side. Data aggregation can classify data and generate summary information to uncover valuable information hidden within the data.
[0154] Step S114: Collect user data, organize the user data, and obtain user-side information.
[0155] After collecting user data, the user data is organized based on the system, functions, and user operations at different times to obtain user-side information.
[0156] Specifically, as one implementation method, processing the user data to obtain user-side information may include:
[0157] Based on the system, functions, and user operations in different time periods, user data is organized to obtain high-frequency operation functions and high-frequency operation time periods, which are then used as user-side information.
[0158] Within specific time periods, users perform operations on the system more frequently. Therefore, based on the system and user operations in different time periods, user data is organized to identify high-frequency operation time periods. Within specific time periods, users use certain specific functions more frequently. Therefore, based on these functions and user operations in different time periods, user data is organized to identify high-frequency operation functions.
[0159] Then, the high-frequency operation functions and high-frequency operation time periods are used as user-side information.
[0160] As one implementation method, after collecting user data and organizing the user data to obtain user-side information in step S114, the following may be included:
[0161] First, the warning signals from the application system and the data system are associated with the user data to generate a business code.
[0162] Then, when the warning signal of the application system and / or the data system is obtained again, the user data is retrieved based on the business code.
[0163] The business code can be a string consisting of letters and numbers.
[0164] In this process, after receiving an alert signal, business-side personnel need to retrieve the corresponding user data. They must then inform the development team, who will use logs or code to find the relevant user data. The development team will then send this data back to the business-side personnel. The development team can then associate the alert signal with the user data and generate a unique business code. This code allows the business-side personnel to quickly locate the corresponding user data the next time they receive the alert signal, eliminating the need for further communication with the development team. This significantly improves the efficiency of user data retrieval.
[0165] Specifically, as one implementation method, the following example can be given: When a user conducts a transaction, an abnormal data is generated. This abnormal data matches a pre-set warning rule, so the warning platform issues a warning signal. The development team generates a unique business code based on this warning signal using a hash function. Then, the development team stores the warning signal and the business code in a unified log platform, and records the user data and business code corresponding to the warning signal in a database. The next time the same warning signal is obtained, the business team can query the business code corresponding to the warning signal through the unified log platform's interface. Then, based on the retrieved business code, the business team can query the user data associated with the warning signal in the database. It should be noted that the method of generating the business code in this embodiment is not limited to generating it through a hash function; other methods that can generate unique strings can also be used to generate the business code. Furthermore, in this embodiment, the warning signal and business code are not limited to being stored in the unified log platform, and the user data and business code corresponding to the warning signal are not limited to being stored in the database; other data structures can also be used to associate the warning signal and the user data corresponding to the warning signal.
[0166] In this embodiment, step S20 above configures the business system information according to pre-set configuration rules, wherein the pre-set configuration rules include at least one of the following:
[0167] (1) Within a certain time interval, the indicators in the business system information show a changing trend;
[0168] For example, consider a week as a time period and analyze the changing trend of the number of warning signals in the business system information within that time interval. Or, analyze the changing trend of the level of a specific warning signal in the business system information within that time interval.
[0169] Among them, the changing trend of the early warning signals in the business system information is the feedback from business-side personnel and R&D-side personnel to manage business system risks based on risk classification signals.
[0170] (2) Comparison of the indicators in the business system information with the corresponding indicator thresholds;
[0171] Specifically, rules are used to restrict the information of a business system based on the indicator thresholds of the system, platform, or business in which the information resides. For example, in a unified log platform, a database capacity indicator threshold of 500TB is set. When the current database capacity in the unified log platform is 0%-20% of the unified log platform's database capacity indicator threshold, the information of the business system can be determined to be low-risk; when the current database capacity in the unified log platform is 21%-40% of the unified log platform's database capacity indicator threshold, the information of the business system can be determined to be medium-risk; and when the current database capacity in the unified log platform is 41%-100% of the unified log platform's database capacity indicator threshold, the information of the business system can be determined to be high-risk.
[0172] Specifically, threshold values for metrics can be set based on the CPU and memory usage of the system, platform, or business container where the business system information resides. These threshold values can be set according to system resources, business characteristics, or empirical values.
[0173] It should be noted that the final risk signal classification will be determined in conjunction with the risk signal classification rules.
[0174] (3) The performance of the system or platform where the business system information is located has continuously declined, and / or the occupancy rate of the system or platform where the business system information is located has increased exponentially.
[0175] The performance of a system or platform includes response time, throughput, and concurrency. If the performance of a system or platform shows a continuous downward trend, it indicates that the system or platform may have problems such as performance bottlenecks, excessive load, or insufficient resources. Therefore, the information of this business system has a high level of risk.
[0176] The utilization rate of a system or platform includes the utilization rate of resources such as CPU, memory, and disk space. If the utilization rate of a system or platform increases exponentially, it indicates that the system or platform is at risk of insufficient resources, and therefore the business system information has a high level of risk.
[0177] It should be noted that the final risk signal classification will be determined in conjunction with the risk signal classification rules.
[0178] (4) The functions to which the business system information belongs have user attention;
[0179] The higher the user attention, the higher the risk level of the business system information.
[0180] User attention can be determined by the experience of business personnel, or by a combination of factors such as the importance of the function and the frequency of its use.
[0181] (5) The information in the business system is in a critical time period.
[0182] Business system information typically includes time tags, allowing the identification of the time period within which the information is presented. This time period is a crucial element for risk identification.
[0183] Key time periods include peak user activity periods and important business periods. During peak user activity periods, user volume and access frequency increase significantly compared to other times. These peak user activity periods are determined by a combination of factors, including natural time, seasonality, events, and industry-specific factors.
[0184] Furthermore, due to the time-sensitive nature of business operations, the business system needs to provide users with rapid service and process applications in a timely manner, thus creating critical business time periods. These critical time periods are determined by a combination of factors, including the business type, business process, and customer type.
[0185] During peak periods, the load on business systems is greater, therefore information from business systems operating during peak periods is more likely to be at risk than information from business systems operating during non-peak periods.
[0186] In this embodiment, step S40 above, which manages the risks of the business system based on the risk classification signal, may include:
[0187] Step S41: Based on the risk classification signal, the risk of the business system is processed by the R&D side.
[0188] Among them, the risk level in the risk classification signal is used to determine the risk handling priority. The higher the risk level, the higher the risk handling priority.
[0189] Then, the R&D team handles the risks in the business system according to the risk handling priority.
[0190] Step S42: The risk classification signal is confirmed by the business side and the R&D side to obtain the confirmation result.
[0191] After receiving the risk grading signal, both business and R&D personnel confirm it. They need to verify whether the signal accurately reflects the actual risk situation, such as whether the set risk levels are reasonable. Then, the business side needs to confirm whether the current risk grading signal is necessary, or whether a new signal needs to be added to adapt to new business conditions, and finally obtain the confirmation result.
[0192] In one implementation method, business and R&D personnel confirm the risk classification signal. After obtaining the confirmation result, they can generate a dedicated monitoring report and various reports such as daily, weekly, and monthly reports displayed on the monitoring screen. The reports will also include system risk management suggestions and closed-loop management such as follow-up and regular analysis of system risks.
[0193] Step S43: If the confirmation result indicates that the risk classification signal needs to be corrected, then perform at least one of the following steps:
[0194] Step S431: Iterate the configuration rules through the business side.
[0195] Among them, business-side personnel configure or adjust the configuration rules in the risk closed-loop management platform through the business side.
[0196] Step S432: Iterate the early warning rules through the R&D side.
[0197] Among them, R&D personnel configure or adjust the early warning rules in the Prophet Early Warning Platform through the R&D side.
[0198] Step S433: Adjust the risk classification signal through the business side.
[0199] If the confirmation result indicates that the risk classification signal needs to be corrected, then one or more of the above steps are performed to correct the risk classification signal according to the actual situation.
[0200] For example, if the business side, after confirming the risk classification signal, finds that a certain risk level is set too high, resulting in an excessive number of risks at that level that are difficult to handle effectively, then the risk classification signal needs to be corrected. This can be done by adjusting the risk classification signal on the business side, either by lowering the risk level or by merging that level of risk with other levels, making the risk classification more reasonable and accurate. Alternatively, the business side can iterate on the configuration rules; specifically, the risk classification signal can be corrected by adjusting the threshold.
[0201] This embodiment, through the above-described scheme, specifically involves: acquiring business system information from the bank's custody business system; configuring rules for the business system information based on pre-set configuration rules; classifying the business system information after rule configuration into risk signals to obtain risk classification signals; and managing business system risks based on the risk classification signals. Specifically, it involves acquiring warning signals from the application system and the data system; collecting user operation data from the unified log platform that does not require monitoring as behavioral data; processing the warning signals from the application system and the data system, along with the behavioral data, to obtain system-side information; and collecting and organizing user data to obtain user-side information. Furthermore, it involves connecting the data requiring monitoring from the unified log platform and the performance monitoring platform to the oracle warning platform, and monitoring the data requiring monitoring through the oracle warning platform based on pre-set warning rules; acquiring warning signals from the application system issued by the oracle warning platform when the data requiring monitoring conforms to the pre-set warning rules; performing data quality verification on the data in the job scheduling platform; and acquiring warning signals from the data system when the data in the job scheduling platform shows abnormal risks. Specifically, based on system, function, and user operations over different time periods, user data is organized to obtain high-frequency operation functions and high-frequency operation time periods, which are then used as user-side information. Furthermore, the warning signals from the application system and the data system are associated with the user data to generate a service code; when the warning signal from the application system and / or the data system is obtained again, the user data is retrieved based on the service code. Further, the pre-set configuration rules include at least one of the following: the indicators in the business system information show a changing trend within a certain time interval; the indicators in the business system information are compared with corresponding indicator thresholds; the performance of the system or platform where the business system information is located continuously declines, and / or the occupancy rate of the system or platform where the business system information is located increases exponentially; the function to which the business system information belongs has user attention; and the business system information is in a key time period. Furthermore, based on the risk classification signal, the risk of the business system is processed by the R&D side; the risk classification signal is confirmed by the business side and the R&D side to obtain a confirmation result; if the confirmation result indicates that the risk classification signal needs to be corrected, then at least one of the following steps is performed: the configuration rules are iterated by the business side; the early warning rules are iterated by the R&D side; and the risk classification signal is adjusted by the business side.
[0202] This invention provides risk signal classification for business system information after rule configuration, resulting in risk classification signals. This allows for an assessment of the importance of the risks associated with the business system information. Furthermore, information can be processed sequentially based on the risk classification signals; since the risk classification signals for key businesses are higher than those for non-key businesses, the focus can be more concentrated on key businesses. Additionally, this invention manages system risk based on risk classification signals, adjusting the risk classification signals for non-key businesses to more effectively focus on key businesses. Moreover, by integrating the data to be monitored from the unified log platform and performance monitoring platform into the early warning platform, this invention helps the bank's custody business system better understand user usage and system load, thereby providing users with better services. Furthermore, by performing data quality checks on the data in the job scheduling platform, this invention improves the accuracy, completeness, and usability of the data, strengthens data supervision, and provides users with more reliable services. This invention, through the organization of user data, identifies frequently used functions and time periods. Analysis of these data allows for a better understanding of which system functions users frequently employ and during which time periods they use the system most often. This enables system performance optimization and improves the user experience. Furthermore, this invention associates warning signals from application systems and data systems with user data to generate business codes. Upon receiving warning signals from application systems and / or data systems, the user data is retrieved based on these business codes, saving time and improving efficiency for the business side when searching for corresponding user data based on warning signals. Further, based on the risk classification signals, the development side processes the risks of the business system; the business side and the development side confirm the risk classification signals to obtain confirmation results. This ensures that system risk management not only focuses on system-level issues, such as performance problems, but also considers business needs and manages system risks accordingly. Furthermore, based on the confirmation results, closed-loop management can be carried out for follow-up and periodic analysis of system risks, thereby achieving comprehensive coverage of risk management and improving the reliability and stability of the system.
[0203] Furthermore, this application also proposes a system risk management device, which includes:
[0204] The information acquisition module acquires the business system information of the bank custody business system;
[0205] The risk signal classification module configures rules for the business system information based on pre-set configuration rules; and classifies the risk signals of the business system information after rule configuration to obtain risk classification signals.
[0206] The rules management module manages the risks of the business system based on the risk classification signals.
[0207] The principle and implementation process of system risk management in this embodiment are explained in the above embodiments and will not be repeated here.
[0208] Furthermore, this application also proposes a terminal device, which includes a memory, a processor, and a system risk management program stored in the memory and executable on the processor. When the system risk management program is executed by the processor, it implements the steps of the system risk management method described above.
[0209] Since the risk management program of this system adopts all the technical solutions of all the aforementioned embodiments when it is executed by the processor, it has at least all the beneficial effects brought about by all the technical solutions of all the aforementioned embodiments, which will not be repeated here.
[0210] Furthermore, embodiments of this application also propose a computer-readable storage medium storing a system risk management program, which, when executed by a processor, implements the steps of the system risk management method described above.
[0211] Since the risk management program of this system adopts all the technical solutions of all the aforementioned embodiments when it is executed by the processor, it has at least all the beneficial effects brought about by all the technical solutions of all the aforementioned embodiments, which will not be repeated here.
[0212] This embodiment, through the above-described scheme, specifically obtains the business system information of the bank's custody business system; configures the business system information according to pre-set configuration rules; classifies the business system information after rule configuration using risk signals to obtain risk classification signals; and manages the business system risk based on the risk classification signals. This embodiment of the invention classifies the business system information after rule configuration using risk signals to obtain risk classification signals, thereby assessing the importance of the risk of the business system information. Furthermore, the information can be processed sequentially according to the level of the risk classification signals. Since the risk classification signals for key businesses are higher than those for non-key businesses, the focus can be more concentrated on key businesses. In addition, this embodiment of the invention manages system risk based on risk classification signals, allowing adjustment of the risk classification signals for non-key businesses, thereby enabling a more targeted focus on key businesses.
[0213] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or approach that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or approach. Unless otherwise specified, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or approach that includes that element.
[0214] The sequence numbers of the above embodiments of the present invention are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.
[0215] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of the present invention, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) as described above, and includes several instructions to cause a terminal device (which may be a mobile phone, computer, server, controlled terminal, or network device, etc.) to execute the methods of each embodiment of the present invention.
[0216] The above are merely preferred embodiments of the present invention and do not limit the scope of the patent. Any equivalent structural or procedural transformations made based on the description and drawings of the present invention, or direct or indirect applications in other related technical fields, are similarly included within the scope of patent protection of the present invention.
Claims
1. A system risk management method, characterized in that, The system risk management method is applied to the bank's custody business system, and the system risk management method includes the following steps: Obtain the business system information of the bank custody business system, which includes the system side, user side, business side, and R&D side; The business system information is configured with rules based on pre-set configuration rules, wherein the pre-set configuration rules include at least the following: the indicators in the business system information show a changing trend within a preset time interval; the indicators in the business system information are compared with the corresponding indicator thresholds; the performance of the system or platform on which the business system information is located continuously declines, and / or the occupancy rate of the system or platform on which the business system information is located increases exponentially; the function to which the business system information belongs has user attention; the business system information is in a key time period, which includes peak user usage periods and important business periods; The risk signal classification is performed on the business system information after rule configuration to obtain the risk classification signal; Managing business system risks based on the risk classification signal specifically includes: processing the business system risks through the R&D side based on the risk classification signal; and confirming the risk classification signal through the business side and the R&D side to obtain a confirmation result.
2. The method according to claim 1, characterized in that, The system side includes application systems and data systems. The application systems include a unified log platform. The step of obtaining the business system information of the bank custody business system includes: Obtaining system-side information and user-side information, specifically including: Obtain the early warning signals from the application system and the data system; Collect user-operated data from the unified log platform that does not require monitoring as behavioral data; Data processing is performed on the warning signals and behavioral data of the application system and the data system to obtain system-side information; Collect user data, organize the user data, and obtain user-side information.
3. The method according to claim 2, characterized in that, The application system also includes a performance monitoring platform and a pre-warning platform, and the data system includes a job scheduling platform. The step of obtaining the pre-warning signals from the application system and the data system includes: The data that needs to be monitored in the unified logging platform and the performance monitoring platform are connected to the Prophet Early Warning Platform, and the data that needs to be monitored is monitored through the Prophet Early Warning Platform based on the pre-set early warning rules; When the data to be monitored meets the pre-set early warning rules, the early warning signal of the application system issued by the early warning platform is obtained; Perform data quality verification on the data in the job scheduling platform; When there is an abnormal risk in the data of the job scheduling platform, the early warning signal of the data system is obtained.
4. The method according to claim 2, characterized in that, The step of organizing the user data to obtain user-side information includes: Based on the system, functions, and user operations in different time periods, user data is organized to obtain high-frequency operation functions and high-frequency operation time periods, which are then used as user-side information.
5. The method according to claim 2, characterized in that, The steps of collecting user data, organizing the user data, and obtaining user-side information include: The warning signals from the application system and the data system are associated with the user data to generate a service code; When the warning signal of the application system and / or the data system is obtained again, the user data is retrieved based on the business code.
6. The method according to claim 3, characterized in that, The steps for managing the risks of the business system based on the risk classification signal include: If the confirmation result indicates that the risk classification signal needs to be corrected, then perform at least one of the following steps: The configuration rules are iterated through the business side; The early warning rules are iterated through the R&D side; The risk classification signal is adjusted through the business side.
7. A system risk management device, characterized in that, The device includes: The information acquisition module acquires business system information of the bank custody business system, which includes the system side, user side, business side, and R&D side. The risk signal classification module configures rules for the business system information based on pre-set configuration rules. These pre-set rules include at least: a trend in the indicators of the business system information within a preset time interval; a comparison of the indicators in the business system information with corresponding indicator thresholds; a continuous decline in the performance of the system or platform on which the business system information resides; and / or an exponential increase in the occupancy rate of the system or platform on which the business system information resides; user attention to the function to which the business system information belongs; and the business system information being in a key time period, including peak user usage periods and important business periods. The module then classifies the business system information after rule configuration using risk signals to obtain risk classification signals. The rules management module manages business system risks based on the risk classification signal, specifically including: processing the business system risks through the R&D side based on the risk classification signal; and confirming the risk classification signal through the business side and the R&D side to obtain a confirmation result.
8. A system risk management device, characterized in that, The system risk management device includes a memory, a processor, and a computer program stored in the memory and executable on the processor. When the computer program is executed by the processor, it implements the system risk management method as described in any one of claims 1-6.
9. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, implements the system risk management method as described in any one of claims 1-6.