电子银行风险管理互联网金融外文文献翻译2013年3000多字

互联网金融安全中英文对照外文翻译文献中英文对照外文翻译文献(文档含英文原文和中文翻译)Database Security in a Web Environment IntroductionDatabases have been common in government departments and commercial enterprises for many years. Today, databases in any organization are increasingly opened up to a multiplicity of suppliers, customers, partners and employees - an idea that would have been unheard of a few years ago. Numerous applications and their associated data are now accessed by a variety of users requiring different levels of access via manifold devices and channels – often simultaneously. For example:• Online banks allow customers to perform a variety of banking operations - via the Internet and over the telephone – whilst maintaining the privacy of account data.• E-Commerce merchants and their Service Providers must store customer, order and payment data on their merchant server - and keep it secure.• HR departments allow employees to update their personal information –whilst protecting certain management information from unauthorized access.• The medical profession must protect the confidentiality of patient data –whilst allowing essential access for treatment.• Online brokerages need to be able to provide large numbers of simultaneous users with up-to-date and accurate financial information.This complex landscape leads to many new demands upon system security. The global growth of complex web-based infrastructures is driving a need for security solutions that provide mechanisms to segregate environments; perform integrity checking and maintenance; enable strong authentication andnon-repudiation; and provide for confidentiality. In turn, this necessitates comprehensive business and technical risk assessment to identify the threats,vulnerabilities and impacts, and from this define a security policy. This leads to security definitions throughout the infrastructure - operating system, database management system, middleware and network.Financial, personal and medical information systems and some areas of government have strict requirements for security and privacy. Inappropriate disclosure of sensitive information to the wrong parties can have severe social, legal and regulatory consequences. Failure to address the basics can result in substantial direct and consequential financial losses - witness the fraud losses through the compromise of several million credit card numbers in merchants’ databases [Occf], plus associated damage to brand-image and loss of consumer confidence.This article discusses some of the main issues in database and web server security, and also considers important architecture and design issues.A Simple ModelAt the simplest level, a web server system consists of front-end software and back-end databases with interface software linking the two. Normally, the front-end software will consist of server software and the network server operating system, and the back-end database will be a relational orobject-oriented database fulfilling a variety of functions, including recording transactions, maintaining accounts and inventory. The interface software typically consists of Common Gateway Interface (CGI) scripts used to receive information from forms on web sites to perform online searches and to update the database.Depending on the infrastructure, middleware may be present; in addition, security management subsystems (with session and user databases) that address the web server’s and related applications’ requirements for authentication, accesscontrol and authorization may be present. Communications between this subsystem and either the web server, middleware or database are via application program interfaces (APIs)..This simple model is depicted in Figure 1.Security can be provided by the following components:• Web server.• Middleware.• Operating system.. Figure 1: A Simple Model.• Database and Database Management System.• Security management subsystem.The security of such a system addressesAspects of authenticity, integrity and confidentiality and is dependent on the security of the individual components and their interactions. Some of the most common vulnerabilities arise from poor configuration, inadequate change control procedures and poor administration. However, even if these areas are properlyaddressed, vulnerabilities still arise. The appropriate combination of people, technology and processes holds the key to providing the required physical and logical security. Attention should additionally be paid to the security aspects of planning, architecture, design and implementation.In the following sections, we consider some of the main security issues associated with databases, database management systems, operating systems and web servers, as well as important architecture and design issues. Our treatment seeks only to outline the main issues and the interested reader should refer to the references for a more detailed description.Database SecurityDatabase management systems normally run on top of an operating system and provide the security associated with a database. Typical operating system security features include memory and file protection, resource access control and user authentication. Memory protection prevents the memory of one program interfering with that of another and limits access and use of the objects employing techniques such as memory segmentation. The operating system also protects access to other objects (such as instructions, input and output devices, files and passwords) by checking access with reference to access control lists. Security mechanisms in common operating systems vary tremendously and, for those that are lacking, there exists special-purpose security software that can be integrated with the existing environment. However, this can be an expensive, time-consuming task and integration difficulties may also adversely impact application behaviors.Most database management systems consist of a number of modules - including database querying and database and file management - along with authorization, concurrent access and database description tables. Thesemanagement systems also use a variety of languages: a data definition language supports the logical definition of the database; developers use a data manipulation language; and a query language is used by non-specialist end-users.Database management systems have many of the same security requirements as operating systems, but there are significant differences since the former are particularly susceptible to the threat of improper disclosure, modification of information and also denial of service. Some of the most important security requirements for database management systems are: • Multi-Level Access Control.• Confidentiality.• Reliability.• Integrity.• Recovery.These requirements, along with security models, are considered in the following sections.Multi-Level Access ControlIn a multi-application and multi-user environment, administrators, auditors, developers, managers and users – collectively called subjects - need access to database objects, such as tables, fields or records. Access control restricts the operations available to a subject with respect to particular objects and is enforced by the database management system. Mandatory access controls require that each controlled object in the database must be labeled with a security level, whereas discretionary access controls may be applied at the choice of a subject.Access control in database management systems is more complicated than in operating systems since, in the latter, all objects are unrelated whereas in a database the converse is true. Databases are also required to make accessdecisions based on a finer degree of subject and object granularity. In multi-level systems, access control can be enforced by the use of views - filtered subsets of the database - containing the precise information that a subject is authorized to see.A general principle of access control is that a subject with high level security should not be able to write to a lower level object, and this poses a problem for database management systems that must read all database objects and write new objects. One solution to this problem is to use a trusted database management system.ConfidentialitySome databases will inevitably contain what is considered confidential data. For example, it could be inherently sensitive or its source may be sensitive, or it may belong to a sensitive table, thus making it difficult to determine what is actually confidential. Disclosure is also difficult to define, as it can be direct, indirect, involve the disclosure of bounds or even mere existence.An inference problem exists in database management systems whereby users can infer sensitive information from relatively insensitive queries. A trivial example is a request for information about the average salary of an employee and the number of employees turns out to be just one, thus revealing the employee’s salary. However, much more sophisticated statistical inference attacks can also be mounted. This highlights the fact that, although the data itself may be properly controlled, confidential information may still leak out.Controls can take several forms: not divulging sensitive information to unauthorized parties (which depends on the respective subject and object security levels), logging what each user knows or masking response data. The first control can be implemented fairly easily, the second quickly becomesunmanageable for a large number of users and the third leads to imprecise responses, and also exemplifies the trade-off between precision and security. Polyinstantiation refers to multiple instances of a data object existing in the database and it can provide a partial solution to the inference problem whereby different data values are supplied, depending on the security level, in response to the same query. However, this makes consistency management more difficult.Another issue that arises is when the security level of an aggregate amount is different to that of its elements (a problem commonly referred to as aggregation). This can be addressed by defining appropriate access control using views.Reliability, Integrity and RecoveryArguably, the most important requirements for databases are to ensure that the database presents consistent information to queries and can recover from any failures. An important aspect of consistency is that transactions execute atomically; that is, they either execute completely or not at all.Concurrency control addresses the problem of allowing simultaneous programs access to a shared database, while avoiding incorrect behavior or interference. It is normally addressed by a scheduler that uses locking techniques to ensure that the transactions are serial sable and independent. A common technique used in commercial products is two-phase locking (or variations thereof) in which the database management system controls when transactions obtain and release their locks according to whether or not transaction processing has been completed. In a first phase, the database management system collects the necessary data for the update: in a second phase, it updates the database. This means that the database can recover from incomplete transactions by repeatingeither of the appropriate phases. This technique can also be used in a distributed database system using a distributed scheduler arrangement.System failures can arise from the operating system and may result in corrupted storage. The main copy of the database is used for recovery from failures and communicates with a cached version that is used as the working version. In association with the logs, this allows the database to recover to a very specific point in the event of a system failure, either by removing the effects of incomplete transactions or applying the effects of completed transactions. Instead of having to recover the entire database after a failure, recovery can be made more efficient by the use of check pointing. It is used during normal operations to write additional updated information - such as logs, before-images of incomplete transactions, after-images of completed transactions - to the main database which reduces the amount of work needed for recovery. Recovery from failures in distributed systems is more complicated, since a single logical action is executed at different physical sites and the prospect of partial failure arises.Logical integrity, at field level and for the entire database, is addressed by the use of monitors to check important items such as input ranges, states and transitions. Error-correcting and error-detecting codes are also used.Security ModelsVarious security models exist that address different aspects of security in operating systems and database management systems. For example, theBell-LaPadula model defines security in terms of mandatory access control and addresses confidentiality only. The Bell LaPadula models, and other models including the Biba model for integrity, are described more fully in [Cast95] and [Pfle89]. These models are implementation-independent and provide a powerfulinsight into the properties of secure systems, lead to design policies and principles, and some form the basis for security evaluation criteria.Web Server SecurityWeb servers are now one of the most common interfaces between users and back-end databases, and as such, their security becomes increasingly important. Exploitation of vulnerabilities in the web server can lead to unforeseen attacks on middleware and backend databases, bypassing any controls that may be in place. In this section, we focus on common web server vulnerabilities and how the authentication requirements of web servers and databases are met.In general, a web server platform should not be shared with other applications and should be the only machine allowed to access the database. Using a firewall can provide additional security - either between the web server and users or between the web server and back-end database - and often the web server is placed on a de-militarized zone (DMZ) of a firewall. While firewalls can be used to block certain incoming connections, they must allow HTTP (and HTTPS) connections through to the web server, and so attacks can still be launched via the ports associated with these connections.VulnerabilitiesVulnerabilities appear on a weekly basis and, here, we prefer to focus on some general issues rather than specific attacks. Common web server vulnerabilities include:• No policy exists.• The default configuration is on.• Reusable passwords appear in clear.• Unnecessary ports available for network services are not disabled.• New security holes are not tracked. Even if they are, well-known vulnerabilities are not always fixed as the source code patches are not applied by system administrator and old programs are not re-compiled or removed.• Security tools are not used to scan the network for weaknesses and changes or to detect intrusions.• Faulty and buggy software - for example, buffer overflow and stack smashingAttacks• Automatic directory listings - this is of particular concern for the interface software directories.• Server root files are generally visible or accessible.• Lack of logs and bac kups.• File access is often not explicitly configured by the system administrator according to the security policy. This applies to configuration, client, administration and log files, administration programs, and CGI program sources and executables. CGI scripts allow dynamic web pages and make program development (in, for example, Perl) easy and rapid. However, their successful exploitation may allow execution of malicious programs, launching ofdenial-of-service attacks and, ultimately, privilege escalation on a server.Web Server and Database AuthenticationWhile user, browser and web server authentication are relatively well understood [Garf97], [Ghos98] and [Tree98], the introduction of additional components, such as databases and middleware, raise a number of authentication issues. There are a variety of options for authentication in a simple model (Figure 1). Firstly, both the web server and database management system can individually authenticate a user. This option requires the user to authenticatetwice which may be unacceptable in certain applications, although a singlesign-on device (which aims to manage authentication in a user-transparent way) may help. Secondly, a common approach is for the database to automatically grant user access based on web server authentication. However, this option should only be used for accessing publicly available information. Finally, the database may grant user access employing the web server authentication credentials as a basis for its own user authentication, using security management subsystems (Figure 1). We consider this last option in more detail.Web-based communications use the stateless HTTP protocol with the implication that state, and hence authentication, is not preserved when browsing successive web pages. Cookies, or files placed on user’s machine by a web server, were developed as a means of addressing this issue and are often used to provide authentication. However, after initial authentication, there is typically no re authentication per page in the same realm, only the use of unencrypted cookies (sometimes in association with IP addresses). This approach provides limited security as both cookies and IP addresses can be tampered with or spoofed.A stronger authentication method, commonly used by commercial implementations, uses digitally signed cookies. This allows additional systems, such as databases, to use digitally signed cookie data, including a session ID, as a basis for authentication. When a user has been authenticated by a web server (using a password, for example), a session ID is assigned and is stored in a security management subsystem database. When a user subsequently requests information from a database, the database receives a copy of the session ID, the security management subsystem checks this session ID against its local copy and, if authentication is successful, user access is granted to the database.The session ID is typically transmitted in the clear between the web server and database, but may be protected by SSL or even by physical security measures. The communications between the browser and web servers, and the web servers and security management subsystem (and its databases), are normally protected by SSL and use a web server security API that is used to digitally sign and verify browser cookies. The communications between the back-end databases and security management subsystem (and its databases) are also normally protected by SSL and use a database security API that verifies session Ids originating from the database and provides additional user authorization credentials. The web server security API is generally proprietary while, for the database security API, many vendors have adopted standards such as the Generic Security Services API (GSS-API) or CORBA [RFC2078] and [Corba].Architecture and DesignSecurity requirements for designing, building and implementing databases are important so that the systems, as part of the overall infrastructure, meet their requirements in actual operation. The various security models provide an important insight into the design requirements for databases and their management systems.Secure Database Management System ArchitecturesIn multi-level database management systems, a variety of architectures are possible: trusted subject, integrity locked, kernels and replicated. Trusted subject is used by most of the leading database management system vendors and can be integrated in existing products. Basically, the trusted subject architecture allows users to access a database via an un trusted front-end, a trusted database management system and trusted operating system. The operating systemprovides physical access to the database and the database management system provides multilevel object protection.The other architectures - integrity locked, kernels and replicated - all vary in detail, but they use a trusted front-end and an un trusted database management system. For details of these architectures and research prototypes, the reader is referred to [Cast95]. Different architectures are suited to different environments: for example, the trusted subject architecture is less integrated with the underlying operating system and is best suited when a trusted path can be assured between applications and the database management system.Secure Database Management System DesignAs discussed above, there are several fundamental differences between operating system and database management system design, including object granularity, multiple data types, data correlations and multi-level transactions. Other differences include the fact that database management systems include both physical and logical objects and that the database lifecycle is normally longer.These differences must be reflected in the design requirements which include:• Access, flow and infer ence controls.• Access granularity and modes.• Dynamic authorization.• Multi-level protection.• Polyinstantiation.• Auditing.• Performance.These requirements should be considered alongside basic information integrity principles, such as:• Well-formed transactions - to ensure that transactions are correct and consistent.• Continuity of operation - to ensure that data can be properly recovered, depending on the extent of a disaster.• Authorization and role management – to ensure that distinct roles are defined and users are authorized.• Authenticated users - to ensure that users are authenticated.• Least privilege - to ensure that users have the minimal privilege necessary to perform their tasks.• Separation of duties - to ensure that no single individual has access to critical data.• Delegation of authority - to ensure that the database management system policies are flexible enough to meet the organization’s requirements.Of course, some of these requirements and principles are not met by the database management system, but by the operating system and also by organizational and procedural measures.Database Design MethodologyVarious approaches to design exist, but most contain the same main stages. The principle aim of a design methodology is to provide a robust, verifiable design process and also to separate policies from how policies are actually implemented. An important requirement during any design process is that different design aspects can be merged and this equally applies to security.A preliminary analysis should be conducted that addresses the system risks, environment, existing products and performance. Requirements should then beanalyzed with respect to the results of a risk assessment. Security policies should be developed that include specification of granularity, privileges and authority.These policies and requirements form the input to the conceptual design that concentrates on subjects, objects and access modes without considering implementation details. Its purpose is to express information and process flows in a complete and consistent way.The logical design takes into account the operating system and database management system that will be used and which of the security requirements can be provided by which mechanisms. The physical design considers the actual physical realization of the logical design and, indeed, may result in a revision of the conceptual and logical phases due to physical constraints.Security AssuranceOnce a product has been developed, its security assurance can be assessed by a number of methods including formal verification, validation, penetration testing and certification. For example, if a database is to be certified as TCSEC Class B1, then it must implement the Bell-LaPadula mandatory access control model in which each controlled object in the database must be labeled with a security level.Most of these methods can be costly and lengthy to perform and are typically specific to particular hardware and software configurations. However, the international Common Criteria certification scheme provides the added benefit of a mutual recognition arrangement, thus avoiding the prospect of multiple certifications in different countries.ConclusionThis article has considered some of the security principles that are associated with databases and how these apply in a web based environment. Ithas also focused on important architecture and design principles. These principles have focused mainly on the prevention, assurance and recovery aspects, but other aspects, such as detection, are equally important in formulating a total information protection strategy. For example, host-based intrusion detection systems as well as a robust and tested set of business recovery procedures should be considered.Any fit-for-purpose, secure e-business infrastructure should address all the above aspects: prevention, assurance, detection and recovery. Certain industries are now starting to specify their own set of global, secure e-business requirements. International card payment associations have recently started to require minimum information security standards from electronic commerce merchants handling credit card data, to help manage fraud losses and associated impacts such as brand-image damage and loss of consumer confidence.网络环境下的数据库安全简介数据库在政府部门和商业机构得到普遍应用已经很多年了。

金融专业外文翻译-----电子银行的风险管理外文翻译原文RISK MANAGEMENT OF E-BANKING ACTIVITIESMaterial Source: University Galati, Economic Science FacultyAuthor: Virlanuta Florina，Moga Liliana，Ioan Viorica1. E-banking risksE-banking is defined as the automated delivery of new and traditional banking products and services directly to customers through electronic, interactive communication channels. E-banking includes the systems that enable financial institution customers, individuals or businesses, to access accounts, transact business, or obtain information on financial products and services through a public or private network,including the Internet or mobile phone. Customers access e-banking services using an intelligent electronic device, such as a personal computer (PC), personal digital assistant (PDA), automated teller machine(ATM), kiosk, or Touch Tone telephone.In Romania, over 23 banks implemented and offer now e-banking services. The continuous development of the supporting technology, information security and e-banking strategy reflects on the increasing number of the e-banking customers. According to Communications and Information Technologies Ministry, the number of e-banking users and the transactions performed in this system, as well as the value of these transactions, registered a spectacular rising,2004 2005 2006 2007YearIndex18.259 44.538 100.799 187.471E-bankingcustomersTransactions1.968.1702.244.0673.546.5494.851.427 number7.911.987.706 11.566.348.720 20.510.170.662 44.830.322.635 Transactionsvalue (euro)Source: Communications and Information Technologies MinistryWhile the risks and controls are similar for the various e-banking access channels, this essay focuses specifically on Internet-based services due to the Internet’s widely accessible public network Accordingly, this project begins with a discussion of the two primary types of Internet websites: informational and transactional. Informational websites provide customers access to general information about the financial institution and its products or services.Risk issues examiners should consider when reviewing informational websites include: Potential access to confidential financial institution or customer information if the website is not properly isolated from the financial institution’s internal network; Potential liability for spreading viruses and other malicious code to computers communicating with the institution’s website; and Negative public perception if the institution’s on-line services are disrupted or if its website is defaced or otherwise presents inappropriate or offensive material.Transactional websites provide customers with the ability to conduct transactions through the financial institution’s website by initiating banking transactions or buying products and services. Banking transactions can range from something as basic as a retail account balance inquiry to a large business-to business funds transfer. E-banking services, like those delivered through other delivery channels, are typically classified based on the type of customer they support. The following table lists some of the common retail and wholesale e-banking services offered by financial institutions.Since transactional websites typically enable the electronic exchange of confidential customer information and the transfer of funds, services provided through these websites expose a financial institution to higher risk than basic informational websites. Wholesale e-banking systems typically expose financial institutions to the highest risk per transaction, since commercial transactions usually involve larger dollar amounts. In addition to the risk issues associated with informational websites, examiners reviewing transactional ebanking services should consider the following issues:—— Security controls for safeguarding customer information;—— Liability for unauthorized transactions;——Possible violations of laws or regulations pertaining to consumer privacy, anti-money laundering, anti-terrorism, or the content, timing, or delivery of required consumer disclosures.2. Transaction riskTransaction risk arises from fraud, processing errors, system disruptions, or other unanticipated events resulting in the institution’s inability to deliver products or services. This risk exists in each product and service offered. The level of transaction risk is affected by the structure of the institution’s processing environment, including the types of services offered and the complexity of the processes and supporting technology.In most instances, e-banking activities will increase the complexity of the institution’s activities and the quantity of its transaction/operations risk, especially if the institution is offering innovative services that have not been standardized. Since customers expect e-banking services to be available 24 hours a day, 7 days a week, financial institutions should ensure their e-banking infrastructures contain sufficient capacity and redundancy to ensure reliable service availability. Even institutions that do not consider e-banking a critical financial service due to the availability of alternate processing channels, should carefully consider customer expectations and the potential impact of service disruptions on customer satisfaction and loyalty.The key to controlling transaction risk lies in adapting effective polices, procedures, and controls to meet the new risk exposures introduced by e-banking. Basic internal controls including segregation of duties, dual controls, and reconcilements remain important. Information security controls, in particular, become more significant requiring additional processes, tools, expertise, and testing. Institutions should determine the appropriate level of security controls based on their assessment of the sensitivity of the information to the customer and to the institution and on the institution’s established risk tolerance level.Generally, a financial institution’s credit risk is not increased by the mere fact that a loan is originated through an e-banking channel. However, management should consider additional precautions when originating and approving loans electronically, including assuring management information systems effectively track the performance of portfolios originated through e-banking channels.Funding and investment-related risks could increase with an institution’s e-banking initiatives depending on the volatility and pricing of the acquired deposits. The Internet provides institutions with the ability to market theirproducts and services globally. Internet-based advertising programs can effectively match yield-focused investors with potentially high-yielding deposits. But Internet-originated deposits have the potential to attract customers who focus exclusively on rates and may provide a funding source with risk characteristics similar to brokered deposits. An institution can control this potential volatility and expanded geographic reach through its deposit contract and account opening practices, which might involve face-to face meetings or the exchange of paper correspondence.Compliance and legal issues arise out of the rapid growth in usage of e-banking and the differences between electronic and paper-based processes. E-banking is a new delivery channel where the laws and rules governing the electronic delivery of certain financial institution products or services may be ambiguous or still evolving. Laws governing consumer transactions require specific types of disclosures, notices, or record keeping requirements. These requirements also apply to e-banking, and banking agencies continue to update consumer laws and regulations to reflect the impact of e-banking and on-line customer relationships.Institutions that offer e-banking services, both informational and transactional, assume a higher level of compliance risk because of the changing nature of the technology, the speed at which errors can be replicated, and the frequency of regulatory changes to address e-banking issues. The potential for violations is further heightened by the need to ensure consistency between paper and electronic advertisements, disclosures, and notices.3. Risk managementE-banking has unique characteristics that may increase an institution’s overall risk profile and the level of risks associated with traditional financial services, particularly strategic, operational, legal, and reputation risks. These unique e-banking characteristics include: Speed of technological change, Increased visibility of publicly accessible networks, Less face-to-face interaction with financial institution customers. Management should review each of the processes discussed in this section to adapt and expand the institution’s risk management practices as necessary to address the risks posed by e-banking activities.Financial institution management should choose the level of e-banking services provided to various customer segments based on customer needs andthe institution’s risk assessment considerations. Institutions should reach this decision through a board-approved, e-banking strategy that considers factors such as customer demand, competition, expertise, implementation expense, maintenance costs, and capital support. Some institutions may choose not to provide e-banking services or to limit e-banking services to an informational website.Financial institutions should periodically re-evaluate this decision to ensure it remains appropriate for the institution’s overall business strategy. Institutions may define success in many ways including growth in market share, expanding customer relationships, expense reduction, or new revenue generation. If the financial institution determines that a transactional website is appropriate, the next decision is the range of products and services to make available electronically to its customers. To deliver those products and services, the financial institution may have more than one website or multiple pages within a website for various business lines.Financial institutions should base any decision to implement e-banking products and services on a thorough analysis of the costs and benefits associated with such action. Some of the reasons institutions offer e-banking services include: Lower operating costs, Increased customer demand for services, and New revenue opportunities.The individuals conducting the cost-benefit analysis should clearly understand the risks associated with ebanking so that cost considerations fully incorporate appropriate risk mitigation controls. Without such expertise, the cost-benefit analysis will most likely underestimate the time and resources needed to properly oversee e-banking activities, particularly the level of technical expertise needed to provide competent oversight of in-house or outsourced activities.Security threats can affect a financial institution through numerous vulnerabilities. No single control or security device can adequately protect a system connected to a public network. Effective information security comes only from establishing layers of various control, monitoring, and testing methods. While the details of any control and the effectiveness of risk mitigation depend on many factors, in general, each financial institution with external connectivity should ensure the following controls exist internally or at their TSP.ConclusionsA financ ial institution’s board and management should understand the risks associated with e-banking services and evaluate the resulting risk management costs against the potential return on investment prior to offering e-banking services. Poor e-banking planning and investment decisions can increase a financial institution’s strategic risk. Early adopters of new e-banking services can establish themselves as innovators who anticipate the needs of their customers, but may do so by incurring higher costs and increased complexity in their operations. Conversely, late adopters may be able to avoid the higher expense and added complexity, but do so at the risk of not meeting customer demand for additional products and services. In managing the strategic risk associated with e-banking services, financial institutions should develop clearly defined e-banking objectives by which the institution can evaluate the success of its ebanking strategy.译文电子银行的风险管理资料来源:加拉茨大学经济科学系作者：Virlanuta Florina，Moga Liliana，Ioan Viorica1风险管理的电子银行业务电子银行定义为将传统银行产品通过电子渠道，并直接向客户提供互动服务的的新的自动交付服务。

互联网金融发展外文翻译文献根据要求，我为您翻译了一份互联网金融发展的外文文献。

以下是翻译的文献内容：标题：互联网金融的发展趋势和影响互联网金融是指利用互联网技术进行金融活动的新型金融形态。

近年来，互联网金融在全球范围内快速发展，并对传统金融产生了深远的影响。

本文对互联网金融的发展趋势和影响进行了探讨。

1. 互联网金融的发展趋势互联网金融的发展趋势主要体现在以下几个方面：1.1 移动支付的普及随着智能手机的普及和移动互联网的发展，移动支付成为互联网金融的主要应用之一。

借助移动支付，人们可以实现方便快捷的线上支付，推动了消费惯的变革。

1.2 大数据的应用互联网金融通过收集和分析大量用户数据，可以为用户提供个性化的金融服务。

大数据的应用不仅提高了金融服务的效率，还为金融机构提供了更多的商机和竞争优势。

1.3 金融科技的创新互联网金融与科技的结合推动了金融科技的创新。

人工智能、区块链、云计算等技术的应用，不仅提高了金融服务的智能化水平，还为新型金融业务的发展创造了条件。

2. 互联网金融的影响互联网金融的发展对传统金融产生了深远的影响，主要表现在以下几个方面：2.1 金融服务的普惠性互联网金融通过降低金融服务的门槛，普惠了更多的人群。

无论地域或社会经济地位如何，人们都可以通过互联网金融获得便捷和个性化的金融服务。

2.2 金融风险的挑战互联网金融的快速发展也带来了金融风险的挑战。

、网络诈骗等问题日益突出，监管机构和金融机构需要加强监管和防范措施。

2.3 金融业态的变革互联网金融改变了传统金融业的业态。

传统金融机构面临互联网金融的竞争压力，不得不进行转型升级，提供更高效、智能的金融服务。

结论互联网金融作为一种新兴金融模式，对金融行业产生了深远的影响。

随着技术的不断发展和应用的推广，互联网金融的发展趋势将进一步提升金融服务的效率和普惠性。

然而，互联网金融也带来了新的风险和挑战，需要各方共同努力，加强监管和创新，推动互联网金融的健康发展。

互联网银行风险管理外文及翻译1. Introduction本文目的是探讨互联网银行风险管理的外文资料，并提供翻译。

以下是一些与互联网银行风险管理相关的文献，供参考。

2. 外文文献1Author: John SmithYear: 20152.1 翻译：标题：互联网银行风险管理：综述作者：约翰·史密斯年份：2015年摘要：本文全面回顾了互联网银行风险管理的实践。

涉及的风险类型包括网络安全风险、欺诈风险和运营风险。

文章讨论了在互联网银行环境中管理这些风险的不同策略和最佳实践。

3. 外文文献2Title: Risk Assessment and Mitigation Techniques for Internet Banking SystemsAuthor: Jane DoeYear: 2018Summary: This paper focuses on the assessment and mitigation of risks in internet banking systems. It presents a framework for identifying and evaluating risks specific to internet banking and suggests various techniques for mitigating these risks. The paper also discusses the importance of continuous monitoring and updating of risk management strategies.3.1 翻译：标题：互联网银行系统的风险评估与缓解技术作者：简·多伊年份：2018年摘要：本文侧重于互联网银行系统中风险的评估和缓解。

它提出了一个针对互联网银行特定风险的识别和评估框架，并提出了各种缓解这些风险的技术。

中英文对照外文翻译文献(文档含英文原文和中文翻译)互联网金融对传统金融的影响摘要网络的发展，深刻地改变甚至颠覆了许多传统行业，金融业也不例外。

近年来，金融业成为继商业分销、传媒之后受互联网影响最为深远的领域，许多基于互联网的金融服务模式应运而生，并对传统金融业产生了深刻的影响和巨大的冲击。

“互联网金融”成为社会各界关注的焦点。

互联网金融低成本、高效率、关注用户体验，这些特点使其能够充分满足传统金融“长尾市场”的特殊需求，灵活提供更为便捷、高效的金融服务和多样化的金融产品，大大拓展了金融服务的广度和深度，缩短了人们在时空上的距离，建立了一种全新的金融生态环境；可以有效整合、利用零散的时间、信息、资金等碎片资源，积少成多，形成规模效益，成为各类金融服务机构新的利润增长点。

此外，随着互联网金融的不断渗透和融合，将给传统金融行业带来新的挑战和机遇。

互联网金融可以促进传统银行业的转型，弥补传统银行在资金处理效率、信息整合等方面的不足；为证券、保险、基金、理财产品的销售与推广提供新渠道。

对于很多中小企业来说，互联网金融拓展了它们的融资渠道，大大降低了融资门槛，提高了资金的使用效率。

但是，互联网金融的跨行业性决定了它的风险因素更为复杂、敏感、多变，因此要处理好创新发展与市场监管、行业自律的关系。

关键词：互联网金融；商业银行；影响；监管1 引言互联网技术的不断发展，云计算、大数据、社交网络等越来越多的互联网应用为传统行业的业务发展提供了有力支持，互联网对传统行业的渗透程度不断加深。

20世纪末，微软总裁比尔盖茨就曾断言，“传统商业银行会成为新世纪的恐龙”。

如今，随着互联网电子信息技术的发展，我们真切地感受到了这种趋势，移动支付、电子银行早已在我们的日常生活中占据了重要地位。

由于互联网金融的概念几乎完全来自于商业实践，因此目前的研究多集中在探讨互联网金融的具体模式上，而对传统金融行业的影响力分析和应对措施则缺乏系统性研究。

互联网时代银行的电子风险管理随着互联网的快速发展，银行业也在不断向电子化发展，传统的柜台业务也在逐渐被网上银行和手机银行所取代。

而随之而来的，就是电子风险管理的重要性日益凸显。

在互联网时代，银行的电子风险管理不仅关乎银行自身的利益和声誉，更直接关乎客户的资金安全和个人信息保护。

银行在互联网时代面临着更加严峻的电子风险挑战，必须加强风险管理，保障客户的资金和信息安全。

互联网时代银行的电子风险主要表现在网络安全风险、交易风险、信用风险和操作风险等方面。

在网络安全风险方面，银行需要面对的是网络攻击、数据泄露、网络钓鱼等安全威胁。

在交易风险方面，电子支付、网络转账等电子交易方式的风险也需要得到有效的管理和控制。

而在信用风险方面，客户的信用信息泄露以及信用卡被盗刷等问题也需要引起银行的高度重视。

操作风险也来自于银行工作人员的疏忽大意或者内部控制不力所引起的误操作、错误交易等问题。

银行必须采取一系列的措施，从技术、制度和管理上加强电子风险管理，确保银行的正常运营和客户的利益不受损失。

银行需要加强网络安全技术投入，提高网络安全防护能力。

互联网时代的银行业务已经逐渐从传统的柜台业务向网络银行和手机银行转移，银行必须投入更多的资金和技术力量，提高网络安全防护能力。

银行可以通过建立完善的网络安全系统和监控系统，加强对数据的加密和防护，检测和阻止网络攻击，保护客户的资金和信息安全。

银行还可以通过引入生物识别技术、人脸识别技术等先进技术手段，加强对客户身份的识别和验证，提高交易的安全性和可信度。

银行需要建立健全的风险管理制度和流程，加强对电子交易的监管和控制。

银行可以通过建立专门的风险管理部门，建立风险管理流程和制度，对电子交易进行全程监控和管理。

银行可以通过建立风险评估模型，对不同类型的电子交易进行风险评估和控制，设立风险预警机制，及时发现和应对潜在的风险。

银行还可以通过加强对员工的教育培训，提高员工的风险意识和风险管理能力，加强内部风险控制和管理。

P2P金融风险管控中英文对照外文翻译文献P2P金融风险管控中英文对照外文翻译文献(文档含英文原文和中文翻译)译文：P2P 金融下的中小企业融资摘要中小企业融资难是世界性难题。

文章介绍了互联网金融的概念，重点概括了 P2P 金融在科技和金融创新融合方面的发展，综合了现在学术界对 P2P 金融研究的五大方向方面的各种观点和见解。

指出了当前 P2P 金融发展的突出问题风险控制，并对互联网金融的大趋势进行了分析。

关键词: P2P金融; 金融创新; 风险管控1引言从企业发展的历史看，大型企业都来源于中小企业。

中小企业是国民经济中最具活力的部分，往往走在技术发展的最前端，在高科技产业、清洁能源、绿色经济等方面都有很好的业绩，在经济转型中发挥着巨大作用。

中小企业融资难是世界性难题。

这些中小企业融资环境和渠道狭窄，有 60% 以上无法获得银行贷款。

目前，科技型企业又有轻资产的特点，融资困境，成为困扰可持续发展的巨大瓶颈。

2 互联网金融的概念近两年来，互联网金融呈现井喷式发展， 2014 年以来，互联网金融板块表现强势。

当前经济领域存在两个特别矛盾的现象，一是中小企业在企业总数中占比很大，但普遍存在融资难的问题; 二是民间闲散资金多，但除了股市和房市，往别的领域投资很难。

而以互联网、大数据、云计算为基础和高度契合市场引领的互联网金融的发展，对于解决这两个难题，更好地为实体经济，尤其是中小企业发展创造良好的金融环境，也为中国在国际竞争当中实现弯道超车起到重要作用。

互联网金融除了掌握客户端外，还便于做好上游资本供给方、下游资本使用方点与点的整合，结合互联网的其中特质( P2P) 及金融的本质( 资本) 。

依托互联网金融的发展，金融供给能力得以提高，包容性得以增强，可以动员更多的金融资源，覆盖面更广，覆盖度更多，满足更分散、更多元化的需求。

互联网金融最狭隘的概念就是 P2P( Peer-to-Peer Lend-ing) 金融平台，P2P 模式的核心是: 在这个具有资质的网站平台上，借款人发出借贷信息，并提供借贷项目的具体情况、借款人的相关诚信及经济实力等有关信息; 投资人根据平台上提供的信息，进行决策，最后做出向借款人发放贷款的决定。

电子银行风险管理互联网金融外文文献翻译2013年3000多字E-banking has brought about a new set of risks for financial XXX risks include fraud。

processing errors。

system ns。

and other unforeseen events that can result in the XXX products or services。

It is XXX of the n to the customer and the n。

and to XXX.2.Risk management in e-bankingEffective risk management in e-XXX and analyzing potential risks。

XXX risks。

XXX.3.Security measures in e-bankingns should XXX controls。

n。

firewalls。

XXX systems。

and regular security testing and assessments.4.XXXXXX measures。

XXX passwords。

avoiding phishing scams。

XXX.5.nOverall。

effective risk management is essential for financial XXX。

ns XXX.XXX access accounts。

conduct ns。

and obtain n on financial products and services via public or private orks。

including the。

and mobile phones。

Customers can use us electronic devices。

互联网金融外文翻译随着信息技术的飞速发展，互联网金融已成为当今金融领域的热门话题。

互联网金融是指利用互联网技术和信息通信技术实现资金融通、支付、投资和信息中介服务的新型金融业务模式。

它不仅改变了传统金融的运作方式，也为金融服务带来了更高的效率和更广泛的覆盖范围。

在国际上，对于互联网金融的研究和实践也在不断深入。

许多国外学者和机构从不同的角度对互联网金融进行了探讨和分析。

例如，有学者认为互联网金融降低了金融交易成本，提高了金融市场的透明度和竞争程度。

通过互联网平台，金融机构能够更有效地收集和处理信息，减少信息不对称，从而降低风险和成本。

另外，一些研究指出互联网金融拓宽了金融服务的渠道和受众。

传统金融服务往往受到地域、时间和成本等因素的限制，而互联网金融能够打破这些限制，为更多的个人和企业提供便捷的金融服务。

无论是在偏远地区还是在发展中国家，人们都可以通过互联网获得金融支持，促进了金融的普惠性。

在外文文献中，对于互联网金融的风险控制也是一个重要的研究方向。

由于互联网金融的虚拟性和开放性，其面临着诸如网络安全风险、信用风险和法律风险等多种挑战。

因此，如何建立有效的风险管理体系，保障金融交易的安全和稳定，成为了互联网金融发展中的关键问题。

在翻译互联网金融相关的外文文献时，需要注意一些关键的术语和概念。

例如，“Fintech”（金融科技）、“PeertoPeer Lending”（P2P 借贷）、“Online Payment”（在线支付）、“Digital Currency”（数字货币）等。

准确理解和翻译这些术语对于传达原文的意思至关重要。

同时，由于不同语言的语法和表达习惯存在差异，在翻译过程中还需要灵活调整句子结构和语序，以确保译文通顺自然。

例如，英文中常常使用被动语态和长句，而在中文中则更倾向于使用主动语态和短句。

因此，在翻译时需要进行适当的转换，使译文更符合中文的表达习惯。

此外，对于一些涉及到特定文化背景和行业惯例的内容，翻译时需要进行必要的注释和解释，以便读者更好地理解。

互联网金融作文英文翻译英文：Internet finance, also known as fintech, has revolutionized the way we manage our finances. With therise of online banking, peer-to-peer lending, and mobile payment platforms, the traditional banking industry hasbeen forced to adapt to the changing landscape. Personally, I have found internet finance to be incredibly convenient and efficient. For example, I no longer have to wait inlong lines at the bank to deposit a check or transfer money. Instead, I can simply use my banking app to complete these tasks in a matter of minutes. This level of convenience has made managing my finances much easier and less time-consuming.In addition to convenience, internet finance alsooffers a wide range of investment opportunities. Through online investment platforms, I have been able to diversify my portfolio and explore new investment options that werepreviously inaccessible to me. For instance, I have invested in peer-to-peer lending, which has provided me with higher returns compared to traditional savings accounts. Furthermore, the transparency and accessibility of online investment platforms have allowed me to make more informed decisions about where to allocate my funds.However, it's important to acknowledge that internet finance also comes with its own set of risks. For example, the lack of physical presence and face-to-face interaction with financial institutions can make it easier for scams and fraud to occur. Therefore, it's crucial to conduct thorough research and due diligence before engaging in any financial transactions online. Additionally, the rapid advancement of technology in the fintech industry meansthat regulations and security measures must constantly evolve to keep up with potential threats.Overall, I believe that internet finance has significantly improved the way we manage our finances. The convenience and accessibility it offers have made it easier for individuals to take control of their financial futures.However, it's important to remain vigilant and informed about the potential risks associated with internet finance.中文：互联网金融，也被称为金融科技，已经彻底改变了我们管理财务的方式。