The Construction of Financial Information Security Assessment

Indicators based on Hierarchical Analysis Methods and Legal

Regulation

YINGLI WANG*, YINGLONG ZHENG

School of International,

Krirk University,

Bangkok 10220,

THAILAND

* Corresponding Author

Abstract: -Along with the continuous development of information technology, the threat to the information

security of financial enterprises is also increasing, and the financial information security assessment can help

financial enterprises to fully understand the risk of information security, targeted to make the corresponding

optimization recommendations. At the same time, it can also provide certain references for the improvement of

laws and regulations in the financial information industry. Based on this, this paper proposes the construction of

financial information security assessment indexes based on hierarchical analysis, by analyzing the fuzzy

comprehensive evaluation result vector

of the

layer relative to the

layer, it can be found that the

proportion of "three-star" and "four-star" is 0.0294 and 0.2903 respectively. According to the theory of degree

of affiliation 31.97% of the assessment indicators can be improved. And accordingly puts forward the

improvement strategy of legal regulation, to be able to provide certain references for the financial information

security work.

Key-Words: - Financial information security, Hierarchical analysis, Security assessment, Legal regulation,

Financial payment, payment risk, legal protection.

Received: April 12, 2023. Revised: February 21, 2024. Accepted: March 11, 2024. Published: May 22, 2024.

1 Introduction

As the supervisor and main payment channel of

network transactions, financial payment institutions

provide convenient payment means and reliable

service guarantee for active online transaction

payment and promote the development of e-

commerce, which is an important content of China's

payment service system, and its own healthy and

orderly development has gradually become one of

the important factors affecting the national financial

stability. Generally speaking, financial payment

institutions generally have the risks brought by the

operators' business ethics, anti-money laundering,

credit card cash, network security of payment

platforms and their systems, and the homogenization

of competition and unknown profit models. Among

them, the information security risk has become the

core risk of non-financial payment institutions' daily

business activities due to the fundamental support

provided by information technology systems to their

business development, [1]. It is very necessary and

urgent to strengthen the information security risk

prevention and control capacity building work of

financial payment institutions. Literature [2],

introduced a topic model based on Latent Dirichlet

Allocation (LDA) to discover features from news

articles and financial time series and applied LDA to

data mining for financial time series forecasting,

achieving better results than commonly used LDA,

[2]. Literature [3], proposed the DeepClue system,

which explains the key factors learned in the stock

price prediction model through visualization and

connects the text-based deep learning model with

end users to predict stock prices through financial

news and company-related tweets posted on social

media, [3]. Literature [4], predict stock price

movements based on financial news articles. Most

of the other authors' studies focus on financial

predictive data research, and there are relatively few

studies related to financial information security.

Based on this, this paper utilizes the hierarchical

analysis method to construct a financial information

security assessment index model and verifies the

advantages of the model. At the same time, based on

WSEAS TRANSACTIONS on COMPUTER RESEARCH

DOI: 10.37394/232018.2024.12.29

Yingli Wang, Yinglong Zheng

E-ISSN: 2415-1521

300

Volume 12, 2024

the results of the above model, it proposes legal

regulation measures for financial information

security, to provide certain references for the

protection of financial information security.

2 Construction of Financial

Information Security

Assessment Index based on

Hierarchical Analysis Method

2.1 Design of Indicator System

As shown in Table 1, based on the specific

requirements of the Technical Guidelines, the

indicator system is designed as 3 levels, and the

evaluation of Internet financial information security

is divided into 2 aspects: compliance security and

dynamic security. The indicators are both

independent of each other and related to each other,

satisfying the components of the P2DR2 security

model.

2.2 Construction of Indicator System

The hierarchical analysis method and fuzzy

comprehensive evaluation method are used to

construct the Internet financial information security

evaluation index system.

2.2.1 Structure and Weights

The hierarchical analysis method (Analytic

Hierarchy Process, AHP) is used to determine the

structure and weight of the indicators, which

includes the following four steps.

1) Establish a hierarchical structure. There are 3

levels in the indicator system. Goal level (G): the

general goal of the assessment. Criteria layer (C):

the criteria affecting the realization of the safety

assessment. Indicator level (P): Specific indicators

to be realized by the assessment. The order of the

elements of each level and the affiliation between

the elements are shown in Table 1.

2)Construct a judgment matrix and assign values.

The expert constructs the judgment matrix of this

level by taking the dominant elements of a certain

level as the criterion, distinguishes the degree of

importance of the elements of this level in

comparison with each other, and assigns values

concerning Table 2.

Table 1. Hierarchical structure of the indicator

system

Goal level

Guideline level

Indicator level

Internet financial

information security

assessment

Compliance

Security

Safety Strategy

Security

Management

System

Level Protection

Personal

Information

Protection

Dynamic

security

Vulnerability

Scanning

Threat Alert

Online Monitoring

Vulnerability

Patching

Emergency

Response

Disaster Recovery

Mobile APP

Security Hardening

Table 2. Meaning of importance scales

Scale

Materiality

and

are equally important

is slightly more important than

is significantly more important than

is more important than

extremely important than

2, 4, 6, 8

Intermediate value

Calculate the weights of the index items in a

top-down order. Firstly, experts are invited to judge

the importance of the elements in the layer

relative to the layer

. According to the

quantitative assignment in Table 2, a judgment

matrix of

-layer elements relative to

-layer is

constructed (Eq. (1)).













12

2/11

(1)

Calculate

max 



, the corresponding

maximum eigenvector is Eq. (2).

 

V8944.0,4472.0

(2)

WSEAS TRANSACTIONS on COMPUTER RESEARCH

DOI: 10.37394/232018.2024.12.29

Yingli Wang, Yinglong Zheng

E-ISSN: 2415-1521

301

Volume 12, 2024

Calculated from Eq. (3):

 

6667.0,333.0

CG





k

(3)

CR = 0 from Eqs. (4) and (5).

 

max



n



(4)

CR 

(5)

Next, experts are invited to judge the

importance of the

-layer elements

41

relative to

the

-layer element

. According to the

quantitative assignment in Table 2, a judgment

matrix of

-layer elements

41

relative to

-layer

element

is constructed (Eq. (6)).















112/13/1

2212/1

3321

(6)

Calculate

0104.4

max 



, the corresponding

maximum eigenvector is Eq. (7):

 

V2505.0,2505.0,4674.0,8099.0

(7)

From Eq. (3), the weight vector of

layer

element

41

with respect to

layer element



 

1409.01409.02628.04554.0

，，，



. From

Eq. (4) and Eq. (5),

1.00039.09.0/0035.0 CR

, and it can be

assumed that the constructed judgment matrix Eq.

(6) has good consistency [5].

Similarly, experts are invited to judge the

importance of the P-layer elements

115

relative to

the

-layer element

and construct the judgment

matrix as Eq. (8).















15/15/13/12/12/12/1

5113342

5113343

3/1

4/1

2/1

3/1

4/1

3/1

1331

3/1123/1

3/12/113/1

1331

(8)

Calculate

2373.7

max 



, corresponding to the

maximum eigenvector:

 

V1039.0,5928.0,6350.0,3074.0,1719.0,3067.0

The weight vector

 

0462.0,2639.0,2827.0,1369.0,0765.0,0572.0,1365.0

52 

pc

is calculated from Eq. (3). Calculated by Eq. (4)

and (5)

1.00039.032.1/0456.0 CR

, it can be

considered that the judgment matrix A has a good

consistency. Next, it is necessary to determine the

hierarchical total ordering of all indicator items

relative to the overall goal of the assessment. In

other words, it is necessary to calculate the total

hierarchical ranking of all elements of

relative to

the total objective of

. The weight vector of the

total hierarchical ranking is calculated by Eq. (9) as

follows:

















0308.0

,1759.0,01885.0,0913.0,0510.0,0381.0

,0910.0,0470.0,0470.0,0876.0,1518.0

111

niWWW c

i,...,2,1,

 



. (9)

Then, the results of the hierarchical total

ordering need to be tested for consistency. The

values of the consistency test parameters for

hierarchical total sorting are shown in Table 3.

Table 3. Consistency test parameters for total

ordering

Parameter name

Parameter value

Element weights

3333.0

1

6667.0

2

Consistency indicators

0035.0

1

0456.0

2

Consistency Ratio

0039.0

1

0345.0

2

Stochastic Consistency Indicator

9.0

1

32.1

2

According to Eq. (10), calculate

0316.0

 



PWCICI

. According to Eq.

(11), calculate

1800.1

 



PWRIRI

According to Eq. (12), calculate the total sorting

WSEAS TRANSACTIONS on COMPUTER RESEARCH

DOI: 10.37394/232018.2024.12.29

Yingli Wang, Yinglong Zheng

E-ISSN: 2415-1521

302

Volume 12, 2024

1.00268.0  P

, it can be considered

that the results of the total hierarchical sorting have

a better consistency, and the results of the total

sorting weights are reasonable.

 

PPP

jwCICICICI  ,...,,21

(10)

 

PPP

jwRIRIRIRI  ,...,,21

(11)

CR 

(12)

3 Analysis of Results

3.1 Qualitative and Quantitative Evaluation

Six professional evaluators are invited to conduct a

comprehensive evaluation of the overall level of

information security of a financial institution, and

the summarized evaluation results are shown in

Table 4.

Table 4. Summary statistics of evaluator evaluation

results

One

star

Two

stars

Three

stars

Four

stars

Five

stars

 

miii bbbRWB ,...,,21



(13)

According to Eq. (13), the total hierarchical

ranking weights

41

P

of the index layer elements

41

relative to the target layer

obtained through

hierarchical analysis and the single-factor fuzzy

relationship matrix

are synthesized to obtain

the single-factor evaluation result vector (Eq. (14)).

 

7393.02372.00235.000

3333.05000.01667.000

6667.03333.0000

8333.01667.0000

0470.0

0876.0

1518.0

141





























 

CPCC RWB i

(14)

Similarly, the total hierarchical ranking weights

115

PG

of the indicator layer elements

115

relative

to the target layer

obtained by hierarchical

analysis are synthesized with the single-factor fuzzy

relationship matrix

to obtain

as follows

Eq. (15), [6].

 

6508.03169.00323.000

6667.03333.0000

5000.05000.0000

8333.01667.0000

6667.03333.0000

3333.05000.01667.000

5000.03333.01667.000

0308.0

1759.0

1885.0

0913.0

0510.0

0381.0

0910.0

21152





























 

CPGC RWB

(15)

From

21 CC BandB

, we get the fuzzy

relationship matrix of

layer with respect to

layer (Eq. (16)).



























6508.03169.00323.000

7393.02372.00235.000

(16)

According to the hierarchical structure of the

indicator system, the fuzzy comprehensive

evaluation result vector of layer

relative to layer

is finally obtained as Eq. (17).

 

6803.02903.00294.000

6508.03169.00323.000

7393.02372.00235.000

6667.0

3333.0





























 CCGC RWB

(17)

Finally, calculates the comprehensive evaluation

value of Internet financial information security as

Eq. (18):

0180.93

100

6803.0

2903.0

0294.0





























 VBS C

(18)

WSEAS TRANSACTIONS on COMPUTER RESEARCH

DOI: 10.37394/232018.2024.12.29

Yingli Wang, Yinglong Zheng

E-ISSN: 2415-1521

303

Volume 12, 2024

3.2 Related Discussion

It can be found that the





,100,81 VSS 



corresponding rating is "five stars", which reflects

that the overall information security level of an

Internet financial institution is high, [7]. The index

system proposed in this paper enables evaluators to

analyze the specific problems of security more

precisely. For example, by analyzing the fuzzy

comprehensive evaluation result vector

of the

layer relative to the

layer, it can be found that

the proportion of "three-star" and "four-star" is

0.0294 and 0.2903 respectively. According to the

theory of degree of affiliation 31.97% of the

assessment indicators can be improved.

4 Suggestions for Improving the Legal

Protection of Internet Financial

Information Security in China

4.1 Improve the Legal System of Internet

Financial Information Security

Protection

China's Internet finance is in a period of rapid

development, Internet financial regulation involves

a very wide range of levels, the main body of

supervision is also more, including the People's

Bank of China, the CBIRC, but also includes the

Ministry of Industry and Information Technology,

the Ministry of Public Security and other ministries

and commissions. The original model of separate

regulation can no longer be well adapted to the

current development of Internet finance, and needs

urgent adjustment.

Firstly, the scope of application of the law

should be revised to cover the aspects of

construction, operation, maintenance, and safe

behavior of network operation, as well as the

supervision and management of network security,

[8]. In addition, the first and second chapters of the

original text of the law are some appealing

provisions, which need to be changed and deleted if

they are incorrect or unnecessary, and the provisions

of Articles 18 and 19 need to be regularly updated,

which is the responsibility of the national net

information department or relevant departments,

based on the catalog of national and industry

standards, to regulate key equipment and network

security products.

Emphasize the protection of personal

information, and regulate the sharing of personal

information by improving the terms and conditions.

If a network operator wants to share personal

information with a third party, he or she must have

the permission of the individual and abide by a

confidentiality agreement, and if personal

information is leaked and sold by a third party, the

third-party responsible for the leakage will be held

liable accordingly, [9].

4.2 Building a Coordinated Regulatory

System

Firstly, we should mobilize the positive role of

social regulatory resources, and based on existing

regulatory resources, adopt various ways to create a

reasonable and perfect Internet financial governance

platform. Driven by Internet technology, there are

more modes of Internet financial industry, and the

convenience of Internet financial transactions makes

Internet financial transactions present cross-

regional, cross-time, and space characteristics, so

the Internet financial governance system is a more

complex systematic project, which requires social

regulatory resources to collaborate in governance.

Secondly, the responsibilities and tasks of each

regulatory department should be clarified. Because

the current Internet financial business model is

diverse, so in the process of improving the system, it

is necessary to clarify the responsibilities of various

departments and regulators to avoid regulatory gaps

or over-regulation of the problem. We can first

identify the advantages of each regulatory body, and

then give the corresponding rights according to

these characteristics. For example, the government

can regulate the whole industry and field, so it can

plan and develop the policies and principles of the

industry as a whole. Industry associations are

mainly responsible for infrastructure work in the

field such as industry access, exit criteria, and credit

evaluation, so they can be given the right to build

the infrastructure; thirdly, we have to realize that the

current focus is to solve the information security

problems encountered in the field of Internet

finance, and to formulate corresponding security

mechanisms according to these problems, [10].

However, there are many subjects involved in

Internet finance, and the risks are transmissible and

difficult to control, so the primary goal is to reduce

the risks of Internet finance development and

improve the risk prevention mechanism of Internet

finance.

In the Internet regulatory system, the

government occupies a central position, so it must

accelerate the construction of laws and regulations

in the financial field, constantly improve China's

financial legal system, change the previous no-

threshold entry rules of the Internet financial

WSEAS TRANSACTIONS on COMPUTER RESEARCH

DOI: 10.37394/232018.2024.12.29

Yingli Wang, Yinglong Zheng

E-ISSN: 2415-1521

304

Volume 12, 2024

industry, and truly implement the policy that there is

a law to be complied with in the Internet financial

industry. In the coordinated supervision system, the

role played by social supervision cannot be ignored,

such as the establishment of the Internet financial

social credibility evaluation system, exposing the

true face of Internet financial enterprises with

extremely low credibility, and supervising the

healthy operation of the industry through social

public opinion. The association's service quality

should also be upgraded, opening two-way service

channels, and forming a service system based on

market demand, emergency response mechanism,

and sharing mechanism as a whole, [11]. In

addition, the industry's self-regulation policy is also

indispensable, as it can control whether and to what

extent personal data are disclosed, and protect

people's privacy. Enterprise platforms should

consciously abide by laws and regulations and

establish information security prevention and early

warning mechanisms to maximize the protection of

information security of Internet financial users when

risks arise. Strengthen the supervision between

Internet financial enterprise platforms to avoid

vicious competition among peers.

4.3 Improve Internet Financial Information

Security Dispute Resolution Mechanism

First of all, improve the means of infringement

relief. Due to the asymmetry of information, the

information security of Internet financial users is

often infringed upon, so the public interest litigation

system can be established to give Internet financial

consumers the qualification for litigation, [12].

Moreover, in the process of formulating the

litigation system, the binding force of individual

cases should not be ignored. The judiciary or social

organizations in charge of this area are responsible

for protecting the rights and obligations of citizens.

For citizens to have a place to go to and exercise

their rights, it is necessary to have a corresponding

early warning system and a platform for handling

complaints, set up specialized departments, establish

personnel and improve the industry's self-regulatory

norms, which requires the role and function of

Internet financial institutions to be brought into full

play. Secondly, the current legal liability for

invasion of privacy cannot meet the demand and

needs to be further strengthened. In the Internet

financial industry, once there is an infringement of

customers' privacy information, it is necessary to

assume corresponding legal responsibility. For more

serious cases, severe penalties should be imposed

and the cost of violating the law should be increased

to protect users' right to privacy relief. In addition,

to protect users' privacy, a fair and efficient online

dispute resolution platform with a relatively low

cost can be established to provide users with various

privacy protection services.

Second, establish a specialized arbitration

system. First, set up a specialized Internet financial

arbitration tribunal. At present, many Internet

financial disputes in China have special

characteristics and need to be resolved by

specialized Internet financial arbitration tribunals.

Nowadays, some regions have also set up financial

arbitration courts or financial arbitration tribunals,

but the number is far from enough and needs to be

strengthened. Secondly, a separate roster of Internet

financial arbitrators should be set up, and a team of

professional arbitrators should be established, which

can be composed of people from Internet financial

companies, lawyers, members of industry

associations, etc., as long as they have professional

knowledge and are highly specialized, they can join

the team, but they must undergo regular training and

examination of arbitrators, and can only take up the

post after passing the examination, [13]. Third,

differentiated management of cases. Financial or

commercial disputes and Internet financial disputes

are different concepts, so the arbitral tribunal must

make a clear distinction when handling these

disputes, and make rulings that are truly in line with

the special characteristics of these disputes.

Fourthly, the flexibility of Internet financial

arbitration should be fully mobilized, and the

arbitrators' decisions should refer to the value of

dispute resolution and ensure fairness and

reasonableness, as well as innovate the content of

consumer protection and financial protection. As an

emerging industry, the relevant policies and

regulations of the Internet financial industry cannot

be made loophole-free immediately, so the

arbitrators need to take into account the loose and

flexible characteristics of arbitration, combine the

new laws and professional characteristics of the

financial industry, and make a decision that is more

in line with the actual needs.

5 Conclusion

Accompanied by the continuous development of

modern information technology, financial

information system risk assessment and security

assessment can also be based on quantitative

analysis models to obtain more accurate assessment

results, which can provide mathematical model

support for revenue maximization decision-making

WSEAS TRANSACTIONS on COMPUTER RESEARCH

DOI: 10.37394/232018.2024.12.29

Yingli Wang, Yinglong Zheng

E-ISSN: 2415-1521

305

Volume 12, 2024

and cost minimization decision-making, and assist

in realizing the assessment of financial information

security and decision-making support. Based on

this, the construction of financial information

security assessment indexes based on hierarchical

analysis proposed in this paper assesses the overall

information security level of an Internet financial

institution, and the results show that its information

security level is high. At the same time, based on the

above analysis, this paper puts forward suggestions

to improve the legal protection of China's Internet

financial information security from three aspects, to

be able to provide certain references for China's

financial information security protection. However,

the scope of the research data in the article is

relatively narrow, which may be mixed with human

subjective factors affecting the results of the

analysis, the next step will be to improve the

assessment model to minimize the impact of human

subjectivity in the assessment process on the final

assessment results.

References:

[1] Lin Z, Ji L. Analysis of China's financial

industry data exit security rules. China

Financial Computer, Vol.15, No.05, 2023, pp.

58-61.

[2] Kanungsukkasem N, Leelanupab T. Financial

Latent Dirichlet Allocation (FinLDA): Feature

Extraction in Text and Data Mining for

Financial Time Series Prediction. IEEE

Access, Vol.10, No.07, pp.71645-71664.

[3] Shi L, Teng Z, Wang L. DeepClue: Visual

Interpretation of Text-Based Deep Stock

Prediction. IEEE Transactions on

Knowledge&Data Engineering, Vol.23,

No.02, 2019, pp. 1-1.

[4] Shynkevich Y, McGinnity T M, Coleman S.

Predicting stock price movements based on

different categories of news articles. IEEE

Symposium Series on Computational

Intelligence. Vol.32, No.05, 2015, pp.703-710.

[5] Lin J, Tian C. Study on the regulation of

cross-border flow of personal financial data.

Journal of Shanghai University (Social

Science Edition),Vol.38, No.06, 2021, pp. 95-

107.

[6] Tian X. Special regulation of cross-border

flow of financial data. Hainan Finance,

Vol.10, No.04, 2021, pp.51-58+87.

[7] Ma L. The core issues of regulation of cross-

border financial data flows and China's

response. International Law Research, Vol.12,

No.03, 2020, pp.82-101.

[8] Liang M, Xu Y, Li H. Research on internet

financial information security assessment

index system. Computer Engineering, Vol.43,

No.07, 2017, pp. 170-174+181.

[9] Hong Y. Constructing a security assessment

framework for cross-border flow of data in the

balance of development and security.

Information Security and Communication

Secrecy, Vol.22, No.02, 2017, pp.36-62.

[10] Wang G. Research on information security

risk assessment of non-banking financial

institutions based on risk analysis matrix.

Financial Technology Era, Vol.23, No.04,

2016, pp. 41-43.

[11] Guo H, Kang H, Zhu W. Analysis of financial

information security risk assessment under

cloud computing model. Modern Industrial

Economy and Informatization, Vol.05, No.19,

2015, pp. 75-77.

[12] Yuan Q. Research on information security risk

assessment model of non-financial payment

institutions. Regional Financial Research,

Vol.21, No.09, 2014, pp. 56-59.

[13] Liu Z, Cao Y. Financial information security

mechanism in the united states and its

implications. Credit Information, Vol.30,

No.05, 2012, pp. 79-81.

Contribution of Individual Authors to the

Creation of a Scientific Article (Ghostwriting

Policy)

- Yingli Wang conducted the writing, survey and

data analysis.

- Yinglong Zheng provided methodological

guidance for the study.

Sources of Funding for Research Presented in a

Scientific Article or Scientific Article Itself

No funding was received for conducting this study.

Conflict of Interest

The authors have no conflicts of interest to declare.

Creative Commons Attribution License 4.0

(Attribution 4.0 International, CC BY 4.0)

This article is published under the terms of the

Creative Commons Attribution License 4.0

https://creativecommons.org/licenses/by/4.0/deed.en

_US

WSEAS TRANSACTIONS on COMPUTER RESEARCH

DOI: 10.37394/232018.2024.12.29

Yingli Wang, Yinglong Zheng

E-ISSN: 2415-1521

306

Volume 12, 2024