Abstract: At present, the trend of comprehensive financial management in China is constantly strengthened. The Internet, big data, and cloud computing are widely used in the financial industry. The convergence and development of the financial industry and the Internet is rapid. But at the same time, we have to face the problem of customer information security under the trend of “Internet +”. For information systems, data security is the core issue of information security. The current hacker attacks are focused on stealing the core corporate data and customer data. The security defense systems of enterprises also focuses on data security. Therefore, the data security management is a top priority for enterprises in the field of Internet finance. In order to improve the level of enterprise data security management and reduce the risk of data leakage caused by improper use of business data, we study the method of data security risk management based on the data life cycle.

Key words: Internet plus, information security, data security, risk management, Internal control system

摘要： 当前，我国金融综合经营趋势不断加强，互联网、大数据、云计算技术对金融行业全面渗透，金融行业与互联网快速融合发展，但是同时也要面对“互联网+”趋势下的客户信息安全的问题.对于信息系统来说，数据安全是信息安全的核心问题，当前黑客攻击的趋势也都聚焦于获取企业的核心数据和客户数据，企业安全防御体系也都围绕数据安全来进行，因此互联网金融领域内的数据安全管理是企业信息安全管理的重中之重.为了提高企业数据安全管理水平，降低因生产业务数据不当使用所造成的数据泄露风险，基于数据的生命周期来研究数据安全风险的管理方法.

关键词: 互联网, 信息安全, 数据安全, 风险管理, 内控体系