智能化风险防控范文

智能化风险防控篇1

关键词：金融科技；风险管理；新常态；新思维

Keywords: financial science and technology; risk management; new normality; new thinking

当今世界正经历百年未有之大变局，金融业也正经历着科技与产业高度融合、深度叠加的新变革。在危机中育先机，于变局中开新局，商业银行风险管理必须适应金融科技新常态，育先机，开新局。

The world is going through a century-long transformation, and the financial sector is going through new changes that are highly integrated with the industry. In the midst of the crisis, there is a new set of priorities, and risk management in commercial banks must adapt to the new paradigm of financial science and technology.

一、金融科技的本质和新常态

I. THE NATURE OF FINANCIAL TECHNOLOGY AND NEW ORGANS

金融科技，是技术驱动的金融创新，旨在运用现代科技成果改造或创新金融产品、经营模式、业务流程等，推动金融发展提质增效。究其本质，金融科技是金融机构将数据作为新的、战略性的生产资料，推动实现金融生产力的一次全面升级。其中，5G技术，着重解决数据获取和传输问题，传输速度的提升使得万物互联成为可能，数据的获取和传输将不再是瓶颈；大数据技术，着重解决数据的全量管理问题，成熟的底层技术框架使得数据采集、存储、集成、计算、分析等不再是瓶颈；云计算，着重解决数据的运算能力问题，云计算的基础设施和操作系统使得实施数据传输和运算的网络、系统、硬件、软件等不再是瓶颈；人工智能，着重解决数据的分析和应用问题，机器学习、生物识别、自然语言处理、语音技术、知识图谱等极大提升了基于数据的分析、操作、管理和决策能力；区块链，着重解决数据的信任问题，分布式账本技术实现了数据存储、传输和访问的一致性、真实性、准确性。现实生活中，金融科技带来的改变比比皆是：智慧网点带来更好的用户体验。当客户步入一个基于5G和人工智能服务构建的智慧网点，基于生物识别技术的客户识别系统第一时间识别客户身份，客户可以在智能交互屏完成各类常用业务，如需客服支持，远程坐席通过视频接入，实现“一对一”服务。“技术应用+服务功能+场景链接+生态融合”四位一体的智慧服务体系，突破了银行服务在交易介质、时间、空间等方面的限制，为客户带来更加安全、便捷、智慧的金融服务体验。智能投顾提供专属客户服务。理财投资需要专业的知识背景，客户通过网点的客户经理获取专业的财富咨询，受客户经理人数和经验的限制，很多客户无法享受到专业的理财服务。智能投顾通过大数据和人工智能技术，根据客户个人特质和资产情况，评估客户风险承受能力，无需客户经理，就能为客户定制投资组合产品，客户无需具备丰富的专业知识，就可以根据自身的风险偏好，设定预期收益率，实现一键投资。通过大数据分析和智能模型，为客户提供在线组合配置建议及组合管理的理财顾问服务。金融科技始于金融、融于金融。各类金融创新将突破时空限制，潜移默化或急速改变客户的金融消费行为习惯，也改变了商业银行的经营管理方式。对银行而言，对物理网点和网点从业人员的需求会降低，对长尾客户的服务效能会提升。对客户来说，缩短了业务办理的等待时间，能获得更专属的金融服务，提升了业务办理效率和体验，更多的业务无需到网点就能办理。这些新服务、新产品，将银行打造成“空中银行”，将客户变成“空客”，客户的新习惯与银行经营管理新模式相互促进，成为金融科技新常态。由此产生新的风险管理数据、模式和需求，要求风险管理工作与时俱进，不断创新。

Financial technologies, which are technology-driven financial innovations, are designed to adapt or innovate financial products, business models, business processes, etc., using modern technology outcomes, to promote financial development efficiency. Financial technologies are the essence of these technologies, which are financial institutions that use data as new and strategic production information to contribute to a full upgrading of financial productivity. Of these, 5G technologies, which focus on addressing data acquisition and transmission, the speed of transmission, make it possible; data acquisition and transmission, which is no longer a bottleneck; large data technologies, which focus on the full management of data, and mature bottom technological frameworks, which make data collection, storage, integration, computing, analysis, etc., no longer a bottler; cloud computing, which focuses on the ability to calculate data, and operating systems that enable the implementation of data, systems, hardware, software, etc. Financial intelligence, which focuses on the analysis and application of data, bio-intelligence services, which are based on the knowledge of the customer and technology acquisition networks, which can be used to enhance data-based analysis, operation, management and decision-making capabilities; and technology infrastructure, which can be used as a remote network of the customer's.

二、建立三大思维应对金融科技新常态

II. Building a three-pronged approach to new patterns in financial science and technology

金融科技，未来已来。新常态需要新思维，商业银行应加快适应金融科技带来的转变，以全量思维思考问题，以智能思维推进工作，以底线思维防范风险。

Financial science and technology, the future has come. New normals require new thinking, and commercial banks should accelerate their adaptation to the changes brought about by financial science and technology, with full thinking, with intelligent thinking, and with bottom-line thinking to protect against risks.

（一）建立全量思维，适应以大数据为驱动的风险管理新趋势

(i) Development of holistic thinking to adapt to new trends in risk management driven by big data

全量思维下的风险管理以大数据为驱动，解决了传统风险管理中数据来源单一、数据维度有限的困境，用全量、有效、合规的数据做好风险管理。一是加强数据获取。金融科技视角下的风险管理建立在多维、海量、动态的数据基础之上，需要整合自有数据、收集公开数据、与第三方服务商合作以及新渠道开发等方式，构建包含市场数据、业务数据、行为数据等维度全量数据，实现数据持续更新，为风险管理提供数据基础。二是提升数据质量。多渠道、多维度、海量的数据会带来数据质量的挑战。一方面，不同数据来源会导致数据标准不统一，需要在金融大数据平台汇总成统一数据格式；另一方面，各个数据来源的数据有效性不同，可能存在数据缺失、失真等问题，需要对数据有效性进行校验。三是保障数据合规。全量数据思维下，数据来源更广，除了公开的市场数据外，还需要利用业务数据、行为数据，甚至是客户在行业内其他机构的数据和跨行业的数据，需要有效使用合规数据，避免掉入合规陷阱。

Risk management in full-thinking, driven by large data, addresses the dilemma of the traditional risk management of a single source of data with limited data dimensions, using full, effective and compliant data for risk management. On the one hand, risk management in the financial science and technology perspective, based on multiple dimensions, volume, dynamic data, needs to integrate own data, collect open data, work with third-party service providers, and develop new channels to construct full-scale data containing market data, business data, behavioural data, etc., and to keep data up-to-date and provide a data base for risk management. On the other hand, data from multiple channels, multiple dimensions, and volumes can pose challenges to data quality. On the other hand, different data sources can lead to inconsistent data standards that need to be aggregated into uniform data formats at large financial data platforms; on the other hand, data from different data sources, there may be problems of data gaps, distortions and new channels, and there is a need to verify data validity.

（二）建立智能思维，掌握以人工智能为手段的风险管理技术

(ii) Building intelligent thinking and mastering an artificial intelligence-based risk management technique

新形势下的风险管理需要建立智能思维，利用人工智能技术在大数据平台的应用，改进信息获取时效，前移风险防控手段，实现数据实时获取、模型自主学习、参数动态调整，创新风险控制、监测和预警。一是前瞻性的风险控制。传统的数据获取方式使得风险的防控更多集中在事中和事后，对于事前控制手段较少。大数据和人工智能可以利用多维度的数据更早发现潜在的风险因素，将风险管理的控制点向事前移动。二是高时效的风险监测。传统模式下，由于数据获取滞后和需要人为调整模型参数，信息不对称导致风险发现会有延时。大数据技术可以实时获取并处理海量数据，利用人工智能技术不间断运行并动态调整风险模型，实现高效的风险识别。三是新形势的风险预警。前置的风险控制和高效的风险监测方式，使风险信息的发现和获取变得更加灵活、高效，需要建立与之相适应的风险预警和处置机制。

Risk management in new situations requires the development of intelligent thinking, the use of artificial intelligence technology in the application of large data platforms, the improvement of the timeliness of access to information, pre-modern risk control tools, real-time data acquisition, model self-learning, parameter dynamic adjustment, innovative risk control, monitoring and early warning. First, forward-looking risk control. Traditional data acquisition allows risk containment to be more concentrated in events and ex post, with fewer ex ante controls. Large data and artificial intelligence can use multi-dimensional data to identify potential risk factors earlier and move risk management control points forward. Second, high-prescriptive risk monitoring. Under traditional models, as data acquisition lags and asymmetrics require artificial adaptation of model parameters, there is a delay in the detection of risks.

（三）建立底线思维，防范金融科技创新带来的风险挑战

(iii) Building bottom-line thinking to protect against the risk challenges posed by financial science, technology and innovation

金融科技为风险管理提供了新思路、新方法，在降低成本、提高效率的同时也会带来相应的风险挑战。需要建立底线思维，应对金融科技创新带来的合规风险和操作风险。一是合规风险。无论是依托大数据平台的数据获取和使用，依托人工智能的实时运算模型和高频的量化交易方式，还是基于区块链技术的数字货币发展，新技术的应用都需要符合法律和监管的要求，防范合规风险。二是操作风险。一方面，大数据管理和使用不当，会造成海量数据泄漏，需要防范数据使用中的信息安全风险；另一方面，人工智能模型运行中出现的模型准确度下降甚至误报情况，需要通过持续的模型监测、评估和优化防范模型风险。

Financial science and technology provide new ideas and new approaches to risk management, which pose corresponding risk challenges in terms of cost reduction and efficiency gains. Bottom-line thinking is needed to address compliance and operational risks associated with financial science and technology innovation. First, compliance risks. Whether data acquisition and use are based on large data platforms, real-time computing models based on artificial intelligence and high-frequency quantitative transactions, or digital currency development based on block-chain technologies, the application of new technologies needs to meet legal and regulatory requirements to protect against compliance risks. Second, operational risks. On the one hand, large-scale data management and inappropriate use can lead to the leakage of big data and the need to guard against information security risks in the use of data.

三、金融科技新常态给风险管理带来新机遇

III. New opportunities for risk management arising from new patterns in financial science and technology

新常态下，以5G、大数据、云计算、人工智能、区块链为代表的前沿技术为金融业务领域带来丰富应用创新的同时，也给商业银行的风险管理带来了诸多机遇。传统的金融行业风险管理依赖专家经验判断，信息获取渠道单一，对于客户的集群风险、行业风险和市场竞争能力较难识别。金融科技带来风险管理的方法创新，使得风险管理能够更加智能、更加高效、更加便捷地完成风险识别、计量、预警和控制工作。

Under the new normal approach, cutting-edge technologies, represented by 5G, big data, cloud computing, artificial intelligence, and block chains, provide rich applications of innovation in the financial business sector, as well as opportunities for commercial banks to manage risks. Traditional financial sector risk management relies on expert judgement, with single access to information, and is more difficult to identify for customers’ cluster risks, industry risks, and market competitiveness.

（一）构建智能反欺诈监控平台

(i) Creation of an intelligent anti-fraud monitoring platform

互联网和移动通讯的发展与普及给金融业态带来了深刻变革。传统欺诈防控方法以专家经验规则为主，技术手段相对落后，人工依赖程度较高，效率低下。在银行业务线上化、网络黑产技术化的形势下，银行传统的反欺诈方式已经难以奏效。以大数据为基础，运用人工智能、云计算等金融科技手段构建的全流程、多维度欺诈风险防控体系，能够实时识别、监测、阻断欺诈风险。工行智能反欺诈基于工银智慧大脑训练智能AI反欺诈模型，嵌入每笔用户动账交易，实现交易过程中毫秒级智能反欺诈识别和处理，直接避免客户欺诈损失。当客户在进行大额交易或向可疑账户汇款时，需要进行二次确认；在客户进行信用卡申请时，无需再通过打电话的方式进行核实，可以通过大数据的方法进行信息核对，风险控制更加高效、准确。

The development and spread of the Internet and mobile communications have led to profound changes in the financial landscape. Traditional fraud prevention methods are based on expert rules of experience, technological backwardness, and greater artificial dependence and inefficiency. In the context of the up-scaling of banking lines and the technologicalization of Internet blackout, banks’ traditional anti-fraud methods have been difficult to achieve. On the basis of large data, full-flow, multi-dimensional fraud risk control systems built with financial technology such as artificial intelligence, cloud computing, and so on, can identify, monitor, and block fraud risks in real time.

（二）创新交叉线风险智能监控

(ii) Innovative cross-line risk intelligence monitoring

近年来，杠杆高、嵌套深、产品复杂、资金空转的市场和业务乱象不断，市场动荡极易带来交叉性金融风险传播。传统情况下，因为业务数据分散，每一次市场震动，都需要很多团队和人员分工协作，各自独立分析数据，再统一汇总分析，很长时间才能全面摸透客户存量业务和风险传染路径。金融科技整合全量大数据，一键看清客户业务关系和资金流向，使得交叉性金融风险防范更加高效。工行集团投融资风险监控平台，应用于债券投资、风险排查、风险预警、专题分析，能够支持单客户和组合客户一键式风险排查，15 分钟内分析客户相关的债券、股票、贷款、租赁、票据、交易、存款、结算、资产、评级、财报、舆情等7 大类、25 小类信息，每日4 次获取客户股票债券价格异常波动、经营管理层变化、企业重大盈亏、经营管理重大变化等负面舆情，准实时地识别全市场的高风险客户和高风险债券，支持总分行加强交叉风险管理。对于风险管理而言，金融科技可以说是一把双刃剑。金融科技可以使金融业务有效提速和扩容，但也显著加大了操作风险、信用风险以及道德风险，加大了风险控制的难度和维度。工商银行愿意迎接各类挑战，坚持“主动防、智能控、全面管”风险管理路径，强化专业化经营和精细化管理，顺应时展趋势，加快金融科技的应用，持续推动风险管理新模式的构建与优化，积极支持金融业务稳健发展。

In recent years, highly leveraged, embedded, complex and volatile markets and operations have become more efficient with cross-cutting financial risks. In traditional contexts, the fragmentation of business data and each market shock require a large number of teams and people to work together independently to analyse the data and consolidate the analysis into a comprehensive picture of customer stock operations and risk transmission routes. Financial science and technology integrates the full range of data, recognizing customer business relationships and financial flows, making cross-cutting financial risks more efficient. The industry group invests in a risk monitoring platform that uses negative risk profiles such as bond investments, risk profiling, risk early warning, thematic analysis, supporting single-client and portfolio customers, 15 minutes of analysis of customer-related bonds, equities, loans, leases, notes, deposits, settlements, assets, ratings, financial returns, 25 minor types of information, four times a day, accelerating the price volatility of customer bonds, changes in management, significant business losses, significant changes in management, and a combination of risk management.

参考文献

References

[1]中国人民银行.金融科技（FinTech）发展规划（2019-2021 年）[EB/OL]

[1] People's Bank of China, FinTech Development Plan (2019-2021) [EB/OL]

智能化风险防控篇2

建筑工程智能化风险涉及几个方面：决策风险、行为主体风险、软件风险、组织管理风险等。具体可以表现为：工期风险、费用风险、质量风险、生产能力风险、市场风险、信誉风险、法律责任风险几个类别。

Intelligent risk in construction works has several dimensions: decision-making risk, behavioural risk, software risk, organizational risk management, etc. This can be seen in the following categories: period risk, cost risk, quality risk, production capacity risk, market risk, reputational risk, and legal liability risk.

2.建筑工程智能化风险控制

2. Intelligent risk control for construction

虽然建筑工程智能化风险较多，但从项目组织、职责、流程与制度上建立一套风险管理机制不过，风险是可以管理，并得到控制的。风险控制是用系统的、动态的方法减少项目实行过程中的不确定性。

While there are more risks of intelligent construction, a risk management mechanism is in place for project organization, responsibilities, processes and systems, but risks can be managed and controlled. Risk control is a systematic and dynamic approach to reducing uncertainty in project implementation.

建筑工程智能化风险控制管理要做好三方面的工作：

Intelligent risk control management in construction works in three ways:

2.1事前预控：

2.1 Prior control:

在建筑工程智能化实施过程中，要不断地收集和分析各种信息和动态，捕捉风险的前奏信号，以便更好地准备和采取有效的对策，包括项目投保等措施，预防和避免可能发生的风险。事前预控直接关系到风险发生的机率和风险损失的大小。

Pre-control is directly related to the probability of the risk and the magnitude of the risk loss.

2.2事中控制：

2.2 Intrusive control:

无论预控措施做得有多么周密，建筑工程智能化的风险总是难以完全避免的。当风险发生时要进行有效控制，防范风险损失范围和程度进一步扩大。在风险状态下，依然必须保证工程的顺利实施，如迅速恢复生产，按原计划保证完成预定的目标，防止项目中断和成本超支，才能对已发生和还可能发生的风险进行良好的控制。

No matter how well planned the pre-controlled measures are, the risks of building engineering intelligence are not entirely avoided. When risks occur, effective control is required to protect against further risk loss in scope and magnitude. In a state of risk, it is still necessary to ensure the smooth implementation of the project, such as a rapid resumption of production, the completion of the intended objectives as planned, and the prevention of disruptions and cost overruns of the project, if the risks that have occurred and are likely to occur are to be properly controlled.

2.3事后控制

2.3 Ex post facto control

在风险发生后，要迅速及时地采取措施以控制风险的影响，尽量降低风险损失和弥补风险损失，并争取获得风险的赔偿，如向保险单位、风险责任者提出索赔，以尽可能地减少风险损失。

After the risk has occurred, measures should be taken in a prompt and timely manner to control the impact of the risk, minimize the risk loss and compensate the risk loss, and seek compensation for the risk, such as a claim against the insurance unit, the risk liability person, in order to minimize the risk of the loss.

3.风险控制的方法

3. Approach to risk control

建筑工程智能化项目风险控制方法一般包括以下几个环节：

The project's risk control approach to architectural smartness typically includes the following elements:

3.1风险识别：

3.1 Risk identification:

即预测和识别出项目目标实施过程中可能存在的风险事件，并予以分类。—般是根据项目的性质，从潜在的事件及其产生的后果，以及潜在的后果及其产生的原因来预测识别风险。

i.e. predicting and identifying potential risk events during the implementation of the project objectives and classifying them - such as the identification of risks according to the nature of the project, from potential events and their consequences, as well as their potential consequences and the reasons for them.

风险预测和识别的过程主要立足于数据收集、分听、整理和预测，要重视经验在预测中的特殊作用(即定性预测)。通过风险调查、信息分析、专家咨询及实验论证等手段，对项目风险进行多维分解，并充分征求各方意见，从而全面认识风险，形成风险清单列表。

Risk prediction and identification processes are based primarily on data collection, listening, collating and forecasting, with emphasis on the particular role of experience in forecasting (i.e. qualitative forecasting). Project risks are multi-dimensionally disaggregated through risk surveys, information analysis, expert advice and empirical validation, and are fully consulted in order to fully understand risks and form a list of risk lists.

3.2风险分析：

3.2 Risk analysis:

确定了智能建筑工程项目的风险列表之后，就要查清项目中存在的各种风险的性质，即进行风险分析，将风险的不确定性进行量化，评价其潜在的影响。它的内容包括确定风险事件发生的概率和对项目目标影响的严重程度，如经济损失量、工期迟延量等，评价所有风险的潜在影响，得到项目的风险决策变量值，作为项目决策的重要依据。

After a list of risks for a smart construction project has been established, the nature of the risks in the project is identified, i.e., risk analysis, quantification of the uncertainty of the risk and evaluation of its potential impact. It includes determining the probability of the risk event and the severity of the impact on the project's objectives, such as economic loss, delay in schedule, etc., evaluating the potential impact of all risks and obtaining the project's risk decision variable value as an important basis for project decision-making.

(1)风险损失量：即风险对项目造成的负面影响大小。风险损失量可用数值表示，即将损失重大小折算成对影响计划完成的时间表示；

(1) The amount of risk loss: the magnitude of the negative impact of the risk on the project.

(2)风险概率：它是风险发生可能性的百分比表示，是一种主观判断；

(2) Risk probability: it is expressed as a percentage of the likelihood of the risk occurring and is a subjective judgement;

(3)风险量：它是指项目风险危害程度，计算公式为：风险量=风险概率?鄢风险损失量。

(3) Risk mass: it refers to the risk level of the project, calculated as: the risk level = the probability of risk? the amount of risk loss.

如：某一风险概率是25％，一旦发生会导致项目计划延长4周，因而，风险量=25%?鄢4周=1周。

If the probability of a particular risk is 25 per cent, if it occurs, it will result in a four-week extension of the project plan, so that the risk = 25 per cent? ~ 4 weeks = 1 week.

3.3风险控制计划

3.3 Risk control plan

完成了建筑工程智能化风险分析后，实际上就已经确定了项目中存在的风险，以及它们发生的可能性和对项目的冲击，因而可以对风险排序。然后可以根据风险性质和项目对风险的承受能力制定相应的防范计划，即风险控制对策。制定风险控制对策主要考虑以下四个方面的因素：可规避性、可转移性、可缓解性、可接受性。基本对策有三种形式：风险限定、风险自留和风险转移，总的目标是减小风险的潜在损失。风险控制对策在某种程度上决定了采用智能化开发方案。对于应“规避”或“转移”的风险在计划时必须加以考虑。

Having completed an intelligent risk analysis for construction, the risks that exist in the project, as well as their likelihood and impact on the project, have actually been identified, so that they can be ranked. A corresponding precautionary plan, i.e., a risk control response, can be developed depending on the nature of the risk and the project’s absorptive capacity for the risk. Risk control responses are designed taking into account four main factors: evasibility, transferability, mitigation, acceptability. The basic response takes three forms: risk qualification, risk retention and risk transfer, with the overall objective of mitigating potential risk losses.

3.3.1风险限定对策

3.3.1 Risk-based countermeasures

风险限定是对使风险损失趋于严重的各种条件采取措施，进行控制而避免或减少发生风险的可能性及各种潜在的损失。风险限定对策有风险回避和损失控制两种形式。风险回避对策经常是一种规定，如禁止某项活动的规章制度，损失控制是通过减少损失发生的机会或通过降低所发生损失的严重性来处理项目风险。

Risk limits are the conditions under which risk losses are aggravated by taking measures to control the avoidance or reduction of the likelihood of risk occurrence and potential losses. Risk limits the response in the form of risk avoidance and loss control. Risk avoidance responses are often a requirement, for example, that loss control address project risks by reducing the opportunity for loss to occur or by reducing the severity of the loss incurred.

3.3.2风险自留对策

3.3.2 Risk-based responses

风险自留是一种重要的财务性管理技术，由自己承担风险所造成的损失。风险自留对策分计划性风险自留和非计划性风险自留两种。

Risk retention is an important financial management technique, with the risk being borne by yourself.

3.3.3风险转移对策

3.3.3 Risk transfer responses

(1)合同转移：是指用合同规定双方风险责任，从而将风险本身转移给对方以减少自身的损失。因此合同中应包含责任和风险两大要素；

(1) Contract transfer: a contract that sets out the liability of both parties for risk, thereby transferring the risk itself to the other party to reduce its own loss. The contract should therefore contain two elements of liability and risk;

(2)项目投保：是全面风险管理计划中的最重要的转移技术，目的在于把项目进行过程中发生的大部分风险作为保险对策，以减轻与项目实施有关方的损失负担和可能由此产生的纠纷。付出了保险费，在项目受到意外损失后能得到补偿。项目保险的目标是最优的工程保险费和最理想的保障。

(ii) Project insurance: the most important transfer technology in the overall risk management plan, which is designed to provide insurance against most of the risks that arise in the course of the project, in order to alleviate the burden of loss and the disputes that may arise between the parties involved in the implementation of the project.

3.险监控措施

3. Risk monitoring measures

由于建筑工程智能化风险存在的客观性和普遍性，在制定了全面风险管理计划后，风险并非不存在。在项目整个周期中，需要时刻监控风险的发展与变化情况。

Due to the objectivity and universality of the risks associated with intelligent construction, the risks are not non-existent after a comprehensive risk management plan has been developed.

风险监控主要是采取应对风险的纠正措施以及全面风险控制计划的更新。根据风险的变化情况及时调整全面风险管理计划，并对已发生的风险及其产生的遗留风险和新增风险及时识别、分析，并采取适当的应对措施。

Risk monitoring is primarily about taking corrective measures to respond to risks and updating the comprehensive risk control plan. The comprehensive risk management plan is adjusted in a timely manner in the light of changes in risk, and the risks that have occurred and the residual and additional risks that arise are promptly identified, analysed and appropriate responses are taken.

最有效的风险监控措施之一就是“前10个风险列表”，是按“风险值”大小将项目的前10个风险作为控制对象，密切监控项目的前10个风险。每次风险检查后，形成新的“前10个风险列表”。

One of the most effective risk monitoring measures is the “first 10 risk lists”, which is to target the top 10 risks of the project on a “risk value” scale and closely monitor the top 10 risks of the project.

智能化风险防控篇3

关键词：智能建筑 智能化工程 风险 项目风险 风险管理 全面风险管理 信息化

Keywords: smart architecture, smart engineering, risk, project risk, risk management, comprehensive risk management, informationization.

智能建筑的概念在20世纪70年代末起源于美国，目前，随着计算机网络、信息处理与通讯技术的迅速发展，正处于高速发展阶段。近10多年来，我国也兴起一股智能建筑热，智能建筑建设一浪高过一浪，在一些大中城市，如深圳、上海、北京、广州等地尤其发展迅猛，其发展之迅速和规模之宏大，在世界上是绝无仅有的。它并未因房地产市场的整顿而有所收敛，反而从社会变革和广度上更加加速地发展。

The concept of smart architecture, which originated in the United States in the late 1970s, is now at a rapid stage of development with the rapid development of computer networks, information processing and communication technologies. For almost a decade now, our country has also been experiencing a heat of intelligent architecture, which has been built on a wave of speed, especially in major cities such as Shenzhen, Shanghai, Beijing, Guangzhou, etc., and has developed rapidly and on a scale that is unique in the world. It has not subdued by the consolidation of the real estate market, but has developed more rapidly in terms of social change and breadth.

虽然这股热潮是国内外楼宇采用智能化管理趋势的必然反映，但是我们也应正视到，如此迅速的发展并不风平浪静，红火兴旺的背后隐藏着巨大的风险。

While this trend is an inevitable reflection of the trend towards intelligent management of buildings at home and abroad, we should also face up to the fact that such rapid developments are not peaceful and that the risks are hidden behind the growth of red fires.

当前，智能建筑工程项目风险高是个不争的事实，工程项目的规模越大、技术越新、越复杂，其风险程度就越高。尽管房地产开发商的老总们为了提高楼盘的亮点、品位和售价，拼命鼓吹其楼盘的智能化程度，并不惜重金投到智能建筑工程项目上，但最后的实际结果却差强人意，严酷的事实与老总们的愿望大相径庭。有调查表明，在我国包括智能建筑在内的所有与信息化有关的工程项目成功率不到30%，大约有70%以上的工程项目超出预定的开发周期，功能和性能达不到预期的效果，其中大型项目平均超出计划交付时间20%-50%，90%以上的软件项目开发费用超出预算，并且项目越大，超出项目计划的程度越高。吃一堑长一智，随着对智能建筑工程项目混乱局面的研究分析，深入总结经验教训，人们提出了智能建筑工程项目实施专业监理体制和项目管理的概念，其中包括了全面风险管理的概念。

At present, the risk of smart construction projects is indisputable, and the greater the scale, technology, and complexity of the projects, the higher the risk. Although the owners of real estate developers, in an effort to improve the brightness, taste, and price of the buildings, have so desperately advocated for the smartness of their buildings, not to mention the amount of money invested in the smart construction projects, the actual result has been less than desirable, and the harshest reality is quite different from the wishes of the older generals. Surveys have shown that less than 30% of all information-related projects in the country, including smart buildings, have been successful in less than 30% of all projects, about 70% of engineering projects have exceeded the intended development cycle, have less functionality and performance than expected, with large projects exceeding 20-50% of the planned delivery time, more than 90% of software development costs exceeding the budget, and the larger the project, the higher the project is planned.

1 智能建筑工程项目风险因素的分析

1 Analysis of risk factors for smart construction projects

不同类型的项目有不同的风险，相同类型的项目根据其所处的环境、项目客户与项目团队以及所采用的技术与工具的不同，其项目风险也是各不相同的。

Different types of projects have different risks, and the same types of projects have different project risks depending on their circumstances, the project clients and the project team, and the technologies and tools used.

总的来说，智能建筑工程项目风险的基本类型可分为以下几类：

Overall, the basic types of risks associated with smart construction projects can be grouped into the following categories:

1.1 决策风险

1.1 Decision-making risk

决策风险是智能建筑工程项目最大最可怕的风险，如果项目不可行、立项错误，造成根基不稳，就会全盘皆输，项目失败早成定局。项目决策风险包括高层战略风险，如指导方针、战略思想可能有错误而造成项目目标错误；环境调查和市场预测的风险；投标决策风险，如错误的项目选择，错误的投标决策、报价等。

The risk of decision-making is the greatest and most terrible risk for smart construction projects, and if the project is unfeasible and misdefined, it will be lost in its entirety and the project will fail sooner rather than later. The risk of project decision-making includes high-level strategic risks, such as guidelines, strategic ideas that may be wrong and result in project objectives; risks of environmental investigation and market forecasting; and risks of tender decision-making, such as erroneous project selection, erroneous bidding decisions, quotations, etc.

1.2 行为主体风险

1.2 Actual risk

智能建筑工程项目行为主体产生的风险也是常见的项目风险来源之一。如业主和投资者项目资金准备不足，项目仓促上马，支付能力差，改变投资方向，违约不能完成合同责任等产生的风险；承包商(分包商、供应商)技术及管理能力不足，不能保证安全质量，无法按时交工等产生的风险；项目管理者和监理工程师的能力、职业道德、公正性差等产生的风险等。

Risks arising from actors in smart construction projects are also one of the common sources of project risk. For example, risks arising from inadequate preparation of project funds by owners and investors, hasty project implementation, poor capacity to pay, changes in investment direction, failure to fulfil contractual responsibilities, etc.; risks arising from inadequate technical and managerial capacity of contractors (subcontractors, suppliers), failure to ensure quality of safety, inability to deliver work on time, etc.; risks arising from the capacity of project managers and supervisors, ethics, poor impartiality, etc.

1.3 软件危机风险

1.3 Software crisis risk

软件是保持和增强智能建筑工程项目竞争力的基础，其好坏是决定项目成败的关键性技术因素。软件危机是指在计算机软件的开发和维护过程中所遇到的一系列严重问题，其主要表现如下：

Software is the basis for maintaining and enhancing the competitiveness of smart construction projects, and its success or failure is a key technological factor. The software crisis refers to a series of serious problems encountered in the development and maintenance of computer software, the main manifestations of which are as follows:

1.3.1 用户需求不明确、变更过多

1.3.1 Undefined user needs and excessive variations

在智能建筑工程建设过程中，软件开发出来之前，不少用户也不很清楚应用软件的具体需求。用户常常在项目开始时只有一些初步的功能要求，没有明确的想法，也提不出确切的需求。随着系统实施的进展，系统开始展现功能的雏形，用户对系统的了解也逐步深人，用户的思路不断地被激发，不断涌现出新的功能的想法，就要求对以前提出的需求进行改动，应用软件的程序、界面以及相关文档需要经常修改。用户变更，软件修改，而且在修改过程中又可能产生新的问题，这些问题很可能经过相当长的时间后才会被发现，最后导致软件开发失败。

Many users do not understand the specific needs of applications before they are developed in the construction of intelligent architecture. Users often start the project with only some initial functional requirements, no clear ideas, and no precise needs. As the system moves forward, the system begins to present its prototypes, the user's understanding of the system evolves, the user's thinking continues to develop new features, and the idea of requiring changes to previous requirements requires frequent modifications in the application's programs, interfaces and related files. User changes, software modifications, and new problems may arise during the process of modification, which are likely to be discovered after a considerable period of time and eventually lead to software development failures.

1.3.2 软件成本日益增长

1.3.2 Growing software costs

20世纪50年代，软件成本在整个计算机系统成本中所占的比例为10%-20%。但随着软件产业的发展，软件成本日益增长。相反，计算机硬件随着技术的进步、生产规模的扩大，其价格却不断下降。这样一来，软件成本所占的比例越来越大。到20世纪60年代中期，软件成本所占的比例增长到50%，90年代达到85%左右。

In the 1950s, the share of software costs in the overall computer system was 10-20%. But with the development of the software industry, the cost of software has grown. Conversely, computer hardware has declined as technology advances and the scale of production expands.

1.3.3 开发进度难以控制

1.3.3 Development progress is difficult to control

由于软件是逻辑、智力产品，软件的开发需建立庞大的逻辑体系，这是与其他产品的生产不一样的。例如：工厂里要生产某种硬件设备，在时间紧的情况下可以要工人加班或者实行“三班倒”，而这些方法都不能用在软件开发上。因为软件系统的结构很复杂，各部分附加联系极大，盲目增加软件开发人员并不能成比例地提高软件开发能力。相反，随着人员数量的增加，人员的组织协调、通信、培训和管理等方面的问题将更为严重。历史上有关软件开发在耗费了大量的人力和财力之后，由于离预定目标相差甚远不得不宣布失败的例子，举不胜举。

Because software is a logical, intellectual product, software development requires a huge logical system, unlike the production of other products. For example, there is a need to produce hardware equipment in a factory that can work overtime or “triple shifts” in time, which cannot be used in software development. Because of the complexity of the software system and the great number of additional links, blindly increasing software developers cannot proportionately improve software development capabilities. On the contrary, as the number of personnel increases, the problems of organizational coordination, communication, training and management of personnel will become even more acute.

1.3.4 软件质量差

1.3.4 Poor quality of software

软件项目即使能按预定日期完成，质量却不尽人意，程序的一些微小错误可以造成智能建筑工程项目灾难性的后果。在“软件作坊”里，由于缺乏工程化思想的指导，程序员几乎总是习惯性地以自己的想法去代替用户对软件的需求，软件设计带有随意性，这是造成工程项目不能今人满意的重要因素。

Even if the software project can be completed by the target date, the quality is not satisfactory, and some minor errors in the program can have catastrophic consequences for the smart construction project. In “software workshops,” programmers are almost always used to replacing the user’s demand for the software with their own ideas, and the design of the software is arbitrary, which is a major factor contributing to the project’s lack of satisfaction.

1.3.5　软件维护困难

1.3.5 Software maintenance difficulties

正式投入使用的软件，总是存在着一定数量的错误，在不同的运行条件下，软件就会出现故障，因此需要维护。但是，由于软件开发过程随意性很大，没有完整的真实反映系统状况的记录文档，给软件维护造成了巨大的困难。特别是在软件使用过程中，原来的开发人员可能因各种原因已经离开原来的开发组织，使得软件几乎不可维护。对一个复杂的逻辑过程，哪怕做一项微小的改动，都可能引入潜在的错误，常常会发生“纠正一个错误带来更多新错误”的问题。

There is always a certain amount of error in the software that is officially in use, and the software is malfunctioning under different operating conditions, and therefore needs to be maintained. However, because of the voluminous nature of the software development process, there are no complete records that truly reflect the state of the system, creating great difficulties in software maintenance. Especially in the course of software use, the original developers may have left the original development organization for a variety of reasons, making the software almost unmaintainable. For a complex logical process, even a minor change, it is possible to introduce potential errors, and the question of “correcting one error leads to more new mistakes” often arises.

1.4 项目管理风险

1.4 Project management risk

项目管理风险包括智能建筑工程项目过程管理的方方面面，如项目计划的时间、资源分配(包括人员、设备)、项目质量管理、项目管理技术(流程、规范、工具等)的采用以及外包商的管理等，因项目计划不周、制度缺乏、经营不善、技术落后、用人不当、沟通不畅、楼盘滞销等项目管理混乱而造成的风险。

Project management risks include all aspects of the management of the process of intelligent construction projects, such as the time planned for the project, the allocation of resources (including personnel, equipment), the introduction of project quality management, project management techniques (processes, norms, tools, etc.) and the management of the outsourcer, as a result of poor project planning, lack of systems, poor operation, poor technology, inappropriate use of personnel, poor communication and loss of space.

1.5 项目组织风险

1.5 Project organizational risk

组织风险中的一个重要来源就是项目决策时所确定的项目范围、时间与费用三个要素之间的矛盾。三要素的关系是相互依存，相互制约的，不合理的匹配必然导致项目执行的困难，从而产生风险。智能建筑工程项目资源不足或资源冲突方面的风险同样不容忽视，如人员到岗时间、人员知识与技能不足等。组织中的团队精神和文化氛围同样会导致一些风险的产生，如团队协同合作和人员激励不当导致内部不团结、人员离职等。

An important source of organizational risk is the contradiction between the project’s scope, time, and cost, as defined in the project’s decision-making. The three elements are interdependent, mutually constraining, and unreasonable matching necessarily leads to difficulties in project implementation, resulting in risks.

1.6 外部环境风险

1.6 External environmental risks

智能建筑工程项目外部环境风险主要是指其政治、经济环境的变化，包括政治风险、法律风险、经济风险、社会风险，以及与项目相关的规章或标准的变化；组织中雇佣关系的变化，如公司并购、自然灾害，主体(政府部门、相关单位)等产生的风险。这类风险因项目性质的不同而对其影响的程度也不一样。

The risks to the external environment of smart construction projects are mainly those resulting from changes in their political and economic environment, including political, legal, economic and social risks, as well as changes in regulations or standards associated with the project; changes in the employment relationship in the organization, such as corporate mergers and acquisitions, natural disasters, subjects (government departments, related units, etc.).

1.7 风险按其影响结果分类

1.7 Risks classified according to their impact results

全面风险管理有时要求按风险对目标的影响来进行风险因素分析，它体现的是风险作用的结果，包括以下几个方面的风险：

Comprehensive risk management, which sometimes requires risk factor analysis based on the impact of risk on the target, reflects the outcome of risk effects, including the following:

(1)工期风险：如造成局部的(工程活动、分项工程)或整个工程的工期延长，不能及时竣工验收；

(1) Phase risk: if it results in a partial (engineering activity, sub-engineering) or an extension of the duration of the entire project, it cannot be completed in a timely manner;

(2)费用风险：包括财务风险、成本超支、投资追加、收入减少等；

(2) Cost risks, including financial risks, cost overruns, additional investments, reduced income, etc.;

(3)质量风险：包括材料、工艺、工程等不能通过验收，工程试运行不合格，经过评价工程质量未达到标准或要求；

(3) Quality risk: including non-acceptance of materials, processes, works, etc., unsatisfactory performance of engineering tests, and failure to meet standards or requirements for evaluated quality of work;

(4)生产能力风险：项目建成后达不到设计生产能力；

(4) Productive capacity risk: design production capacity is not achieved when the project is completed;

(5)市场风险：工程建成后产品达不到预期的市场份额，销售不足，没有销路，没有竞争力；

(v) Market risk: the products do not reach the expected market share after completion of the works, are under-saled, have no outlets and are not competitive;

(6)信誉风险：可能造成对企业的形象、信誉的损害；

(6) Credibility risk: the potential damage to the image and reputation of the enterprise;

(7)伤亡损失风险：人身伤亡以及设备的损坏；

(7) Risk of loss of life and injury: loss of life and damage to equipment;

(8)法律责任风险：因被而要承担相关法律的或合同的责任。

(8) Risk of legal liability: exposure to liability for the relevant law or contract.

2 智能建筑工程项目风险的特点

Characteristics of risks associated with smart construction projects

智能建筑工程项目所面临的风险种类繁多，各种风险之间的相互关系错综复杂。所以项目从立项到竣工后运行的整个生命周期中都必须重视风险管理。智能建筑工程项目风险具有如下特点：

Smart construction projects are exposed to a wide variety of risks and complex interrelationships between risks. Therefore, risk management must be emphasized throughout the life cycle of the project from its establishment to its completion. The risks of smart construction projects have the following characteristics:

2.1 风险存在的客观性和普遍性

2.1 Objectivity and universality of risk

作为损失发生的不确定性，风险是不以人的意志为转移的，并超越人们的主观意识而客观存在。风险的普遍性表现在几乎所有的项目都存在着风险，特别是像智能建筑工程这样的高科技项目，把先进复杂的现代信息技术与建筑技术有机结合在一起。在项目的整个寿命周期内，自始至终风险是无处不在、无时不有的。这些说明为什么虽然人类一直希望认识和控制风险，但直到现在也只能在有限的空间和时间内改变风险存在和发生的条件，降低其发生的频率，减少损失程度，而不能也不可能完全消除风险。

As uncertainty about the occurrence of loss, the risk is not shifted by human will and exists objectively beyond one’s sense of subjectivity. The pervasiveness of the risk manifests itself in almost all projects, especially high-tech projects such as smart construction, which integrates advanced and complex modern information technologies with construction technologies. Throughout the life cycle of the project, the risk is pervasive and sporadic. These explain why, while humankind has always wanted to recognize and control the risk, it can only change the conditions in which it exists and occurs in limited space and time, reduce the frequency of its occurrence, reduce the extent of its losses, and cannot and cannot completely eliminate it.

2.2　风险发生的偶然性和必然性

2.2 Incidentality and inevitability of risk

风险发生的偶然性表现在任何具体风险的发生都是诸多风险因素和其他因素共同作用的结果，是一种随机现象。风险发生的必然性是指虽然个别风险事故的发生是偶然的、杂乱无章的，但对大量风险事故资料的观察和统计分析，发现其呈现出明显的运动规律，这就使人们有可能用概率统计方法及其他分析方法去计算风险发生的概率和损失程度，同时也导致风险管理技术方法的迅猛发展。

Inevitability of risk is the observation and statistical analysis of large amounts of risk incident information, which shows a clear pattern of movement, which makes it possible to calculate the probability of risk and the extent of loss using probabilities and other analytical methods, while also leading to a rapid development of risk management techniques.

2.3 风险的可变性

2.3 Variability of risk

项目风险的可变性是指在项目的整个实施过程中，各种风险在性质和数量上都是在不断变化的。随着项目的进行，有些风险可以规避，有些风险会得到控制，有些风险会发生并得到处理，同时在项目的每一阶段都可能产生新的风险。

The variability of project risks refers to the changing nature and quantity of risks throughout the project. As the project proceeds, some risks can be avoided, some risks can be controlled, some risks can occur and addressed, and new risks may arise at every stage of the project.

2.4 风险的多样性和多层次性

2.4 Diversity and multidimensionality of risks

一般项目，特别是智能建筑工程项目要求高、周期长、技术新、涉及范围广、风险因素数量多且种类繁杂，致使其在整个寿命周期内面临的风险多种多样，而且大量风险因素之间的内在关系错综复杂、各风险因素之间与外界交叉影响又使风险显示出多层次性，这是智能建筑工程项目风险的主要特点之一。

The high demand, long-cycle, new technology, wide-ranging, multiplicity and variety of risk factors for general projects, in particular smart construction projects, has led to a wide range of risks throughout the life cycle, as well as a complex interrelationship between a large number of risk factors, and the multilayering of risk between risk factors and external impacts, which is one of the main features of the risks of smart construction projects.

3　智能建筑工程项目全面风险管理

Comprehensive risk management for smart construction projects

虽然智能建筑工程项目风险多多，不过，人们也无须过分地恐惧风险，只要掌握风险发生的因果关系，风险是可以管理，并得到控制的。关注项目风险，掌握风险管理的知识与技能，从项目组织、职责、流程与制度上建立一套风险管理机制是确保项目成功的前提与保障。

While there are many risks associated with smart construction projects, there is no need to be overly afraid of risk, which can be managed and controlled as long as there is a causal link between the risks. Focusing on project risks, knowledge and skills in risk management, and establishing a risk management mechanism from the project organization, responsibilities, processes and systems are prerequisites and safeguards for project success.

项目风险管理是指为了最好地达到项目目标，识别、分配、应对、减少和避免项目生命周期内风险的现代科学管理方法。

Project risk management refers to modern scientific management methods that identify, allocate, respond to, reduce and avoid risks within the life cycle of a project in order to best achieve its objectives.

全面风险管理是用系统的、动态的方法进行风险控制，以减少项目实行过程中的不确定性。它不仅使各层次的项目管理者建立风险意识，重视风险问题，防范于未然，而且在各个阶段、各个方面实施有效的风险控制，形成一个前后连贯的管理过程。

Comprehensive risk management is a systematic and dynamic approach to risk control in order to reduce uncertainty in project implementation. It not only enables project managers at all levels to build risk awareness, focus on risk issues and prevent them from occurring, but also to implement effective risk control at all stages and in all its aspects, leading to a coherent management process.

智能建筑工程项目全面风险管理有四个方面的涵义：一是项目全过程的风险管理，从项目的立项到项目的结束，都必须进行风险的研究与预测、过程控制以及风险评价，实行全过程的有效控制以及积累经验和教训；二是对全部风险的管理；三是全方位的管理；四是全面的组织措施。

The overall risk management of smart construction projects has four implications: first, risk management throughout the project, from its establishment to the end of the project, requires risk research and forecasting, process control and risk evaluation, effective process control and the accumulation of experience and lessons learned; second, management of all risks; third, comprehensive management; and fourth, comprehensive organizational measures.

3.1 全面风险管理的任务

3.1 Mandate for comprehensive risk management

由于风险贯穿于项目的整个生命周期中，因而风险管理是持续的过程，建立良好的风险管理机制以及基于风险的决策机制是项目成功的重要保证。风险管理是项目管理流程与规范中的重要组成部分，制定风险管理规则、明确风险管理岗位与职责是做好风险管理的基本保障。同时，不断丰富风险数据库、更新风险识别检查列表、注重项目风险管理经验的积累和总结更是风险管理水平提高的重要动力源泉。一般，智能建筑工程项目全面风险管理的主要任务有三方面：

As risk cuts through the life cycle of a project, risk management is an ongoing process, and the establishment of sound risk management mechanisms and risk-based decision-making mechanisms is an important guarantee of project success. Risk management is an important component of the project management process and norms, and the development of risk management rules, clear risk management positions and responsibilities are essential safeguards for good risk management. At the same time, the continuous enrichment of risk databases, the updating of risk identification checklists, a focus on the accumulation of project risk management experience and a stocktaking exercise are important sources of risk management improvement.

3.1.1 预报预防

3.1.1 Prediction prevention

在智能建筑工程项目实施过程中，要不断地收集和分析各种信息和动态，捕捉风险的前奏信号，以便更好地准备和采取有效的对策，包括项目投保等措施，预防和避免可能发生的风险。加强风险预报预防工作是项目风险管理最重要的任务，预防措施的好坏，直接关系到风险发生的机率和风险损失的大小。

During the implementation of the smart construction project, there is a need to continuously collect and analyse information and dynamics, capture pre-risk signals in order to better prepare and implement effective responses, including such measures as project insurance, to prevent and avoid potential risks. Strengthening risk forecasting prevention is the most important task of project risk management, and prevention measures are good and bad, directly related to the probability of risk occurrence and the magnitude of risk loss.

3.1.2 防范控制

3.1.2 Preventive control

无论预防措施做得有多么周密，智能建筑工程项目的风险总是难以完全避免的。当风险发生时要进行有效控制，防范风险损失范围和程度进一步扩大。在风险状态下，依然必须保证工程的顺利实施，如迅速恢复生产，按原计划保证完成预定的目标，防止项目中断和成本超支，唯有如此才能有机会对已发生和还可能发生的风险进行良好的控制。

In a state of risk, it is still necessary to ensure the smooth implementation of the project, such as the rapid resumption of production, the completion of the intended objectives and the prevention of disruptions and cost overruns, as originally planned. Only then will there be an opportunity for good control of the risks that have occurred and are likely to occur.

3.1.3 积极善后

3.1.3 Positive rehabilitation

在风险发生后，亡羊补牢，犹为未晚，要迅速及时地采取措施以控制风险的影响，尽量降低风险损失和弥补风险损失，并争取获得风险的赔偿，如向保险单位、风险责任者提出索赔，以尽可能地减少风险损失。

After the risk has occurred, it is still too late to take prompt and timely measures to control the impact of the risk, minimize the risk loss and compensate the risk loss, and seek compensation for the risk, such as filing a claim with the insurance unit, the person liable for the risk, in order to minimize the risk.

3.2 全面风险管理的组织

3.2 Organization for comprehensive risk management

全面风险管理组织主要指为实现全面风险管理目标而建立的组织结构，即组织机构、管理体制和领导人员。没有一个健全、合理和稳定的组织结构，全面风险管理活动就不能有效地进行。

A comprehensive risk management organization refers primarily to the organizational structure established to achieve overall risk management objectives, i.e., organizational structure, management structure and leadership. Without a robust, rational and stable organizational structure, comprehensive risk management activities cannot be carried out effectively.

智能建筑工程项目全面风险管理组织具体如何设立、采取何种方式、需要多大的规模等问题取决于多种因素。其中决定性的因素是智能建筑工程项目风险在时空上的分布特点。项目风险存在于项目的所有阶段和方面，因此全面风险管理职能必然是分散于项目管理的所有方面，管理班子的所有成员都负有一定的风险管理责任。如果因此而无专人专职对风险管理负起责任，则全面风险管理就要落空。因此，全面风险管理职能的履行在组织上具有集中和分散相结合的特点。

The question of how, how and how large a comprehensive risk management organization for smart construction projects will be required depends on a number of factors. The determining factor is the spatial and temporal distribution of risks in smart construction projects. The project risks are present in all phases and aspects of the project, so that the overall risk management function is necessarily spread across all aspects of project management and all members of the management team have some risk management responsibilities.

此外，智能建筑工程项目的规模、技术和组织上的复杂程度、风险的复杂和严重程度、风险成本的大小、上级管理层对风险的重视程度、国家和政府法律、法规和规章的要求等因素都对全面风险管理组织有影响。

In addition, the size, technical and organizational complexity of smart construction projects, the complexity and severity of risks, the magnitude of risk costs, the importance attached to risk by superior management and the requirements of national and governmental laws, regulations and regulations all have implications for a comprehensive risk management organization.

全面风险管理组织结构的最上层应该是项目经理。项目经理应该负起全面风险管理的领导责任。项目经理之下可设一名风险管理专职人员，帮助项目经理组织和协调整个项目管理班子的风险管理活动。

The project manager should assume overall risk management leadership – a dedicated risk management staff member under the project manager to assist the project manager in organizing and coordinating the risk management activities of the entire project management team.

至于项目风险分析人员，应由有技术、经济、电脑和项目管理经验的权威人士来担任。若无合适人选，可以从外面请人。从外面请人的优点是容易使风险分析做得更客观、更公正。无论何种情况，项目管理班子成员都要参与风险分析过程。这样既可保证风险分析做得合理，又能够了解问题的来龙去脉，对风险分析的结果做到心中有数。

As far as project risk analysts are concerned, they should be an authority with technical, economic, computer, and project management experience. If there is no suitable candidate, they can be approached from outside.

3.3 全面风险管理的方法

3.3 A comprehensive risk management approach

众所周知，当某一危机发生时，通常不仅会显而易见地威胁到项目的成功，而且还会产生组织内部和外部的轰动效应，有时甚至会引起社会的广泛关注。因此，危机在众目睽睽、议论纷纷之下，会受到整个项目团队的极大重视。和处理危机事件不同，智能建筑工程项目好的全面风险管理往往是默默无闻地进行的。

It is well known that, when a crisis occurs, it often not only clearly threatens the success of the project, but also has a sensational effect, both within and outside the organization, sometimes causing widespread social attention. As a result, the crisis, in the face of public scrutiny and debate, is highly valued by the entire project team.

智能建筑工程项目实施全面风险管理，注重项目实施过程中的点点滴滴、一丝不苟、计划有序、贯穿始终的风险管理，即采取全面的组织措施，对工程项目全部风险实施全过程、全方位的管理。

The Smart Architectural Engineering Project implements a comprehensive risk management that focuses on point and point, detail, planning and continuous risk management in the course of the project, i.e. comprehensive organizational measures to manage the full range of risks of the project in a process-wide manner.

当全面风险管理非常有效时，智能建筑工程项目实施过程中基本不会产生什么大的问题，对于存在的少数问题来说，它也会得到更加迅速的解决。站在旁观者的角度来看，要说明一个智能建筑工程新项目的顺利开发是由于好的全面风险管理所致还是运气所致，可能是很困难的，但项目团队总会知道，他们的项目正是由于好的全面风险管理而运转得更好。

When comprehensive risk management is very effective, the implementation of smart construction projects will have little major problems, and it will be resolved more quickly for a few of the problems that exist. It may be difficult, from the perspective of bystanders, to demonstrate whether the successful development of a new smart construction project is the result of good overall risk management or luck, but the project team will always know that their projects function better precisely because of good overall risk management.

智能建筑工程项目全面风险管理方法一般包括以下几个过程：

A comprehensive risk management approach to smart construction projects typically includes the following processes:

3.3.1 风险识别

3.3.1 Risk identification

它是全面风险管理的第一步，即预测和识别出项目目标实施过程中可能存在的风险事件，并予以分类。对项目风险的管理首先必须明确项目都存在哪些风险，—般是根据项目的性质，从潜在的事件及其产生的后果，以及潜在的后果及其产生的原因来预测识别风险。

It is the first step in a comprehensive risk management, that is, predicting and identifying and classifying potential risk events in the course of project objectives. The management of project risks must first of all identify what risks exist in the project – predicting the identification of risks according to the nature of the project, depending on the potential event and its consequences, as well as the potential consequences and the reasons for them.

风险预测和识别的过程主要立足于数据收集、分听、整理和预测，要重视经验在预测中的特殊作用(即定性预测)。为了使风险识别做到准确、完整和有系统性，应从全面风险管理的目标出发，通过风险调查、信息分析、专家咨询及实验论证等手段，对项目风险进行多维分解，并充分征求各方意见，从而全面认识风险，形成风险清单列表。

Risk prediction and identification processes are primarily based on data collection, listening, collating and forecasting, with an emphasis on the particular role of experience in forecasting (i.e., qualitative forecasting). In order to be accurate, complete and systematic in the identification of risks, project risks should be multi-dimensionally disaggregated through risk surveys, information analysis, expert advice and empirical validation, with full consultation of the parties, in order to fully understand the risks and form a list of risks.

3.3.2 风险分析

3.3.2 Risk analysis

确定了智能建筑工程项目的风险列表之后，接下来就要搞清楚项目中存在的各种风险的性质，即进行风险分析。这一步骤将风险的不确定性进行量化，评价其潜在的影响。它的内容包括确定风险事件发生的概率和对项目目标影响的严重程度，如经济损失量、工期迟延量等，评价所有风险的潜在影响，得到项目的风险决策变量值，作为项目决策的重要依据。

After a list of risks for a smart construction project has been established, the nature of the risks in the project is then clarified, i.e., risk analysis. This step quantifys the uncertainty of the risk and evaluates its potential impact. It includes determining the probability of the risk event and the magnitude of the impact on the project's objectives, such as economic loss, delay in schedule, etc., evaluating the potential impact of all risks and obtaining the variable value of the project's risk decision-making as an important basis for project decision-making.

一般只对已经识别出来的项目风险进行量化估计，评估风险及各种风险之间的相互作用，以及评价项目可能产生的结果范围。这里要注意三个概念。

Only a quantitative estimate of the identified project risks, an assessment of the risks and the interactions between the various risks, and an evaluation of the range of possible results of the project are generally available. Three concepts are to be noted here.

(1)风险损失量：即风险对项目造成的负面影响大小。如果损失量的大小不容易直接估计，可以将损失量分解为更小部分再评估它们。风险损失量可用数值表示，即将损失重大小折算成对影响计划完成的时间表示；

(1) The amount of risk loss: the magnitude of the negative impact of the risk on the project. If the magnitude of the loss is not easy to estimate directly, the amount of the loss can be divided into a smaller part to be re-evaluated.

（2）风险概率：它是风险发生可能性的百分比表示，是一种主观判断；

(2) Risk probability: it is expressed as a percentage of the likelihood of the risk occurring and is a subjective judgement;

（3）风险量：它是指项目风险危害程度，计算公式为：风险量=风险概率*风险损失量

(3) Risk mass: it refers to the risk level of the project, calculated as the risk level = the probability of risk * the amount of risk loss

如：某一风险概率是25％，一旦发生会导致项目计划延长4周，因而，风险量=25%*4周=1周。

If the probability of a particular risk is 25 per cent, if it occurs, it will result in a four-week extension of the project plan, so that the risk volume = 25 per cent * 4 weeks = 1 week.

3.3.3 风险防范计划

3.3.3 Risk prevention plan

完成了智能建筑工程项目风险分析后，实际上就已经确定了项目中存在的风险，以及它们发生的可能性和对项目的冲击，因而可以对风险排序。然后可以根据风险性质和项目对风险的承受能力制定相应的防范计划，即风险防范对策。制定风险防范对策主要考虑以下四个方面的因素：可规避性、可转移性、可缓解性、可接受性，基本对策有三种形式：风险控制、风险自留和风险转移，总的目标是减小风险的潜在损失。风险防范对策在某种程度上决定了采用什么样的项目开发方案。对于应“规避”或“转移”的风险在项目策略与计划时必须加以考虑。

After completing the risk analysis for the smart construction project, the risks that exist in the project, as well as the likelihood of their occurrence and the impact on the project, have in fact been identified, so that they can be ranked. The risk prevention response can then be developed accordingly, depending on the nature of the risk and the carrying capacity of the project for the risk, i.e., the risk prevention response. The following four main factors are taken into account: evasibility, transferability, mitigation, acceptability, and three basic forms of response: risk control, risk retention and risk transfer, with the overall objective of reducing the potential loss of risk.

3.3.4 风险控制对策

3.3.4 Risk control responses

风险控制是对使风险损失趋于严重的各种条件采取措施，进行控制而避免或减少发生风险的可能性及各种潜在的损失。风险控制对策有风险回避和损失控制两种形式。风险回避对策经常是一种规定，如禁止某项活动的规章制度，损失控制是通过减少损失发生的机会或通过降低所发生损失的严重性来处理项目风险。损失控制方案的内容包括：制定安全计划、评估及监控有关系统及安全装置、重复检查工程建设计划、制定灾难计划、制定应急计划等。

Risk control is a measure to prevent or reduce the likelihood of risk occurring and potential losses by taking measures to make the risk loss more serious. Risk control responses take the form of risk avoidance and loss control. Risk avoidance responses often take the form of a regulation prohibiting an activity, which addresses project risks by reducing the opportunity for loss to occur or by reducing the severity of the loss incurred.

3.3.5 风险自留对策

3.3.5 Risk-based responses

风险自留是一种重要的财务性管理技术，由自己承担风险所造成的损失。风险自留对策分计划性风险自留和非计划性风险自留两种。计划性风险自留是指风险管理人员有意识地不断地降低风险的潜在损失。非计划性风险自留是指当风险管理人员没有认识到项目风险的存在，因而没有处理项目风险的准备，被动地承担风险，此时的风险自留是一种非计划风险自留。风险管理人员通过减少风险识别失误和风险分析失误，从而避免这种非计划风险自留。

Risk retention is an important financial management technique, with the risk being borne by the risk itself. Risk retention entails both a planned risk and a unplanned risk. Planned risk retention means that risk managers consciously and continuously reduce their potential loss. Unplanned risk retention means that when risk managers are not prepared to deal with the risk of the project and are passively risk-taking, risk retention is an unplanned risk at this time. Risk management practitioners avoid this unplanned risk by reducing risk identification and risk analysis errors.

3.3.6　风险转移对策

3.3.6 Risk transfer responses

(1)合同转移：是指用合同规定双方风险责任，从而将风险本身转移给对方以减少自身的损失。因此合同中应包含责任和风险两大要素；

(1) Contract transfer: a contract that sets out the liability of both parties for risk, thereby transferring the risk itself to the other party to reduce its own loss. The contract should therefore contain two elements of liability and risk;

(2)项目投保：是全面风险管理计划中的最重要的转移技术，目的在于把项目进行过程中发生的大部分风险作为保险对策，以减轻与项目实施有关方的损失负担和可能由此产生的纠纷。付出了保险费，在项目受到意 外损失后能得到补偿。项目保险的目标是最优的工程保险费和最理想的保障。

(ii) Project insurance: the most important transfer technology in the overall risk management plan. The aim of the project insurance is to provide insurance against most of the risks that arise in the course of the project in order to alleviate the burden of loss and the disputes that may arise between the parties involved in the implementation of the project.

确定风险防范对策后，就可编制全面风险管理计划，它主要包括：已识别的风险及其描述、风险发生的概率、风险应对的责任人、风险防范对策、行动计划及处理方案、应急计划、项目保险安排等等。

The identification of risk prevention responses allows for the development of a comprehensive risk management plan, which includes, inter alia, identified risks and their description, probability of risk occurrence, those responsible for risk response, risk prevention responses, action plans and treatment programmes, contingency plans, project insurance arrangements, etc.

3.3.7 风险监控管理

3.3.7 Risk monitoring and management

由于智能建筑工程项目风险存在的客观性和普遍性，在制定了全面风险管理计划后，风险并非不存在。在项目推进过程中，各种风险在性质和数量上都是在不断变化的，有可能会增大或者衰退。因此，在项目整个生命周期中，需要时刻监控风险的发展与变化情况，并确定随着某些风险的消失而带来的新的风险。

Because of the objectivity and universality of risks associated with smart construction projects, the risks are not non-existent when a comprehensive risk management plan is in place. During project advancement, the risks are changing in nature and quantity, with the potential to increase or decline.

风险监控主要任务是采取应对风险的纠正措施以及全面风险管理计划的更新。包括两个层面的工作：其一是跟踪已识别风险的发展变化情况，包括在整个项目生命周期内，风险产生的条件和导致的后果变化，衡量风险减缓计划需求；其二是根据风险的变化情况及时调整全面风险管理计划，并对已发生的风险及其产生的遗留风险和新增风险及时识别、分析，并采取适当的应对措施。对于已发生过和已解决的风险也应及时从风险监控列表调整出去。

The main task of risk monitoring is to take corrective measures to address risks and to update the comprehensive risk management plan. This includes two levels of work: first, to track the evolution of identified risks, including changes in the conditions and consequences of risk generation throughout the life cycle of the project, and to measure the need for a risk mitigation plan; second, to adjust the comprehensive risk management plan in a timely manner to changes in risk, and to identify, analyse and respond appropriately to the risks that have occurred and those that have arisen and those that have arisen.

最有效的风险监控工具之一就是“前10个风险列表”，它是一种简便易行的风险监控活动，是按“风险值”大小将项目的前10个风险作为控制对象，密切监控项目的前10个风险。每次风险检查后，形成新的“前10个风险列表”。

One of the most effective risk-monitoring tools is the “first 10 risk lists”, which is a simple risk-monitoring activity, targeting the top 10 risks of the project on a “risk” scale, closely monitoring the top 10 risks of the project. Each risk check creates a new “first 10 risk lists”.

3.3.8　全面风险管理检查

3.3.8 Comprehensive risk management inspection

智能化风险防控篇4

关键词：智慧消防；安全模式；探讨

Keywords: smart fire protection; safety model; exploration

中图分类号： X4.1 文献标识码： A 文章编号： 1673-1069（2016）18-35-2

Central Chart Classification Number: X4.1 Bibliography ID Code: A Article Number: 1673-1069 (2016) 18-35-2

0 引言

0 Introduction

为了积极推进“智慧城市”的建设，提高消防工作的效率和质量，应该积极推进“智慧消防”。“智慧消防”立足于现代通信技术，能够构建智能化的消防数字系统，从而提高城市消防安全的监管水平，以及发生火灾之后的灭火救援战斗力，进一步提高消防安全，开启火灾预警的智慧化模式。如何更好的运用“智慧消防”是一个值得公安消防部门与所有消防工作者不断探索与思考的问题。

In order to contribute actively to the construction of “smart cities” and to improve the efficiency and quality of fire-fighting efforts, “smart fire-fighting” should be actively promoted. It is based on modern communication technologies, capable of building intelligent fire-digital systems, thereby increasing the level of supervision of urban fire safety, as well as fire-fighting and rescue efforts in the aftermath of fires, further improving fire safety and opening up a wise model of fire warning. The better use of “smart fire-fighting” is an issue that deserves constant exploration and reflection by the public security fire department and all fire-fighters.

1 “智慧消防”的含义和引入“智慧消防”理念的必要性

The meaning of “smart fire” and the need to introduce the concept of “smart fire”

1.1 “智慧消防”的含义

1.1 Meaning of “intellectual fire”

智慧消防是一个全新的思想与含义，其当前正处在发展时期，还缺乏统一与权威的准则、定义。笔者觉得，智慧消防就是在数字地理信息的基础上，借助现代通信技术，如数字通信技术、智能识别、虚拟仿真、移动定位及计算机软件等，实现智能搜集、整理、公布、分析，帮助决断消防水源、消防装备、建筑固定消防设施及应急预案等信息的智能化消防数字系统的构建。其主要是为火灾应急救援、城市火灾防控等工作提供服务，以便对城市消防安全进行处理、监控、预防以及指导调度，使城市消防安全监管水平与灭火救援战斗力实现提升，实现城市的救灾能力、减灾能力及防灾能力的提高[1]。

Wisdom fire is a new idea and meaning, and it is currently under development, and lacks uniform and authoritative guidelines and definitions. I think that intelligent fire fighting is the construction of intelligent fire digital systems based on digital geographic information, using modern communication technologies, such as digital communications technology, smart identification, virtual simulation, mobile positioning and computer software, to gather, collate, publish, analyse, help determine information such as fire water sources, fire-fighting equipment, construction of fixed fire-fighting facilities and emergency preparedness. It mainly serves fire emergency response, urban fire prevention and control, so that urban fire safety is handled, monitored, prevented and directed in order to improve the level of urban fire safety supervision and fire-fighting combat capability, as well as the capacity of cities to respond to disasters, disaster mitigation and disaster preparedness [1].

1.2 在火灾预警和消防监管模式中提出“智慧消防”理念的必要性

1.2 The need to introduce the concept of “smart fire” in the fire warning and fire control model

①作为社会治安防控体系的重要内容之一，消防工作与人民群众的生命财产安全息息相关，面对城市依然严峻的消防安全形势，现有的火灾预警和消防监管模式已不能满足人民群众的新期待和新要求，而这就要求我们革新思维，转变监管模式。笔者认为基于“物联网”、网络化及信息化大数据的建立，融合“互联网+”的思维和方法，探索城市火灾预警和消防管理模式的智能化监管势在必行。

As one of the key components of the social security control system, fire prevention is closely linked to the safety of people's lives and property. In the face of the still critical fire safety situation in the cities, the existing fire warning and fire control model is no longer sufficient to meet the new expectations and demands of the population, which requires us to change the regulatory model.

②随着互联网时代的发展与深入人心，建设智慧消防必须要使城市火灾预警实现自动化。发展社会经济与城市消防工作是紧密联系在一起的。随着社会与经济的不断发展，引发火灾的原因也日益增多，火灾导致的后果也越来越严重。坚持预防先行，全天候、全时段对城市重点区域重点单位的消防安全运行状态进行监控显得十分必要。而当前已有的消防执法人员数量还远远无法满足城市消防安全保障的需求，为此，只能借助科技来提升警力，通过对城市互联互通的火灾监控网络的构建，以实现从系统上与整体上对火灾风险进行判断、分析与研究，使火灾预警能力实现提升，进而使火灾预警实现自动化。

As the Internet age has developed and gained ground, building smart fires must automate urban fire warning. Development of the socio-economic and urban fire-fighting sectors is closely linked. As societies and economies have evolved, the causes of fires have increased, and the consequences of fires have increased.

③建设智慧消防必须要使城市应急救援实现智能化[2]。目前，城市消防工作不仅要面对地下、老式民宅、高层及化工等带来的消防安全问题，而且还要面对新技术、新材料、新工程、新建筑、新能源以及人口老龄化等带来的消防安全问题，消防应急救援工作也逐渐变得越来越困难。所以，当下亟需对火灾扑救方法进行深入地改进与健全，以使科学施救水平实现持续的提高。然而，在保证目前已有的消防工作体系总体稳定的前提下，若想使城市应急救援处理水平实现最快地提升，则必须使城市应急救援处理实现智能化，以便最快地对火灾现场的通讯及各种应急救援信息支撑等问题进行处理。

Building smart fires requires that urban emergency rescue efforts be intelligent [2]. At present, urban fire-fighting efforts are facing fire safety not only from underground, old people’s homes, high-rises, chemicals, etc., but also from new technologies, materials, new engineering, new buildings, new energy sources, and population ageing. Fire-fighting emergency rescue efforts are becoming increasingly difficult. Therefore, there is an urgent need to improve and improve fire-fighting methods so that the level of scientific response can be sustained.

2 消防安全监管与火灾预警“智慧化”模式

2 Fire safety regulation and fire warning “intelligent” model

2.1 实时收集数据，并开展多元信息的交流互动

2.1 Real-time data collection and multifaceted information exchange

第一就是主动融入。通过各级政府对网络监管中心的构建与对专兼职网络人员的招聘，以实现把消防工作融入网格管理体系之中，同时对“智慧消防”信息系统予以组建，对规范流程与标准予以建立，由专兼职网格员每天对信息进行报备，每周对数据进行核对，每月对任务进行制定。第二就是共享信息。对水源、人口、气象及房屋等基础信息数据库进行联通，以使查询与调用变得更加便捷。将作战训练系统、后勤装备系统以及户籍化管理系统等进行整合，对车辆装备、预案类型、设施维护及灭火药剂等信息进行同步管理。兼容网格员社区E通，对地理坐标、人员基础信息及建筑基础信息进行共享。第三就是关联整合。对收集到的信息进行整合并进行自动关联对比，同时将收集到的信息选择性地添加到电子地图中，消防人员在进行“六熟悉”与监督检查的过程中，应当对电子地图进行实时地更新与确认。

The first is active integration. Through the construction of network control centres and the recruitment of dedicated part-time network personnel at all levels of government, it is possible to integrate fire protection into the grid management system, as well as the creation of “intellectual fire” information systems, the establishment of regulatory processes and standards, the daily reporting of information by dedicated part-time grid officers, the weekly reconciliation of data, and the monthly development of tasks. The second is sharing information. The basic information databases, such as water, population, meteorology and housing, are linked to make it easier to search and use more easily. The integration of operational training systems, logistics equipment systems and household registration management systems, and the simultaneous management of information such as vehicle equipment, pre-case types, facilities maintenance and fire-fighting agents.

2.2 有效利用物联网，使安全监管实现动态化

2.2 Efficient use of physical networking for dynamic security regulation

第一就是着重监控。对消防控制室远程监控系统进行构建，以便对消防设施的运行状况与值班人员的职责履行进行同步监控。对企业监控信号与街面视频探头予以接入，以实现对堵塞消防通道及运输易燃易爆物品等违法行为进行动态监控。借助“二维码”技术，以实现重点企业与高危企业消防设施的标识化管理。通过GPS定位，以实现对网格人员的日常巡查状况进行全程监控。第二就是联动查处。对治安、水务及住建等二十个部门的监管职能进行整合，对联勤处置程序进行规范，对流转、反馈、上传、回告及办理等工作机制进行构建。网格人员应当对消防通道堵塞及消防出口封闭等十二类消防事件进行劝阻并责令其进行整改。未能及时整改的，网格人员应将其上报并将其在“智慧消防”信息系统内的数据进行同步更新，再让有关部门与消防部门联动对其进行核查，并督促其进行整改。第三就是风险预警。通过“每天统计，每周分析，每月研究判断，每季开会商讨”，智能分析违法行为与火灾隐患，并进行风险评估，在系统地图上分别用“绿、黄、红”来标明风险等级，针对存在较高风险的，有关部门应当增加抽查频次并加大整治力度。

The first is to focus on monitoring. The first is to construct a remote monitoring system for fire control rooms in order to synchronize the performance of fire control facilities with the duties of duty-bearers. The second is to integrate the regulatory functions of 20 departments, such as security, water and residential services, to regulate the handling of traffic, feedback, uploading, re-entry and handling of flammable materials, to enable dynamic monitoring of violations. With the “two-dimensional” technology, the marking of fire-fighting facilities in priority and high-risk enterprises is to be achieved.

2.3 实现自动化的火灾预警

2.3 Automate fire early warning

①对人员密集等重点场所的消防安全自动警示系统予以构建。将基于公共移动通信网络的安全风险警示短信系统设立于消防重点场所，将逃生知识与安全防范知识等消防短信发送给进入此地区的任何人员，而在发生火灾时，还要将火灾警示及逃生信息发送出来，以使人们安全快速地逃生。

A fire safety automatic warning system for priority locations, such as intensive personnel. A safety risk alert text message system based on a public mobile communication network will be set up at a fire safety focus site, sending fire message messages such as escape knowledge and safety precautions to any person entering the area, and, in the event of a fire, sending fire alerts and escape messages to enable people to escape safely and quickly.

②对区域火灾分析评估系统进行开发。在现有城市火灾风险评估模型建立的基础上，按照风险的高低顺序进行排序，开发城市区域火灾分布系统app，定期调整更新，供人们下载，实时了解所处区域的火灾危险性，提高防范意识。

The regional fire analysis assessment system was developed. On the basis of the existing urban fire risk assessment model, the urban area fire distribution system was sequenced in order of risk, and updated regularly for downloading, real-time information on fire hazards in the area and awareness raising.

③对城市火灾自动报警中心予以建立。对城市火灾自动预警系统予以构建，对消防水系统、防排烟、消防报警设备以及消防用电等设备的运行状况进行同步监控，使对消防控制室操作人员的管理实现动态化与整体化。对社会企业内部消防关键点的视频监控进行探究，对社会企业建筑消防设备的日常管理备案系统予以构建，以使建筑消防设施的完好率得以提升。

3 Establishment of an automatic urban fire alert centre. Construction of an automatic urban fire early warning system. Simultaneous monitoring of the operation of fire water systems, smoke prevention, fire alarm equipment and fire-fighting electricity has resulted in dynamic and integrated management of fire control room operators. Video surveillance of fire-critical points within social enterprises has been investigated, and a routine system for the management of fire-fighting equipment in social enterprises has been constructed to improve the efficiency of building fire-fighting facilities.

3 结语

3 Concluding remarks

现代化消防立足于现代通信技术，建立在智能消防数字系统的基础上。城市消防安全的监管水平逐步提高，火灾之后的灭火救援战斗力进一步增强，使得消防更加智能和高效。总而言之，我们必须更加深入的研发“智慧消防”的技术，提高其实际应用效果，通过建设“智慧消防”来促进城市信息化消防的应用与建设，进而推动“智慧城市”建设的不断发展。

Modern fire-fighting is based on modern communication technologies and is based on a smart fire-digital system. Urban fire safety is being regulated gradually, and fire-fighting and rescue efforts after fires are increasing, making fire-fighting more intelligent and efficient.

参 考 文 献

References

[1] 邢志祥，高文莉，诸德志.城市灭火救援决策支持系统研究述评[J].中国安全生产科学技术，2011（11）.

[1] Review of the decision support system for urban fire suppression [J]. Science and technology for safe production in China, 2011 (11).

[2] 郑如占.做好消防工作是各级政府的应尽职责[J].中国消防，2011（01）.

[2] Jung-jin. Good fire-fighting is the duty of all levels of government [J]. China Fire-fighting, 2011(01).

[3] 各地出新招贯彻落实《国务院关于加强和改进消防工作的意见》[J].中国消防，2012（07）.

[3] New local recruitment to follow up on the State Council's Views on Enhancing and Improving Fire-fighting Work [J]. China Fire-Fighting, 2012(07).

智能化风险防控篇5

从现状来看，电力通信网拓展了覆盖的总规模，日渐变得复杂。与此同时，电网也含有更高水准的新颖技术。在这种状态下，电网调度拟定了更严格的日常调度规程，从严的指标表征着综合更高的调度及防控水准。智能化电网中，变电站被变为无人值守，从根本上标志着通信网的持久扩展。在防范风险时，电网常态的调控及运行要配备体系化的机制。调整原先的执行指标，提升运转中的通信网安全。做好各时段的常态调度，保持持久及稳定的城乡供电。

At the same time, the grid contains new technologies of a higher standard. In this state, the network's dispatches have developed stricter routine dispatch protocols, combining higher dispatch and control standards from a strict list of indicators. In smart grids, transformers have become unattended, fundamentally signalling a sustained expansion of the network. In case of risk, the normal regulation and operation of the grid has to be accompanied by a systematic mechanism.

一、通信网隐含的威胁及风险

I. INCOME RISKS AND RISKS IN COMMUNICATIONS NETWORKS

城乡都设有通信性的电力网，电力调度密切关乎持久态势下的经济进展，为此应能辨析风险并增设必备的防控。经济快速进步，城乡都提升了平日内的生活水准，应能妥善把控综合供电，确保调配的电能是优质且安全的。统一把控各区段电网运转的真实状态，配备统一的指挥。一旦查出故障，则要即刻予以处理，在最短时段内恢复常态性的送电。此外，还应适当调配并利用现有一切的电能，提升根本的调度水准。从现有状态看，隐含性的通信风险可分为：

Both urban and rural areas have a telecommunications grid, which is closely linked to sustained economic progress, so that risks can be identified and the necessary controls created. Rapid economic progress, both urban and rural, has raised the standard of living within the week, so that the integrated power supply can be properly controlled, ensuring the high quality and safety of the power distribution. The real state of operation of the power grids in each sector of the zone is unified, with a unified command. If faults are detected, they should be dealt with immediately, restoring normal power delivery within the shortest possible period. In addition, the basic level of movement should be raised by appropriate deployment and utilization of all available power.

首先，是操控中的风险。常规的工作中，通信网调度拟定了重复性的平日流程，是枯燥且单调的。这种状态下，维持常规性的送电运转不可缺失日常的电网查验。持久重复设定的单调进程，很难聚集精力。运转中的电网若没能修复，将会增添偏差性的操控。情形严重时，还会增添人身伤害。执行平日的操控时，有些调度职员并没能依循预设的规程从严管控，例如没能审验给出来的指令票。缺失了配套的送电查验，某些构件隐含多样的运转威胁。如果操作失误，将会威胁至根本性的安全。

First, it is a risk of manipulation. In the conventional work, the communications network dispatch has drawn up a repetitive day-to-day process, which is boring and monolithic. In this state, it is impossible to maintain routine power delivery without daily grid inspection. It is difficult to focus on a single, long-duration process. If the power grid is not repaired, it will add biased manipulation. In serious cases, it will add physical harm. Some dispatch workers do not follow predefined protocols, such as failing to examine the orders given.

其次，是设备附带的风险。相比于其他系统，电力系统有着自身的特性。这是因为，供应至各区段的电能维持着生活及平日生产的顺畅，应当注重于监管。通信网含有多样的设备，运转状态下的设备构件都很易损毁、磨损，因而减少了原先的预测年限。有些状态下，没能经由从严的管控就安装了设备，安装至网络内的设备已经老化。操控不够规范，电力调度突发多样难题，在根本上增添了风险及潜在的威胁。

Second, there are risks associated with equipment. The power system has its own characteristics compared to other systems. This is because the power supply to the sectors sustains the smooth running of life and day-to-day production and should be focused on regulation. The communications network contains a variety of equipment, and the components of the equipment in a state of operation are fragile and worn out, thus reducing the number of years previously projected. In some cases, equipment has not been installed under strict control, and equipment installed into the network has aged.

第三，是监管的风险。电力通信网应被经常监管，唯有如此才可防控多样故障。若缺失了监管，将会突发规模较大的城乡供电故障。电力调配范围内的突发故障将干扰至平日生活，增添了额外损失。根本的故障成因为：监管者缺失了必备的新认知，也没能设定完备的防控机制。缺少平日的监管，没能结合实情增设完备的配套机制，增添了运转中的电网隐患。此外，有些管理者暗藏侥幸心态，即便查出偏差也并没能及时予以纠正。通信电网故障还会损毁运行中的电网，影响送电安全。

Third, there is a risk of regulation. Electricity networks should be regularly regulated, so that they can manage multiple failures. In the absence of regulation, large-scale power failures occur in urban and rural areas.

二、风险防范依循的总思路

II. General approach to risk prevention

风险防范要结合真实的通信电力状态，选取最适宜的评估及管理。防范通信网内在的多样安全风险，辨析故障链条。在这种基础上即可判别细微的因果联系。风险防范先要判别潜在的某一电网风险源，评估并妥善予以控制。识别了风险后，还要采纳选定的流程以此来减低后续的持久电网隐患，把风险缩减于可接纳的范围内。详细来看，防范安全风险可采纳的总思路涵盖了如下：

Risk prevention is linked to the real state of communication power, selecting the most appropriate assessment and management. Protection against the diversity of safety risks inherent in the communications network and the determination of fault chains. On this basis, a fine causal link can be identified. Risk prevention is assessed and properly controlled by diagnosing a potential grid risk source. Once a risk is identified, the selected process is adopted to reduce subsequent persistent grid distress and reduce the risk to acceptable levels. In detail, the general approach that can be adopted to protect against safety risks covers the following:

（一）应对突发性的通信网损毁

(i) Reaction to sudden damage to communication networks

受到外在干扰，通信网增添了很难预知的多样隐患。面对突发性的损毁，要给出应急管控的配套性方式。系统在运转中，偶发暴雨狂风，这些都将增添额外及突发的某区段电网损毁。应对突发情形，增添了电网隐蔽性的损伤。情形严重时，还将增添伤亡。增设配备的应急防控，要拟定可落实的多样防控手段。抢修应及时，在短时段内恢复某区段的送电，避免后续断电附带的更大损失。电力通信还应慎重防控平日内的电网干扰，不可影响常态生产及生活。

In the event of disruption, the network adds a number of hazards that are difficult to predict. In the event of sudden damage, the emergency management system is accompanied by an accompanying approach. The system operates with occasional storms, which add additional and sudden damage to a sector of the grid. In the event of an emergency, it adds hidden damage to the grid. In the event of a serious situation, additional casualties will be added.

（二）提升操控水准

(ii) Increased standards of control

城乡构建起来的电网总规模都日益在拓展，各区域也搭配了剧增的变电站。提升了用电需要，电网调控配备的职员也应接纳新颖的调控技术，不断提升水准。注重于提升综合调控必备的根本技能，从本源入手确保了调控中的区域电网是稳定的。应当明确的是：电力通信这类的网络覆盖至一切用户，唯有严谨并且审慎，才能杜绝操控时的细微偏差。针对入职的新职员，都应提供培训。防控操作失常，检验及修复通信网的各流程都应增设更优的新式人才。应能跟紧时代，提升全方位状态下的查验及防范能力。

Both urban and rural grids are growing in size, and the regions are equipped with dramatically increased power transformers. Upgraded electricity needs, network regulators should be equipped to accommodate new and innovative regulatory techniques and upgrade standards. Focusing on upgrading the basic skills necessary for integrated regulation, the primary source ensures that the regulated regional grid is stable. It should be clear that networks such as electricity communications cover all users and can only be carefully and prudently managed to eliminate the nuance of manipulation. Training should be provided for incoming staff.

（三）执行预设的操作规程

(iii) Implementation of predefined operating protocols

各区域都设有复杂形态下的送电网络，用户也拥有了防控的安全认知。通信网运转先要拟定可查看的配套机制，这样才可便于持久的后续落实。设定了操控及防范必备的规程后，还要妥善落实。这样做，才能防控细微隐患及偏差，维持常规供电。先要设定明晰的操控规定，细化平日内的各环节。依照设定好的规程予以落实，慎重管控并且核验风险。

In all regions, there are complex distribution networks and users have a security awareness of control. The communications network must be operated in a way that allows for long-term follow-up. The protocols necessary for control and prevention must be put in place and properly implemented. In order to prevent minor hazards and deviations, the regular electricity supply must be maintained.

三、可采纳的防范措施

III. APPLICABLE PREVENTIONS

信息化时代内，电力通信网增添了原本的更多智能性。实际上，现有较多区域也接纳了智能性的新式通信网。与之相伴，电网查验及防控潜在漏洞都应采纳这类防范，提升智能性的总体水准。传送电能及查验通信网都应采纳新颖的智能手段，减少了耗费的成本及手动操控。维修及检测时，扫描借助于配套的电子装置，快捷并且方便。强化查验多样的安全风险，凭借于新颖技术并增设全方位的管控流程。

In the age of informatization, the electricity network adds more intelligence. In fact, more regions now embrace new and intelligent communication networks. This should be accompanied by the use of such precautions for the detection and control of potential gaps in the grid. Both the transmission of electricity and the detection of communication networks should adopt innovative and intelligent tools that reduce costs and manual manipulation.

（一）辨识及评估多类风险

(i) Identification and assessment of multiple types of risk

风险防范不可脱离先期的风险辨识，要辨识隐含着的通信网风险，随时测出这类的隐患。在风险辨识中，电网风险可分成多类：失误性的指挥、平常的违章操控、不可管控的其他威胁。在某些情形下，通信电力网也缺失了常规查验及管护。人为行为将会增添风险，此外还含有威胁性的其余要素。

Risk prevention cannot be separated from the pre-existing risk identification, which identifies the underlying communication network risk, and detects such risks at any given time. In risk identification, the grid risk can be divided into multiple categories: misdirection, common irregularities, and other uncontrollable threats. In some cases, the communications grid also lacks routine identification and care.

针对风险评估，可采纳风险评判选取的体系方式。评判安全性时，整合了定量及定性双重的解析。采纳了定性解析，还要配备定量解析，这样即可确认隐含着的风险是否严重。评价风险性要依循给出来的平日作业条件，定量评估针对不可管控的较大通信网隐患。在评价电网表现出来的多样风险时，可选取的指标含有风险分值、累积得出的故障后果、人体是否频繁暴露于外在的风险环境。

Risk assessment can be based on a systematic approach to risk assessment. In assessing safety, quantitative and qualitative dichotomy is integrated. Qualitative resolution is adopted, accompanied by quantitative resolution, which will confirm the magnitude of the risk implied. Risk evaluation is based on the given day-to-day operating conditions, with a quantitative assessment of the risk exposure of a larger network that cannot be controlled. In evaluating the diversity of risks that the grid presents, the indicators that can be selected include risk fractions, cumulative failure effects, and whether the human body is exposed frequently to external risk environments.

（二）各阶段的通信调度

(ii) Phases of communications movement

偏差性的通信网调度多归因于隐含的违规操控，若能提升各阶段配备的调度水准那么即可妥善予以调度。针对各类企业，都应组织定时性的职员培训。通信调度涵盖了如下的各步骤：首先，要核验并回复预设的工作票，查看明晰的填写内容。其次，要设定指令票，熟识指令票。拥有资质的相关职员可拟定这类的指令票。核验中性投切的变压器、核查接线方式。若某一操作密切关乎联合性的多样调度行为，那么更应核验缜密的各流程操作。第三，调度员要防控恶劣气候，避开城区耗电的高峰时期。执行了指令后，及时通知现存的设备真实状态。通知检修单位，以便于及时检修区域内的通信网。

All types of enterprises should organize regular staff training. The communications schedule covers the following steps: first, check and respond to predefined work tickets and check for clear entries. Second, order tickets must be set to understand the instructions. The relevant staff with the qualifications can prepare such instructions. Verify the transformer that is neutrally applied, verify the connections. If an operation is closely linked to a combination of movement control behaviour, it is more appropriate to verify the procedures. Third, the dispatcher must guard against bad weather and avoid the peaks of power consumption in the city.

（三）防控误差操作

(iii) Control error operations

预防通信网的事故，要区分不同区段的电网负荷。通信网若突发了故障，还要编制应急性的故障检修规程。经过初期判断，确认了概要的故障状态及位置。调度员应能搜集得出全方位的电网故障，把控这个时段精准的运行状态。解析得出故障性的通信网节点，后续处理中也不应忽视变更的电压及潮流，设定运行中的最佳限额。此外，还要注重采纳新颖的智能性技术，妥善隔离选定的故障点。录入详尽的故障信息，防控后续更大范围内的事故扩展。

To prevent accidents in the communications network, a distinction should be made between grid loads in different sectors. If the network fails, an emergency fail-check protocol must be prepared. After an initial diagnosis, the outline failure state and location are confirmed. The dispatcher should be able to collect the full range of power grid malfunctions and control the precise operational state of the time. To decipher the fault network nodes, the follow-up should not lose sight of changing voltage and currents, setting the best limits in operation. In addition, emphasis should be placed on the adoption of innovative intelligent techniques to properly isolate selected failure points.

结语

Concluding remarks

智能化风险防控篇6

关键词：智慧交通；大数据；信息安全

Keywords: intelligent traffic; big data; information security

中图分类号：F506 文献标识码：A

Central Chart Classification Number: F506 Bibliography ID Code: A

Abstract： Nowadays， owing to the development of information technology rapidly， it has brought great changes to intelligent transportation field. The use and development of big data whose core is data in the field of transportation has brought the new technology connotation to the intelligent transportation， as well has great influence on the concept and model of the intelligent transportation. However， there are many problems for intelligent transportation when collecting， storing and utilizing big data. As the big data use in intelligent transportation is a new technology， there is no very effective measures. This paper summarizes and analyzes the challenges of big data use in the intelligent transportation field， and puts forward the solutions accordingly. Only in this way can we get the maximum commercial and research value from the big data， and make a great process in the intelligent transportation field.

Key words： intelligent transportation； big data； information security

0 引 言

* The present document was not edited before being sent to the United Nations translation services.

近年来，由于城市化进程加速推进，交通系统和相关资源日趋紧张；人口不断的增长和越来越大的移动需求，更加增大了交通系统的压力。扩建道路、增加公共交通等传统的解决方案并不能从根本上解决我国目前交通系统面临的问题。大数据以及云计算技术的大力发展为解决问题打开了新的思路，智慧交通的概念由此提出。我们应该在推动城市空间结构调整、加强交通需求管理、优先发展公共交通的同时，依托高新技术手段，积极开展智慧交通建设，发挥已有能力，释放交通压力，促使交通出行安全[1]。此外，智慧交通可以直接有效地提高交通运行效率，是解决城市交通问题的根本手段和必要举措。大数据作为智能交通系统中的重要技术手段在智慧交通中的应用主要是为了发现从单一的交通数据中无法获取的信息，通过大量数据汇集融合，得到城市交通拥堵的原因以及在拥堵情况下的交通出行规律，围绕以人为基本核心，实现生活与交通的平衡，并为交通系统的管理与规划提供综合性决策[2]。

In recent years, as the urbanization process has accelerated, traffic systems and related resources have become more stressful; the growing population and the growing demand for mobility have increased the pressure on transport systems. The expansion of roads and the expansion of public transport, among other traditional solutions, do not fundamentally solve the problems facing the country’s current transport system. Big data and the significant development of cloud computing technology have opened new thinking to the problem, and the concept of intelligent transport has emerged. While we should promote urban spatial restructuring, improve traffic demand management, give priority to public transport, build on new technological means, build on the capacity to release traffic pressures, promote safety of traffic.[1] In addition, intelligent transport can directly and effectively improve transport efficiency, both as a fundamental tool and as a necessary initiative for solving urban transport problems.

智慧交通中大数据主要应用于公共交通服务、交通引导、物流调度优化等方面，通过数据资源整合，依托云计算服务平台并应用大数据技术为公众提供便捷的出行服务[3]。如今，国内交通部门都在积极研究大数据技术在智慧交通中的应用，如杭州综合交通信息指挥中心利用大数据平台进行城市轨道交通数据分析，江苏省交通运输厅在大数据应用方面与百度展开深度合作，并签署了《战略合作框架协议》等。国外交通部门同样以公众便捷出行为宗旨，利用大数据分析提高交通效率[4]，如美国商用铁路就利用大数据分析结构提高运输的及时性。然而在智慧交通系统的实际建设中，大数据带来的信息安全挑战却不容忽视。

Intelligent traffic data are used mainly for public transport services, traffic guides, logistics movement optimization, and through data resource integration, cloud computing service platforms and the application of big data technologies to provide easy travel services to the public[3]. Today, the domestic transport sector is actively studying the use of big data technologies in intelligent traffic, such as the Hangzhou Integrated Traffic Information Command Centre, which uses large data platforms for urban orbital data analysis, the Jiangsu Transport Department works in depth with 100 degrees in large data applications, and has signed the Strategic Cooperation Framework, among other things.

1 智慧交通中大数据应用面临的挑战

1 Challenges for big data applications in intelligent traffic

随着智慧交通的建设，大数据已经成为交通数据平台的重要载体，作为生产要素发挥重要作用。随着快速处理技术和分析提取技术的发展，可以迅速挖掘出其中所蕴含的价值信息，这些信息可以对系统的辅助决策提供帮助。智慧交通中的大数据可以突破各行政区域间的限制，进而共享数据信息。另外，大数据的组合效率和信息集成优势有利于综合性立体的交通信息体系的构建[5]；另外在交通资源配置、车辆安全方面利用大数据的快速性和可预测性提升交通预测水平都有极大帮助。然而，智慧交通中大数据掀起新的生产率提高和消费者盈余浪潮的同时，随着而来的是大数据应用过程中带来的挑战。

As intelligent transport is built, big data has become an important vehicle for transport data platforms, and plays an important role as a factor of production. As rapid processing and analytical extraction techniques develop, the value information contained therein can quickly be tapped, which can assist in supporting decision-making.

1.1 行业标准不统一

1.1 Inconsistent industry standards

国内由于各个地区的经济发展不平衡，在实施智慧交通系统项目时，国家并没有统一的行业标准，所以造成许多地区的智慧交通系统相对独立，衔接和配合度不强[6]。在智慧交通中大数据的应用需要依靠前端传感器进行数据采集，由于铺设的前端传感器来自于不同的生产企业，这些行业并没有统一的接口标准，这就造成即使同一个城市的不同系统也很难进行衔接和配合。在智慧交通的大数据应用中，数据采集是非常重要的环节，由于不统一的标准会严重加大交通数据获取难度，从而妨碍交通流的分析与预测。

The uneven economic development of different regions within the country and the absence of uniform industry standards in the implementation of the Smart Transport System project have led to relatively independent and poorly connected and coordinated intelligent transport systems in many regions[6]. The application of big data in intelligent traffic requires data collection using front-end sensors, which do not have uniform interface standards because of the fact that the front-end sensors are located in different production enterprises, making it difficult to connect and coordinate even with different systems in the same city.

1.2 难以确保智慧交通系统基础设施的稳定性与可靠性

1.2 Difficulties in ensuring the stability and reliability of the infrastructure of intelligent transport systems

智慧交通系统的整合度和复杂度越来越高，然而其健壮性却没有随之提高，因此系统整体的信息安全风险随之增大。智慧交通系统往往需要大量的服务器和前端设备，包括信号控制、交通流量采集、交通诱导、电子警察、卡口等子系统，数据要和上级交通管理平台、下级交通管理子平台、公安业务集成平台等系统相连。系统具有流程复杂、业务系统众多、客户端分散等一系列特点。数据中心需要竭尽全力保证业务系统的正常运行。但是随着系统规模不断扩大，前端设备点位增加，设备故障点也呈几何级数增长，管理人员必须保证这些设备正常运行。在数据传输过程中，智慧交通系统中硬件设备因功能滞后或老化而导致传输速率下降以及网络延迟，这些都可能引起数据泄露以及丢失，严重影响大数据安全。

Smart transport systems often require a large number of servers and front-end equipment, including signal control, traffic acquisition, traffic induction, electronic police, vents, etc., data are linked to higher-level transport management platforms, lower-level traffic management sub-platforms, public security operations integration platforms, etc. Systems have a range of features, such as process complexity, multiplicity of business systems, and fragmentation of clients. Data centres need to make every effort to ensure that business systems function properly.

1.3 难以确保数据源的质量

1.3 Difficulties in ensuring the quality of data sources

数据的质量主要是指数据的真实性或可信度，具体可以分为数据出处和数据失真两个层面。智慧交通应用的数据主要来自于系统中的传感器和监控等设备收集的数据，大数据中心需要高质量的数据源，而目前设备长时间运行的性能得不到保证，数据质量不高限制了智慧交通业务高水平的扩展应用。现代化的交通诱导和交通信号控制需要实时准确的交通流量数据以供进行交通状态判断以及短时交通预测使用。而由于目前系统健壮性不足，难以自行判断数据质量，从而使得交通诱导和信号控制系统不能发挥预期效用，最后影响了整体智慧交通系统的投资价值。

The quality of the data refers mainly to the authenticity or credibility of the data, which can be divided into the source of the data and the error of the data. The data for intelligent traffic applications are mainly derived from data collected by equipment such as sensors and surveillance in the system, the large data centres require high-quality data sources, while the performance of the current equipment for long periods of time is not assured, and the low quality of the data limits the high-level extension of intelligent traffic operations.

1.4 增加隐私泄露风险

1.4 Increased risk of privacy disclosure

巨量的交通数据包含了个人的一些敏感信息。这些数据集中的存储增加了泄露的风险。一旦遭到非法使用，这将引起重大后果。无论从道德层面还是法律层面来看，都将对许多牵涉的用户造成影响。另外，由于数据量较大，对敏感数据的所有权和使用权并没有界定的明确标准，许多基于大数据的分析并未考虑其中涉及的个人隐私安全问题。

Large amounts of traffic data contain sensitive information for individuals. The central storage of these data increases the risk of leakage.

1.5 增加信息安全风险

1.5 Increased information security risks

智慧交通中的大数据应用是利用道路和车辆等配置的前端设备进行交通数据采集，并从超大量数据中分析出价值信息的过程。智慧交通中大数据的收集、传输、存储、分析过程都是依靠云计算平台和互联网传输进行的，而这个过程便增加了信息安全的风险。一方面，大数据所包含的复杂、敏感数据会引起更多潜在的攻击。另一方面，由于大量数据汇集在一起，一旦黑客成功攻击就会引起大量敏感数据的泄露，造成巨大损失，增加风险率。而且由于黑客一次性可以得到更多数据，这相当于降低了黑客攻击的成本。此外，智慧交通中许多数据传输本身就是借助于移动智能设备的采集和传输，如果这些设备感染具有监控和数据收集功能的病毒，这些敏感信息一旦被利用，不法组织便可能追踪到个人的实时位置以及监控个人的行为习惯等其他机密，这将增加个人信息安全风险，提高安全事故风险等级。

Large data applications in intelligent traffic are the process of collecting traffic data using front-end equipment, such as roads and vehicles, and analysing value information from oversized data. Large data collection, transmission, storage, and analysis processes in intelligent traffic are based on cloud computing platforms and Internet transmissions, which increase the risk of information security. On the one hand, the complex and sensitive data contained in large data can lead to more potential attacks. On the other hand, because a large amount of data is brought together, when hackers successfully attack, they cause large amounts of sensitive data to be leaked, resulting in significant losses and increased risk rates.

1.6 威胁现有的存储和安防措施

1.6 Threatening existing storage and security measures

智慧交通系统应用大数据技术时，必然造成大量数据的汇集。如此巨量复杂的数据需要存储在更高安全管理标准的数据中心。由于原有交通系统中的数据存储中心很有可能并不符合规定，这便对现有的存储环境产生了威胁。另外，巨量的数据也会增加防护难度，影响现有安全防护措施的运行。安全防护手段更新升级的速度必须与数据增长的速度相匹配，一旦安全防护措施跟不上数据增长的速度，便会引起大数据安全防护漏洞。另外智慧交通系统是一个庞大的复杂系统，大数据应用需要各个子系统的衔接和配合。这必然需要许多工作人员共同参与，由于大数据包含许多非结构化数据，若使每位用户对应访问特定的信息子集，确保敏感信息的隔离，这便意味着需要保护数据的加密方案将会是一个新的挑战。数据的访问控制需要更谨慎，以确保用户只能访问授权其访问的数据。

In addition, large amounts of data can increase the difficulty of protection and affect the operation of existing security measures. Security upgrades must match the pace of data growth and create a large data security gap once security measures fail to keep pace with data growth. In addition, intelligent transport systems are a large and complex system, requiring the interconnection and alignment of various subsystems for large data applications. This will necessarily require the participation of many staff members, since large data contain many unstructured data, and since each user has access to a specific collection of information to ensure the separation of sensitive information, it will be a new challenge to secure data encryption programmes that require greater caution in data access control so as to ensure that users can only access the data that they are authorized to visit.

2 智慧交通中的大数据应用应对策略

2 Large data application response strategy in intelligent traffic

综上所述，对于智慧交通中大数据应用带来的各种挑战，应该从以下几个方面有针对性地、综合地加以解决。

In the light of the above, the challenges posed by large data applications in intelligent traffic should be addressed in a targeted and integrated manner in the following areas.

2.1 加强交通平台资源整合，推进数据标准化

2.1 Enhanced integration of transport platform resources and advancement of data standardization

交通系统是庞大而复杂的系统，且覆盖范围非常广，各个交通平台衔接度不够。为了解决大数据应用在智慧交通中的行业不统一问题，首先国家应该推出交通平台的标准化措施，规范每个交通平台的统一化布局，包括交通系统物理层的每一个硬件设施的标准化接口以及交通系统软件层的每一个信息系统的标准化接口，实现各个平台从硬件到软件的互联性和兼容性，进一步推动交通信息化体系综合化和立体化。这样才可以为智慧交通中的大数据应用提供资源共享综合平台。此外，在实现跨部门、跨地区的交通互联共享平台的基础上，我们应该进一步规范交通系统的数据标准化，构建数据标准化体系，实现综合交通平台的数据存储。

Transport systems are large and complex systems, with inadequate coverage and connectivity of various transport platforms. In order to address the problem of disharmony of industries with large data applications in intelligent traffic, the State should first introduce standardized measures for transport platforms, regulating the uniform layout of each transport platform, including standardized interfaces for each hardware facility in the physical layers of the transport system and for each information system in the software layers of the transport system, achieving connectivity and compatibility of the various platforms from hardware to software, and further promoting the integration and tectonicization of transport information systems. In order to provide an integrated platform for sharing resources for large data applications in intelligent traffic. Furthermore, on the basis of cross-sectoral and cross-regional transport interconnection platforms, we should further standardize the data standardization of the transport system, construct data standardization systems and achieve data storage on integrated transport platforms.

2.2 加强交通大数据应用基础设施建设

2.2 Strengthening transport infrastructure for large-scale data applications

基础设施对交通大数据的信息安全的影响不容忽视。基础设施作为智慧交通系统的物理层结构基础，一旦发生损坏或者出现问题，将很容易增加信息泄露或丢失的风险。因此，智慧交通中的基础设施建设至关重要，应该加强交通大数据应用基础设施建设[7]。加强交通大数据应用基础设施建设主要包括：及时对前端硬件设备进行更新和维护，应对智慧交通系统中的传输信息的网络线路以及传感器和监控等硬件设备进行定期的查验、维护和更新，严防因为基础设施的损坏或者老化等问题而造成信息数据的泄露或丢失；为了应对突发事件，智慧交通系统应该制定相对应的应急措施，以便当突发事件发生时，智慧交通系统能够保证继续安全和运行，从而确保信息数据的安全有效。

The impact of infrastructure on the information security of large traffic data cannot be ignored. Infrastructure, as the foundation of the physical layers of intelligent transport systems, can easily increase the risk of information being leaked or lost in the event of damage or problems. Infrastructure development in intelligent traffic is therefore essential, and the infrastructure for large traffic data applications [7] should be strengthened.

2.3 严格控制智慧交通中的数据真实度

2.3 Strict control of data authenticity in intelligent traffic

大数据技术上有一个普遍观点认为数据可以说明一切，数据自身就是事实。大数据的核心价值在于通过对数据的分析挖掘，提炼价值信息并提供预测以及决策。大数据应用价值是建立在真实可靠的数据基础上的，一旦系统采集的数据本身存在错误，那么经过分析挖掘的预测以及决策非但不存在价值，而且会因为错误的决策进而造成损失与危害。因此，智慧交通系统数据采集时，必须通过严格的监控措施以及测试手段确保数据的真实性和可靠性。从数据源头开始把关，一旦发现虚假或恶意数据便及时剔除，同时可以利用稳健统计以及对抗式机器学习等方法减轻数据恶意插入的后果。此外，在智慧交通系统的数据采集过程中，为确保传输过程中数据不失真，应该尽可能减少人为影响和干预。

The central value of big data applications is based on real and reliable data, and, if the data collected by the system are wrong, the excavated predictions and decisions not only do not have value, but also cause loss and harm as a result of the wrong decisions. Therefore, when data from intelligent transport systems are collected, the authenticity and reliability of data must be ensured through rigorous monitoring and testing. From the source of the data, when false or malicious data are discovered, the consequences of malicious data penetration can be mitigated by means of robust statistics and confrontational machine learning. Moreover, in the data collection process of intelligent transport systems, human influence and intervention should be minimized in order to ensure that data are not distorted during transmission.

2.4 加强智慧交通系统中的大数据管理

2.4 Strengthening big data management in intelligent transport systems

智慧交通系统中，除了在技术上保护大数据信息安全，安全管理制度也非常关键，它是确保智慧交通数据平台中的大数据信息安全的重要基础。只有使用科学的大数据管理方法，才可以从海量的交通数据中获得真正价值，提升智慧交通系统的效率，降低各种安全风险。加强智慧交通系统中的大数据管理具体可以从以下4个方面进行：

In addition to technologically protecting the security of big data information, the security management system is critical, and it is an important basis for ensuring the security of big data information in smart traffic data platforms. Only by using scientific big data management methods can a real value be gained from large volumes of traffic data, increasing the efficiency of smart traffic systems and reducing security risks.

2.4.1 完善智慧交通中的大数据资产管理

2.4.1 Improved management of big data assets in intelligent traffic

大数据作为智慧交通中的大数据应用的核心资产，许多安全问题都是在对数据进行管理的过程中。因此，在对其资产管理时，必须清楚定义数据元素，包含别名、格式以及其他特征标识；在对其进行描述时，必须列清该数据元素的信息来源和相关数据元素的其他信息；在对其使用信息的记录时，必须说明数据元素的产生和修改信息、访问历史记录、安全与访问控制信息等。

As a core asset for big data applications in intelligent traffic, many security issues are in the process of managing the data. Therefore, in the management of their assets, data elements must be clearly defined to include aliases, formats and other identifiers; when describing them, sources of information on the data elements and other information on relevant data elements must be included; and when recording the information they use, data elements must be described as generating and modifying information, accessing historical records, security and access control information, etc.

2.4.2 建立数据的安全系统

2.4.2 Establishment of data security systems

智慧交通数据中心的防护系统需要设立全面的安全防护，包括设立入侵检测系统、安全审计、防火墙、抵抗拒绝服务攻击、网络防病毒系统、流量整形和控制等措施。此外，智慧交通的数据中心还应该通过使用识别管理技术，加密技术并结合其他主动安全管理技术进行监测和控制交通数据从使用到迁移、停用的整个过程。

In addition, smart traffic data centres should monitor and control traffic data from use to migration and decommissioning through the use of identification management techniques, encryption techniques and other active security management techniques.

2.4.3 做好智慧交通中的大数据信息安全风险评估

2.4.3 Good risk assessment of the security of big data information in intelligent traffic

智慧交通系统中的数据类型繁多，不同类型的数据都有相对应的风险等级。作为智慧交通的大数据中心应该将其进行分类，划分不同的安全风险等级。只有这样，才可以加强安全防范，更加明确安全风险治理目标，降低智慧交通数据泄露风险。

There are many types of data in smart traffic systems, and there are corresponding risk levels for different types of data. As a big data centre for intelligent traffic, it should be classified and classified into different levels of security risk.

2.4.4 提高智慧交通系统的职员信息安全意识

2.4.4 Increased awareness of staff information security in intelligent transport systems

智慧交通系统的运行，除了大数据平台以及相关硬件设施之外还需要各个部门职员的配合，他们在智慧交通系统的数据安全中扮演着至关重要的角色。尤其作为大数据中心平台管理的职员更应该提高对数据安全威胁的辨别能力，知晓其所管理的数据的重要价值。同时，智慧交通建设的过程中，更应该积极对职员进行相关数据安全培训，提高职员在数据安全防护方面的知识水平和方法战略认识。

In addition to large data platforms and related hardware facilities, intelligent transport systems operate with the cooperation of staff from various sectors, who play a crucial role in data security in intelligent transport systems. In particular, staff members who manage large data centers should be more aware of the critical value of data security threats and the data they manage.

综上所述，面对智慧交通中大数据应用的挑战，应该从以下方面加强应对：完善智慧交通中的大数据资产管理，加强大数据基础设施的更新和维护，严格控制数据真实度，加强大数据管理。

In the light of the above, the challenge of large data applications in intelligent traffic needs to be strengthened by improving the management of big data in intelligent traffic, enhancing the updating and maintenance of large data infrastructures, strictly controlling data authenticity and strengthening large data management.

3 结束语

3 Concluding remarks

大数据在智慧交通中的应用从根本上缓解交通系统面临的压力问题的同时，也为智慧交通带来了挑战。面对这些挑战，需要各方面的综合作用，以加强交通平台资源整合，推进数据标准化为目标，以基础设施建设为基础，严格控制数据真实度，加强智慧交通系统中大数据管理。只有这样，智慧交通才可以为人们的出行提供更加便利、更加安全的条件。

The application of big data in intelligent traffic presents challenges to intelligent transport, while at the same time fundamentally alleviating the stress of the traffic system. Faced with these challenges, there is a need for an integrated role to strengthen the integration of transport platform resources, to promote data standardization, to build infrastructure, to strictly control data authenticity, and to strengthen the management of big data in intelligent transport systems.

参考文献：

References:

[1] 赵祥模，惠飞，史昕，等. 泛在交通信息服务系统的概念、架构与关键技术[J]. 交通运输工程学报，2014（4）：105-115.

[1] Zhao Xiangmue, Hui Fei, Shi Xi, etc. General concept, structure and key technology of the traffic information service [J]. Transport Engineering Journal, 2014(4): 105-115.

[2] 彭武雄，代义军，白帆. 城市交通大数据中心建设与展望[J]. 交通与运输（学术版），2015（1）：67-70.

[2] Peng Wuh-hyun, Acting Army, White sail. Construction and vision of the urban traffic data centre [J]. Transport and transport (academic version), 2015 (1): 67-70.

[3] 林祥兴，陈思恩，俞辉. 大数据多维度下的智慧交通[J]. 中外企业家，2015（4）：31-34.

[3] Lin Xiangxing, Chen Se-eun, Yu Hui, Wisdom Transport under Big Data Multidimensional [J]. Middle and External Entrepreneurs, 2015(4): 31-34.

[4] 王雅琼，杨云鹏，樊重俊. 智慧交通中的大数据应用研究[J]. 物流工程与管理，2015（5）：107-108.

[4] Wang Yajun, Yang Yunjun, Jin-joon. Big data application research in intelligent traffic [J]. Logistics engineering and management, 2015(5): 107-108.

[5] 唐要安. 大数据在交通中的应用[J]. 交通世界，2013（12）：126-127.

[5] Tang Bean. Big data application in traffic [J]. Transport World, 2013 (12): 126-127.

[6] 岳建明，林玳玳. 我国智能交通产业与物联网技术的融合与发展分析[J]. 生产力研究，2012（5）：166-167，175.

[6] Jianqing, Lin Jian, Analysis of the Integration and Development of the Smart Transport Industry and Materials Networking Technologies in our country [J]. Productivity Research, 2012(5): 166-167,175.

智能化风险防控篇7

摘 要：当前我国城镇职工基本医疗保险和商业保险都具有一定的风险，本文分析了基本医疗保险和商业保险所存在风险的原因，探究出目前我国城镇职工基本医疗保险和商业保险的风险防范措施以及策略。

Summary: This paper analyses the causes of the risks associated with basic health insurance and commercial insurance in our towns and cities and explores the current risk precautions and strategies for basic health insurance and commercial insurance in our towns and cities.

关键词 ：我国城镇职工 基本医疗保险 商业保险 风险防范

Keywords: Basic health insurance, commercial insurance, risk prevention for urban workers in our country

一、对目前我国城镇职工基本医疗保险的风险防范

Risk insurance for the basic health insurance of our urban employees at present

当前我国正处在新旧经济体制转换时期，建立新型的城镇职工基本医疗保险制度是深化改革、维护职工合法权益、保持社会安定和健康发展的“安全网”和“稳定器”。由于医疗保险资金的流失、不完善的医疗保障制度、较窄的医疗覆盖面以及较高的医疗水平等因素的影响，当前我国的城镇职工基本医疗保险存在着一定的风险，为此我们探究出应对我国城镇职工基本医疗保险所存在风险的防范对策。

At a time when the country is in the transition from the old to the new economic system, the establishment of a new type of basic health insurance system for urban workers is a “safety net” and a “stabilizer” that deepens reforms, preserves the legitimate rights and interests of workers, preserves social stability and healthy development. As a result of such factors as the loss of health insurance funds, inadequate health-care systems, narrower medical coverage and higher levels of health care, there are certain risks to basic health insurance for urban workers in the country, for which we have explored preventive responses to the risks associated with basic health insurance for urban workers in our country.

1.完善我国的医疗卫生体系和制度

1. Improving the health system and system in the country

在防范我国城镇职工基本医疗保险体系和制度的同时，我们也要完善我国的医疗卫生体系和制度，这样才能够更好地防范我国城镇职工基本医疗保险的风险。相关的医保机构和单位要有效地管理我国城镇职工医疗保险的基金，管理和控制医疗费用；重组以及优化实施基本医疗保险的机构，实现优势互补以及资源共享，将相关的医疗行为规范化；招标采购医院所需药品，减轻病患攀比的心理，进而防范我国城镇职工基本医疗保险的风险。

While preventing the basic health insurance system and system for our urban workers, we should also improve our health-care system and system so as to be able to better protect our urban workers from the risks of basic health insurance. The relevant health-care institutions and units are required to effectively manage the health insurance fund for our urban workers and to manage and control the costs of medical care; to restructure and optimize the system for the implementation of basic health insurance, to achieve complementarity and the sharing of resources, and to regularize the relevant medical behaviour; and to tender for medicines needed in hospitals to reduce the psychological risk of patient escalation, thereby preventing the risk of basic health insurance for our urban employees.

2.强化医疗保险资金的筹集和管理

2. Strengthening the mobilization and management of health insurance funds

现阶段，城镇职工基本医疗保障制度正在我国全面推行。在相关的调查研究中发现职工的工资与医疗保险筹资以及医疗保险基金总额存在着比较大的差距；城镇职工基本医疗保险的管理成本比较高、漏洞较多、协调性差而且机构规模大；大部分的医疗保险单位不重视了解和检查参保人员的医疗费用的相关情况，很多城镇职工在医疗费用发生时临时参保的现象非常的普遍。我们要强化医疗保险资金的审核，定期审计参保单位，大力宣传医疗保险的筹资政策，实现医疗保险的管理的经济化以及筹资的法制化，明确城镇职工的口径和薪酬总额，建设权责明确、精干以及高效的医疗保险机构，加强沟通和统一领导。

At this stage, the basic health-care system for urban workers is being implemented in the country. The relevant studies show that there is a relatively large gap between workers'wages and the financing of health insurance and the total amount of the health insurance fund; that there are relatively high costs of administering basic health insurance for urban workers, more gaps, poor coordination and the size of the institution; that most health-care units do not attach importance to understanding and examining the health-care costs of the participants; and that temporary participation of many urban workers in health-care costs is widespread. We need to strengthen the audit of health insurance funds, periodically audit the participation units, promote the policy of financing health insurance, promote the economicization of the administration of health insurance and the legalization of its financing, clarify the caliber and total remuneration of urban workers, build clear-cut, lean and efficient health-care institutions, and strengthen communication and unified leadership.

3.建立多层次、广覆盖以及低水平的城镇职工医疗保险

3. Establishment of multilevel, wide coverage and low-level urban workers'health insurance

当前我国处于社会主义发展的初级阶段，我国各个地区之间在经济发展水平、生活质量以及收入等方面存在着很大区别，因此，我们应该以满足医疗的市场需求为目标，建立多层次、广覆盖以及低水平的城镇职工医疗保险，很好地体现社会公共服务的效率和公平，防范我国城镇职工基本医疗保险的风险。一方面，我们要通过完善和建设公务员医疗补助以及医疗保险等城镇职工医疗保险，促使其能够很好地体现我国城镇职工基本医疗保险的多层次；另一方面，要扩充我国城镇职工的参保人数，尽最大努力保障低收入人群的医疗卫生，完善和建立基本医疗制度。

At a very early stage of the socialist development of our country, where there are significant differences in the level of economic development, quality of life and income among the various regions of the country, we should aim to meet the market demand for medical care by establishing multi-level, broad coverage and low-level health insurance for urban workers, which is a good reflection of the efficiency and equity of social public services and prevents the risk of basic health insurance for our urban workers. On the one hand, we will promote the improvement and construction of medical benefits for civil servants and health insurance for urban workers to enable them to properly reflect the multiple levels of basic health insurance for our urban workers; on the other hand, we should expand the participation of our urban workers, make every effort to guarantee health care for low-income populations and improve and establish a basic health-care system.

二、对目前我国城市职工商业保险的风险防范

Risk protection for the current commercial insurance of our urban workers

在商业医疗保险经营过程中，风险控制是关系到保险公司经营成败和生死存亡的关键问题，所以这一工作从一开始就受到各大保险公司的高度重视。目前在国内商业医疗保险的经营活动中，由于缺乏经验和数据积累，对医疗保险的风险因素知之甚少。我们要详细了解和分析目前我国城镇职工商业保险的风险因素，提出相应的商业风险防范策略。

In the course of commercial health insurance operations, risk control is a key issue for the success and survival of insurance companies, and this has been given high priority from the outset by the major insurance companies. There is currently little knowledge of the risk factors for health insurance in the country’s commercial health insurance operations, due to a lack of experience and data accumulation. We need to get a detailed picture and analysis of the current risk factors for commercial insurance for our urban workers and propose a corresponding business risk prevention strategy.

1.建设网络化的城镇职工商业保险服务

1. Building networked business insurance services for urban workers

控制商业医疗保险风险的决定性因素是医疗服务的提供者，因此，我们要建设网络化的城镇职工商业保险服务，促进医疗服务提供者与商业保险公司之间实现利益的共享，从而进一步加强提供者的控制风险意识，提高商业医疗保险的服务质量。

The determining factor in controlling the risks of commercial health insurance is the provider of health services, so we will build networked business insurance services for urban workers and promote benefit-sharing between health-care providers and commercial insurance companies, thereby further strengthening the risk-control awareness of providers and improving the quality of commercial health insurance services.

2.建设专业化以及智能化的商业保险信息管理系统

2. Building specialized and intelligent business insurance information management systems

医疗保险发展和经营的平台和基础是专业化和智能化的信息管理系统，这个信息管理系统是由手术代码库、疾病诊断、药品库、核算分析子系统、风险监控子系统以及医院网络管理子系统、自动理算核赔子系统、专家和自动核保子系统共同构成的，该商业保险信息管理系统处理理赔业务和承保业务的规模大、效率高，而且能够非常清晰地分析和统计商业保险所存在风险的因素。传统的商业保险信息管理系统主要是针对系统集成问题、人机界面问题以及业务流程问题等商业保险信息管理系统的共有问题而设计，但是，目前我国城镇职工的商业保险业务具有实时性、频繁性以及复杂性等特点，这就要求商业医疗保险的信息管理系统具有有效的管控性，能够处理复杂的业务流程，能够满足商业医疗保险的风险管控以及业务拓展的要求。我国在商业保险信息管理系统的专业化和智能化建设方面先进处在初步发展阶段，因此，我们在建设专业化和智能化商业保险信息管理系统的过程当中可以借鉴和吸收美国先进的技术和经验，促使我国的商业保险信息管理系统的快速良好的发展，进而减轻核赔以及核保业务人员的压力，推动“全国联保”商业医疗保险业务的发展。

The platform and foundation for the development and operation of health insurance is a specialized and intelligent information management system designed primarily to address the common problems of business information management systems such as systems integration, disease diagnosis, drug banks, accounting analysis subsystems, risk monitoring subsystems and hospital network management subsystems, automated accounting and compensation sub-systems, experts and automated nuclear insurance systems, which deal with claims and insurance operations on a large scale and with high efficiency and are able to analyse and account for the risks of business insurance with great clarity. The traditional business insurance information management system is designed to address the common problems of business information management systems, such as systems integration, human interface issues and business process issues. However, the current real-time, frequent and complex nature of the commercial insurance operations of our urban employees requires effective regulation of the commercial health insurance information management system, which is capable of handling complex business processes and meeting the risk management and business expansion requirements of commercial health insurance.

3.提高商业保险销售队伍和管理队伍的素质和水平

3. Improving the quality and level of the commercial insurance sales and management teams

医疗保险销售队伍和管理队伍的专业化素质和水平是其经营的关键所在，是医疗保险良好快速发展的奠基石。商业医疗保险具有较强的专业性，因此我们应该强化销售支持队伍、医疗管理队伍、理赔队伍、核保队伍、核算队伍以及精算队伍等队伍的专业技能和知识，提高商业保险销售队伍和管理队伍的素质和水平，从而进一步保证商业保险的业务质量和效率。

The quality and level of specialization of the health insurance sales team and management team are key to its operations and are the cornerstones of the good and rapid development of health insurance. Commercial health insurance is highly specialized, so we should strengthen the professional skills and knowledge of the sales support team, the medical management team, the compensation team, the nuclear insurance team, the accounting team and the actuarial team, and improve the quality and level of the commercial insurance sales team and the management team, thereby further ensuring the quality and efficiency of business insurance operations.

三、小结

III. Summary

商业医疗保险是现代社会保障体系的重要组成部分，在保障民生和提高居民生活质量方面发挥着重要的社会管理职能。作为公共服务的组成部分的城镇职工基本医疗保险，具有强制性和非盈利性。与我国城镇职工的基本医疗保险相比，当前我国城镇职工的商业保险报销的要求较少、报销比例较高，但是如果从长远的角度考虑的话，我国城镇职工基本医疗保险具有明显的优势，当然如果是一次性能够治好的疾病，商业保险相对比较的合算。因此，我国的城镇职工应该首先了解基本医疗保险和商业保险的风险，根据各自的条件选择适合自己的基本医疗保险或者商业保险，如果条件允许的话可以选择双保险。

Commercial health insurance is an important component of the modern social security system and plays an important social management role in ensuring the livelihood of the population and improving the quality of life of the population. Basic health insurance for urban workers, as part of public services, is compulsory and non-profit. Currently, the commercial insurance coverage of urban workers in our country is subject to fewer claims and higher rates of reimbursement than the basic health insurance for urban workers in our country. But, in the long term, the basic health insurance for urban workers has a clear advantage, although commercial insurance is relatively comparable if it is a one-off disease. Therefore, urban workers in our country should first be aware of the risks of basic health insurance and commercial insurance, be able to choose their own basic health insurance or commercial insurance according to their respective conditions, and can choose double insurance if conditions permit.

窗体底端

Bottom of Form

参考文献：

References:

[1]赵小苏 王永其 宋余庆 王建宏.我国城镇职工基本医疗保险的道德风险及其防范[J].《卫生经济研究》.2001年07期.

[1] Zhao Xiaosu Wangqi Yongqi Song Yuqing Wang Jianhong... the moral hazard of basic health insurance for our urban workers and its prevention [J]. Health Economics Study.

[2]陈滔 李良军 杨树勤.论商业医疗保险的风险控制[J].《保险研究》.2001年02期.

[2] Chen Tao, Li Liang Jun, Yang Liangqing... about risk control in commercial health insurance [J]. Insurance Research. 2001 No. 02.

[3]胡艳丽 叶子轶.论社会医疗保险与商业医疗保险的关系及衔接[J].《特区经济》.2013年12期.

[3] Ho-Yang Yip... on the relationship and linkage between social and commercial health insurance [J]. The economy of the HKSAR.

作者简介：

Author's Introduction:

王应成 (1979.07.01-)，男，汉族，安徽省六安市霍邱县人，中级经济师，大学本科，安徽医科大学医疗保险专业，研究方向：保险。

Wang Quezheng (1979.07.01-), male, Han ethnic group, Hocho District, Department of Anhui, Middle Economicist, University undergraduate, University of Anhui Medical Sciences, health insurance, research orientation: insurance.

智能化风险防控篇8

【关键词】个人信息安全；智慧城市；风险防范；去标识化

[keywords] Personal information security; smart cities; risk prevention; de-labelling

1引言

Introduction

智慧城市是互联网、云计算、物联网、大数据、人工智能等新一代信息技术支撑下的信息化表现形态，其全面整合城市的运营与管理数据，是由多个智慧应用系统有机组成的综合体。据统计，我国开展的智慧城市、信息惠民、信息消费等相关试点城市超过500个，超过89%的地级城市、47%的县级及以上城市均提出建设智慧城市。个人信息安全是数字经济得以发展的重要基础，随着大数据和人工智能技术的逐渐成熟及在智慧城市建设中的落地应用，将原本隐蔽在各个部门及行业的个人信息，如健康档案、财产信息、身份信息、行程信息等均浮现出来，这些信息如被非法获取和使用，将使城市居民的合法权益受到极大威胁。智慧城市安全体系建设需充分考虑个人信息安全防护，保障每个公民的隐私权、知情权、选择权、公平交易权、安全保障权等多项权益，保障整个社会利益和公共安全。

Smart cities are information-based manifestations supported by new-generation information technologies, such as the Internet, cloud computing, material networking, big data, artificial intelligence, and so forth, which integrates urban operations and management data in a comprehensive manner and is an organically integrated complex of intelligent applications. According to statistics, more than 500 pilot cities run by the country, such as smart cities, information-friendly people, information-consumptions, and more than 89% of local cities, 47% of county level and above, offer to build smart cities. Personal information security is an important basis for the development of the digital economy, safeguarding the interests of the whole society and public safety as large data and smart intelligence technologies mature and are deployed in the construction of intelligent cities, so that personal information, such as health files, property information, identity information, travel information, etc., are hidden in various sectors and industries, and if illegally obtained and used, will pose a great threat to the legitimate rights and interests of urban residents.

2背景及现状

Background and current situation

2.1个人信息安全背景

2.1 Personal information security background

近年来，个人信息安全问题受到社会关注，商家人脸识别、简历大数据、专坑老年人的手机“清理”软件、搜索引擎及浏览器虚假医药广告等一系列触目惊心的隐私侵犯违法违规行为被曝光。个人信息泄露、买卖、精准诈骗的黑色产业链已经形成，数字经济时代，“信息”成为宝贵的社会资源，如何加强个人信息保护已成为当前亟待解决的痛点。在今年两会期间，多位委员提出加强公民信息保护等个人信息安全方面的建议和提案，认为当前迫切需要加强个人信息数据应用的整治工作，要严格落实现有相关法规及标准，要加快完善对应的法律制度建设，进一步加强监管和执法，对侵犯个人隐私与个人信息安全的行为要严厉打击和惩处，要采取一系列措施加快构建个人信息安全的“防火墙”，让个人信息安全、让社会公众满意。

In recent years, the issue of personal information security has come to the attention of society, with a series of alarming violations of privacy, such as face-to-face identification, curriculum profile data, mobile phone “cleaning” software for high-profile elderly people, search engines and false pharmaceutical advertising by browsers exposed. A black industry chain of personal information leaks, sales, precision frauds has been formed, “information” has become a valuable social resource in the digital economy, and the protection of personal information has become an acute pain. During this year's two sessions, several commissioners have made proposals and proposals to strengthen personal information security, such as citizen information protection, and consider it urgent to strengthen the reform of personal information data applications, to enforce the relevant existing regulations and standards, to speed up the development of corresponding legal systems, to strengthen regulation and enforcement, to combat and punish violations of personal privacy and personal information security, and to take a series of measures to accelerate the construction of a “wall” for personal information security, to make personal information secure and to the satisfaction of the public.

2.2智慧城市安全体系现状

2.2 Status of intelligent urban safety systems

早在2019年，《信息安全技术智慧城市安全体系体系框架》推荐性国家标准就已经，将智慧城市分为物联感知层、网络通信层、计算与存储层、数据及服务融合层、智慧应用层[1]，并提出在智慧城市安全体系的建设中，各层需应对与防范的各类信息安全风险和威胁，要与智慧城市同时设计、同时建设和同时运营。本文从ICT技术视角，梳理当前智慧城市安全防护体系各层对应的安全技术及产品，并将各层统一于智慧城市安全基础支撑体系（见图1）。智慧城市的安全防护体系集成了各层安全技术及产品，基础安全支撑底座构建了一个信息安全监测管理与应急响应工作支撑的基础平台，实现对智慧城市各节点与出口、各应用及系统的全方位基础安全防护和监测，进行日志等数据采集，形成大数据分析，满足对整个智慧城市进行安全防护及监测的需要。

As early as 2019, the Recommended National Standard of the Framework for the Smart Urban Safety System of Information Security Technology divided the intelligent cities into the senses layer, the network communications layer, the computing and storage layer, the data and services integration layer, the intelligent applications layer[1] and proposed that, in the construction of the intelligent urban safety system, the various types of information security risks and threats that need to be addressed and prevented should be designed, built and operated simultaneously with the intelligent cities. From the perspective of the ICT technology, the current intelligent urban safety protection system should be synthesized into secure technologies and products corresponding to the different layers of the intelligent urban safety protection system, and that the intelligent city safety protection system should be integrated into the security technologies and products of each layer. The basic safety support base should be built to provide a platform for information security management and emergency response support, enabling the full-scale safety protection and monitoring of intelligent cities and exports, applications and systems, collecting data such as logs, and generating large data analysis to meet the need for safety and monitoring of intelligent cities as a whole.

3需求及挑战

3 Needs and challenges

3.1法规标准规范

3.1 Regulatory normative norms

目前《个人信息保护法(草案)》已提请全国人大常委会审议，这意味着该法即将颁布和实施，对于规范机构依法依规采集、使用个人信息，将起到非常重要的作用，对个人敏感信息的处理规则、国家机关处理个人信息的特别规定、个人信息跨境提供的规则等都进行了明确约定，对公民个人信息的权利和义务进行了阐述。同时，针对互联网App对个人信息的采集，在国家互联网信息办公室的统筹指导下，工业和信息化部会同公安部、市场监管总局下发了《移动互联网应用程序个人信息保护管理暂行规定（征求意见稿）》，规定中明确了“知情同意”和“最小必要”两项重要原则，约定凡是在境内开展App个人信息处理活动均应遵守，个人信息处理指移动智能终端中运行的应用程序收集、存储、使用、加工、传输个人信息的各种活动，强调了App个人信息处理活动应当采用合法、正当方式，不得通过欺骗、误导等方式处理。2020年10月起正式实施的推荐性国家标准《信息安全技术个人信息安全规范》被评为2020年中国网络安全大事件，其中明确了个人信息安全的“最小化”和“告知同意”等基本原则，对个人信息的收集、存储、使用、共享及转让公开等进行了规范性要求[2]，对个人信息主体的权力也进行了说明。

The draft Law on the Protection of Personal Information is currently before the Standing Committee of the National People's Congress for consideration, which means that it will be promulgated and implemented in the near future and will play a very important role in regulating the collection and use of personal information by the regulatory bodies in accordance with the law. The rules governing the handling of sensitive information by individuals, the special rules governing the handling of personal information by State bodies, and the rules governing the cross-border provision of personal information are clearly agreed upon, and the rights and obligations of citizens regarding personal information are elaborated. In addition, the activities of the Ministry of Industry and Informationization, under the overall guidance of the National Internet Information Office, with the Ministry of Public Security and the Directorate General of Market Supervision, concerning the collection, storage, processing and transmission of personal information on the Internet, the temporary regulations for the protection of personal information on mobile Internet applications (advisory drafts), which specify the two important principles of “the informed consent” and “the minimum requirements for the security of personal information” that have been formally implemented in October 2020.

3.2面临问题

3.2 Faced with Problems

智慧城市给城市居民生活带来便利的同时，也增加了国家及个人信息泄露的风险。由于智慧城市应用中采集了大量的国家基础设施、政务、行业等数据，如果基础设施数据被其他国家获取并进行分析，将会对国家安全、社会安全以及个人信息安全产生巨大危害。智慧城市中的个人信息数据安全挑战主要来自数据采集、数据传输、数据存储、数据使用等方面。个人信息的采集：智慧城市的感知层像触手一样延伸到城市的每一个角落，平安城市、雪亮工程中的各种摄像头；公路及高速公路的各种卡口；无处不在的运营商无线网络；办理政务时个人证件信息；酒店住宿的登记信息；各种手机APP等等，移动互联网和物联网技术的发展，使得各种感知设备也越来越普及，采集个人信息变得越来越容易和方便，这些感知设备的安全运行和采集行为本身的合法性，迫切需要进一步明确。个人信息的传输：智慧城市的传输层随着5G和物联网的加速推进，更多的智慧应用应运而生，感知层所采集的个人信息的传输，也面临前所未有的挑战。除5G网络本身的安全之外，在数据的传输上也需基于新的应用场景，在传统的认证、加密等技术手段之外，采用更多技术措施，防止在传输过程中被泄露、窃取、篡改、伪造等。个人信息的存储：在各信息系统的“烟囱”形态下，个人信息一直隐藏在各个信息系统中，而智慧城市的大数据中心会将这些信息进行集中和整合，这将使个人信息不再分散，通过关联分析，原来隐藏的个人信息将无所遁形，大数据技术的落地应用，将使个人信息的存储面临更多困难，大数据本身的安全至关重要。个人信息的使用：智慧城市的应用层将大数据分析获得的信息转换为知识，并将知识与信息技术融合起来，应用到各行各业，形成各类智慧应用，如政务、交通、能源、医疗、金融、环保等，在个人信息的使用中，需要防止“大数据杀熟”等过度消费个人信息的行为，同时需要基于不同应用场景进行分级分类，需要不同程度的个人信息。除以上个人信息生命周期环节外，在加工、公开、销毁等方面，也面临较多安全问题，因此，智慧城市的安全体系建设，需要在个人信息安全方面，进行统一规划和设计，充分考虑新一代信息技术带来的个人信息安全问题。

While intelligent cities facilitate the lives of urban residents, they also increase the risk of leakage of national and personal information. As a result of intelligent city applications, large amounts of national infrastructure, government, industry, etc. are collected, and if infrastructure data are captured and analysed in other countries, the national security, social security, and personal information security will be greatly jeopardized. The challenges of personal information security in intelligent cities lie mainly in data collection, data transmission, data storage, data use. The acquisition of personal information: the knowledge layers of intelligent cities extend to every corner of cities as they touch, the security headboards of the snowworks, the various headboards of the technology of the snowworks; the need for personal data transfer; the need to prevent the loss of knowledge of the knowledge of the roads and highways; the need for wireless network of the ubiquitous; the development of personal documentation of hotel accommodations; the development of mobile Internet and physical networking technologies; the growing availability of knowledge equipment, the acquisition of information of the cities; the need for the security of the information of the people; the need for the use of the information technology; and the need for the security of the information of the technology of the — the — the — technology — the — the — the — the — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — — —

4安全风险与防范方案

4 Security risk and preparedness programme

在智慧城市运行过程中，城市民生等数据被采集、传输、存储、使用、处理、归档等，其来源众多、数据量巨大、数据增长速度快，需有效管控与防范信息安全风险，完备的个人信息安全防护手段是智慧城市安全体系建设中非常重要的一环图1智慧城市安全防护体系（见图2）

During the operation of smart cities, data such as urban livelihoods are collected, transmitted, stored, used, processed, archived, etc., from a wide variety of sources, large amounts of data, fast data growth, effective control and protection against information security risks, and adequate means of personal information security protection is the smart urban safety protection system of the smart urban safety system (see figure 2), which is a very important link to the construction of smart urban safety systems.

4.1健全智慧城市安全体系

4.1 A sound urban safety system

在感知层，需防控在用户不知情情况下，通过感知终端窃取个人隐私信息，并从中获益；在网络层，需加强个人信息的完整性、实用性和信息传输过程的保密性，规避网络威胁或黑客威胁；在数据层，需防范各种应用及用户的越权行为或隐私泄露等危险，因智慧城市信息高度的集中和关联，个人隐私信息的泄露甚至可能会引发巨大的社会利益损失；在应用层，应遵循高度相关和紧密连接的个人信息和更加智能的数据分析方法，提供更加智能的用户个性化服务，积极防控各种影响个人信息安全的问题。

At the perception level, it is necessary to guard against the theft of personal privacy information without the knowledge of the user and to benefit from it; at the network level, it is necessary to enhance the integrity, usefulness and confidentiality of personal information and the transmission of information, avoiding cyber or hacker threats; at the data level, it is necessary to guard against applications and risks such as ultra vires behaviour or disclosure of privacy by the user, which may even lead to significant loss of social benefits due to the high concentration and association of intelligent urban information; at the application level, it is important to follow highly relevant and closely connected personal information and more intelligent data analysis methods, to provide more intelligent user personalization services and to actively control problems affecting personal information security.

4.2个人信息去标识化

4.2 De-labelling of personal information

我国当前个人信息保护主要围绕“告知同意”原则，2020年1月，全国信息安全标准化技术委员会了《信息安全技术个人信息告知同意指南（征求意见稿）》，是个人信息领域最为重要的国家标准之一。今年4月12日，全国信息安全标准化技术委员会《信息安全技术个人信息去标识化效果分级评估规范》征求意见稿，就《个人信息保护法(草案)》对个人信息处理者提出了应采取相应的加密、去标识化等安全技术措施的说明，重点提出了个人信息标识度分级和评定方法，规范中根据重标识（把去标识化的数据集重新关联到原始个人信息主体的过程）的风险从高到低，将个人信息标识度分为四级，在保护个人信息安全的前提下促进数据的共享使用，细化个人信息不同分级的安全措施。已知的去标识化技术和方法包括变换、匿名模型及数据评估等，目前主流应用的是变换技术及方法，即用变换后的数据代替原有的数据，达到一定的个人信息保护效果，常用的变换方法包括屏蔽、随机、泛化、加密等。

On 12 April of this year, the National Technical Committee for the Standardization of Information was consulted on the Guidelines for the Notification of Consent to Personal Information Technologies, which are among the most important national standards in the field of personal information. The National Technical Committee for the Standardization of Information was asked for comments on the Guidelines for the Evaluation of the Effects of De-labelization of Personal Information on Personal Information Technologies, which set out a description of the measures to be taken by individual information handlers of the Personal Information Protection Law (draft), with emphasis on methods for the classification and evaluation of personal information, such as encryption, de-labelling and data evaluation. The norms are based on the high-level and low-level risk of marking (the process of re-linking de-labelling data sets into original personal information subjects), the marking of personal information is divided into four levels, the sharing of data is promoted in the context of protecting personal information security, and security measures at different levels of personal information are refined. The known techniques and methods of de-labelling include transformation, anonymous models and data assessment.

4.3整合区块链技术

4.3 Integration block chain technology

区块链技术的发展逐渐成熟，为个人信息安全防护提供了新的技术手段，区块链本质上是不可篡改的分散式交易数据库，确保任何人都不能修改之前的交易记录。将BAAS能力集成在智慧城市安全体系中，可以作为可追溯、不可篡改的信任机制，将个人信息的采集、授权、访问等行为数据上链，可大大缓解人民群众对于智慧城市数据的隐私安全保护方面的忧虑。目前，在感知设备接入、认证授权、个体信息控制、追溯等方面，已有多个国家政府及企业尝试采用区块链技术，比如，在政府的各个部门数据共享场景中，采用数据上链方式，可以促进“以个人为中心”的汇聚意愿以及个体对数据使用的话语权，能够激活更多围绕个人的智慧城市应用场景。

The progressive development of block chain technology provides new technical tools for personal information security protection. Block chains are inherently unmanageable decentralized transactional databases that ensure that no one can modify the record of previous transactions. The integration of BAAS capabilities into intelligent urban safety systems can serve as a retroactive, non-changeable confidence-building mechanism for personal information gathering, authorization, access, etc., that can significantly alleviate the concerns of the population about privacy and security protection of intelligent urban data. At present, several governments and enterprises have tried to use block chain technology in terms of perceived equipment access, authentication, individual information control, traceability, for example, in data sharing across government sectors, using a data chain approach that promotes a “personal-centred” convergence and individual rights to the use of data, and can activate more intelligent urban applications around individuals.

4.4定期开展个人信息安全影响评估

4.4 Conduct periodic personal information security impact assessments

《信息安全技术个人信息安全影响评估指南》中指出，个人信息安全影响评估针对个人信息处理活动，检验其合法合规程度，判断其对个人信息主体合法权益造成损害的各种风险，以及评估用于保护个人信息主体的各项措施有效性的过程。影响评估旨在发现、处置和持续监控个人信息处理过程中对个人信息主体合法权益造成不利影响的风险，能够加强对个人信息主体权益的保护，有利于组织展示其保护个人信息安全的努力，提升透明度，增进个人信息主体对其的信任。根据《信息安全技术个人信息安全规范》及行业惯例，组织应当在隐私政策中披露个人信息保护有关措施。其中一个重要的保护措施，就是向用户公示个人信息风险评估报告的内容，让用户充分了解个人信息的风险程度和建议[3]。在智慧城市的安全体系中，包含安全风险评估工作，需增加个人信息安全的评估内容，并在风险评估报告中予以体现。个人信息风险评估工作可融合在现有智慧城市风险评估工作中，主要过程可包括：①建立完整的个人信息风险评估流程，与各智慧应用就何时评估、评估什么等进行协同，并为各智慧应用提供评估流程的培训；②建立个人信息风险分级评估程序，与各智慧应用共同确定组织相关数据，在不同的场景下采取何种评估程序和模型，从成本及效率的角度综合考虑；③明确个人信息风险评估组织，可采用自身组织评估及第三方评估的方式，由安全小组统一管理；④通过积累评估经验，确立符合智慧城市各智慧应用特点的个人信息风险评估指标体系。

An impact assessment is designed to identify, dispose of and continuously monitor risks that adversely affect the legitimate rights and interests of individual information subjects in the processing of personal information. It will enhance the protection of personal information subjects by enabling the organization to demonstrate its efforts to protect personal information security, enhance transparency and enhance the confidence of individual information subjects. In accordance with the Code for the Security of Personal Information Technologies and industry practices, the organization should disclose in its privacy policy the risks to the legitimate rights and interests of individual information subjects, as well as the process of assessing the effectiveness of measures for personal information protection. One important protection measure is to inform users of the contents of the personal information risk assessment report, to give them a full understanding of the risk levels and recommendations for individual information subjects. [3] In a secure city system, it will include a safety risk assessment exercise that will increase the content of personal information security assessments, which will be reflected in the risk assessment report. The personal information risk assessment exercise could be integrated with existing smart city risk assessment exercises and industry practices that would allow for the assessment of individual intelligence profiles and the assessment of the efficiency of individual risk assessment from the point of each risk assessment;

5结语

5 Concluding remarks

加强数据安全管理是促进数字经济发展不可或缺的内容，Google、苹果、华为等头部系统集成厂商，纷纷了自己的隐私保护白皮书，强调自己的隐私保护技术。智慧城市的安全体系需要顺应大势，做好个人信息安全风险防控，防止违规收集、获取、使用个人信息，要充分考虑相关法规和标准规范要求，分析智慧应用和个人信息数据安全独特之处，理顺与数据和应用之间的关系，在确保个人信息安全的同时，保证智慧应用价值的实现；同时，积极推进智慧城市数据分级与去标识化，确保各部门在开放和共享数据时，确保数据安全和公民个人隐私安全。

Enhancing data security management is an indispensable element of promoting digital economic development. Google, Apple, and Hua, the top-level system integration company, has made its own white paper on privacy protection, emphasizing its own privacy protection techniques. Smart city security systems need to be responsive, protect against personal information security risks, prevent irregular collection, access and use of personal information, take full account of relevant regulatory and standard requirements, analyse the uniqueness of intellectual applications and personal information data security, rationalize the relationship with data and applications, and ensure the realization of the value of intellectual applications while ensuring personal information security; and, at the same time, actively promote the classification and de-labelling of intelligent city data to ensure that data security and the privacy of citizens are open and shared across sectors.

参考文献

References

[1]GB/T37971-2019.信息安全技术智慧城市安全体系框架[S].

[1] GB/T37971-2019. Framework for an intelligent urban safety system for information security technologies [S].

[2]GB/T39335-2020.信息安全技术个人信息安全影响评估指南[S].

[2] GB/T39335-2020. Guide to Personal Information Security Impact Assessment for Information Security Technologies [S].

[3]GB/T35273-2020.信息安全技术个人信息安全规范[S].图2个人信息数据生命周期安全142.

[3] GB/T35273-2020. Code of Personal Information Security for Information Security Technologies [S]. Figure 2 Personal Information Data Life Cycle Security 142.