从高速公路经营性集团财务信息系统安全管理角度对财务信息系统安全进行研究。首先,根据财务业务管理要求,提出了财务信息安全五点目标,即系统的正常运行、系统数据的机密性和完整性、系统的可审查性和数据库的安全性。然后,阐述了财务信息安全的六点原则,包括全生命周期安全原则、技术的先进性和适用性原则、系统效率和安全性平衡原则、最小权限原则、专人专岗原则和多级审核原则。最后,根据信息安全管理目标和原则,分别从权限安全管理、账户安全管理和数据库安全管理三个方面制定出了相关的信息安全管理策略。 Study on the safety of financial information system from the point of view of the safety management of financial information system of expressway operating group. First of all, according to the requirement of financial business management, five goals of financial information security are proposed, that is, the normal operation of the system, the confidentiality and integrity of the system data, the reviewability of the system and the security of the database. Then, it expounds six principles of financial information security, including the principles of life cycle safety, advanced technology and applicability of technology, balance of system efficiency and security, the principle of least privilege, the principle of special post and the principle of multilevel auditing. Finally, based on the objectives and principles of information security management, the related information security management strategies are formulated respectively from the three aspects of rights security management, account security management and database security management.