This plan adheres to the principle of "unified leadership, coordination, clear responsibility, regulate according to the law, the combination of sections, integration of resources, prevention, strengthening monitoring". It applies to network and information security emergencies that may occur in the computer room of the Information Technology Management Center.
The Information Technology Management Center set up an information technology security team as a permanent institution of the Information Technology Management Center. Emergency team leader: Feng Liqiang; deputy leader: Guo Yongming; members: Li Songyang, Song Zhiheng.
I. Emergency Plan for Prevention and Control of Water Leakage in Computer Room
(1) After the occurrence of water leakage in the computer room, the first witness should immediately notify the network and informationization security team.
(2) If water leakage occurs in the air-conditioning system, the faulty air-conditioner should be stopped immediately, the water in the server room should be removed and the equipment supplier should be contacted in time to deal with the situation, and the server can be cooled down temporarily with an electric fan if necessary.
(3) If the wall or window leakage of water, you should immediately notify the head office, remove the water in a timely manner, wall or window repair, to avoid unnecessary losses.
Two, equipment theft or man-made damage incident emergency plan
1) the occurrence of equipment theft or man-made damage to equipment, the user or manager should immediately report to the information technology security team, while protecting the scene.
(2) After receiving the report, the information security team will notify the security department and the public security department to verify and validate the scene together, inventory the stolen materials or check the human damage, and make the necessary image records and text records.
(3) The parties involved in the incident should actively cooperate with the public security departments to conduct investigations and report the situation to the information security team.
(4) The informationization security team held a meeting to discuss the situation, and when the situation is serious, it should be reported to the relevant leaders of the Group Head Office for further processing decisions.
Three, the server room for a long time power outage contingency plan
Received a long time power outage notice, it should be promptly released through the website or telephone notification of power outage notices, requiring intranet users to stop the office before the power outage, to save the data and shut down the computer normally. As the central computer room UPS power supply design time is 2 hours, so after a power outage of 1 hour and 50 minutes, should be turned off all the equipment in the computer room.
Four, communication network failure emergency plan
1) After the occurrence of communication network failure, computer operators should inform the information security team in a timely manner, and notify the responsible personnel to deal with.
(2) information technology network managers and the person in charge of timely identification of the location of communication network failure, or to inform the relevant communication network operators, requesting assistance in identifying the cause, at the same time, isolation of the faulty area, cut off the faulty area and the server's network connection.
(3) The system administrator, in conjunction with telecommunications technicians or responsible personnel to detect the fault area, gradually restore the fault area and the server network connection, restore the communications network to ensure normal operation.
(4) Can not respond in time or can not solve the network failure, the system administrator should contact the IT operation and maintenance outsourcing provider to solve the problem.
(5) The relevant responsible person is responsible for writing a failure analysis report and reporting it to the IT security team for review.
V. Emergency Plan for Undesirable Information and Network Virus Incidents
(1) When discovering undesirable information or network viruses, the network administrator shall immediately disconnect the network cable, terminate the dissemination of undesirable information or network viruses, and inform the Information Technology Security Team.
(2) After receiving the report, the information technology security team should immediately notify all computer users in the LAN of anti-virus methods, isolate the network, and instruct each computer operator to carry out anti-virus processing until the network is in a safe state.
(3) the bad information to further trace the source, without the consent of the relevant leaders, unauthorized release of information, resulting in adverse effects and violating the law, the transfer of law enforcement agencies to pursue legal responsibility.
(4) When the situation is serious, it should be immediately reported to the relevant leaders of the Group Headquarter to take countermeasures.
Six, computer software system failure emergency plan
1) computer software system failure, computer operators to immediately save the data, and stop the use of the computer applications.
(2) by the head of the department will report the situation to the information technology security team, shall not be unauthorized processing.
(3) The leading group of information technology security quickly dispatched technicians to deal with the situation, if necessary, the hard disk should be backed up.
(4) In the case of trying to keep the original data safe, the computer system is repaired.
VII. Emergency Plan for Hacker Attacks
(1) When it is found that the network has been illegally invaded, the content of the web page has been tampered with, the data on the application server has been illegally copied, modified, or deleted, or when it is found through the intrusion detection system that there is a hacker who is carrying out an attack, the user or administrator should disconnect from the network, and report to the information technology security team immediately.
(2) Upon receiving the report, the information technology security team should immediately shut down the network, block or delete the compromised login account, and block the access of suspicious users to the network.
(3) Clean up the system, restore data and programs in time, and try to restore the system and network to normal; in case of serious situation, it should report to the relevant leaders of the group headquarter immediately to take countermeasures.
VIII. Emergency plan for hardware failure of equipment in server room
(1) After the hardware failure of equipment in server room, the leading group of informatization security shall immediately determine the faulty equipment and the cause of the failure, and carry out the first disposal.
(2) If the faulty equipment can not be repaired in a short period of time, the backup equipment should be activated to keep the system running normally; the faulty equipment should be disconnected from the network and troubleshooting work should be carried out.
(3) After troubleshooting, replace the backup equipment during the idle period of the network; if the fault still exists, immediately contact the relevant vendor for repair, and carefully fill in the equipment failure report form for inspection.
Nine, emergency response
Information technology network emergencies occur, the relevant personnel should be reported to the information technology security team within five minutes, the emergency response team to organize personnel to carry out pre-emptive treatment. Major incidents should be reported to the relevant leaders of the group head office.
Ten, aftermath
After the end of the emergency disposal work, the information technology security team to organize the relevant personnel and technical experts to form an incident investigation team, the cause of the incident, the nature of the incident, the impact of the consequences of responsibility and emergency response capabilities, restoration and reconstruction of the issue of a comprehensive investigation and assessment, to sum up the lessons learned and rectification of the existence of hidden organizations, restore normal working order.
Xi, emergency communications security
Information technology security team to ensure that all personnel 24 hours a day communication.
XII, equipment security
Should set aside a certain number of information network hardware and software equipment, designate a person to keep and maintain.
Thirteen, data security
Important information systems should be set up to ensure that important data can be restored in an emergency after the damage.
XIV, team security
Select the Department of familiar with the unit's hardware and software systems as an emergency information network emergencies emergency support unit, to provide technical support and services.
Fifteen, publicity
The information technology security team should be organized to carry out company-wide information technology network security education, to improve information technology security awareness and ability to prevent.
XVI, training boutique document, you should look forward to
The information technology security team shall organize and carry out information technology network security training to improve the emergency response capability of information technology network events.
XVII, the plan exercise
Network and information technology security team should be organized to arrange drills, through the drills to find the emergency response system and the working mechanism of the problems, and constantly improve the emergency response plan, improve emergency response capabilities.
More about the engineering/service/procurement category of the tender writing production, to enhance the winning rate, you can click on the bottom of the official website customer service free consultation:/#/?source=bdzd