Part I to carry out network and information security inspection work self-inspection report
According to the "on the forwarding of the notice on the work of network security inspection in 20xx Lu'an City > notice" (District Xuanzheng [20xx] 23) requirements, Tsubaki Township Party Committee, the government attaches great importance to and quickly carry out Inspection work, now the inspection is summarized in the report as follows:
First, the establishment of a leading group
In order to further strengthen the safety management of network information systems, the town set up a leading group of network information work, the mayor of the town as the leader of the deputy secretary in charge of the deputy leader of the office set up under the office, so that the division of labor is clear, the responsibility of the specific to the person, to ensure the smooth implementation of the work of network information security.
Second, the status of network security
At present, my town **** have 32 computers, are using firewalls to protect the network, and installed antivirus software to prevent and control viruses on the town's computers.
Third, network security management measures
In order to do a good job of information technology construction, standardize the government information technology management, the town specially formulated "Tsubaki town network security management system", "Tsubaki town network information security protection work program", "Tsubaki town virus detection and network security vulnerability detection system" and a number of other systems, the management of information technology work, internal computer security management, computer
For the computer confidentiality work, the town formulated the "Tsubaki town town information release audit, registration system", "Tsubaki town emergency response plan for sudden information network events" and other related systems, and regularly organize all the information on the website, did not find information related to security and confidentiality content; and network security team members signed the "Tsubaki town network information security management responsibility", to ensure that the computer The use of "who use, who is responsible for"; the town intranet generated data and information for strict, standardized management, and timely archiving backup; in addition, the town-wide organization of relevant computer security technology training, and carry out targeted "network information security
Fourth, the network security deficiencies and corrective measures
At present, the town network security still exists in the following deficiencies:
First, the security awareness is relatively weak; the second is the virus monitoring capacity needs to be improved; the third is the management of the use of mobile storage media is not standardized enough; the fourth is the encounter of malicious attacks, computer viruses invasion of emergencies such as the ability to deal with the lack of
The current situation is that the virus monitoring capability needs to be improved.
At present, the town of network security deficiencies, the following corrective actions:
1, to further strengthen the network security team members of the computer operating technology, network security technology training, to strengthen the computer operators on the network viruses, information security threats to the preventive awareness, to do early discovery, early reporting, early processing.
2, strengthen the cadres and workers in computer technology, network technology learning, and constantly improve the level of computer technology of the cadres.
Part II to carry out network and information security inspection work self-inspection report
According to the "Hengyang Municipal People's Government Office on the city's key areas of network and information security inspection of the spirit of the notice", September 10, by the city of the Office of Electricity and Government to take the lead in organizing the city's government information system to carry out the work of self-inspection. The situation of self-inspection is as follows:
First, the network and information security self-inspection work organization
September 10 onwards, led by the municipal e-government office of the city's current units of network and information security for a comprehensive survey, the survey work to the units of self-inspection, the municipal e-government office of the sampling as a complementary way to carry out. The focus of the self-investigation includes: the Office of the central computer room network overhaul, the party government portal network maintenance password protection upgrade, the municipal units of information systems operation mapping survey, the municipal units of the client virus detection, the municipal units of the network data traffic monitoring and data analysis.
Second, the work of information security
Through the first half of the e-government office and the efforts of the units, the city's network and information security in the network has mainly completed the following work:
1, all access to the city's e-government network of the system is strictly in accordance with the norms for the implementation of the Office of the Changning City, according to the "Changning City, the party and government portal information dissemination and review system," the Changning City, the city's network and information security emergency plan," the "Changning City, the Party and Government Portal". According to the "Changning Party and Government Portal Information Release Audit System", "Changning City Network and Information Security Emergency Response Plan", "Changning City Party and Government Portal Duty Reading System" and other system requirements, the Office regularly organizes and carries out safety inspections to ensure that all security measures are in place.
2, the organization of information security training. For the municipal government departments and information security technicians to carry out site penetration attacks and protection, virus principles and protection and other special training to improve the information security skills.
3, strengthen the party and government portal inspection. Regularly conduct external web security checks on the websites of various departments, issue security risk scanning reports, and assist and urge relevant departments to carry out security reinforcement.
4, to do a good job in the important period of information security. Take a series of effective measures, the implementation of 24-hour duty system and the security of the daily system, and key departments to sign a letter of information security, strengthen the real-time monitoring of Internet export access to ensure that the information system security during the XX General Assembly.
Third, the main problems found in the self-examination and the analysis of the threats faced
Through this self-examination, we also found that there are still some problems:
1, some of the units are not enough to improve the rules and regulations, and failed to cover all aspects of information systems security.
2, a few units of staff security awareness is not strong enough, the daily operation and maintenance of the management of the lack of initiative and self-consciousness, in the rules and regulations of the implementation of laxity, operation is not standardized.
3, there is a computer virus infection, especially U disk, mobile hard disk and other mobile storage devices can not be ignored.
4, insufficient investment in information security funding, risk assessment, level of protection needs to be strengthened.
5, information security management personnel information security knowledge and skills are insufficient, mainly relying on the strength of external security services company.
Fourth, improvement measures and rectification results
In the careful analysis, self-examination of the previous units of self-checking work on the basis of September 12, my office deployed three comrades to form an inspection team, part of the municipal organs of the security of the important information systems to carry out random checks. The inspection team *** scanned 18 units of the portal, using a combination of automatic and manual security checks on 15 important business system servers, 46 clients, 10 switches and 10 firewalls.
The inspection team conscientiously implemented the concept of "inspection is service", and in accordance with the requirements of the "Notice of the Office of the People's Government of Hengyang Municipality on the City's Key Areas of Network and Information Security Inspection", the inspection team carried out a detailed and considerate security inspection of the units sampled, and provided a comprehensive security risk assessment service, which was welcomed and recognized by the service units. It was welcomed and recognized by the service units. The inspection went from verification of self-inspection to implementation of management system, from external security scanning of websites to security testing of important business systems, and from overall network security assessment to field survey of physical environment of server rooms, to comprehensively understand the current status of information security of each unit, discover some security problems, timely eliminate some security risks, put forward targeted rectification suggestions, and urge the relevant units to earnestly implement the rectification in accordance with the report. Through the information security inspection, so that the units to further improve the ideological understanding, improve the security management system, strengthen the security precautions, the implementation of security issues ` rectification, the city's security capabilities significantly improved.
V. Opinions and recommendations on strengthening information security
For the above problems found, the city actively rectify, the main measures are:
1, against the "Hengyang Municipal People's Government Office on the city's key areas of network and information security inspection notice" requirements, requiring each unit to further improve the rules and regulations, the system will be put into place.
2, continue to increase the security education and training of all staff of the organization, improve information security skills, take the initiative and consciously do a good job of security.
3, strengthen the information security checks, urge the units to put the security system, security measures in place, for leading to adverse consequences of the security incident responsible for the person to be seriously held accountable.
4, continue to improve information security facilities, close monitoring, monitoring of e-government networks, from the border protection, access control, intrusion detection, behavioral auditing, anti-virus protection, website protection and other aspects of the establishment of a full range of security protection system.
5, increase the promotion of emergency management, in the city's information security officer team on the basis of the formation of an emergency support technology team, strengthen interdepartmental collaboration, improve the emergency response plan, do a good job of emergency drills, to minimize the impact of security incidents.
Part III to carry out network and information security inspection work self-inspection report
According to the county government office "xx County People's Government Office forwarded to the County Economic and Information Technology Commission on the development of information network security special inspection of the work program and the Anhui Provincial Government's website security incident information reporting system notice" (x government office [20xx ] No. 140) of the spirit of the document, I attach great importance to the Bureau, seriously organize the relevant personnel of my office network system to carry out a comprehensive inspection, is now the inspection of the situation reported as follows:
First, self-checking the situation
(a) the implementation of the organization of the information network security.
The establishment of the county health bureau information network security work leading group, the Secretary as head, deputy director of the division as deputy head, the main person in charge of the medical and health units as members, and set up a full-time information security officer, so that the division of labor is clear, the responsibility of a person.
(ii) the establishment and implementation of information network security management rules and regulations.
In order to ensure the safety of information networks, the Bureau has implemented a network administrator system, computer security and confidentiality system, network security management system, network information security emergencies and emergency response plan to effectively improve the efficiency of managers. At the same time, the Bureau combined with its own situation to develop a network information security self-check system, to do four ensure: First, the information security officer on Fridays to regularly check the unit's computer system, to ensure that there is no hidden problem; Second, the development of security checking records to ensure the implementation of the work; Third, the implementation of the leadership of the system of regular inquiries by the information security officer to report on the use of computers, to ensure that the situation at any time to grasp; Fourth, the organization of the whole bureau on a regular basis to learn network knowledge, improve computer use The fourth is to regularly organize the whole bureau to learn network knowledge, improve the level of computer use, and strengthen the security precautions.
(C) the implementation of technical precautions.
First, the development of network information security contingency plan, and with the deepening of the degree of information technology, combined with the actual situation of the Bureau, and constantly improve; Second, the strict receipt and distribution of documents to improve the inventory, sorting, numbering, signing system, and require strict management of the information manager; Third, the timely updating of the system and software, important documents, information resources to do timely backup, data recovery; Fourth, the computer by a professional company fixed point, the computer is the only one of its kind in the world. Fourth, the computer by a professional company designated for maintenance, and agreed to give emergency technical support, important systems are government-specified products system; Fifth, classified computers after the confidentiality of the technical inspection, and the installation of firewalls. At the same time, professional anti-virus software has been installed to strengthen the effectiveness of anti-tampering, anti-virus, anti-attack, anti-paralysis, anti-disclosure and other aspects. Professional antivirus software for mobile storage devices has been installed. Sixth, classified computers are equipped with power-on passwords, which are kept by specialized personnel. At the same time, classified computers are not shared with other computers. On the important server applications, services, ports and links have been security checks and reinforcement processing.
(D) the implementation of computer information system security cases, incident reporting system.
Strictly in accordance with the "Anhui Provincial Government's website security incident information reporting system" requirements, by the full-time staff to the relevant departments in a timely manner.
(E) harmful information to stop and prevent the situation.
Up to now, it has not been found that the portal of the Bureau and the open platform of government information dissemination of inappropriate political statements and other harmful information, and arrange for information security personnel to regularly browse the inspection, timely detection of problems. Strengthen the information security publicity and education of the health system staff to improve information security awareness and emergency response capabilities.
(F) Party and government organs confidentiality.
Developed the county health bureau computer and network confidentiality management system. Office system of information management staff is responsible for confidentiality management, password management, the computer enjoys independent use, computer user name and boot password for its proprietary, and the provisions of the strict prohibition of leakage.
(VII) important information systems level protection work.
In accordance with the relevant requirements of the national information security level protection, a comprehensive health system information system rating, filing and evaluation work, the problems found in a timely manner to rectify. Each unit of the unit's information system for grading, more than two information systems for the record procedures, more than three information systems to carry out information security level assessment, according to the results of the assessment, does not meet the requirements of the rectification program has been formulated to rectify and strengthen the day-to-day supervision and inspection of information systems security level protection work.
Second, there are problems
According to the "Notice" of the specific requirements, in the process of self-examination also found some shortcomings, one is less information management technology personnel, information systems security can be invested in the power is limited; two is the initial establishment of rules and regulations, but is not perfect, failed to cover all aspects of the information system security; three is the individual workers confidentiality awareness is not high enough to strengthen the awareness of prevention; four is the encounter of the security level protection of the information system. Preventive consciousness; Fourth, encountered computer virus attacks and other emergencies are not timely.
Third, corrective measures
For the above self-examination of the hidden dangers and deficiencies found, in order to further strengthen the information network system security, should be centered on the information system security comprehensive governance of the work objectives, focusing on improving the rules and regulations, and enriching the technical means of work, and conscientiously carry out corrective work.
(a) Strengthen the construction of emergency response mechanism. Develop a thorough emergency response plan, strengthen the construction of emergency technical support team, seriously do a good job in emergency drills, major information security incident disposal, important data and business system backup and other work, to ensure that the information system is safe and normal operation.
(ii) Strengthening system security. First, the system as a fundamental, in further improving the information security system at the same time, the arrangement of specialized personnel, improve the facilities, close monitoring, at any time and place to solve the possible security incidents of information systems; Second, from time to time on the implementation of the security system to check, for the responsibility of leading to undesirable consequences of the responsible person, we must seriously investigate the responsibility to enhance the awareness of the personnel security protection.
(C) Strengthen information security education and training. It is recommended that information security technology training courses be held to provide centralized training for information security management personnel in order to enhance the awareness of security precautions and response capabilities, and further improve the level of security management of government information systems.
(d) Strengthen the security awareness education for unit cadres. Strengthen the security awareness education of the cadres of the organization, improve the initiative and conscientiousness to do a good job of security, and enhance the awareness of computer information system security prevention and confidentiality.