1. Carry out data security work situation report
According to the Bureau to convey the spirit of the notice issued, and my office on the information system to do a good job of safety and security instructions, the leadership of the office attaches great importance to and immediately organize the relevant sections and personnel to carry out the whole range of information system security check work. Now in accordance with the requirements of the notice reported as follows:
(a) security system construction.
According to the Division's information system construction program, the Division in 20xx on the development of the market for the computer network and information work related to the management of regulations and methods. Clearly to the leadership of the Division as the competent leadership, the Office of the Division as a link, the establishment of the information section for the implementation of the backbone of the system construction and maintenance of the pyramid-type information security management model. As early as in the Market Division set up a full-time network management section and set up a full-time staff, responsible for the trading floor and the affiliated office building of the information technology construction and network security management and equipment maintenance work. Specifically responsible for the personnel are professional and technical personnel, currently has 2 people were responsible for the intranet and extranet and equipment protection work, of which 1 person in accordance with the unified requirements of the city of full-time network security training, and in accordance with the requirements of the signing of a confidentiality agreement, has been in the relevant government departments for the record. Basic network security work system and work mechanism have been developed to standardize the information network security management work. The information management personnel are able to carry out their work in strict accordance with the confidentiality responsibility system and information reporting management methods. In view of the current and future information security work, the leadership of the Division attaches great importance to actively organizing and arranging the information security work, taking into account the past experience of security work and the development trend in the coming period. In the future work, the market will continue to strict system, strict requirements, rigorous management, serious work, to ensure the security of information systems, stable operation, and resolutely implement the "whoever manages who is responsible, whoever runs who is responsible, whoever uses who is responsible for" management principles.
(B) the implementation of security measures.
1, in order to minimize the occurrence of information security incidents, I have set up the corresponding network protection measures to firewalls and anti-virus software as the core of the intranet network servers and the entire LAN security to provide protection. At the same time, we outsourced services in the form of a professional company with a high level of professionalism, to further strengthen the construction of the extranet security management measures, on the whole, to improve the internal and external network security performance of my office.
2, where I work with all the computers in accordance with the network security isolation system requirements for implementation, while the key computer antivirus software upgrades and patch repair, regularly change the account and password of the server, the server application and service vulnerabilities to do the organization and repair.
3, to ensure that professionals are on call 24 hours a day, any state of affairs that may jeopardize the security of information can be a timely response, effective treatment.
(3) Emergency response mechanism construction.
Our office has already done the basic work of dual hot standby for intranet data and regular backup of extranet data, and the staff is skilled in data disaster recovery. For possible major information security incidents, we are fully capable of handling them quickly and properly. In response to the spirit of this notice, our office is ready to continue to strengthen the information security system construction and education, from top to bottom to continue to strengthen the awareness of information security work, correct the attitude of information security work, serious information security work discipline, and strictly enforced.
(D) security education and training.
Our office has repeatedly carried out education and training on information security for staff, with a senior information management engineer (CIO) 1. For ordinary staff to master information technology management skills for the purpose of regular theoretical learning and practical operation ability training, which constantly improve the security awareness and skills of all staff.
(E) After the information system security self-inspection, information security weaknesses and loopholes are mainly reflected in the following aspects:
1, part of the core switching equipment aging there are security risks, many devices have been used for more than 8 years.
2, the system is still deficient in the existence of the background maintenance and front business there is a certain cross, which does not meet the most basic requirements of information security work.
3, part of the computer antivirus software virus database can not be updated in a timely manner.
4, part of the website system for various reasons there are still website security vulnerabilities. For the work of the above deficiencies, we will implement the solution as soon as possible. After self-correction, we have not yet violated the information security provisions of the behavior and the leakage of confidentiality accidents.
2. Carry out data security work report
According to the "on the city's key areas of network and information security check in 20xx notice" (Hong Gongxin word 20xx177) the spirit of the document, the leadership of the Bureau attaches great importance to the immediate organization of the Bureau-wide information system security check work. . In accordance with the "Chinese People's *** and the State Regulations on the Security Protection of Computer Information Systems", "xx municipal government information system security inspection guidelines," the requirements of the Bureau of government website information security management seriously organize self-checks, is now reported as follows:
Since the operation of the information system of the Bureau of information technology, can be in strict accordance with the requirements of the higher authorities, and actively improve the various security systems, and fully strengthen the information technology security personnel Education and training, the full implementation of security precautions, to protect the information security work funds, information security risks have been effectively reduced, emergency response capacity has been effectively improved to ensure the continued safe and stable operation of government information systems.
First, the implementation of information security system
1, the establishment of management organizations. I set up a leading group of information security and confidentiality management in 20xx, and adjusted in 20xx, the director of the xx as head, deputy researcher xx is responsible for the management of information security work. Heads of departments and offices as members, the office is located in the bureau office, set up a person responsible for dealing with the daily work.
2, the establishment of information security system. I specifically formulated the information technology work related rules and regulations, information technology work management, internal computer security management, computer and network equipment management, data, data and information security management, network security management, computer operator management, website content management, website maintenance responsibilities and other aspects of the detailed provisions to further standardize the Bureau of information security management. And this year, the information security system has been revised to improve the system to ensure that the government information system security measures.
Second, the daily information security management
1, in the process of information collection and uploading, unified coordination by the Office of the various offices, subordinate units of the information reported to the Bureau of the Office of the Bureau of the Office of the Office of the Bureau of the review and then uploaded the information released to ensure that the information uploaded the accuracy of the security, the decision to implement the "whoever is in charge of responsible for who is responsible for whoever is responsible for running, whoever uses who is responsible for The management principle of "who is in charge, who is responsible, who is responsible for the use of who is responsible" is implemented.
2, I strictly send and receive documents, improve the inventory, sorting, numbering, signing system, and require information managers to regularly carry out a full backup of the system.
3, I Bureau of each classified computer using independent intranet management, not in contact with the outside network, firewalls, antivirus software, etc. are domestic products, document processing software specific use of Microsoft's office system, Kingsoft WPS system, information systems, third-party outsourcing of services are domestic companies.
4, in order to ensure that the Bureau's network information security work effectively and smoothly, the Bureau requires each section, subordinate units as a unit to seriously organize the study of relevant laws, regulations and network information security knowledge, so that all staff can correctly understand the importance of information security work, can master the requirements of the provisions of the safe use of computers, are able to correctly use the computer network and various types of information systems. All staff signed the "network information security book".
Third, the implementation of security precautions
1, the composition of my bureau's network system and its configuration is reasonable, and in line with the relevant security regulations; network using a variety of hardware equipment, software and network interfaces are also over the safety inspection, identification and qualification before being put into use since the installation of the basic normal operation.
2, I implement the leadership review and signature system. All uploaded information on the website, must be reviewed and signed by the relevant leaders before uploading; to carry out regular security checks, mainly on SQL injection attacks, cross-site scripting attacks, weak passwords, operating system patch installation, application patch installation, anti-virus software installation and upgrading, Trojan horse virus detection, port openings, the opening of the system management privileges, open access privileges, web page tampering and so on. The system security diary is being carefully done.
3, the Bureau effectively grasp the intranet, extranet, website and application software "five-layer management", to ensure that "classified computers do not access the Internet, access to the computer is not classified", in strict accordance with the confidentiality requirements to deal with the management, maintenance and destruction of CD-ROMs, hard disk drives, USB flash drives, mobile hard drives and other Management, maintenance and destruction. Focusing on the "three major security" investigation: first, hardware security, including lightning protection, fire prevention, anti-theft and power connection, etc.; second, network security, including network structure, security log management, password management, IP management, Internet behavior management, etc.; and third, application security, including website, resource library management, software management, etc.. Classified computers are managed by specialized personnel. Official documents, finance, personnel and other systems have a person in charge of management.
3. Carry out data security work report
I opened the xxx district medical insurance network website in May 20xx. Which opened the medical insurance dynamic, public affairs, policies and regulations, office guide and other columns, by a person responsible for updating and maintenance. Up to now, 302 pieces of information of various types have been updated. Since the opening of the website, I am responsible for the information network section, the masses concerned about the policy, system and commonly used forms are uploaded to the website, and actively carry out online office, online Q&A and other interactive exchanges for the designated medical institutions and insured persons in understanding the policy, for matters such as providing a fast and efficient way.
First, computer information management
This year, I have strengthened the organization and leadership, strengthened publicity and education, the implementation of the responsibility to strengthen the day-to-day supervision and inspection, the management of classified computers in the hands. For the management of computer magnetic media (floppy disk, U disk, mobile hard disk, etc.), to take a person to keep, classified documents stored separately, is strictly prohibited to carry the existence of classified content of the magnetic media to the Internet computer processing, storage, transmission and processing of documents, the formation of a good security and confidentiality of the environment. Classified computers (including laptops) implemented with the Internet and other public **** information network physical isolation, and in accordance with the relevant provisions of the implementation of confidentiality measures, so far, there has not been a computer loss of confidentiality, leakage of accidents; other non-classified computers (including laptops) and the use of the network, but also in strict accordance with the Bureau's computer confidentiality information system management approach to the implementation of the relevant measures, to ensure that the organ Information security.
Second, computer information network security
1, is the network security. I was equipped with anti-virus software, network isolation card, the use of strong password password, database storage backup, mobile storage device management, data encryption and other security measures, a clear responsibility for network security, strengthened network security work.
2, is the implementation of information systems security leadership review and approval system. All uploaded information on the website, must be reviewed and signed by the office before uploading; second is to carry out regular security checks, mainly on SQL injection attacks, cross-site scripting attacks, weak passwords, operating system patch installation, application patch installation, anti-virus software installation and upgrading, Trojan horse virus detection, port openings, system management rights openings, openings of access privileges, web page tampering and so on. The system security diary is being carefully done.
3, is the daily management of the effective grasp of the extranet, website and application software "five-layer management", to ensure that "classified computers and business networks do not access the Internet, access to the computer is not classified", in strict accordance with the confidentiality requirements to deal with CD-ROM, hard disk, U disk, mobile hard disk management, maintenance, repair, and so on. The management, maintenance and destruction of CD-ROMs, hard disks, USB flash drives and removable hard disks are handled in strict accordance with confidentiality requirements. Focus on the "three major security" investigation: First, hardware security, including lightning, fire, theft and power connection; Second, network security, including network structure, security log management, password management, IP management, Internet behavior management; Third, application security, including websites, mail systems, resource library management, software management.
Third, the operation and maintenance of hardware equipment
I installed anti-virus software in each terminal, the application of system-related equipment has been taken to standardize the management of the use of hardware equipment in line with the relevant national product quality and safety regulations, the operating environment of the unit hardware in line with the requirements of the basic use of printer accessories, ribbon holders, etc., the original equipment products; since this year, the Bureau has actively implemented Network security special funds, equipped with network security hardware equipment, upgrade application servers, strengthen network security measures, at present, the website system is safe and effective, there is no security risks.
I Bureau of computer and its equipment to implement the "who uses, who manages, who is responsible for" management system. In terms of management, we adhere to the "system of control". The second is to strengthen the information security education and improve the computer skills of the staff. At the same time in the Bureau to carry out network security knowledge propaganda, so that all cadres and workers and end-users y understand the importance of information network security, to improve the conscientious maintenance of network security applications consciously and security awareness. In terms of equipment maintenance, I specifically set up a network equipment failure register, computer maintenance and repair table for equipment failure and maintenance of the situation is registered, and timely processing. Foreign maintenance personnel, required to be accompanied by relevant personnel, and its identity and processing of registration, standardize the maintenance and management of equipment.
Fourth, the development and implementation of security systems
I Bureau of website security requirements, one is the use of exclusive access to password lock login background; two is to upload files in advance for the detection of pathogens; three is the site sub-module sub-privilege maintenance, regular into the background to clean up the garbage files; four is the website update is responsible for special people. In order to ensure computer network security, the implementation of the network administrator system, computer security and confidentiality system, website security management system, network information security emergencies contingency plan in order to effectively improve the efficiency of the administrator's work. At the same time, I combined with their own situation to develop a computer system security self-check system, information systems, information systems, internal control system, information systems, such as emergency response plan and other management systems, to do four to ensure that: First, the system administrator on Fridays to regularly check the center's computer systems to ensure that there are no hidden problems; the second is to make a record of the work of the security check to ensure that the work is carried out; third is the implementation of the leadership of the system of regular inquiries by the system administrator report Computer use, to ensure that the situation at any time; Fourth, the regular organization of the whole bureau to learn about network knowledge, improve the level of computer use, to ensure that the prevention.
V. Self-examination of existing problems and corrective comments
We found some management weaknesses in the management process, the future we have to improve in the following areas.
(a) For the line is not neat, exposed, immediately rectify the line for a limited period of time, and do a good job of rodent-proof, fire safety.
(ii) Strengthen equipment maintenance, timely replacement and maintenance of faulty equipment.
(c) Self-inspection found that individual personnel computer security awareness is not strong. In the future, we will continue to strengthen the computer security awareness education and preventive skills training, so that employees fully realize the seriousness of computer cases. The combination of human defense and technical defense, really do a good job of the unit's network security.
4. Carry out data security work situation report
Government information systems since the operation of the Bureau in strict accordance with the requirements of the higher authorities, and actively improve the security system, fully strengthen the information technology security staff education and training, the full implementation of security precautions, and fully guarantee the funding of information security work, information security Risks have been effectively reduced, emergency response capability has been effectively improved to ensure the continued safe and stable operation of government information systems.
First, the basic situation
From 20xx, in order to ensure the smooth implementation of information technology work, the Bureau has invested more than 100,000 yuan, for the subordinate units, the Bureau of each unit to purchase information technology office computers, at the same time, in each unit to determine an information manager, specifically responsible for uploading information to the Bureau of the Information Center and the computer's day-to-day maintenance, so far, the Bureau has 24 information technology office computers, the information technology work of the Bureau, the information security staff training, comprehensive preventive measures, and fully guarantee the information security work funds. As of now, the Bureau has 24 office computers for information technology work, 16 information officers, of which, one departmental information officer.
Second, the operation of the information security system
First, strengthen leadership, clear division of responsibility. Established by the Secretary as the head of the Bureau of Discipline Inspection Secretary as deputy head of the Bureau of Discipline Inspection Secretary as members of the leading group, the leading group set up an office, the Secretary of the Bureau of Discipline Inspection Secretary as the director of the office, and arranged for two comrades with extensive knowledge of computers and a strong sense of responsibility for office members, specifically responsible for the work of security and maintenance. Sound organization, clear division of labor for the government information system has laid a solid foundation for safe operation. Second, actively establish a sound information dissemination system. In the process of information collection and uploading, unified coordination by the Office of the Leading Group of Information Technology Work, each unit and subordinate units of the information reported to the Bureau Office, the Office of the Bureau of the upload password in possession of the comrades unified collection of information reported to the leaders in charge of the audit, and finally uploaded the information released, thus ensuring the accuracy and security of the uploading of information. Third, constantly increase the security work of capital investment, last year to date, has invested funds of more than 30,000 yuan, the purchase of genuine Rising Star antivirus software, ordering nearly ten books of professional protection. Fourth, the special formulation of the "information technology work rules and regulations," the management of information technology work, internal computer security management, computer and network equipment management, data, data and information security management, network security management, computer operator management, website content management, website maintenance responsibilities and other aspects have been made in detail, to further standardize the Bureau's information security management. Fifth, in addition to requiring computer management personnel to actively participate in the county information office organized by the computer security technology training, quarterly arrangements for information personnel to Xi'an, Xianyang and other places for learning and training, and effectively improve the security awareness of information technology personnel and the ability to maintain system security, and promote the normal operation of the Bureau's information network system. Sixth, the establishment of duty system, by the technical staff of the website information monitoring and management, to put an end to reactionary, cults, and other harmful information, so far, often no harmful information invasion events, network operation is stable and safe. Seven is a timely update of the system and software, important documents, information resources to achieve timely backup, data recovery.
Third, there are shortcomings
First, fewer professional and technical personnel, information systems security can be invested in limited strength; second, the initial establishment of rules and regulations, but is not perfect, and fails to cover all aspects of information systems security; third, encountered computer virus attacks and other emergencies are not dealt with in a timely manner.
Fourth, the direction of rectification
First, we must further expand the computer security knowledge of the training surface, in addition to the departmental information officer training, but also regularly organize subordinate units of information officer training. If necessary, the graduating freshmen in colleges and universities can be recruited relevant professionals.
Secondly, we must effectively strengthen the implementation of information security system, the establishment of information security inspectors and supervisors, from time to time on the implementation of the security system to check for slow action, poor implementation, resulting in adverse consequences of the units and individuals, we must seriously pursue the responsibility of the relevant responsible person, so as to enhance the awareness of the personnel security protection.
Third, the system as a fundamental, in further improving the information security system at the same time, the arrangement of specialized personnel, improve the facilities, close monitoring, at any time and place to solve the possible information system security incidents.
5. Carry out data security work situation report
In accordance with the state confidentiality related laws and regulations and xxx, xx and xx and other higher departments of the relevant confidentiality requirements, xxxx (hereinafter referred to as xxx) to carry out the relevant confidentiality work, the situation is now reported as follows:
a. Basic situation
At present, the center's daily office desktop computers **** there are 29, which involves the confidentiality of 4 computers (are not online), 18 computers on the Internet, not online 7. Notebook computer 14.
In accordance with the management requirements, the station network room and integrated room is responsible for computer, network security management, the development of relevant confidentiality and Internet management regulations and other rules and regulations, regular or irregular confidentiality checks, for the implementation of physical isolation measures for confidentiality computers, desktop computers, sub-departmental management of the use of; laptop computers in accordance with the use of the use of categorized management, by the station network room The computer is managed and maintained in a unified manner, and a registration system is adopted for its use and return.
In order to strengthen confidentiality and information security, the Center also purchased hardware firewalls and network security protection software at the end of 20xx, basically solving the problem of network attacks and viruses, Trojan horse hacker software in the local area network spread.
Second, there are problems
Center, despite the system to continuously improve the management requirements, and strengthen the investment in hardware and equipment, but there is still a big gap from the full realization of information security monitoring and protection.
(a) computer, network equipment is not enough
According to the nature of the work of the center staff and the number of personnel, there is a serious shortage of computers in the center, encountered in the centralized overtime, the need for interdepartmental transfers to use a large number of public computers caused by the management of the difficulties of data information confidentiality, security and prevention of viruses, Trojan horses there is a big problem through the USB flash drive and other mobile media dissemination. Trojan horses, viruses occur from time to time, although the network protection software can be detected and processed in a timely manner, but the lack of anti-scanning detection aspects of the security control equipment, potential threats are difficult to find, hidden danger still exists.
(b) management level and quality of personnel to be improved
As more computer users, computers are not dedicated to the use of computers, often resulting in damage to the system or poor operation, to the management staff to bring a lot of problems, and the center does not have a specialized computer professionals, is part-time work, professional and technical level is limited, the level of management and the quality of personnel need to be improved.
(C) serious shortage of funds
In accordance with the management requirements, most of the center's computers should be separated from the internal and external networks, but due to insufficient funds, each year in accordance with the budget can only basically meet the needs of the computer update, talk about complementary and meet the needs of the work. In the network, the annual firewall and network protection software are faced with the need to invest in funding for version, virus database update.
(D) the lack of confidentiality software and equipment
computer hard disk damage needs to be replaced, there is no special degaussing equipment to deal with the hard disk. In addition, according to management requirements, some reports need to be transmitted remotely, but the lack of a unified special encryption software, sent through the public network there are security risks.
Third, the next step of the work plan
According to the above problems, I xxx plan to increase the budget for computer and network security in the future work, while arranging for the training of relevant personnel, the purchase of relevant equipment and software, and I hope to get the strong support of the xx bureau and xxx.