Network security management is people can be safe online, so what are the relevant regulations? Below I give you information about network security management regulations, I hope to help you.
Network security management regulations
Network security regulations In order to ensure the safety of my unit's computer information network, according to the "Chinese People's Republic of China *** and the State Information System Security Protection Regulations", "Chinese People's Republic of China *** and the State Computer Information Network International Networking Management Interim Provisions" and the Qinhuangdao Municipal Party Committee, the Municipal Bureau of Confidentiality on the - The relevant provisions, combined with the use of computer information networks in my unit, has developed this approach.
First, computer information network security and confidentiality management work under the leadership of the Committee on Secrecy, Network Information Center (referred to as "Network Center"), the implementation of the work of responsibility and accountability. The main party and government departments for the unit's information network security and confidentiality of the responsible person, signed -, responsible for the unit's network information security and confidentiality management.
Second, the network center and networking departments of the weak room is a computer information network of the key departments, must be responsible for by a person, a variety of equipment, technical parameters by the network center is responsible for, in order to ensure the safe operation of the information network. Anyone else may not move the network equipment, unauthorized modification of the technical parameters of the equipment.
Third, the network center as a unit of network management, responsible for unit LAN planning, construction, application development, operation and maintenance and user management. Unit network computer IP address to take with the physical address of the computer card tied together by the network center unified management, the network center will have a computer IP address and its physical address of the computer card tied together and the computer user's situation for the record. Proposed network units and networking individuals should download the application form to the network center, fill out the unit after the leadership review and signature, and sign the appropriate networking security confidentiality statement of responsibility for the network center is responsible for the installation and commissioning. After the user network is normal, the password is managed and changed by the unit or individual. Unauthorized access to the unit LAN is strictly prohibited.
Fourth, the network units and networking individuals must accept the unit's relevant functions of supervision and inspection, and the unit to take the necessary measures to cooperate. Unit home page content and news and other information services such as news station by the designated functions responsible for the maintenance and services, not authorized by any unit or individual can not change its content.
Fifth, in the unit network to start OA and other public information service system units, should be in accordance with the provisions of the network center for registration procedures, and to the unit confidentiality committee for the record. Approved the establishment of the public information service system should be in accordance with relevant national requirements to technically safeguard the "review before posting", should also set up the appropriate administrator and management system. Relevant systems include:
(1) security and protection of technical measures;
(2) information release audit and registration system;
(3) information monitoring, preservation, clearing and backup system;
(4) undesirable information reporting and assistance in investigating and dealing with the system;
(5) management personnel job responsibility system. Without permission, any unit or individual in the network shall not open BBS and other public information service system.
Six, all units and individuals on the network should consciously abide by the relevant provisions of computer information network security. Not allowed to carry out any interference with network users, damage to network services and network equipment activities; not allowed to enter the unauthorized use of computer systems through the network; not to use network resources in an untrue identity; not to steal other people's accounts, passwords to use the network resources; not to steal without legal application for an IP address into the network; not without the permission of the unit shall not be opened to the secondary agent, no one shall not change the IP address without authorization. The settings.
VII. It is prohibited to download any software on the Internet without confirming its security, and the use of pirated software and game software is strictly prohibited. Any unit or individual shall not utilize the personal e-mail address assigned by the unit to register information on the public network, shall not visit malicious websites and unhealthy websites, and shall not open unfamiliar e-mails at will.
VIII, the network system of all software are not allowed to privately copy out to other units or individuals, violators will be seriously dealt with.
IX, strictly prohibit the arbitrary use of floppy disks and U disk, CD-ROM and other storage media, such as work needs, foreign floppy disks and U disk, CD-ROM must not be networked on a single machine to check for viruses, to confirm that there is no virus before the Internet use. Private use of the virus caused by the infringement of the responsibility of the parties to be held accountable.
X. It is strictly prohibited to disseminate computer viruses by any means and media, for the dissemination and infection of computer viruses, depending on the severity of the case, to give appropriate sanctions. Manufacture of viruses or modify the virus program made to give serious treatment.
XI, the discovery of viruses, should be timely isolation of virus-infected equipment, the situation is serious Times relevant departments and timely and appropriate treatment. Real-time anti-virus monitoring, anti-virus software and virus code to do a good job of intelligent upgrading.
XII, should pay attention to the protection of network data and information security, for the key data stored in the database, as well as the key application system should be made data backup.
xiii. No one shall use the network to engage in activities that jeopardize national security and leak state secrets. No one shall access, copy and disseminate information that hinders social security and harms public morals. Violation of the provisions of this management, and one of the following acts, the network center can be warned to stop their use of the network, the circumstances are serious, submitted to the administrative department or the relevant judicial departments to deal with.
1, access, production, download, copy, publish and disseminate or otherwise use information containing:
(1) incitement to resist or undermine the implementation of the Constitution and national laws and administrative regulations;
(2) incitement to subvert state power, undermine the unity of the country and national unity, and overthrow the socialist system;
(3) fabrication or distortion of facts, deliberately spread rumors, disturbing the social order;
(4) blatant insults to others or fabrication of facts to slander others;
(5) promoting feudal superstitions, obscenity, pornography, violence, murder, terrorism, abetting crime;
(6) spreading the "" cult speech and so on.
2, destruction, theft of information resources in the computer network and jeopardize computer network security activities.
3, theft of other people's accounts.
4, private lending, transfer of user accounts to cause harm.
5, intentional production and dissemination of computer viruses and other destructive programs.
6, unauthorized changes in the structure of the network.
7, not in accordance with the relevant provisions of the state and units unauthorized admission of network users.
8, lax review of information on the Internet, resulting in serious consequences.
14, the rules and regulations since the date of publication.
2 network security rules and regulations Chapter I General
Article 1 In order to protect the security of the campus network system, to promote the application and development of the school's computer network, to ensure the normal operation of the campus network and the rights and interests of users of the network, the development of this security management system.
Article II campus network is an important part of the school public **** service system, the information center is responsible for the management of the full range of teaching, research, academic exchanges, management services, online resources dedicated **** there.
Article
The campus network system referred to in this management system, refers to the school's investment in the purchase of the school network information center is responsible for the maintenance and management of the campus network main and auxiliary node equipment, supporting network cable facilities and network servers, workstations, composed of hardware and software for campus network applications and services of the integrated system.
Article IV of the campus network system security operation and system equipment management and maintenance work by the school network information center is responsible for the school network information center can be entrusted to the relevant departments to designate personnel on behalf of the management of sub-node equipment. Any department or individual, without the consent of the unit responsible for the campus network, shall not install, dismantle or change the network equipment without authorization.
Article V, any unit or individual, may not use the network computer to engage in activities that endanger the campus network and the local LAN servers and workstations, and may not endanger or invade the unauthorized servers and workstations.
Chapter II Security Protection Operation
Article 6 In addition to the campus network responsible unit, other units (departments) or individuals shall not attempt to log in any way to enter the campus network main and auxiliary nodes, servers and other equipment for modification, setup, deletion, and other operations; any unit or individual shall not be any excuse to steal, destroy network facilities, these acts are considered as the destruction of the security operation of campus network behavior.
Article 7
The content of the WWW server in the campus network for external information dissemination must be reviewed by the leaders of each unit, signed by the person in charge of the unit, and then handed over to the relevant leaders of the school for review and filing, and then technically opened up by the school's Network Information Center to provide information services to the outside world.
Article VIII of the campus network of various types of servers opened in the account and password for individual users, the school network information center on the user password confidentiality, not to any unit or individual to provide this information.
Article IX network users shall not use various network equipment or software technology to engage in user accounts and passwords of eavesdropping, theft activities, the activity is considered a violation of the rights and interests of network users.
Article 10 of the campus to engage in construction, construction, shall not jeopardize the security of the computer network system.
Article 11 of the campus network main and auxiliary node equipment and servers, such as the occurrence of cases, as well as hacker attacks, the campus network responsible for the unit must be reported to the school and the public security organs within twenty-four hours.
Article 12 is strictly prohibited in the campus network to use the origin of unknown, virus infection software; for the origin of unknown software may cause computer viruses should be used in the public security department recommended anti-virus software check, kill.
Article 13 strictly prohibits the use of the campus network for gambling activities, playing games.
Article 14 of the campus network of all staff and users must accept and cooperate with the school network information center to carry out supervision and inspection and take the necessary measures.
Article 15 of the campus network implements unified management and hierarchical responsibility system. The network center manages the resources of the school management, the managers of each department are responsible for the management of the resources at their level, and the computer system administrators manage the management of each computer system.
Article 16
It is strictly prohibited for any user to connect to the campus network without authorization, and it is strictly prohibited for any non-school personnel to use the campus network. All other departments and individuals using the campus network of the school should register in accordance with the relevant regulations and sign the corresponding information security responsibility, consciously comply with the "Tonghua City No. 13 High School School Campus Network Management System", and bear the responsibility of the relevant problems that may occur once the problem occurs.
Article 17 of the school staff are obliged to help review the campus online network information, to eliminate involving state secrets or national prohibited information on the Internet.
Article 18 of the campus network staff and users found on the network of social security and unhealthy information is obliged to report to the network administrators in a timely manner and consciously destroyed immediately.
Article 19 of the campus network at all levels of the use of departments to set up network security, responsible for the corresponding network security and information security work, and regularly on the network users of information security and network security education.
Article 20
The network center is only eligible to set the user name of the departments and individuals configured with the appropriate user name and e-mail address, and regularly check their use. By the school network center for its user name set up for the management of the right to belong to me, where the user name and other factors occurring in the network insecurity are borne by me.
Article 21 Any unit (department) and individuals shall not use the campus network to produce, copy, access and disseminate the following information:
1) incitement to resist and undermine the implementation of the Constitution, laws and administrative regulations;
2) incitement to subvert state power and overthrow the socialist system;
3) incitement to split the country and undermine national unity;
4) incitement to split the country and undermine national unity. p>
4) inciting ethnic hatred, ethnic discrimination, and undermining national unity;
5) fabricating or distorting facts, spreading rumors, and disrupting the social order;
6) promoting feudal superstitions, obscenity, pornography, gambling, violence, murder, terrorism, and abetting crime;
7) openly insulting other people, or fabricating facts to defame others;
8) damaging the credibility of state organs;
9) other violations of the Constitution and laws and administrative regulations.
Article 22
The system software, application software and information data of the campus network and sub-networks shall implement confidentiality measures. The confidentiality level of information resources can be divided into:
(1) those that can be disclosed to the Internet;
(2) those that can be disclosed to the campus;
(3) those that can be disclosed to the relevant units or individuals;
(4) those that are limited to be used only in the unit;
(5) those that are limited to be used only by individuals.
Article 23
All networked computers and Internet users should be timely and accurate registration record. Multiple **** with computers on the Internet at all levels of administrative units, teaching business units Internet computer use should be strictly managed, the department head for the network security responsible person. School public **** machine room are not allowed to open to the community, machine room staff to record the identity of Internet users and on and off the Internet time, machine number. Public **** machine room use network records to be maintained for one year.
Article 24
The unit responsible for the campus network must implement various management systems and technical specifications to monitor, block and remove harmful information online. In order to effectively prevent illegal activities on the Internet, the campus network should be unified export management, unified user management, and all users accessing information in and out of the campus network must use the proxy server set up by the unit responsible for the campus network.
Chapter III Responsibility and Penalties
Article 25
Violation of the provisions of Article 5 and Article 21, Article 22 of the behavior of the investigation, will be reported to the relevant departments of the school, depending on the circumstances of the corresponding administrative disciplinary action and financial penalties; cause significant impact and loss will be reported to the municipal public security departments, by the individual to bear the relevant responsibilities according to law.
Article 26
Violation of the provisions of Article 9 of the eavesdropping, misappropriation of behavior once found, will be submitted to the school to give administrative sanctions, and announced on the campus network; economic losses caused to others, by the person to double the compensation for the victim's losses, to close the various types of services owned by the account; behavior is bad, the impact of large, resulting in significant losses to others will be reported to the public security departments.
Article 27 violation of Article 12, Article 13 of the provisions of the behavior once verified, the closure of their various services account; behavior is bad, the impact of large, resulting in significant losses to others, will be reported to the public security departments.
Article 28 of the intentional dissemination or manufacture of computer viruses, resulting in endangering the security of the campus network system in accordance with the "People's Republic of China **** and the State Regulations on the Safeguard and Protection of Computer Information Systems," the provisions of Article 23 to be punished.
Chapter IV Other
Article 29 This management system by the network security management leading group is responsible for overseeing the implementation of specific penalties implemented by the school.
Article 30 of this management system pointed out in the campus network responsible unit for the school network information center.
Article 31 of this management system since the date of publication.
3 Government network security management rules and regulations 1, abide by the relevant state laws and regulations, strictly implement the security and confidentiality system, shall not use the network to engage in illegal and criminal activities such as endangering national security, leaking state secrets, and shall not produce, browse, copy, disseminate reactionary and yellow information, shall not publish reactionary, illegal and false news on the network, shall not rant attacking other people on the network and shall not Disclosure of others' privacy on the Internet. It is strictly prohibited to carry out any hacking activities and destructive activities of similar nature through the network, and to strictly control and prevent the intrusion of computer viruses.
2, network security administrator is mainly responsible for the whole unit network (including LAN, WAN) system security.
3, good and thorough audit logs and detailed analysis is often a prediction of the attack, locate the attack, as well as suffered after the attack to track down the attacker's powerful weapon. Network equipment should be running status, network traffic, user behavior, such as log audits, the audit should include the date and time of the event, the user, the type of event, whether the event is successful, etc., the network equipment logs must be saved for three months.
4, network administrators perceive the network in the state of being attacked, should determine its identity, and issued a warning to it, in advance to stop possible network crime, if the other party does not listen to advice, in the case of protection of system security can be done in good faith blocking and report to the competent leadership.
5, monthly security managers should be submitted to the supervisor of the month duty and event records, and the system record file to save the archives for access.
6, the network equipment policy configuration changes, all types of hardware equipment, the addition, replacement must be approved in writing by the person in charge before proceeding; change before the need to go through the technical verification must be required to carry out a detailed registration and records, all types of software, site information, archives organized and filed.
7, regular vulnerability scanning of network equipment and analyze, repair, network equipment software security holes may be exploited, so regularly according to the manufacturer to provide the upgrade version of the upgrade.
8, for the need to computer outreach and access, you need to fill out the network outreach and access application form (Annex X, "Network Outreach and Access Application Form").
9. Redundancy is required for critical network equipment and critical network links to ensure peak business demand and to eliminate a single point of failure of equipment and links.
10, IP address for the computer network of important resources, computer end users should be in the information section of the planning of the use of these resources, not unauthorized changes. In addition, some of the system services have an impact on the network, computer end-users should be used under the guidance of the Information Technology Section, prohibit the arbitrary opening of the computer in the system services to ensure smooth operation of the computer network.
11, every month on the network equipment security file, security policy backup.
4 network security management rules and regulations for the first to effectively strengthen the school campus network network security management, to maintain the normal operation of the school campus network network, according to the "Chinese People's Republic of China *** and the State Regulations on the Safe Protection of Computer Information Systems", "Computer Information Networks International Networking Security Protection Management Measures", "Chinese People's Republic of China *** and the State of the computer information networks international networking management. Interim Provisions" and other relevant laws and regulations, has formulated this specification.
The second school information center in the principal's office under the leadership of the school network security work, network administrators and departmental information officer is responsible for the school network security management of specific matters. The information center of the school network security management should perform the following duties:
1. Communicate and implement the superior network security regulations, laws and regulations, and to stop the violation of network security regulations, laws and regulations.
2. Determine the person responsible for security management (the director of the office in charge of the information center is the first responsible person).
3. Purchase and equip the application and network security management software and hardware (such as firewalls, routers, antivirus software, etc.).
4. Security checks and audits of information published on the campus network.
Article III of the school network administrators in the office under the leadership of the specific responsibility of the school network security and information security work, including network security technical support, information release audit, preservation and backup of important information, as well as undesirable information to report and assist in the investigation and handling of work.
Article 4 The school information center can carry out security checks on all computers on campus, and relevant departments or individuals should actively cooperate and provide relevant information.
Article 5 of the school any department or individual through the network access, processing, transmission of information belonging to the confidential, must take appropriate confidentiality measures to ensure confidentiality and security. Important departments of the computer should focus on strengthening security management and defense.
Article VI of the school network configuration of all computers (such as IP address, etc.) should be unified by the network administrator to plan and configure, any department or individual may not change the configuration information without authorization.
Article VII of the school for students to provide computer services microcomputer room, there must be a special person in charge of management, students are prohibited from browsing pornographic Web sites, the use of the network to disseminate reactionary statements, etc., in case of violation, should be dealt with seriously in accordance with the relevant provisions of the school.
Article 8 of the school should establish a website and personal homepages for the record, regular audit system. The construction of the school website should be in line with the management of scientific research, in favor of internal and external publicity, conducive to the learning and working life of teachers and students, and conducive to the conservation of network resources, the principle of strict compliance with the filing and regular audit procedures. Without audit or audit unqualified website or personal homepage should be banned.
Article IX of the school of any department or individual in the construction of the public network of websites, homepages, to strictly abide by the relevant laws and regulations, shall not damage the reputation and interests of the school.
Article 10 of the school any department or individual shall not use the campus network to jeopardize national security, leak state secrets, shall not infringe on the interests of the state, society, collective, and shall not engage in any illegal and criminal activities.
Article 11 of the school departments and individuals shall not use the campus network to produce, copy, access and disseminate the following information:
1. incitement to resist and undermine the implementation of the Constitution, laws and administrative regulations;
2. incitement to subvert state power and overthrow the socialist system;
3. incitement to split the country and undermine national unity;
4. incitement to national hatred and hatred of the people. p> 4. inciting ethnic hatred, ethnic discrimination, and undermining national unity;
5. fabricating or distorting facts, spreading rumors, and disrupting the social order;
6. promoting feudal superstition, obscenity, pornography, gambling, violence, murder, terror, and abetting crimes;
7. openly insulting others or fabricating facts to slander others;
8. Damage to the image of the school and the interests of the school;
9. Infringement of intellectual property rights of others;
10. Other violations of the Constitution and laws, administrative regulations.
Article 12 of the school departments and individuals shall not engage in the following activities that jeopardize the network security of the campus network:
1. Entering the school's information network or using the resources of the school's information network without permission;
2. Deleting, modifying, or adding the functions of the school network without permission;
3. Storing, processing, or transmitting data and application programs in the school's network without permission.
4. Intentionally creating or spreading computer viruses and other destructive programs;
5. Using various types of hacking software to carry out hacking activities;
6. Without the approval of the school, the establishment of a private website on the campus network or to provide external network services;
7. BBS, message boards, chat rooms, personal attacks on others, publish negative, vulgar speech, publish all kinds of unauthorized advertising information, the use of the names of various public figures and other unhealthy content as their own screen name;
8. Other harm to the security of computer information networks.
Article 13: No department or individual shall violate the law and infringe upon the freedom and privacy of communication of campus network users.
Article 14 of the campus network of all kinds of servers in the opening of the account and password for the campus individual users, network administrators should be the user password confidentiality, not to any department or individual to provide this information.
Article 15 of the campus network users shall not use various network equipment or software technology to engage in user accounts and passwords of eavesdropping, theft activities, the activity is considered to be a violation of the rights and interests of campus network users.
Article 16 In order to effectively prevent illegal activities on the Internet, the campus network to unify the export management, unified user management, without the approval of the school information center, any department or individual shall not open proxy servers and other application servers.
Article 17 of the school information technology leading group must implement the management system and technical specifications, effective monitoring, blocking and removal of harmful information online. Network administrators should regularly check the management of network security and protection as well as the implementation of technical measures, focusing on strengthening the campus network electronic bulletin boards, message boards, chat rooms and other interactive columns of the management and monitoring, and regularly review and check the content of these columns, and timely detection and deletion of various types of harmful information.
Article 18 of the school opened a variety of servers must maintain logging functions, historical records to maintain time shall not be less than six months. Network administrators should be in accordance with the requirements of the public security department of the relevant technical supervision provisions, from time to time to check the opening of the server system logs.
Article 19 of the violation of these norms, the school office according to the circumstances to give a warning, instructed the relevant departments, network administrators and the parties to write a written check, downtime and rectification of the treatment; the circumstances are serious, by the school in accordance with the relevant provisions of the parties concerned to give the appropriate administrative disciplinary action; cause significant impact and losses will be reported to the public security departments, by the individual bear the relevant responsibility in accordance with the law.
Article 20 Violation of the provisions of Article 15 of the eavesdropping, misappropriation of behavior once found, will be referred to the school to give administrative disciplinary action, and announced in the school; economic losses caused to others, by the person to double the compensation for the victim's losses, to close the various types of service accounts owned by them; behavior is bad, the impact of large, resulting in significant losses to others will be reported to the public security departments.
Article 21 intentionally spread or manufacture of computer viruses, resulting in endangering the security of the campus network system in accordance with the "People's Republic of China *** and the State Regulations on the Safeguard and Protection of Computer Information Systems" in the relevant provisions of the penalty.
Appendix
Article 23 According to the actual situation of the operation of the school campus network and combined with the relevant provisions of the higher authorities, this specification will be revised in due course.
Article 24 of this specification by the Zhenjiang Higher Vocational Technical School Information Office is responsible for the interpretation, since the date of publication of the trial.
5 township network security management rules and regulations in order to strengthen the township information network, government information network security and confidentiality, use and management. Based on the "state secrets and their classified specific scope of the provisions", "computer information systems international networking confidentiality management regulations" and other relevant laws and regulations, this system is hereby formulated.
First, the Party and Government Comprehensive Office is responsible for the computer network-related equipment and supplies of this government agency.
Second, the Party and Government Office and Finance is responsible for the acquisition of computer network-related equipment and supplies. Because of the work required to install the relevant software or replacement of computer-related accessories, should be reported to the Office in a timely manner, by the Office of the coordinated configuration.
Third, the management of the station's computer, use, maintenance, cleaning, etc. should be clear to the person, adhere to whoever is responsible for the use; should be regularly cleaned and cleaned up, to prevent soot, confetti, tea, etc. into the computer, to ensure the safe operation. After work should close the computer and cut off the power supply, network cable, in case of thunderstorms, should cut off the total power supply of the switch. At the same time to protect the computer, if someone man-made computer losses and caused by theft, should be compensated according to the price.
Fourth, the computer network failure, should be reflected in a timely manner to the Office of the Party and Government Comprehensive Office to contact professional and technical personnel to maintain and repair, prohibit the host to send out for repair, to ensure information security.
Fifth, the computer's random accessories, software and outsourcing software should be registered to the Party and Government Office, registration, drug detection before use, and properly stored; the implementation of the provisions of the dual-hardware dual-network physical segregation, the user shall not be withdrawn without authorization from the segregation card.
Six, the stations of the classified documents, data, information should be set up to protect the security, shall not be saved on the computer is not set up confidentiality measures. Unauthorized access to other people's confidential documents.
VII, the government agencies should go to work every day to browse the county party committee, the county government, the township government and other office information network, so that the official document processing in a timely and accurate.
VIII, the agency employees should learn computer knowledge and operating skills, and actively participate in computer operation training. Strictly follow the computer operating procedures, the correct use of computers and network facilities, to avoid damage caused by improper operation.
IX, the agency employees should make full use of the network volume, wide, fast delivery and other advantages, consciously study and use online knowledge, access to work-related information to improve the quality and level of work. However, shall not browse unhealthy web pages, shall not play games during working hours, chatting, shall not use paper printouts to download materials, documents or information unrelated to work.
X. Organizational employees in violation of this system in accordance with the confidentiality law and the relevant regulations, disciplinary provisions of the treatment, violation of criminal law referred to the judicial organs for disposal.
?
Network security management regulations related articles :
1. network security management system model selection
2. enterprise network security management system
3. network security management system approach
4. government network security management system model
5. the latest it information security management system model
6. 6. school network security management system 3 articles
7. 2017 latest network security protection law regulations