The website of Licheng No.6 Middle School was revised and launched in September, 20xx. Since the launch of the new website, our school has always attached great importance to the work of network information security system, set up a special leading group, established and improved the responsibility system for network security and confidentiality and related rules and regulations, which are managed by Director Xie of the school in a unified way, and all departments are responsible for their own network information security work. Strictly implement the provisions on network information security and confidentiality, and take various measures to prevent security-related incidents. Generally speaking, our school has done a solid and effective job in network information security and confidentiality.
I. Computer and network security
The first is network security. Our school is equipped with anti-virus software, and has taken strong password, database storage and backup, mobile storage device management, data encryption and other security protection measures. , clear the responsibility of network security, strengthen the network security work.
Second, the information system security implements the leadership audit signature system. Any information uploaded to the website must be reviewed and signed by the relevant leaders before uploading; Second, conduct regular security checks, hire technicians from website production companies, mainly supervise SQL injection attacks, cross-site script attacks, weak passwords, operating system patch installation, application patch installation, antivirus software installation and upgrade, Trojan virus detection, port opening, system management authority opening, access authority opening, webpage tampering, etc., and carefully keep a system security diary.
Third, do a good job of extranet, website and application software in daily management? Five-layer management? , are you sure? Confidential computers don't surf the internet, and computers that surf the internet don't involve secrets? The management, maintenance and destruction of CD-ROM, hard disk, U disk and mobile hard disk shall be carried out in strict accordance with the confidentiality requirements. Focus on it? Three major security? Inspection: First, hardware safety, including lightning protection, fire prevention, theft prevention and power connection; The second is network security, including network structure, security log management, password management, IP management, online behavior management and so on. Third, application security, including website, email system, resource management, software management, etc.
Second, the school hardware equipment is running normally.
Every terminal in our school has installed anti-virus software, and the application of system-related equipment has also been standardized. The use of hardware equipment conforms to the relevant national product quality and safety regulations, the hardware operation environment of the unit meets the requirements, and the basic equipment such as printer accessories and ribbon racks are original products. Lightning protection grounding wire is normal, defective lightning protection socket has been replaced, lightning protection equipment is basically stable, and there is no lightning accident; UPS is running normally. The website system is safe and effective, and there are no security risks at present.
Third, strictly manage and standardize equipment maintenance.
Our school practices computers and their equipment? Who uses, manages and is responsible? Management system. We insist on management? System manager? . The second is to strengthen information security education and improve employees' computer skills. At the same time, the publicity of network security knowledge was carried out in the school, which made all the staff realize that computer security protection is? Three defenses and one insurance? An inseparable part of work. Moreover, under the new situation, computer crime will become an important part of security work. In terms of equipment maintenance, a network equipment fault register and a computer maintenance table are specially set up to register equipment faults and maintenance and deal with them in time. For foreign maintenance personnel, it is required to be accompanied by relevant personnel, and their identity and handling situation should be registered to standardize the maintenance and management of equipment.
Four. Website security and maintenance
Our school has relevant requirements for website security. 1. Log in to the background with a password lock with exclusive authority; Second, upload files in advance to detect pathogens; Third, the website adopts module and authority maintenance, and regularly enters the background to clean up junk files; Fourth, the website is updated by a special person.
Verb (abbreviation of verb) safety education
In order to ensure the safe and effective operation of our school's network and reduce virus intrusion, our school has trained the related knowledge of network security and system security. During this period, we conducted a detailed consultation on computer-related problems encountered in practical work and got a satisfactory answer.
Six, self-examination problems and rectification opinions
We found some weak links in the management process, and will improve in the following aspects in the future.
(1) The security protection equipment of the website is still insufficient, and there is only a firewall attached to the router without hardware firewall equipment, which is a security risk.
(two) to strengthen equipment maintenance, timely replacement and maintenance of faulty equipment.
(3) During the self-examination, it was found that individual personnel were not aware of computer security. In the future work, we will continue to strengthen computer security awareness education and prevention skills training, so that employees can fully realize the seriousness of computer cases. Combine civil air defense with technical defense, and do a good job in network security of the unit.
Network Security Summary Report Part V
Our bureau has always attached great importance to the work of network information security system, set up a special leading group, established and improved the network security and confidentiality responsibility system and related rules and regulations, which are managed by the bureau information center in a unified way, and all departments are responsible for their own network information security work. Strictly implement the provisions on network information security and confidentiality, and take various measures to prevent security-related incidents. Generally speaking, our bureau has done a solid job in network information security and confidentiality, and the effect is good. No leakage has been found in recent years.
First, the management of computer confidential information
Since the beginning of this year, our bureau has strengthened organization and leadership, strengthened publicity and education, implemented work responsibilities, strengthened daily supervision and inspection, and managed classified computers well. Used to manage computer magnetic media (floppy disk, U disk, mobile hard disk, etc.). ), take special personnel to keep confidential files alone, and it is forbidden to bring magnetic media containing confidential contents to computers on the Internet to process, store and transfer files, thus forming a good security and confidentiality environment. Confidential computers (including notebook computers) have been physically isolated from the Internet and other public information networks, and security measures have been implemented in accordance with relevant regulations. So far, there has been no computer compromise or leakage accident; Other non-confidential computers (including laptops) and network use have also implemented relevant measures in strict accordance with the management measures of the bureau's computer security information system, ensuring the information security of the agency.
Second, the computer and network security situation
The first is network security. Our bureau is equipped with anti-virus software and network isolation card, and has taken security protection measures such as strong password, database storage and backup, mobile storage device management and data encryption. , clear the responsibility of network security, strengthen the network security work.
Second, the information system security implements the leadership audit signature system. Any information uploaded to the website must be reviewed and signed by the relevant leaders before uploading; The second is to carry out regular security checks, mainly supervising SQL injection attacks, cross-site scripting attacks, weak passwords, operating system patch installation, application patch installation, anti-virus software installation and upgrade, Trojan virus detection, port opening, system management authority opening, access authority opening, webpage tampering, etc., and earnestly keeping a system security diary.
Third, do a good job of extranet, website and application software in daily management? Five-layer management? , are you sure? Confidential computers don't surf the internet, and computers that surf the internet don't involve secrets? The management, maintenance and destruction of CD-ROM, hard disk, U disk and mobile hard disk shall be carried out in strict accordance with the confidentiality requirements. Focus on it? Three major security? Inspection: First, hardware safety, including lightning protection, fire prevention, theft prevention and power connection; The second is network security, including network structure, security log management, password management, IP management, online behavior management and so on. Third, application security, including website, email system, resource management, software management, etc.
Three, the use of hardware equipment is reasonable, the software setting is standardized, and the equipment is in good running condition.
Every terminal in our bureau has installed anti-virus software and application specifications of system-related equipment. The use of hardware equipment conforms to the relevant national product quality and safety regulations, the unit hardware operation environment meets the requirements, and the basic equipment such as printer accessories and ribbon racks are original products; Lightning protection grounding wire is normal, defective lightning protection socket has been replaced, lightning protection equipment is basically stable, and there is no lightning accident; UPS is running normally. The website system is safe and effective, and there are no security risks at present.
Fourth, communication equipment is operating normally.
The composition and configuration of the network system of our bureau are reasonable and conform to the relevant safety regulations; All kinds of hardware equipment, software and network interfaces used in the network have also passed the safety inspection and appraisal before being put into use, and have basically operated normally since installation.
Five, strict management, standardize equipment maintenance
Does our bureau implement computers and their equipment? Who uses, manages and is responsible? Management system. We insist on management? System manager? . The second is to strengthen information security education and improve employees' computer skills. At the same time, the publicity of network security knowledge was carried out in the bureau, which made all the staff realize that computer security protection is? Three defenses and one insurance? An inseparable part of work. Moreover, under the new situation, computer crime will become an important part of security work. In terms of equipment maintenance, a network equipment fault register and a computer maintenance table are specially set up to register equipment faults and maintenance and deal with them in time. For foreign maintenance personnel, it is required to be accompanied by relevant personnel, and their identity and handling situation should be registered to standardize the maintenance and management of equipment.
Intransitive verb website security and
Our bureau has relevant requirements for website security. 1. Log in to the background with a password lock with exclusive authority; Second, upload files in advance to detect pathogens; Third, the website adopts module and authority maintenance, and regularly enters the background to clean up junk files; Fourth, the website is updated by a special person.
Seven. Formulation and implementation of safety system
In order to ensure the safety of computer network, the network administrator system, computer security system, website security management system and emergency plan for network information security emergencies have been implemented, which effectively improved the work efficiency of administrators. At the same time, our bureau formulates the computer system security self-inspection system according to its own situation, and achieves four guarantees: first, the system administrator regularly checks the central computer system every Friday to ensure that there are no hidden dangers; The second is to make safety inspection records to ensure the implementation of the work; The third is to implement the system of regular inquiry by leaders, and the system administrator reports the use of computers to ensure that the situation is always grasped; Fourth, regularly organize global personnel to learn network knowledge, improve the level of computer use, and ensure prevention.
Eight, safety education
In order to ensure the safe and effective operation of our network and reduce virus intrusion, our bureau has trained the related knowledge of network security and system security. During this period, we conducted a detailed consultation on computer-related problems encountered in practical work and got a satisfactory answer.
Nine, self-examination problems and rectification opinions
We found some weak links in the management process, and will improve in the following aspects in the future.
(a) for irregular lines, exposed, immediately rectification lines within a time limit, and do a good job of rat prevention and fire safety.
(two) to strengthen equipment maintenance, timely replacement and maintenance of faulty equipment.
(3) During the self-examination, it was found that individual personnel were not aware of computer security. In the future work, we will continue to strengthen computer security awareness education and prevention skills training, so that employees can fully realize the seriousness of computer cases. Combine civil air defense with technical defense, and do a good job in network security of the unit.