In order to improve Hebi Education Bureau's ability to respond to public emergencies of website network and information security, strengthen website network information security, ensure the network information security of the 17th National Congress of the Communist Party of China, form a scientific, effective and rapid response emergency working mechanism, ensure the entity security, operation security and data security of important computer information systems, minimize the harm of public emergencies of website network and information security, and maintain normal economic, political and social order.
2. Compilation basis.
According to the Regulations on the Security Protection of Computer Information Systems in People's Republic of China (PRC), Interim Provisions on the Administration of International Networking of Computer Information Networks in People's Republic of China (PRC), Administrative Measures for the Security Protection of International Networking of Computer Information Networks, Interim Measures for the Administration of Educational Websites and Online Schools, Administrative Measures for Internet Information Services, Administrative Measures for the Prevention and Control of Computer Viruses, and Propaganda Department of Henan Provincial Party Committee
3. Scope of application.
This plan is applicable to the first-level and second-level website network and information security emergencies defined in this plan, and the response and disposal work that may lead to the first-level and second-level website network and information security emergencies.
The importance of website networks and information systems mentioned in this plan is determined according to their importance in national security, economic construction and social life, and the degree of harm to national security, social order, economic construction, public interests and the legitimate rights and interests of citizens, legal persons and other organizations after being destroyed.
After the plan is launched, if the emergency plan for network and information security of other websites in this city conflicts with this plan, it shall be implemented in accordance with this plan. Where laws, regulations and rules provide otherwise, such provisions shall prevail.
4. Classification and grading.
The website network and information security emergencies mentioned in this plan refer to emergencies in which important website networks and information systems are suddenly destroyed, damaged or paralyzed by unpredictable external forces, which have caused or may cause great harm to the country, society and the public and endanger public safety.
(1) event classification.
According to the occurrence process, nature and characteristics of website network and information security emergencies, website network and information security emergencies can be divided into website network security emergencies and information security emergencies. Website network security emergencies refer to the destruction of website network and information system caused by natural disasters, accidents and man-made destruction; Information security emergencies refer to organized large-scale reactionary propaganda, incitement and infiltration by using information networks.
Natural disasters refer to earthquakes, typhoons, lightning, fires, floods, etc.
Accidents and disasters refer to power interruption, network damage or software and hardware equipment failure.
Man-made sabotage refers to events such as man-made sabotage of network lines, communication facilities, hacker attacks, virus attacks and terrorist attacks.
(2) Event classification.
According to the controllability, severity and influence scope of website network and information security emergencies, website network and information security emergencies are divided into four levels: I (particularly significant), II (significant), III (significant) and IV (general). Where there are clear provisions in relevant national laws and regulations, the relevant provisions of the state shall prevail.
Grade I (especially serious): the website network and information system are completely paralyzed on a large scale, and the development of the situation is beyond its control, which has caused particularly serious damage to national security, social order, economic construction and public interests.
Grade II (major): the website network and information system have caused overall paralysis, which has caused serious damage to national security, social order, economic construction and public interests and requires cross-departmental coordination.
Grade III (major): A certain part of the website network and information system is paralyzed, which has caused certain damage to national security, social order, economic construction and public interests, but it does not need cross-departmental and cross-regional coordination.
Grade IV (general): The website network and information system are damaged to a certain extent, which has a certain impact on the rights and interests of citizens, legal persons and other organizations, but does not endanger national security, social order, economic construction and public interests.
5. Working principle.
(1) Active defense and comprehensive prevention. Based on safety protection, we should strengthen early warning, do a good job in prevention, monitoring, emergency treatment, emergency support, and cracking down on crimes, take various measures in law, management, technology, and talents, give full play to the role of all aspects, and build a website network and information security system.
(2) Clear responsibility and graded responsibility. In accordance with the principle of "whoever is in charge is responsible, whoever operates is responsible", establish and improve the safety responsibility system, coordination management mechanism and linkage working mechanism.
(3) People-oriented and quick response. Take the protection of public interests and the legitimate rights and interests of citizens, legal persons and other organizations as the primary task, and take timely measures to avoid the loss of citizens' property to the maximum extent. After the website network and information security emergencies occur, according to the rapid response mechanism, we can obtain sufficient and accurate information in time, track and judge, make decisive decisions, and deal with them quickly to minimize the harm and influence.
(4) Relying on science and combining peacetime with wartime. Strengthen technical reserves, standardize emergency measures and operational procedures, and realize the scientific, procedural and standardized emergency response of website network and information security emergencies. Establish the concept of standby at any time, and conduct regular drills to ensure that the emergency plan is feasible.
Second, the organizational system
I, II network and information security emergencies, the Municipal Education Bureau website network and information security leading group into the Municipal Education Bureau website network and information security emergency leading group (hereinafter referred to as the emergency leading group), is my bureau website network and information security emergency response organization and coordination mechanism. The website network and information security coordination group office of the Municipal Education Bureau was changed to the website network and information security emergency leading group office of the Municipal Education Bureau (hereinafter referred to as the emergency leading group office).
1. The leader of the website network and information security emergency leading group of the Municipal Education Bureau shall be the deputy director in charge of the website work of the Municipal Education Bureau.
The deputy head is the person in charge of the bureau office, party office, comprehensive management office, audio-visual education hall, equipment office and other units.
Responsibilities: To study and formulate plans, plans and policies for emergency response to website network and information security of the Municipal Education Bureau, and coordinate and promote the construction of emergency response mechanism and working system for overall website network and information security; I, II website network and information security emergencies, decided to start this plan, organize emergency response.
2. There is an office under the leading group, which is located in the Audio-visual Education Center of the Education Bureau, and the director of the office is concurrently the director of the Audio-visual Education Center.
Responsibilities:
(1) Be responsible for and handle the daily work of the Bureau's emergency leading group, and check and supervise the implementation of the matters decided by the Bureau's emergency leading group.
(two) to study and put forward the construction plan of website network and information security emergency mechanism, and to inspect, guide and supervise the construction of global website network and information security emergency mechanism.
(three) responsible for the management of global website network and information security emergency plan, guide and supervise the revision and improvement of emergency plans for important information systems, and check the implementation of the plan.
(4) to guide the overall scientific research, pre-plan drills, publicity and training, and urge the construction of an emergency support system for website network and information security emergencies.
(5) Be responsible for the guidance, coordination, supervision and inspection of emergency work of all departments under the overall situation, and organize forces to carry out rescue.
(6) Collect relevant information of website network and information security emergencies in time, analyze important information, and put forward disposal suggestions to the bureau emergency leading group. For network and information security emergencies that may evolve into Grade I or II, suggestions for starting this plan should be put forward to the Bureau Emergency Leading Group in time.
Third, prevention and early warning.
1. Information monitoring and reporting.
(1) Further improve the monitoring, forecasting and early warning system of website network and information security emergencies. Implement the responsibility system, and strengthen the collection, analysis, judgment and continuous monitoring of all kinds of website network and information security emergencies and related information that may lead to emergencies in accordance with the principle of "early detection, early reporting and early disposal". When the website network and information security emergencies occur, report to the emergency leader in time according to the regulations.
Group report, the initial report shall not exceed half an hour at the latest, and the system of progress report and daily report shall be implemented for major and particularly major website network and information security emergencies. The contents of the report mainly include the information source, the scope of influence, the nature of the incident, the development trend of the incident and the measures taken.
(2) Establish a website network and information security reporting system.
Report to the emergency leading group in time when the following situations are found:
Using the Internet to engage in illegal and criminal activities;
Abnormal communication and resource use of website network or information system, paralysis of website network and information system, interruption of application service or tampering or loss of data, etc.
Suspected information and early warning information of cyber terrorist activities;
Other information that affects the website network and information security.
2. Early warning processing and release.
(1) Take immediate measures to control possible or already occurred website network and information security emergencies, and conduct risk assessment within 1 hour to determine the event level. When necessary, the corresponding plan should be started and the situation should be reported to the emergency team office.
(2) After receiving the alarm information, the emergency leading group office shall promptly organize relevant experts to make technical analysis and judgment on the information, put forward the safety alarm level according to the nature and harm degree of the problem, and report to the bureau emergency leading group in time.
(3) After receiving the report, the emergency leading group should hold an emergency leading group meeting quickly to study and determine the level of network and information security emergencies, decide to start this plan, and determine the commander in chief at the same time. And notify the relevant departments.
(4) Inform the network police detachment of the Municipal Public Security Bureau in time to win support.
Fourth, emergency response.
1. Pretreatment.
(1) In case of website network and information security emergencies, the personnel on duty should do a good job in early emergency treatment, take immediate measures to control the situation, and report to the emergency leading group office.
(2) After receiving the information about the occurrence or possible occurrence of network and information security emergencies, the office of the emergency leading group should strengthen contact with relevant parties and keep abreast of the latest developments. To be responsible for the emergency handling of class III or IV emergencies, and report the relevant situation to the Bureau's emergency leading group. Bureau of emergency leading group after receiving the level II or I and may evolve into a level II or I website network and information security emergencies * * *, put forward suggestions to the emergency leading group office, and make preparations to start this plan. According to the development trend of website network and information security emergencies, we decided to rush to the scene for guidance and organize and dispatch emergency support forces as appropriate.
2. emergency headquarters.
(1) After the plan is launched, it is necessary to collect relevant information, master the working status of on-site disposal, analyze the development trend of the incident, study and put forward the disposal plan, and uniformly command the website network and information emergency disposal.
(2) If it is necessary to set up an on-site headquarters, it should be set up at the scene immediately, and the on-site headquarters should quickly set up various emergency working groups according to the nature of the incident to carry out emergency handling work.
3. Emergency support.
Immediately after the plan is launched, an emergency advance team led by the emergency leading group will be set up to supervise, guide and coordinate the disposal work. According to the development of the situation and the needs of the disposal work, the Office of the Bureau's Emergency Leading Group will send more experts in time to mobilize the necessary materials and equipment to support the emergency work. All relevant departments and units involved in the on-site disposal work shall assist in the disposal work under the unified command of the on-site headquarters.
4. Information processing.
(1) dynamically monitor and evaluate the incident, report the nature, degree of harm, loss and disposal of the incident to the office of the emergency leading group in time, and do not conceal, delay or make false reports.
(2) The Office of the Emergency Leading Group shall designate a special person to be responsible for information collection, editing, analysis, review and release, and do a good job in information analysis, reporting and release. It is necessary to timely sort out and release the dynamic information of events for leaders' reference. It is necessary to organize experts and relevant personnel to judge all kinds of information, study and put forward countermeasures, and improve emergency plans.
5. Information release.
(1) When the website network and information security emergencies occur, the office of the emergency leading group should release information in time, and release relevant information about the website network and information security emergency warning and emergency response through relevant units, so as to guide public opinion and public behavior and enhance public confidence.
(2) The Office of the Emergency Leading Group should pay close attention to the news reports about network and information security emergencies at home and abroad, take timely measures to clarify and correct the media's incorrect information about the incident and disposal work, accept public consultation, dispel doubts and doubts, and stabilize people's hearts.
6. Expand emergency response.
After emergency treatment, when the situation is difficult to control or tends to expand, expanded emergency actions should be implemented. It is necessary to quickly convene an emergency leading group meeting or the person in charge of the coordination group to take extraordinary measures to control the situation according to the situation and request the support of the network police detachment of the Municipal Public Security Bureau.
7. The emergency is over.
Website network and information security emergencies have been effectively controlled through emergency treatment, and the situation has been alleviated or basically solved to some extent. All monitoring statistics will be reported to the office of the emergency leading group, which will put forward suggestions to the emergency leading group to end the emergency and implement them after approval.
Post-processing of verbs (abbreviation of verb)
1. Deal with the aftermath.
After the emergency treatment, measures should be taken quickly to repair the damaged infrastructure, reduce losses and resume normal work as soon as possible. Statistic all kinds of data, find out the reasons, analyze and evaluate the loss and impact caused by the incident and the ability to recover and rebuild, carefully formulate the recovery and reconstruction plan, and quickly organize its implementation. The relevant departments shall provide necessary personnel, technology, materials, equipment and financial support, and report the relevant situation of the aftermath to the office of the emergency leading group.
2. Investigation and evaluation.
After the emergency disposal, the competent department of the Bureau shall immediately organize relevant personnel and experts to form an incident investigation team to conduct a comprehensive investigation of the incident and its disposal process, find out the cause of the incident and property losses, sum up experiences and lessons, write an investigation and evaluation report, report it to the emergency leading group, and deal with the relevant responsible personnel in accordance with the relevant provisions of the accountability system. The investigation and evaluation report on the network and information security emergencies of particularly important websites shall be submitted to the emergency leading group after being audited by the office of the emergency leading group, and notified to the society in a reasonable form when necessary.
Safeguard measures of intransitive verbs
1. Emergency equipment support.
Important websites, networks and information systems should reserve some emergency equipment in advance when building the system, and establish emergency material libraries such as information network hardware, software and emergency rescue equipment. When the website network and information security emergencies occur, the emergency leading group office is responsible for unified call.
2. Data guarantee.
Important information systems should establish remote disaster recovery backup systems and related working mechanisms to ensure that important data can be recovered urgently after being damaged. Each disaster recovery backup system should have certain compatibility, and under special circumstances, each system can backup each other.
3. Emergency team support.
According to the requirements of multi-function, establish an emergency support team for website network information security. The office of the emergency leading group shall select some departments that are recognized as qualified by relevant state departments, with standardized management and strong service capabilities as the emergency support units for network and information security of the bureau website, and provide technical support and services.
4. Financial guarantee.
The website network and information system emergency disposal funds shall be guaranteed in the form of self-financing.
Seven. Supervision and management
1. Publicity and education.
It is necessary to make full use of various media and effective forms, strengthen the publicity of laws, regulations and policies related to emergency response and disposal of website networks and information security emergencies, carry out prevention and early warning, self-help and mutual rescue and disaster reduction publicity activities, popularize basic knowledge of emergency rescue, and raise public awareness of prevention and emergency.
It is necessary to strengthen the training of website network and information security knowledge, improve the awareness and skills of prevention, and designate a special person to be responsible for security technology. And website network and information security emergency management, workflow, etc. It is listed as the training content to enhance the organizational capacity of emergency response.
2. Exercise.
Establish a regular drill system for emergency plans. Through the drill, we found the problems existing in the emergency work system and working mechanism, constantly improved the emergency plan and improved the emergency handling ability.
3. Responsibility and rewards and punishments.
Website network and information system management departments should conscientiously implement the planning requirements and tasks, and establish supervision and inspection and reward and punishment mechanisms. The Office of the Emergency Leading Group will conduct inspections from time to time, and conduct on-the-spot verification of various systems, plans, schemes, personnel and materials, and take the evaluation results of drills as the basis for the effective implementation of the plans.
Eight. supplementary terms
1. List of members of Hebi Education Bureau website network and information security leading group
Leader: Member of the Party Committee and Deputy Director of Wang Li Education Bureau.
Deputy Head: Director of Liu Education Bureau Office
Director of the Party Committee Office of Niu Education Bureau
Director, General Management Office, Wang Wenming Education Bureau
Xu Jingbin, Director of Audio-visual Education Center of Education Bureau
Director, Education Equipment Office, Tian Zhenyu Education Bureau
There is an office under the leading group, which is located in the Audio-visual Education Department of the Education Bureau, and Xu Jingbin is also the director of the office.
2. This scheme is formulated by the Audio-visual Education Center of the Municipal Education Bureau and implemented after being approved by the Municipal Education Bureau.
3. This scheme is interpreted by the Audio-visual Education Center of the Municipal Education Bureau.
4. This scheme shall be implemented as of the date of issuance.