Self-inspection report on government network security protection
According to the requirements of "Notice on Carrying out Network and Information Security Inspection in Key Areas of the County in 20 Years" issued by the county government office, the self-inspection of network and information security of our bureau is now reported as follows: 1. Organize the self-inspection of network and information security.
Our bureau attaches great importance to the inspection of network information security, has set up a special leading group, established and improved the responsibility system for network security and confidentiality and related rules and regulations, which are managed by the bureau office in a unified way, and all departments are responsible for their own network information security work. Strictly implement the provisions on network information security and confidentiality, and conduct self-inspection on all computers, networks and information security of the bureau. On the whole, our bureau has done a solid job in network information security and confidentiality, and the effect is good, and no leakage problem has been found.
Two. Information security work
1. Information system security shall be subject to leadership review and signature system. Any information uploaded to the website must be reviewed and signed by the relevant leaders before uploading; And regular security checks, mainly on weak passwords, anti-virus software installation and upgrade, Trojan virus detection system management rights open, access rights open and so on.
2. In daily management, we should earnestly manage extranets, websites and application software, strictly implement "confidential computers don't access the Internet, and computers accessing the Internet don't involve secrets", and handle the management, maintenance and destruction of CDs, hard disks, U disks and mobile hard disks in strict accordance with confidentiality requirements.
3. The hardware equipment is used reasonably, the software setting is standardized, and the equipment is in good running condition. Every terminal in our bureau has installed antivirus software, and the application of system-related equipment has also been standardized and managed. The use of hardware equipment conforms to the relevant national product quality and safety regulations, and there has been no potential safety hazard.
4. The safe use of website information meets the requirements. Formulated a system related to network information security, requiring the uploaded contents provided by various departments and units of the government to be submitted to our bureau after being reviewed by the heads of various departments and units, and uploaded after being approved by relevant management personnel and the competent leaders of our bureau; Major contents are released and reported to the main leaders of the bureau before uploading, which serves as the internal control system of the bureau's computer network to ensure the confidentiality of website information. When uploading, use a password lock with exclusive rights to log in to the background. The uploaded file will be detected for pathogens in advance, and the person in charge will be responsible.
Three. Analysis of main problems and threats
1. Main problems and weak links found. First, the relevant system is not perfect; Second, some cadres and workers pay insufficient attention to network and information security; Third, security infrastructure and basic work need to be strengthened. Fourth, there is a lack of full-time computer and network staff.
2. Security threats and risks. With the continuous development of computer network, global informatization has had a great and far-reaching impact on society. However, at the same time, because computer networks are characterized by diversity, unevenness, openness and interconnection, they are vulnerable to attacks by viruses, hackers, malicious software and other illegal acts, so network security and information confidentiality have become crucial issues.
3. Basic judgment on the overall security situation
Although our bureau has achieved civil air defense and technical defense in terms of network and information security, there is a large amount of information exchange between departments at present, and staff often send information through internet e-mail or personal e-mail, which is easy to be attacked and intercepted by malicious software, resulting in hidden dangers of information security.
Fourth, improvement measures and rectification results
1. Improvement measures: First, strengthen organizational leadership to ensure that leadership, tasks and responsibilities are in place. The second is to establish a healthy network and information security management system. The third is to strengthen education and training and enhance awareness. The fourth is to further standardize the use of mobile transmission media. When installing anti-virus software, all departments basically use the anti-virus software approved by the national competent department to kill viruses in time, and do not use unknown software, floppy disks, CD-ROMs, USB flash drives and other carriers. , and do not visit illegal websites, and consciously strictly control and block the source of the virus. When computer equipment is sent for maintenance, a designated person will follow. When computers are scrapped, storage carriers such as hard disks will be removed or destroyed in time.
2. Effect of rectification: Through rectification, an information security protection system integrating technology, system, supervision and implementation has been gradually established to ensure the safety of business data, core equipment and network operation, improve the network and information security protection capability, and ensure the safe and stable operation of information work.
Self-inspection report on government network security protection (part two)
According to the spirit of the document "Notice on Carrying out Special Inspection of E-government Network Information Security and Network Management in * * City" issued by Nanxin Lianfa [XX] No.4, our bureau actively organized and implemented, conducted self-examination on network security infrastructure construction, network security prevention technology and network information security and confidentiality management, and made a profound analysis on our bureau's network information security construction. The self-inspection is now reported as follows: 1. Strengthen leadership, set up network and information security work.
In order to further strengthen the security management of global network information systems, our bureau has set up a leading group for the security and confidentiality of network and information systems, which is headed by the director and has an office, so that the division of labor is clear and the responsibilities are specific to people. Ensure the smooth implementation of network information security.
Second, the current situation of network security in our bureau
1997, the statistical information automation construction of our bureau has gradually developed from a small local area network to a four-level interconnected network with the national bureau, the autonomous regional bureau and the county bureau. Cisco 7600 and 3600 switches are used in the network core, 3com4226 switch is used in the data center, and 3com4226 switch, Cisco 2924 switch and Lenovo Tiangong ispirit 1208e switch are used in the acquisition layer. The total number of wired access points can exceed 150, and about 80 have been used at present. The backbone of the data center is gigabit switching, and 100 megabytes are switched to the desktop. Internet export is provided by the Municipal Information Office, which is a double 100-megabit optical fiber; It is directly connected with the statistics bureau of the autonomous region through 2 trillion optical fibers. The statistics bureaus of counties and districts and three development zones use Tianrongxin * virtual private network software to connect to the network of the statistics bureau of the autonomous region from the Internet, with a total bandwidth of 4 trillion, and then connect to our bureau. Horizontally, actively promote the interconnection between the Municipal Bureau of Statistics and the government network. At present, it has realized optical fiber connection with more than 100 municipal party and government departments and 12 county and district governments. Our bureau uses Tianrongxin hardware firewall to protect the network, uses Weisi network isolation card and file self-defense software to protect key computers, and installs genuine Kingsoft Internet Security antivirus software to prevent and control viruses on computers around the world.
Three, my bureau network information security management
In order to do a good job in informatization construction and standardize statistical informatization management, our bureau has specially formulated the informatization rules and regulations of * * Municipal Bureau of Statistics, and made detailed provisions on informatization management, internal computer security management, computer room management, computer room environmental security management, computer and network equipment management, data and information security management, network security management, computer operator management, website content management and website maintenance responsibility, which further standardized our bureau's information security management.
In view of the computer security work, our bureau has formulated a confidential computer management system, and computer users have signed a letter of responsibility for computer security work of the * * Municipal Bureau of Statistics, and whoever uses it will be responsible. Strict and standardized management of data information generated by our intranet.
In addition, our bureau organizes relevant computer security technical training on a global scale every year. Comrades at the computing station also actively participated in the training of computer security technologies such as the Municipal Information Office, which improved the skills and awareness of network maintenance and security protection and effectively guaranteed the normal operation of our statistical information network.
Fourth, the lack of network security and corrective measures
At present, there are still the following shortcomings in the network security of our bureau: First, the awareness of security prevention is relatively weak; Second, the virus monitoring ability needs to be improved; Third, unexpected events such as malicious attacks and computer virus attacks are not handled in time.
In view of the current deficiencies in the network security of our bureau, the following rectification measures are put forward:
1, strengthen the training of computer operation technology and network security technology in our bureau, and strengthen the awareness of computer operators on network virus and information security;
2. Strengthen the study of computer technology and network technology by comrades in the computer station of our bureau, and constantly improve the technical level of computer professionals in our bureau.
Self-inspection report on government network security protection
Network supervision office: attach great importance to it and immediately organize relevant departments of our hospital to investigate the security risks existing in our hospital network one by one. The self-inspection situation is summarized as follows:
I. Implementation of network information security management mechanism and system construction
First, in order to maintain and standardize the use and management of computer hardware and network information security, improve the normal use of computer hardware, network system security and daily office efficiency, a leading group for computer information system security protection was established, with XX as the first responsible person, XX related departments participating, and XX Information Center responsible for specific work, to coordinate and coordinate all departments in the hospital to carry out campus network security management.
Second, in order to ensure the security of computer networks, we have implemented security systems such as network administrator system, computer security and confidentiality system, website security management system and emergency plan for network information security emergencies. At the same time, according to their own situation, the computer system security self-inspection system is formulated to ensure three points: first, the system administrator regularly checks the central computer system every Friday to ensure that there are no hidden dangers; The second is to make safety inspection records to ensure the implementation of the work; Third, organize relevant personnel to learn the knowledge of network and information security regularly, improve the level of computer use and prevent risks as early as possible. At the same time, the information security work leading group has a smooth 7*24-hour contact channel, which can ensure that harmful information is found, disposed and reported in time.
Second, the daily computer network and information security management
Strengthen organizational leadership, strengthen publicity and education, implement work responsibilities, and strengthen daily supervision and inspection.
The first is network security. Personal computers with antivirus software are all real.
Security protection measures such as password login, storage and backup of important computer information, strict management of mobile storage devices, and encryption of important data have clarified the responsibility of network security and strengthened the network security work. The terminal accesses the computer with real-name authentication system, and the MAC address of the computer is bound to the switch port to standardize the internet access behavior of the whole hospital.
Second, the information system security implements a strict signature system. Any information uploaded to the website must be reviewed and signed by the relevant leaders before uploading; Conduct regular security checks, mainly to supervise the installation of operating system patches, application patches, anti-virus software installation and upgrade, Trojan virus detection, port opening, system management authority opening, access authority opening, webpage tampering, etc., and carefully keep a system security diary.
Third, the XX network center has at least 60 days of system network operation logs and user usage logs. The network center has corresponding security protection technical measures such as firewall, unified identity authentication, network security audit and access control.
Three, the construction of information security technology protection means and the use of hardware equipment.
Strengthen network equipment management and website security protection. Anti-virus software is installed in each terminal, and the application of system-related equipment has been standardized. The use of hardware equipment conforms to the relevant national product quality and safety regulations, the hardware operating environment meets the requirements, and the website system is safe and effective.
Four, strengthen the construction of network and information security notification mechanism, and maintain the safety of the website.
Since the beginning of this year, network information security has been effectively strengthened, and no major network and information emergencies have occurred. The network center has taken various measures to ensure the information security of XX website, such as frequently changing passwords in the background of the website, detecting viruses in advance when transmitting files, maintaining the website under different modules and permissions, regularly cleaning up junk files in the background, and appointing someone to be responsible for website updates.
Verb (abbreviation of verb) network and information security education
In order to ensure the safe and effective operation of the network and all kinds of equipment and reduce virus intrusion, relevant personnel have been trained in network security and information system security. During this period, all computer users and managers have made detailed consultations on computer-related problems encountered in practical work, got satisfactory answers, learned practical network security prevention skills, and promoted the improvement of computer users' awareness of network information security.
Six, self-examination problems and rectification opinions
During the inspection, we found some weak links in management. In the future, we should strengthen network security supervision and network security equipment maintenance, and further strengthen communication and coordination with the network supervision office of Deyang Public Security Bureau.
In the future work, we will continue to strengthen computer information security awareness education and prevention skills training, so that teachers and students in the whole hospital can fully realize the importance and necessity of doing a good job of "conducting network security hidden danger investigation in xx campus". Combining civil air defense with technical defense, do a good job in maintaining the network and information security in our hospital.