In order to promote the development of e-government in our province and ensure the healthy operation of e-government in our province, these measures are formulated according to the guidance of the national leading group for e-government construction and the actual situation in our province.
Second folding
E-government information security work should follow the principles of paying attention to practical results, promoting development, strengthening management and actively preventing.
Third fold
According to the decision of the provincial informatization leading group on e-government information security, the office of the provincial informatization leading group is responsible for organizing and coordinating the e-government information security work in the province, and inspecting and supervising the implementation. The relevant departments of the province are responsible for the specific work of e-government information security according to their respective functions. The municipal e-government department is responsible for the information security of e-government in this Municipality.
Article 4 folding
Led by the Office of the Provincial Informatization Leading Group, the Provincial E-government Information Security Working Group will be composed of the Provincial Information Industry Department, the Secrecy Bureau, the Public Security Department and the Science and Technology Department, responsible for formulating the province's e-government information security strategy and work norms, and establishing the province's e-government information security risk assessment system. All units should formulate their own e-government information security measures, conduct regular security risk assessment, implement the information security responsibility system, establish and improve information security rules and regulations, and report them to the competent e-government department at the same level for the record in June each year.
Article 5 Folding
E-government network consists of government intranet and government extranet, which are physically isolated. E-government intranet is the office private network of government departments, connecting four provincial teams and provincial departments. The information security management of e-government intranet should strictly implement the relevant provisions of the state.
Article 6 folding
E-government extranet is a special business network of the government. To build a unified e-government extranet in the whole province, all professional service business systems that do not involve state secrets and face the society and business systems that do not need to run on the intranet must be accessed or built on the e-government extranet, and information security measures required by the e-government extranet should be taken.
Article 7 Folding
E-government extranet must be logically isolated from Internet and other public information networks. The province unified management of e-government extranet international Internet export. Any e-government application system that accesses the e-government extranet shall not access the Internet without authorization. Government websites running on the Internet must take necessary information security measures before they can access the e-government extranet.
Article 8 Folding
Establish a unified digital certificate authentication system on the e-government extranet, and establish an e-government security trust mechanism and an authorization management mechanism. The digital certificate issued by the provincial e-government certification center must be used in the application system that accesses the e-government extranet. Municipalities can directly use the digital certificate registration service provided by the provincial e-government certification center, or establish a digital certificate registration service center in this city according to the actual application, and be responsible for the digital certificate registration within this city.
Article 9 Folding
The network management units of e-government extranet at all levels are responsible for the public safety work of e-government extranet at the corresponding level, and establish the responsibility system for information network security. It is necessary to conduct real-time monitoring of the external network managed at the same level, conduct regular safety performance testing, and regularly inform the competent department of network security status information to provide security early warning services for its network users.
Article 10 Folding
E-government extranet should establish emergency treatment and disaster recovery mechanism. Emergency support center and data disaster backup center shall formulate data backup system, formulate accident emergency response and safeguard measures, formulate data disaster recovery strategy and disaster recovery plan, and report to the competent department of e-government information security at the same level for the record. The main databases and important basic databases of the province's e-government application system must be backed up in different places in the emergency support center and the data disaster backup center.
Article 11 Folding
Each unit shall, according to the national information security protection level protection standard, clarify the security level of its e-government application system, and carry out security construction, security management and border protection according to the protection standard. Each unit is responsible for the safety work before the application system of the unit is connected to the e-government extranet, and cooperates with the network management unit to carry out network security management and inspection.
Article 12 Folding
All units shall define the standard process of information collection, release and maintenance, and ensure that the data information run by the e-government application system of the unit is true, accurate, safe and reliable. All units should follow the principle of "whoever goes online is responsible" to ensure that the data and information they run on the e-government extranet are true and reliable, and shall not involve state secrets.
Article 13 Folding
The e-government application system of each unit shall establish an access control mechanism for data information, classify data information according to its importance, divide access and storage levels, establish access and storage rights, and prevent unauthorized access to data information.
Article 14 Folding
The e-government application system of each unit should establish an information audit tracking mechanism, and record in detail the system errors, configuration modifications and other information every time the user accesses the system.
Article 15 Folding
The e-government application system of each unit shall establish a computer virus prevention mechanism and regularly use anti-virus software approved by relevant state departments for testing.