According to the requirements of the Notice on Security Inspection of Government Information Systems, our bureau has carefully inspected and sorted out. At present, our bureau has 5 information systems, 2 information systems for providing services to the public, and 1 information systems for entrusting social third parties to carry out daily operation and maintenance management.
The whole assessment (including risk assessment rating assessment) shows that these five systems are safe. There is no leakage and infection of malicious codes such as virus Trojans in the system operation, and the portal website of this department has not been attacked or tampered with (including embedding malicious codes). Compared with last year, the information security work has made great progress, and the overall information security situation is good.
Second, the main work of information security
(1) Organization and management of information security. Our bureau has set up a leading group for information security with Deputy Director Yan Lu as the team leader and heads of various departments as members, and is fully responsible for information security. Determine the office of the bureau as the specific contractor for information security management, with the director of the office as the specific person in charge, and appoint the bankruptcy administrator as the part-time information security officer of our bureau.
(2) Daily information security management. In terms of personnel management, the responsibilities of the leading group for information security work, the specific contractor for security management work and the information security officer have been conscientiously implemented, and a relatively complete responsibility system for information security confidentiality inspection has been established and strictly implemented. For important confidential computers and equipment, it is strictly forbidden to open and run when personnel leave their posts. For information security incidents caused by violation of the information security management system, the responsibility of relevant personnel shall be seriously investigated. In terms of asset management, the installation and use of office software and application software are handled in strict accordance with the regulations, and the maintenance management of computers and related equipment and the scrapping and destruction management of storage equipment are implemented in accordance with the relevant requirements of confidentiality to prevent carelessness. In terms of operation and maintenance management. The operation and use of the information system should be managed according to the relevant authority, and the daily operation and maintenance should be operated by the specific person in charge, and the security log backup and information security analysis should be carried out regularly. Entrust the portal website of Wenshan Branch of Kunming Cai Zhong Science and Trade Co., Ltd. for operation and management. While signing the service agreement with Wenshan Branch of Kunming Cai Zhong Science and Trade Co., Ltd., the related safety matters and agreements were clarified.
(3) Information security protection management. In the security protection of office computers and mobile storage devices. Computers adopt centralized security management measures, set the account password of each computer and update it at any time. Computer Internet access is implemented in real-name registration system, and computer Internet access is implemented.
Bind Ip and mac addresses, specify a fixed Internet ip address, install virus protection software, and regularly conduct vulnerability scanning and virus Trojan detection. It is forbidden to mix computers and mobile storage devices between non-confidential and confidential information systems, and it is forbidden to use non-confidential computers to process confidential information. In the aspect of portal website security protection, the website information publishing approval system has been implemented, and security protection devices such as border protection, denial of service attack prevention and webpage tamper prevention have been deployed, and vulnerability scanning and Trojan horse detection have been carried out regularly.
(4) Information security emergency management. According to the spirit of Emergency Plan for Network and Information Security Events in Yunnan Province, the emergency plan for information security in this department was formulated, and the corresponding publicity and training were carefully organized. According to the requirements of emergency plan, Wenshan Branch of Kunming Cai Zhong Science and Trade Co., Ltd. was identified as the emergency technical support team of our bureau. According to the actual needs, important data and information systems are backed up.
(5) Information security education and training. All the leading cadres and departmental staff of our bureau participated in information security education and training, and mastered the common sense and basic skills of information security. Information security management and technical personnel also regularly participate in information security professional training.
Three, information security inspection and other aspects of the work.
Our bureau regularly and systematically conducts information security inspections, focusing on the security protection of office computers, mobile storage devices and portal websites. After inspection, there is no leakage and infection of malicious codes such as virus Trojans, and the portal website of this department has not been attacked or tampered with (including embedding malicious codes). Our bureau will do a good job in the next step of information security in strict accordance with the relevant requirements of the information security system.
Four. Opinions and suggestions on information security work
In the information security work, because our office computer document processing software is Microsoft word system, and the cpu of the computer is not purely made in China, there are certain security risks for information security.