In order to further strengthen the security management of the network information system, our town has set up a network information work leading group with the mayor as the team leader and the leaders in charge as the deputy team leader, with an office under it to ensure the smooth implementation of the network information security work. In addition to dedicated office computers, there are 15 computers connected to the internet in our town. Use a firewall to protect the network and install anti-virus software to prevent and control computer viruses. In order to do a good job in information construction and standardize government information management, our town immediately made detailed regulations on information management, internal computer security management, computer and network equipment management, data and information security management, computer operator management, etc., and further strictly implemented the information disclosure application, release, confidentiality and audit system in accordance with the provisions of the information security and confidentiality system to ensure that the information disclosure content of the town government does not involve information that endangers national security, public security, economic security and social stability. At present, there is no classified information in our town.
At present, there are still the following deficiencies in the network security of our town:
First, the security awareness is weak;
Second, the virus monitoring ability needs to be improved;
Third, the use and management of mobile storage media is not standardized;
Fourth, the ability to deal with unexpected events such as malicious attacks and computer virus attacks is not enough.
In view of the shortcomings of network security in our town at present, the following rectification suggestions are put forward:
1. Our town strictly manages the use of unclassified office networks. First, all confidential documents and materials (internal important materials) shall not be transmitted and processed through networked computers, and information (cloth) that needs to be disclosed shall be disclosed only after the confidentiality approval of the deputy secretary of the Party Committee. The second is to regularly or irregularly detect and upgrade vulnerabilities in computer operating systems and application software, focusing on killing network viruses such as "Trojans" and regularly backing up systems and important data. The third is to conduct routine supervision and inspection on the confidentiality review of government information disclosure in the town from time to time, and rectify problems in time when found.
2. Strengthen the education of confidentiality work, enhance employees' confidentiality awareness, and improve employees' initiative and consciousness in confidentiality work. At the same time, further improve the corresponding rules and regulations, effectively strengthen and attach importance to the confidentiality management of online information, and ensure that the information disclosure audit is in place.
3. Further strengthen the management of mobile storage media in various departments, requiring personal mobile storage media to be separated from departmental mobile storage media, which are used for storing important work materials of departments and internal office use, and personal mobile storage media shall not be mixed with departmental mobile storage media. Self-inspection report on urban network security
4. The training of confidential staff needs continuous improvement. Because the security officer (information officer) in our town is a part-time employee, the computer (network) security technology is not professional enough, which increases the hidden danger of computer security. In the future, our town should focus on strengthening the professional knowledge training of security officers (information officers) and improve the professional level of security officers (information officers).
Report on the rectification of network security risks 2 According to the spirit of the document "Notice on Carrying out Security Inspection of Government Information System" issued by the office of xx Municipal People's Government, our town conducted a self-inspection on the security of the information system in the town, and the report is as follows:
I. Self-examination
(a) the implementation of the safety system
1, form a security team. The leaders responsible for information security and the personnel responsible for management and protection are defined, and the security team is the management organization.
2. Established the information security responsibility system. According to the responsibilities, the security team takes the first responsibility for information security, the competent leader takes the overall responsibility, and the specific management personnel take the main responsibility.
3. Established the computer and network security management system. The information management and protection personnel of the town website are responsible for confidentiality management and password management, and enjoy the right to use computers independently. The user name and power-on password of the computer are unique, and it is strictly forbidden to disclose them.
(2) the implementation of safety precautions
1. The classified computer passed the security technical inspection and installed a firewall. At the same time, professional anti-virus software is installed, which strengthens the effectiveness in anti-tampering, anti-virus, anti-attack, anti-paralysis, anti-leakage and so on.
2. All confidential computers are provided with power-on passwords, which are kept by special personnel. At the same time, there is no strict identity authentication and access control between confidential computers.
3. The network terminal has no illegal access to information networks such as the Internet, and no wireless network is installed.
4. Installed professional antivirus software for mobile storage devices.
(3) emergency mechanism construction
1. A preliminary emergency plan has been made. With the deepening of informatization and the reality of our town, it is in the stage of continuous improvement.
2. Insist on contacting the designated maintenance unit of the classified computer system for computer maintenance, and agree to give the greatest support to the town emergency technology.
3. Strictly send and receive documents, improve the system of point, repair, number and sign, and require information administrators to make system backups before going to work every day.
(4) Localization of information technology products and services
1, terminal computer security system, firewall and antivirus software are all made in China.
2. The official document processing software is dedicated to the wps system of Jinshan Software.
3. The salary system and the annual report system are both product systems designated by the municipal government and the municipal party committee.
(5) Safety education and training.
1, send people to participate in the network system security knowledge training organized by the municipal government, and be responsible for the network security management and information security in our town.
2. The security team organized a learning activity of the basic knowledge of information security.
Second, the deficiencies found in self-examination and rectification opinions
According to the specific requirements in the notice, we also found some shortcomings in the process of self-inspection. At the same time, combined with the reality of our town, we will make rectification in the following aspects in the future.
1, lack of safety awareness. We should continue to strengthen the safety awareness education of government officials and improve their initiative and consciousness in safety work.
2, equipment maintenance, timely update. It is necessary to increase the timely maintenance of lines and systems, and at the same time, according to the characteristics of the rapid development of information technology, increase the updating efforts.
3. The level of safety work needs to be improved. The management and protection of information security is still at the primary level. Improving the modernization level of security work will help us to further strengthen the security prevention and confidentiality of computer information systems.
4. The working mechanism needs to be improved. Innovating the safety working mechanism is the inevitable requirement of the new situation of information work, which is conducive to improving the operating efficiency of the network information work of the organs and further standardizing the office order.
Report on the rectification of network security risks 3 According to the requirements of the Notice, our bureau conducted a self-examination on the security of information systems in this department, and now the specific situation is reported as follows:
I. Basic information
According to the requirements of the notice, our bureau immediately organized a global information system security inspection, and conducted a comprehensive inspection of our business information system and network security.
Two. Main information security work in 20xx years
(a) the implementation of the information security system; In strict accordance with the requirements of higher authorities, our bureau fully implemented security precautions, fully guaranteed the security of information systems, actively carried out emergency drills on information security, effectively reduced and prevented information security risks, effectively improved emergency response capabilities, ensured the sustained, safe and stable operation of information systems, and established a sound information security system. In view of the informatization work, our bureau has formulated relevant rules and regulations, and made detailed provisions on internal network security management, computer and network equipment management, data, data and information security, and confidentiality review of government information disclosure, which further standardized our information security management.
(2) Information security management and technical protection:
1. Strengthen daily supervision, follow the working principle of "confidential computers are not connected to the Internet, and computers connected to the Internet are not classified", and handle the management, maintenance and destruction of storage media such as CDs, hard disks and USB flash drives in strict accordance with confidentiality requirements. The classified computer passed the security technical inspection and installed a firewall. At the same time, professional anti-virus software is installed, which strengthens the effectiveness in anti-tampering, anti-virus, anti-attack, anti-paralysis, anti-leakage and so on.
2. Back up system data regularly, update and upgrade system software in time, and back up system data and information resources in time.
(3) the implementation of safety precautions
1. In order to ensure the effective and smooth development of our network information security work, we actively contact experienced technicians in network security and check the network security work from time to time.
2. The login system has a special account name and password, which are kept by the operator.
(4) Emergency management
1. Keep close contact with the system outsourcing unit, monitor the application of the system in real time, and agree to give maximum support to the emergency technology of the bureau.
2. Regularly update the system and software, timely back up important files and information resources, and recover data.
Three. Main problems and threats found in the inspection
In the process of self-examination, we found some shortcomings: first, there are fewer professional and technical personnel, and the power to invest in information system security is limited; Second, the rules and regulations system has been initially established, but it is still not perfect, failing to cover all aspects of the security of related information systems; Third, it is not timely to deal with emergencies such as computer virus attacks.
Fourth, improvement measures and rectification effect
(a) continue to strengthen the safety awareness education of bureau cadres, improve the initiative and consciousness of safety work.
(2) Effectively strengthen the implementation of the information security system, check the implementation of the security system from time to time, and seriously investigate those responsible for the adverse consequences, so as to improve the safety protection awareness of personnel.
(three) based on the system, while further improving the information security system, arrange special personnel, improve facilities, closely monitor, and solve possible information system security accidents anytime and anywhere.
(four) to improve the modernization level of security work, increase personnel training, improve the professional and technical level of system managers, in order to further strengthen the prevention and confidentiality of computer information system security.
Verb (abbreviation of verb) Opinions and suggestions on strengthening information security.
It is hoped that the municipal government can regularly organize professional training on information system security and network security, further improve the professional technical level of information system managers and strengthen the security prevention of information systems.
Report on the rectification of network security risks 4. Network security is related to national security. The leaders of our bureau attach great importance to network security, adhere to the principle of "promoting application with security and promoting safety with application", and always put network security in an important position. Our bureau resolutely implements the spirit of important documents such as the Notice of the Provincial Department of Education on Forwarding the Action Plan for Special Improvement of Internet Website Security of Party and Government Organs, Institutions and State-owned Enterprises in Guangdong Province, the Notice of the General Office of the Guangdong Provincial Department of Education on Submitting the Summary Report of Network Security Inspection in xx, the Notice on Carrying out the Network Security Inspection of Key Information Infrastructure in the City, and the Notice on Submitting the Summary Report of Network Security Inspection in xx. Under the direct guidance of relevant departments, especially the network police detachment of the Municipal Public Security Bureau, we have formulated and implemented a series of documents. Find problems and urge timely rectification. Through comprehensive management, the network security and smoothness of the education system of our bureau are effectively guaranteed. The relevant information is hereby notified as follows:
First, leaders attach great importance to improving institutions.
Our department has set up a leading group for network security inspection with the director as the team leader, the leaders in charge as the deputy team leader and the heads of various departments as members, determined the tasks and division of labor of self-inspection, and earnestly carried out self-inspection and self-correction. Our bureau implements the rules and regulations of higher-level network security management, and formulates rules and regulations such as Regulations on Information Website Management and Metropolitan Area Network Management System in combination with our actual situation. We set up hardware firewalls for the internal and external networks of the education system, audit the release of network information, set up a leading group for network public opinion monitoring work, track and process network information in time, and prevent the release and dissemination of classified and harmful information. Convene a meeting on network security in time, raise government officials' awareness of the importance of network security, study network security knowledge seriously, and use computer networks and various information systems correctly in accordance with the provisions of network security.
Second, make careful arrangements and actively promote it.
According to the new situation of network security, our bureau held a working conference on network security inspection of education system, which was attended by the deputy directors in charge of education bureaus in various districts and counties, the stationmaster of audio-visual education, the principals of schools directly under the bureau, and the school system operators. , to clear the requirements, implement the responsibility, formulate the network security implementation plan, and vigorously promote.
First, the website security management adheres to the "number one" responsibility system, and truly leads, organizes, personnel and responsibilities. Websites with backward facilities, poor management and weak security protection capabilities can be closed if conditions permit; For websites with single function and merger conditions, they can be merged; Websites that lack management, maintenance and supervision capabilities should be entrusted to large and powerful network companies.
Second, for schools with more information points or complex networks, a security audit system should be installed independently to conduct a comprehensive security audit of all wired and wireless Internet access devices, and relevant data should be connected to the security management background of the Public Security Bureau.
Thirdly, for schools with few information points and a single network, it is necessary to use the original router or the new router to bind the IP addresses and MAC addresses of all wired computers in the school and clarify the corresponding relationship of address conversion. For campus wireless WIFI devices, the router with wireless management function should be used for user authentication management, and the security audit equipment provided by the network service provider at the Internet exit should be used for unified audit.
The fourth is to strengthen the training of network security technology. Our bureau adopts the training mode of "going out, please come in", and has sent technicians to visit, study and negotiate with the Municipal Economic and Information Bureau and the Public Security Bureau for many times, and invited the leaders and technicians of the Municipal Economic and Information Bureau and the Public Security Bureau to guide the work. Send personnel to Guangdong Education Technology Center for education network and information security training, hold training courses for school information system administrators in the whole city, and train school information system administrators in campus network management technology; A training course on network management technology was held, and technical training was given to system administrators of education bureaus in various districts and county-level cities and network administrators of schools directly under the bureau.
Fifth, make use of various conferences and research activities to actively publicize and educate network security. For example, at the second conference on education informatization held in June 65438+ 10 this year, it was clearly required to further increase investment and strengthen the network security construction of the education system to ensure the safe and stable operation of the education network in our city.
Third, the development of network security detection.
I actively carry out network security inspections, organize network security inspection teams, and conduct a comprehensive inspection of network security by submitting self-inspection reports, field research and spot checks. At present, our bureau and its directly affiliated schools have built 10 websites and rented 5 website spaces. Among them, the Bureau and China Telecom xx Branch * * * built an education metropolitan area network 1 unit, rented a network service platform 1 unit, and built its own education information network station 1 unit; Schools directly under the Bureau have built 9 websites and rented 5 website spaces.
Report on the rectification of network security risks 5 According to the relevant requirements of the Education Committee of Hebei Provincial Party Committee and the Education Department of Hebei Province, in order to further enhance students' awareness of network security, improve students' network protection skills, and create a healthy and civilized network environment, on September 23, our college launched a network security publicity campaign in No.1 Education 5 15. Present at the meeting were Miao Shiliang, vice president of the School of Management, Yuan Kunrui, secretary of the Communist Youth League General Branch, Kun Li, chairman of the Student Union, Pang Shuo, deputy secretary of the Communist Youth League General Branch, and other student cadres.
With the rapid development of information technology characterized by digitalization, networking and intelligence, we should do a good job in network security. Network security is a relative and dynamic concept, involving a wide range. Almost all fields in the real world can access the Internet, which determines the arduousness, complexity and long-term nature of maintaining network security. When politics, economy, culture and military are all in the open cyberspace, although the influence is multiplied, the risk coefficient is also increased in direct proportion. Protecting network security is no longer a specific field, and its comprehensiveness, complexity and variability can not be ignored. The network is not safe once and for all. Protect network security and make the network clear.
In this network security publicity activity, the leaders of our hospital first popularized the common sense of network security for us, and then taught us how to be alert to network fraud by analyzing various cases. The leaders of our hospital emphasized in the activity: "The development trend of Internet technology tells us that technological innovation can benefit the country and the people, and it can also harm the world. The justice and evil, security and danger of the network are constantly struggling, and the object of network harm is nothing more than people. In the final analysis, the foothold of guarding network security is still in us. " I believe that under the careful propaganda and guidance of the leaders of our college and the active cooperation of the students, our classmates will realize the importance of network security more deeply.
This network security publicity activity has improved students' safety awareness and made network security and network civilization deeply rooted in people's hearts. I believe that in the future, while safeguarding their own interests, students will also strive to become propagandists and practitioners of network security and contribute to creating a healthy and civilized network environment for * * *!
Report on the rectification of network security risks 6. After receiving the Notice of Rectification of Information System Security and Other Guarantees from your company, the leaders of our hospital attached great importance to it and instructed the Information Department to carry out rectification as required. The rectification situation is now reported as follows.
First, the general situation of network security level protection in our hospital
According to the requirements of higher authorities and industry authorities, our hospital attaches great importance to and carries out the work related to network security level protection, mainly including information system sorting, classification, filing, level protection evaluation, safety construction rectification and so on. At present, the main information systems in our hospital are: integrated business information system. Integrated business information system is a collection of core medical business information systems of Shangcheng County People's Hospital. The functional modules of the system mainly include hospital information system (HIS), laboratory information system (LIS), electronic medical record system (EMRS) and medical image information system (PACS). Hospital information system (HIS), laboratory information system (LIS) and electronic medical record system (EMRS) were developed and built by Fujian Hongyang Software Co., Ltd. with technical support. The medical image information system,
On 20xx 1 1, our hospital has completed the grading, filing, grading protection evaluation and expert evaluation of the integrated business information system. The system security protection level is Grade II (S2A2G2), and the rating protection evaluation institution is Henan Tianqi Information Security Technology Co., Ltd., and the rating protection evaluation conclusions are basically the same, with a comprehensive score of 76.02. During the evaluation process, the Information Department has rectified the security problems that can be rectified immediately according to the suggestions of the appraisers, such as server security reinforcement, access control policy adjustment, installation of anti-virus software, and addition of security products. At present, our hospital is carrying out the evaluation of network security level protection of portal websites.
Second, the rectification of security issues
The information system security issues involved in this rectification report are the contents of hospital information system evaluation feedback entrusted by our hospital in 20xx 1 1, mainly including application server, database server operating system vulnerabilities and Oracle vulnerabilities. In view of the loopholes in the application server system, our hospital communicated with the security company in time. After the communication, some system services and ports were closed, and the necessary system upgrade package was updated to deal with it in time. In view of the security vulnerabilities in Oracle database, we communicated with security companies and software vendors. Our HIS system was put into use at the end of 20xx, and the database version is Oracle 1 1g, which was put into operation earlier, and the vulnerabilities were not fixed in time when deployed in the intranet environment.
After testing, software developers found that fixing Oracle database vulnerabilities will affect the normal operation of HIS system, and there are unknown risks. In order to ensure the safe and stable operation of the information system and reduce the security risks faced by the information system, we mainly take measures to reduce the risks caused by database security vulnerabilities, such as controlling database access rights, cutting off unnecessary connections with servers, and limiting the permissions of database administrators. The specific measures are as follows: first, different technicians should master the management authority of database server and database respectively; The second database server only allows application servers with business needs to connect, and the daily management database adopts local management mode, and the database does not provide remote access; Thirdly, the security of the database is strengthened, such as setting strong password, turning on the log audit function, and disabling the default user of the database.
Our hospital attaches great importance to network security. The hospital network has been equipped with firewall, gas wall, intrusion prevention, online antivirus software, desktop terminal management and other security products, and is purchasing security products such as gateway, fortress machine and log audit. At the same time, the hospital network security team was established, and three technicians were responsible for network security management, which greatly improved the network security management level of our hospital.
"Without network security, there is no national security". As the medical treatment center of the county, the hospital always puts information network security and medical safety in the first place, closely follows the development of the hospital and the needs of the situation, scientifically and effectively promotes the construction of network security, and accepts the supervision and management of competent departments at all levels.