First, strengthening security awareness and attaching great importance to information security are prerequisites for ensuring the safe operation of government network information systems.
At present, most e-government information systems adopt open operating systems and network protocols, which have inherent security risks. Network attack, hacker invasion, virus flooding, system failure, natural disasters, network theft and illegal operation by insiders all pose a great threat to the security of e-government. Therefore, information security is a long-term task related to the overall situation of national economy and social informatization.
We should conscientiously implement the spirit of "focusing on e-government construction and focusing on network and information security" and the general requirements of Document No.27 [2003] of our Office, fully understand the importance and urgency of strengthening the construction of information security system, and attach great importance to network and information security work. This is a prerequisite for information security. "attaching great importance" must first be paid attention to by leaders; Only when leaders attach importance to it can information security work be put on the agenda and placed in an important position, and many problems faced by information security work can be solved in time. Secondly, by strengthening the popularization and education of network security knowledge, especially the training of network security knowledge for cadres at or above the county level, we will vigorously strengthen the awareness of security and confidentiality of civil servants, so that the publicity and education of network information security will not leave a dead end and create conditions for the safe operation of network information systems.
Two, strengthen the legal system construction, establish perfect system norms, is an important basis for information security.
To ensure the security of government network information, we must strengthen the construction of legal system and standardization of information security, and act in strict accordance with rules and regulations and work norms. As the saying goes, there is no Fiona Fang without rules, especially in information security. If we can persist in establishing legal systems and standards, improve systems and norms, and implement them well, we will minimize unsafe factors and errors, and make the government information security work continuously step up to a new level.
Therefore, first of all, we should strictly follow the existing laws and regulations to regulate network behavior, maintain network order, and gradually establish and improve the legal system of information security. Strengthen the standardization of information security, pay close attention to the formulation of much-needed information security and technical standards, and form an information security standard system with China characteristics that is in line with international standards.
Second, we must establish and improve various rules and regulations and daily work norms. According to the new situation and new problems faced by network and information security, we should closely contact the actual information security work of our unit, adhere to the principle of "blocking, supplementing and using", and promptly revise, improve and construct new rules and regulations and operating procedures for information security, effectively enhance the scientific, useful and operability of the system, and make information security work evidence-based and rule-based.
Third, we should pay attention to the implementation of safety standards and rules and regulations. With the system, it can't be shelved. Failure to act according to the system is an important cause of work mistakes and potential safety hazards. Many unsafe factors and work loopholes are caused by not following the procedures. Therefore, it is necessary to organize information workers to study relevant systems and norms repeatedly, so that they can be familiar with and master the basic contents of each system, understand the rules and methods of information security work, and consciously use the system to restrain themselves and standardize their work.
Fourth, establish and improve the supervision, inspection and incentive mechanism of system implementation. After the establishment of working procedures and rules and regulations, they must be followed and implemented in every item and paragraph of the rules and regulations. The implementation of the system mainly depends on consciousness, but there must be strict supervision and inspection. It is necessary to establish an incentive mechanism for information security work through supervision and inspection, closely combine information security work with the annual assessment and the work of "striving for Excellence", encourage the advanced and spur the backward to ensure that all information security work systems are implemented. All localities and departments shall conduct self-examination and self-correction on the implementation of this system from time to time, find problems and solve them as soon as possible.
Three, the establishment of information security organization system, the implementation of safety management responsibility system, is the key to do a good job in government information security.
The survey shows that about 80% of the actual network security problems are caused by management problems. Therefore, it is very important to establish an information security management organization, strengthen organization and coordination, play its role in overall planning, scientific management, macro-control and decision-making, strengthen information security management, and form an all-round information security management organization system.
On the one hand, we should gradually establish and improve the information security organization system. This system should include leading groups for confidentiality work established by various localities and departments; Government network and information security coordination group attended by department heads; Hire a safety consulting expert group composed of domestic and foreign safety experts. According to the needs of construction and application, it is also possible to establish corresponding information security management enforcement agencies (such as "government security center") to be responsible for the security and confidentiality of the whole government information system, including providing related services.
On the other hand, on the basis of improving the information security organization system, we should earnestly implement the responsibility system for security management. It is clear that the administrative leaders of all levels and departments (or leading comrades in charge) are the first responsible persons for information security work; As the person directly responsible for information security, the technical department director or project leader should strengthen the management of network managers and operators. Effectively manage the use of personnel, and implement A and B role management for key positions; Network managers and secret-related operators shall sign a confidentiality agreement, clarify the responsibility for confidentiality, and implement the system of holding certificates. It is necessary to train a group of compound talents with experience in information security management, enrich them to key positions, and ensure the security of government informatization.
Four, pay attention to practical results, correctly handle the "five relations" of information security, is the best choice to ensure the benefit of information security investment.
In the construction of e-government, the investment in information security often involves a lot of money. All localities and departments should closely combine their own reality, correctly handle and grasp the "five major relationships" related to information security, so as to maximize the social benefits of limited funds.
1, we should correctly handle the relationship between development and security. Development and security are the most basic and important relations in information security, from which other relations are derived. Development and security are dialectical, unified and complementary, with development as the goal and security as the guarantee. The relationship between the two is well handled, safe and secure, and the development is promoted; If it is not handled well, security will restrict and curb development. Correctly handling the relationship between development and security means accelerating development and ensuring security. Specifically, it is to ensure safety in the process of accelerating development; Accelerate development under the condition of ensuring safety. Here, we should pay attention to overcoming two tendencies: first, overemphasizing development and ignoring safety; Second, the pursuit of absolute security restricts development. Therefore, we must adhere to the development of e-government and the security of network information. In the process of e-government construction and development, we should constantly strengthen safety management, improve safety measures, and effectively ensure safety; At the same time, under the premise of moderate security and basic security, we should cultivate business needs, intensify our work and accelerate the development of e-government.
2, handle the relationship between safety cost and benefit. The relationship between cost and income comes from the basic relationship of information security, and the two are the unity of opposites and complement each other. Handle the relationship between cost and benefit, reduce safety cost and increase benefit; If the treatment is not good, the safety cost will increase and the benefit will decrease. To correctly handle the relationship between safety cost and benefit, we must adhere to comprehensive balance. According to the requirement in Document No.27 [2003] of the Central Office of the Communist Party of China that "different information development stages and different information systems have different security requirements, we must proceed from reality, comprehensively balance security costs and risks, optimize the allocation of information security resources, and ensure key points", on the one hand, we should do everything possible to reduce security investment costs, on the other hand, we should strive to improve the actual effect of security measures, ensure the security requirements of key projects and key parts, and make full use of limited security funds.
3. Handle the relationship between information security and * * * enjoyment (information disclosure and confidentiality). This also comes from the basic relationship of information security. Opening and development require information resources to be enjoyed, and the Internet provides conditions for information to be enjoyed. But information disclosure and information protection are a pair of unavoidable contradictions. To promote information construction, we should not only emphasize the enjoyment of resources, but also ensure the security of information. We should base ourselves on the big system of e-government, treat the problem of information security and resource sharing as a whole, treat it dynamically, and deal with it with a developmental vision and dialectical point of view. In this contradiction, the current enjoyment of resources is the main aspect of the contradiction. At present, the phenomenon of "digital divide" and "information island" generally exists in the construction of information resources in all parts and industries in China. In view of this situation, when dealing with the relationship between the two, we should closely focus on the main aspects of contradictions, and on the premise of ensuring national security and respecting personal privacy, focus our current work on maximizing the enjoyment of information resources, eliminating the digital divide and information islands, improving the enjoyment of information resources, and making government information resources play a greater social benefit.
4, handle the relationship between safety management and technology. The relationship between security management and technology is also one of the basic relationships in the information security system. In the information security system, security management and security technology are an inseparable unity and two sides of the same thing. Management is inseparable from technology, and technology is inseparable from management; The two are closely linked, infiltrated and complemented each other. Therefore, in the information security work, we should pay equal attention to management and technology, and combine management and technology, that is, on the premise of strengthening management, we should adopt advanced security technology and strengthen management on the basis of upgrading technology. The solution of information security problems needs technical means, but it cannot rely solely on technology. The process of informatization is actually the process of mutual integration between people and technology. How to make management and technology complement each other is very important. In this regard, we should also pay attention to preventing and overcoming the two tendencies of "emphasizing management and neglecting technology" and "purely technical point of view" We should not only attach great importance to the important role of information security technology, but also avoid falling into the strange circle of technicalism. In theory, there is no absolutely safe technology; Technology is important, but management can't be ignored. Although the statement of "three-point technology and seven-point management" is not necessarily accurate, it illustrates the importance of safety management from another angle. Therefore, we should be business-oriented, deploy security strategies from a global perspective, adopt advanced technologies, strengthen security management, closely combine the use of security technical means with strengthening daily management and improving institutional mechanisms, adhere to the development of security technical means on the one hand and the establishment and improvement of security rules and regulations on the other hand, so as to improve the security and reliability of government network information systems.
5. Deal with the relationship between emergency treatment and establishing a long-term mechanism for information security. To ensure the "long-term stability" of government networks and information systems, we must set out to establish a long-term and effective security mechanism. However, the problem of information security in the process of informatization is extensive and sudden, so we must pay attention to the handling of emergencies. In the event of network security and information security incidents that affect national interests, we must be able to take effective measures immediately to control the development of the crisis and reduce losses to a minimum.
To this end, we must first establish and improve the information security monitoring system, find and deal with emergencies in time, improve the ability to prevent network attacks, virus intrusion and network theft, prevent the spread of harmful information, and strengthen the monitoring, management and protection of government networks and information systems. Secondly, we should attach importance to information security emergency disposal, establish and improve emergency management coordination mechanism, command and dispatch mechanism and information security notification system. It is necessary to formulate and improve the information security disposal plan, strengthen the construction of the information security emergency support service team, and improve the information security emergency response capability.