In order to stabilize the national politics, economy and society, standardize Internet information service activities, promote the healthy and orderly development of Internet information service, and make the Internet better serve the teaching, teaching and research, administrative departments, teachers and students of our school, these measures are formulated under the guidance of the computer network security leading group of our school.
I. Safety Organization and Management
1. The computer network security leading group headed by the president of our school is responsible for the network security management of the whole school; The leaders of all departments are responsible for the network security management of their own departments; The network information security officer is responsible for checking and implementing the network security management of all campus network users.
2. All computers in the campus network are not allowed to set restrictive passwords such as power-on passwords at will. If necessary, it must be approved by the school network security leading group and registered in the network center.
3. Only the person in charge of security or the security officer has the right to set or modify the privileged password of the system.
4 where the use of public computers to access the Internet, the use of public Internet accounts department, must set up a special online registration book. Internet users must carefully register the starting and ending time and account number of each surfing, and may not modify or tear up the registered content. At the end of each semester, the registration book should be submitted to the network center to ensure that the records are kept for more than 60 days.
5. The person in charge of safety shall review the daily violation report, console operation records, system logs, system alarm records, system activity statistics and other safety-related data.
6. All departments should report violations to the school network security leading group, and notify relevant security leaders of all departments when violations are found in the system.
7. The construction of computer system should be synchronized with computer security work.
Second, the safety system and safety supervision
1. This security system is formulated in accordance with the Provisions on the Security Management of Computer Information System International Networking issued by the State Secrecy Bureau and in combination with the reality of our school.
2. Without the approval of the school computer network security leading group, computers shall not be used to copy and store all kinds of confidential documents; Confidential documents and disks stored after approval shall be kept as confidential documents.
3. It is forbidden to use computer network to transmit confidential documents.
4. Important programs and data files must be backed up.
5. Disks with confidential nature shall be properly kept and shall not be inquired or copied by others without approval.
6. Without the approval of the leader, the operator shall not copy, print or copy confidential documents or materials to any external unit or private person without permission.
7. Information technology teachers and network administrators shall abide by relevant laws and regulations, and shall not use technical means to obtain the required confidential documents and materials.
8. Computer network accounts shall not be lent or transferred.
9 found reactionary, pornographic, spreading rumors and other unhealthy content information, must be reported to the school computer network security leading group and the public security system within 24 hours. Deliberately browsing unhealthy websites and content, once found, cancel the online qualification and hand it over to the relevant departments for handling.
10. Users of campus network should immediately report to the school computer network security leading group when they find or may leak; When the school computer network security leading group receives a report or finds that there are leaks in the network, it shall immediately organize an investigation, urge the relevant personnel to take remedial measures in time, and supervise the relevant departments to delete all kinds of classified information in the network within a time limit.
Third, personnel management.
1. Personnel review: determine the review standard according to the security level of the computer system. For example, the system that handles important information, all staff who come into contact with the system must be examined according to the standards of confidential personnel.
2. Candidates for key positions. For example, system analysts should not only have strict political examination, but also consider their realistic performance, work attitude, moral cultivation and professional ability. Try to ensure the safety and reliability of these personnel.
3. In addition to business training, all staff must also receive the corresponding computer security course training before they can enter the system work.
4. The school computer network security leading group should regularly assess all the staff of this system from the aspects of political thought, professional level and work performance. , and promptly mobilize those who are not suitable for contact with information systems.
5. Those who are transferred, especially those who don't want to be transferred, must go through the formalities carefully. In addition to personnel procedures, the school computer network security leading group must also conduct a handover talk, stating the confidentiality obligation after handover, taking back all keys and returning all technical manuals and related materials. The system must change the password and secret lock. When I was informed of the transfer decision, I must start the above work immediately without delay.
Fourth, security measures.
1. The operating system should have perfect access control function to prevent users from accessing information beyond their authority.
2. The database must have strict access control measures, and the operation authority of part-time database administrators should be strictly controlled.
3 Protect the security and integrity of the database through physical security, backup and recovery and other technical means.
4. Analyze all illegal operations intercepted from logs or real-time terminals, find out the reasons and countermeasures, and solve and report them in time; All kinds of logs should be kept for at least 60 days.
5 school computer network security leading group should designate a person to implement unified management, supervision and control of the whole network. Without the consent of the school computer network security leading group leader, no one may change the network topology, network configuration and network parameters.
6. In addition to the basic data files that must be backed up, such as operating system, database management system and application programs. All departments must also back up data files according to their own actual conditions.
7. Restrict non-essential personnel from entering and leaving the network control center.
8. When the key of key parts such as the network center is lost, it must be reported to the campus network security leading group within 12 hours, and the door lock should be replaced within 24 hours.