Information security check summary report

Information security check summary report

City Information Office:

In order to further strengthen the information security work level of our bureau, according to the “Information of Hebi Municipal People's Government on Printing and Distributing the Responsibility Targets for 2019” and the “Hebi City Informationization Work Leading Group Office” on the issuance of 2019 informationization responsibility targets The Notice of Measures has established the system of “Heihe City Archives Network Security Management System”, “Hebi City Archives Computer Information System Security and Secrecy Management System”, and “Hebi City Archives Bureau Secret Personnel Management System” and other systems are strictly enforced. The information management personnel of the bureau are responsible for the security management of the information system, password management, and the prohibition of leakage. Further improve the service level of website construction, the website layout and technical standards are qualified, the content is updated in time, the bureau leaders take the lead in online learning and propose new requirements for website construction; complete the domain name registration and standard management of the website; timely handle the matters related to the bureau of the mayor; Reproduce the major activities and decision-making deployment information of the municipal party committee and the municipal government, and promptly feedback the implementation of the decision-making and deployment of the superiors. The level of information disclosure on the website has been further improved. The government affairs disclosure column has been opened. According to the requirements of government affairs disclosure, the deputy director of the office is responsible for reviewing content and confidentiality, and actively and timely publicizing the major activities, development plans, policy implementation and other information of the unit. The special person has been updated frequently, and the staff and the public have responded well.

2. Implementation of safety precautions:

The classified computer has passed the information system security technology check and installed a firewall. At the same time, the professional anti-virus software is installed and installed, which enhances the effectiveness in anti-tampering, anti-virus, anti-attack, anti-mite and anti-leakage.

The classified computer information system has been established, and it is physically isolated and not connected to the Internet. No one other than the use and management of the person can contact or view the classified computer information system. It is forbidden to save or transfer any classified files and internal sensitive information in non-confidential computers and information systems. All classified files and internal sensitive information are kept in the classified computer information system. The classified computer information system is equipped with a separate mobile storage medium. It does not use mobile storage media in other offices in the office. It is forbidden to use all removable storage media with unknown or non-antivirus.

In addition to the wireless local area network used in government information disclosure, all other hardware facilities of the bureau use wired connections, effectively avoiding the leakage of information in the wireless local area network.

When installing anti-virus software, each room should use the anti-virus software approved by the competent national authority to check poison and anti-virus in a timely manner. It does not use carriers such as software, floppy disks, CDs, and flash drives that are unknown or anti-virus, and do not visit illegal websites. Strictly control and block the source of the virus. The flash drive outside the unit may not be carried into the unit. The computer normally uses the MFP in the local area network for printing, scanning, etc., all of which are public and not confidential.

3. Construction of emergency reverberation mechanism:

A preliminary emergency plan was formulated and is in the process of continuous improvement.

Regularly back up information system data to reduce or eliminate the impact of various disasters on normal operations.

4. Application of information technology products:

Use firewalls, security gatekeepers and intrusion detection systems to effectively protect information systems.

5. Information security education and training:

The Office has continuously strengthened the safety training for computer users, strengthened the ability of each user to use the network safely, raised the awareness of security, and registered the users and IP addresses of each networked computer.

Organize personnel to participate in network security officer training. Enhance the awareness of information security protection of internal personnel and effectively improve the information security protection capabilities of the bureau.

Second, the main problems found in the information security inspection and rectification

1. Current problems:

The rules and regulations system was initially established, but it was not perfect enough to cover all aspects of information system security.

Many information systems users are not aware of security and lack initiative and consciousness in management.

There are fewer network security technology management staff and limited investment in information system security.

2. Corrective measures:

Re-examine the safety strategy and safety system in all aspects of the rules and regulations, and re-edit and modify the imperfect parts, effectively enhance the implementation of the information security system, and check the implementation of the security system from time to time.

Continue to strengthen the education of personnel's safety awareness and improve the initiative and consciousness of personnel safety.

Increase the timely maintenance and maintenance of lines, systems, etc., and increase the intensity of updates. Improve the modernization level of safety work, and further strengthen the prevention of computer information system security and information system security work.

Third, opinions and suggestions on information security inspection work

1. Strengthen the training of information network security technicians so that security technicians can update the information network security management knowledge in a timely manner.

2. Strengthen the information security awareness of personnel and continuously strengthen the level of information system security management and technical prevention.

Information security check summary report

According to the archives of Nanxin Lianfa [XX] No. 4 file "Notice on Launching the Special Inspection of Information Security and Network Management of the E-Government Network of the City", the bureau actively organizes implementation and carefully compares the construction of network security infrastructure. The situation, network security technology and network information security and confidentiality management were self-examined, and the network information security construction of the Office was deeply analyzed. The self-inspection report is as follows:

I. Strengthening leadership and setting up a network and information security work leading group

In order to further strengthen the security management of the global network information system, the bureau set up a leading group for the security and confidentiality of the network and information system. The director is the head of the team and has an office to make the division of labor clear and the responsibility specific. Ensure that network information security work is implemented smoothly.

Second, the status quo of our network security

Since 1997, the automation of statistical information construction has been gradually developed from the original small-area network to a four-level interconnection network with the National Bureau, the Autonomous Regional Bureau, and the County and District Bureaus. The network core uses Cisco 7600 and 3600 switches, the data center uses 3com4226 switches, and the aggregation layer uses 3com4226 switches, Cisco 2924 switches and Lenovo Tiangong ispirit 1208e switches, providing a total of more than 150 wired access points. So far 80 have been used. about. The backbone of the data center is Gigabit switched, and 100 megabytes are switched to the desktop. The Internet outlet is uniformly provided by the Municipal Information Office, which is a double-hundred megabit fiber; it is directly connected with the Autonomous Region Statistics Bureau with 2 megabits of fiber. The county and district statistical bureaus and the three development zone statistics bureaus use the Tianrongxin VPN virtual private network software. From the Internet connection to the network of the autonomous regional statistical office, the vpn entrance has a total bandwidth of 4 trillion, and then connected to our office. In terms of horizontal aspects, the Municipal Bureau of Statistics and the government network have been actively promoted. At present, optical fiber connections have been achieved with more than 100 municipal party and government departments and 12 county and district governments. Our office uses Tianrongxin hardware firewall to protect the network, using Weiss network isolation card and file bulletproof clothing software to protect the key computer from the stand-alone computer, install the genuine Kingsoft Internet Security version of the anti-virus software, and carry out virus prevention on the global computer. .

Third, the network information security management of our bureau

In order to do a good job in information construction and standardize statistical information management, the bureau has specially formulated the "Information System and Regulations of the Municipal Statistics Bureau", for information management work, internal computer security management, computer room management, computer room environmental security management, and computer. And network equipment management, data, data and information security management, network security management, computer operator management, website content management, website maintenance responsibilities, etc. have detailed provisions, further standardizing the information security management of the Office .

In response to the confidentiality of computers, the Office has formulated the "Secret Computer Management System", and the computer users have signed the "Responsibility Book for Computer Confidential Jobs of the Municipal Statistics Bureau", and the use of computers to "who is responsible for who uses"; Strict and standardized management of data generated by our regional network.

In addition, the Office organizes relevant computer security technology trainings every year in a global scope. The comrades of the computing stations also actively participate in the Municipal Information Office and other computer security technology training, improving network maintenance and security protection skills and awareness, and effectively protecting me. The office statistics network is running normally.

Fourth, the lack of network security and corrective measures

At present, the network security of our office still has the following shortcomings: First, the awareness of security and prevention is relatively weak; second, the ability of virus monitoring needs to be improved; third, the handling of unexpected incidents such as malicious attacks and computer virus attacks is not timely enough.

In view of the shortcomings in the current network security of our office, the following points are proposed:

1. Strengthen the training of computer operation technology and network security technology of our bureau, and strengthen the awareness of computer operators on the prevention of network viruses and information security.

2. Strengthen the study of computer technology and network technology among the comrades in the computing station of our bureau, and continuously improve the technical level of the computer administrators of our bureau.

Information security check summary report

According to the spirit of the “Notice of the General Office of the State Administration of Radio, Film and Television on Implementing the Notice of the General Office of the State Council on Launching Network and Information Security Inspections in Key Fields”, our platform will provide network and information security to our network under the unified deployment of Qingdao Wenguang New Bureau. Self-examination was carried out and the report is as follows:

I. Information security self-inspection work organization development

1. Established an information security inspection action group. The head of the team is the leader of the team, the leader is the deputy leader, and the responsible person of the relevant department is the action team of the team member. It is responsible for the overall command, investigation and filling of relevant reports and documentation retention of the important information system of the whole station.

2. The information security inspection team conducted item-by-item investigation and confirmation according to the actual situation of the network and information system, and comprehensively checked and analyzed the self-inspection results, which improved the control of the network and information security status of the whole station.

Second, information security work

1. On August 6th, complete the self-inspection work of the information system, and research and develop the self-examination implementation plan. According to the business requirements and network boundary security, the hard disk broadcast system, the nonlinear editing system, and the XX cable TV The transmission system is comprehensively combed and comprehensively analyzed.

2. On August 7th, a detailed self-checking work was performed on the hard disk broadcast system, the nonlinear editing system, and the XX cable television transmission system.

System security self-checking basic situation

The hard disk broadcast system is a real-time system with a high impact on the main business. At present, there are 5 DELL servers, 2 HP servers, and 2 cisco switches. The operating system uses windows system, the database uses SQLServer, and the disaster recovery situation is data-level disaster recovery. The system is not connected to the Internet.

The non-linear editing system is a non-real-time system with a high impact on the main business. At present, there are 6 DELL servers and 1 Huawei switch. The gateway uses UNIX operating system, the database uses SQLServer, and the disaster recovery situation is data disaster recovery. The system is not connected to the Internet. The security protection policy adopts the default rules.

The XX cable TV transmission system is a real-time system with high impact on major services. The disaster recovery situation is data disaster recovery. The system is not connected to the Internet.

Safety management self-inspection

In terms of personnel management, a full-time information security officer is appointed, and an information security management organization and an information security full-time working organization are established. All key personnel signed a safety and confidentiality agreement, and formulated the "Safety Provisions for Persons to Leave the Job" and the "External Personnel Access Approval Form".

In terms of asset management, a designated person was assigned to manage assets, and the Asset Management System, Equipment Maintenance, Maintenance and End-of-Life Management System was improved, and the Equipment Maintenance and Maintenance Record Form was established.

In terms of storage media management, the "Storage Media Management System" was improved, and the "Storage Media Management Record Table" was established.

, network and information security training

The “XX City Radio and TV Station Information Security Training Plan” was formulated. In the first half of 2019, information security education and training was organized twice, and 40 people received information security training, and 20% of the station units. Organize information security management and technical personnel to participate in professional training 4 times.