School network and information security management emergency plan

In order to ensure the normal use of the network, give full play to the role of the Internet in the information age, and promote the healthy development of educational information, according to the State Council's "Internet Information Services Management Measures" and relevant regulations, this plan is specially formulated to properly handle the hazard network and Information security emergencies to minimize the impact of emergencies and the spread of harmful information.
First, the emergency response to the network and information security emergencies
1. If a network management center such as a virus, Trojan, or hacker is found in a local area network, the network connection between the local area network and the external network should be cut off immediately. If necessary, disconnect the computers in the office to prevent external strings and strings.
2. When an emergency occurs on a campus network or a server with an external IP address, the school should immediately disconnect the external network and disconnect the nodes in the school if necessary; If it occurs on the off-campus rental space, contact the renter immediately to close the leased space.
3. If harmful information or data is found to be tampered with on an externally accessible website, mail, etc., immediately disconnect the server's network connection so that the external is inaccessible. Prevent the spread of harmful information.
4. Take appropriate measures to completely remove them. If harmful information is found, it will be deleted in time after the relevant records are retained, and reported to the Municipal Education Bureau and the Public Security Department.
5. Recover the use of the network after ensuring that the full problem is resolved.
Second, safeguard measures
1. Strengthen leadership, improve institutions, and implement network and information security responsibility systems. Establish a network and information security management leadership team led by the supervisor and set up a security officer. Clear job responsibilities and implement safety responsibility system; interactive columns such as bbs and chat rooms should be equipped with preventive measures and special personnel management.
2. The local area network is managed and maintained by the network management center. Others are not allowed to dismantle the equipment and arbitrarily pick up the terminal equipment.
3. Strengthen safety education, enhance safety awareness, and establish a concept that everyone is responsible for Internet and information security. The lack of security awareness is the main cause of cybersecurity incidents. Schools should strengthen their network security education for teachers and students, enhance network security awareness, and link network security awareness with political awareness, responsibility awareness, and confidentiality awareness. In particular, students should be instructed to improve their ability to identify harmful information and guide them to healthy use.
4. Do not close or cancel the firewall. Keep the firewall system management password. Install anti-virus software on each computer and update the virus code in time.