1. Data security work report
According to the spirit of the notice issued by our bureau and our instructions on doing a good job in information system security, our bureau leaders attached great importance to it and immediately organized relevant departments and personnel to carry out information system security inspection in the overall situation. According to the requirements of the notice, the report is as follows: (1) Construction of safety system.
According to the information system construction plan of our bureau, in 20xx, our bureau formulated the relevant management regulations and measures for computer network and information work in the market. Establish a pyramid information security management model with department leaders as the competent leaders, department offices as the link and information departments as the executive backbone. As early as in the market place, a full-time network management department and full-time staff were set up to be responsible for the information construction, network security management and equipment maintenance of the trading hall and affiliated office buildings. The specific responsible personnel are all professional and technical personnel. At present, there are two people who are responsible for the support of intranet and extranet and equipment respectively. Among them, 1 person has received full-time network security training according to the unified requirements of the whole city, and signed a confidentiality agreement as required, which has been filed with relevant government departments. The basic network security work system and working mechanism have been formulated to standardize the information network security management. Information management personnel can carry out their work in strict accordance with the confidentiality responsibility system and information reporting management measures. In view of the current and future information security work, the leaders of the Ministry attach great importance to it, and actively organize and arrange information security work by drawing lessons from previous security work experience and future development trend. In the future work, the Marketing Department will continue to strictly enforce the system, strict requirements, strict management and earnest work to ensure the safe and stable operation of the information system, and resolutely implement the management principle of "whoever manages is responsible, whoever operates is responsible, and whoever uses is responsible".
(2) Implementing safety precautions.
1. In order to reduce information security accidents as much as possible, our bureau has established corresponding network protection measures, with firewall and antivirus software as the core, providing security for intranet network servers and the whole LAN. At the same time, through the form of service outsourcing, with the help of the higher professional level of professional companies, we have further strengthened the safety management measures of external network construction, and improved the safety performance of our internal and external networks as a whole.
2. All the working computers in our office are implemented according to the requirements of the network security isolation system. At the same time, the anti-virus software of key computers has been upgraded and patched, the account and password of the server have been changed regularly, and the application and service loopholes on the server have been sorted out and repaired.
3. Ensure that professionals are on standby 24 hours a day, and can respond to any situation that may endanger information security in time and deal with it effectively.
(3) Construction of emergency mechanism.
At present, our bureau has realized the basic work of internal network data dual-machine hot standby and external network data regular backup, and the staff can skillfully carry out data disaster recovery. We are fully capable of quickly and properly responding to possible major information security incidents. In view of the spirit of this notice, our bureau is prepared to continue to strengthen the system construction and education of information security, continue to strengthen the awareness of information security work from top to bottom, correct the attitude of information security work, and strictly enforce the discipline of information security work.
(4) Safety education and training.
Our bureau has conducted education and training on information security for employees for many times, with 1 senior information management engineer (CIO). In order to master the information management skills of ordinary employees, theoretical study and practical operation ability training are conducted regularly, so as to continuously improve the safety awareness and skills of all employees.
(V) After this information system security self-inspection, the weak links and loopholes in information security are mainly reflected in the following aspects:
1. Some core switching devices are aging, and there are potential safety hazards. Many equipments have been used for more than 8 years.
2. There are still some shortcomings in the system. The background maintenance and foreground business overlap to some extent, which does not meet the most basic requirements of information security.
3. The virus database of some computer antivirus software failed to be updated in time.
4. For various reasons, some website systems still have website security vulnerabilities. We will solve the above defects as soon as possible.
(VI) In order to implement the spirit of the notice, the leaders of the Ministry attached great importance to it, personally organized a major inspection of information security, and resolutely implemented the management principle of "who is in charge, who operates and who uses" in dealing with violations of information security regulations and leaks. After self-examination and self-correction, there is no violation of information security regulations and leakage accidents in our bureau.
2. Data security work report.
According to the document "Notice on Carrying out Network and Information Security Inspection in Key Areas of the City in 20xx" (Gong Hong Letter No. 20xx 177), the leaders of our bureau attached great importance to it and immediately organized a global information system security inspection. According to the requirements of "Regulations on Security Protection of Computer Information System in People's Republic of China (PRC)" and "Guidelines for Security Inspection of Information System of xx Municipal Government", our bureau has carefully organized and carried out the self-inspection of information security management of government websites, and now the situation is reported as follows: since the operation of our information system, we have been able to actively improve various security systems in strict accordance with the requirements of superiors, fully strengthen the education and training of information security staff, fully implement security precautions, and fully guarantee the funds for information security work. Information security risks have been effectively reduced, emergency response capabilities have been effectively improved, and the sustained, safe and stable operation of government information systems has been ensured.
I. Implementation of Information Security System
1. Establish a management organization. Our bureau set up a leading group for information security and confidentiality management in 20xx. After the adjustment in 20xx, the director xx served as the team leader, and the associate researcher xx was in charge of information security. The person in charge of each department is a member, the office is located in the bureau office, and the designated personnel are responsible for handling the daily work.
2. Establish a sound information security system. Our bureau has specially formulated the rules and regulations related to informatization, and made detailed provisions on informatization management, internal computer security management, computer and network equipment management, data and information security management, network security management, computer operator management, website content management, website maintenance responsibility, etc., which further standardized our bureau's information security management. And this year, the information security system was revised, and the system was improved to ensure the security protection measures of government information systems.
Second, the daily information security management
1. In the process of information collection and uploading, the office will coordinate, and all offices and subordinate units will report information to the bureau office in a unified way, which will be uploaded and released after being audited by the bureau office, thus ensuring the accuracy and safety of information uploading, and implementing the management principle of "whoever is in charge is responsible, whoever operates is responsible, and whoever uses it is responsible".
2. Our bureau strictly sends and receives documents, improves the system of counting, sorting, numbering and signing, and requires information administrators to make regular system-wide backups.
3. Every confidential computer in our bureau is managed by an independent internal network, and it is not in contact with the external network. Firewall and antivirus software are all made in China. The official document processing software specifically uses Microsoft office system and Jinshan WPS system, and the third-party service outsourcing of information system is a domestic company.
4. In order to ensure the effective and smooth development of the network information security work of our bureau, our bureau requires all departments and subordinate units to seriously organize and study the relevant laws, regulations and knowledge of network information security, so that all staff can correctly understand the importance of information security work, master the requirements for safe use of computers, and correctly use computer networks and various information systems. All employees signed the network information security book.
Third, the implementation of safety precautions
1, the network system of our bureau has a reasonable structure and configuration, and complies with relevant safety regulations; All kinds of hardware equipment, software and network interfaces used in the network were put into use only after passing the safety inspection and appraisal, and they have basically operated normally since installation.
2. I implement the leadership review and signature system. Any information uploaded to the website must be reviewed and signed by the relevant leaders before uploading; Conduct regular security checks, mainly to supervise SQL injection attacks, cross-site script attacks, weak passwords, operating system patch installation, application patch installation, antivirus software installation and upgrade, Trojan virus detection, port opening, system management authority opening, access authority opening, webpage tampering, etc., and carefully keep a system security diary.
3. Our bureau earnestly pays attention to the "five-layer management" of intranet, extranet, website and application software, ensures that "confidential computers are not connected to the Internet, and computers connected to the Internet are not classified", and handles the management, maintenance and destruction of CDs, hard disks, USB flash drives and mobile hard disks in strict accordance with confidentiality requirements. Focus on the "three major security" investigations: First, hardware security, including lightning protection, fire prevention, theft prevention and power connection; The second is network security, including network structure, security log management, password management, IP management, online behavior management and so on. The third is application security, including website, resource management and software management. The confidential computer is managed by a special person. Official documents, finance, personnel and other systems are managed by special personnel.
3. Data security work report.
Our bureau opened the website of xxx medical insurance network in May of 20xx. Among them, medical insurance trends, open government affairs, policies and regulations, work guides and other columns are set up, and special personnel are responsible for updating and maintenance. Up to now, 302 pieces of information have been updated. Since the opening of the website, the Information Network Section has been responsible for uploading and publishing all the policies, systems and commonly used forms that people care about to the website, and actively carrying out interactive exchanges such as online office and online Q&A, which provides a fast and efficient way for designated medical institutions and insured persons to understand policies and handle matters. I. Computer information management
Since the beginning of this year, our bureau has strengthened organization and leadership, strengthened publicity and education, implemented work responsibilities, strengthened daily supervision and inspection, and managed classified computers well. Used to manage computer magnetic media (floppy disk, U disk, mobile hard disk, etc.). ), take special personnel to keep confidential files alone, and it is forbidden to bring magnetic media containing confidential contents to computers on the Internet to process, store and transfer files, thus forming a good security and confidentiality environment. Confidential computers (including notebook computers) have been physically isolated from the Internet and other public information networks, and security measures have been implemented in accordance with relevant regulations. So far, there has been no computer compromise or leakage accident; Other non-confidential computers (including laptops) and network use have also implemented relevant measures in strict accordance with the management measures of the bureau's computer security information system, ensuring the information security of the agency.
Second, the computer information network security situation
1 is about network security. Our bureau is equipped with anti-virus software and network isolation card, and has taken security protection measures such as strong password, database storage and backup, mobile storage device management and data encryption. , clear the responsibility of network security, strengthen the network security work.
2. Whether the information system security implements the system of leadership review and approval. Any information uploaded to the website must be reviewed and signed by the registry before uploading; The second is to carry out regular security checks, mainly supervising SQL injection attacks, cross-site scripting attacks, weak passwords, operating system patch installation, application patch installation, anti-virus software installation and upgrade, Trojan virus detection, port opening, system management authority opening, access authority opening, webpage tampering, etc., and earnestly keeping a system security diary.
3. In daily management, do a good job in the "five-layer management" of extranet, website and application software, ensure that "confidential computers and business private networks are not connected to the Internet, and computers connected to the Internet are not classified", and manage, maintain and destroy optical disks, hard disks, USB flash drives and mobile hard disks in strict accordance with confidentiality requirements. Focus on the "three major security" investigations: First, hardware security, including lightning protection, fire prevention, theft prevention and power connection; The second is network security, including network structure, security log management, password management, IP management, online behavior management and so on. Third, application security, including website, email system, resource management, software management, etc.
Three. Operation and maintenance of hardware equipment
Every terminal in our bureau has installed anti-virus software and application specifications of system-related equipment. The use of hardware equipment conforms to the relevant national product quality and safety regulations, the unit hardware operation environment meets the requirements, and the basic equipment such as printer accessories and ribbon racks are original products; Since the beginning of this year, our bureau has actively implemented special funds for network security, equipped with network security hardware equipment, upgraded application servers and strengthened network security measures. At present, the website system is safe and effective, and there have been no security risks.
Our bureau implements the management system of "who uses, who manages and who is responsible" for computers and their equipment. In terms of management, the first is to adhere to the principle of "managing people by system". The second is to strengthen information security education and improve the computer skills of cadres and workers. At the same time, the publicity of network security knowledge is carried out in the bureau, so that all cadres, workers and end users can deeply understand the importance of information network security and improve their consciousness and safety awareness of consciously maintaining network security applications. In terms of equipment maintenance, our bureau has specially set up a network equipment fault register and a computer maintenance table to register equipment faults and maintenance and deal with them in time. For foreign maintenance personnel, it is required to be accompanied by relevant personnel, and their identity and handling situation should be registered to standardize the maintenance and management of equipment.
Four. Formulation and implementation of safety system
Our bureau has relevant requirements for website security. 1. Log in to the background with a password lock with exclusive authority; Second, upload files in advance to detect pathogens; Third, the website adopts module and authority maintenance, and regularly enters the background to clean up junk files; Fourth, the website is updated by a special person. In order to ensure the safety of computer network, the network administrator system, computer security system, website security management system and emergency plan for network information security emergencies have been implemented, which effectively improved the work efficiency of administrators. At the same time, according to its own situation, our bureau has formulated management systems such as computer system safety self-inspection system, information system internal control system and information system emergency plan, and achieved four guarantees: first, system administrators regularly check the central computer system every Friday to ensure that there are no hidden dangers; The second is to make safety inspection records to ensure the implementation of the work; The third is to implement the system of regular inquiry by leaders, and the system administrator reports the use of computers to ensure that the situation is always grasped; Fourth, regularly organize global personnel to learn network knowledge, improve the level of computer use, and ensure prevention.
Problems existing in self-examination of verbs (abbreviation of verb) and suggestions for rectification
We found some weak links in the management process, and will improve in the following aspects in the future.
(a) for irregular lines, exposed, immediately rectification lines within a time limit, and do a good job of rat prevention and fire safety.
(two) to strengthen equipment maintenance, timely replacement and maintenance of faulty equipment.
(3) During the self-examination, it was found that individual personnel were not aware of computer security. In the future work, we will continue to strengthen computer security awareness education and prevention skills training, so that employees can fully realize the seriousness of computer cases. Combine civil air defense with technical defense, and do a good job in network security of the unit.
4. Data security work report.
Since the operation of the government information system, our bureau has actively improved various security systems in strict accordance with the requirements of superiors, fully strengthened the education and training of information security staff, fully implemented security precautions, and fully guaranteed the funds for information security work. Information security risks have been effectively reduced, emergency response capabilities have been effectively improved, and the sustained, safe and stable operation of government information systems has been ensured. I. Basic information
Since 20xx, in order to ensure the smooth development of information work, our bureau has invested a total of 654.38 million yuan to purchase office computers for information work for all directly affiliated units and stock rooms in the bureau. At the same time, an information administrator is appointed in each unit to be responsible for uploading information to the bureau information center and daily maintenance of the computer. So far, there are 24 office computers for information work in the world, including 65,438+06 information workers.
Second, the information security system operation
First, strengthen leadership and clarify the division of responsibilities. A leading group was established with the director as the team leader, the secretary of the Bureau of Discipline Inspection as the deputy team leader, and the heads of all units and subordinate units as members. There is an office under the leading group, with the secretary of the Bureau of Discipline Inspection as the director of the office and two comrades with rich computer knowledge and strong sense of responsibility as members of the office, who are specifically responsible for security maintenance. A sound organization and a clear division of labor have laid a solid foundation for the safe operation of government information systems. Second, actively establish and improve the information release system. In the process of information collection and uploading, the information work leading group office shall coordinate, and all units and subordinate units shall report the information to the bureau office in a unified manner. The responsible comrades in the bureau office reported the collected information to the leaders in charge for review, and finally uploaded it for release, ensuring the accuracy and safety of information uploading. The third is to continuously increase investment in security. Since last year, we have invested more than 30,000 yuan to buy genuine Rising antivirus software and ordered nearly 10 professional protection books. Fourth, the rules and regulations of informatization work have been specially formulated, which have made detailed provisions on informatization management, internal computer security management, computer and network equipment management, data, data and information security management, network security management, computer operator management, website content management, website maintenance responsibility, etc., further standardizing the information security management of our bureau. Fifth, in addition to requiring computer managers to actively participate in computer security technical training organized by the county information office, information personnel are arranged to study and train in Xi 'an and Xianyang every quarter, which effectively improves the security awareness of information technology personnel and the ability to maintain system security, and promotes the normal operation of the information network system of our bureau. Sixth, the duty system should be established, and technicians should monitor and manage the website information to prevent reactionary, cult and other harmful information. So far, no harmful information intrusion has occurred, and the network runs stably and safely. Seventh, update the system and software in time, back up important files and information resources in time, and recover data.
Third, there are shortcomings.
First, there are fewer professional and technical personnel, and the power to invest in information system security is limited; Second, the rules and regulations system has been initially established, but it is still not perfect, failing to cover all aspects of information system security; Third, it is not timely to deal with emergencies such as computer virus attacks.
Fourth, the direction of rectification.
First, we should further expand the training of computer security knowledge. In addition to training departmental information officers, it is also necessary to organize regular training for information officers of subordinate units. When necessary, relevant professionals can be recruited among college graduates.
Second, we must earnestly strengthen the implementation of the information security system, set up an information security supervision agency, and check the implementation of the security system from time to time. For units and individuals who are slow in action and fail to effectively implement the adverse consequences, the responsibility of the relevant responsible persons should be seriously investigated and the awareness of personnel safety protection should be raised.
Third, based on the system, while further improving the information security system, we should arrange special personnel and improve facilities to closely monitor and solve possible information system security accidents anytime and anywhere.
5. Data security work report.
Xxxx (hereinafter referred to as xxx) has carried out relevant secrecy work in accordance with the relevant national secrecy laws and regulations and the secrecy requirements of higher authorities such as xxx, xx and xx, and the situation is hereby notified as follows: 1. Basic information.
At present, there are 29 daily office desktop computers in the center, including 4 confidential computers (none of which are networked), 8 networked computers 18, and 7 unconnected computers. 14 laptop.
According to the management requirements, the network room and comprehensive room of the station are responsible for the security management of computers and networks, formulate relevant rules and regulations such as confidentiality regulations and Internet access management regulations, conduct regular or irregular security inspections, implement physical isolation measures for classified computers, and manage and use desktop computers in different departments; Laptop computers are classified and managed according to the purpose of use, managed and maintained by the network room of the station, and the use and return registration system is implemented.
In order to strengthen confidentiality and information security, the center also purchased a hardware firewall and network security protection software at the end of 20xx, which basically solved the problems of network attacks and the spread of viruses and Trojan hacker software in the local area network.
Second, the existing problems
Although the center has continuously improved the management requirements from the system and strengthened the investment in hardware equipment, there is still a big gap from the full realization of information security monitoring and protection.
(a) Insufficient computer and network equipment
According to the nature of work and the number of staff in the center, there is a serious shortage of computers in the center at present. In case of centralized overtime, inter-departmental adjustment is needed. A large number of public computers have caused difficulties in management, and there are great problems in information confidentiality, security, anti-virus and Trojan horse. Trojan horses and viruses spread through mobile media such as USB flash drives from time to time. Although network protection software can find and deal with it in time, it lacks security control equipment for anti-scanning detection, so potential threats are difficult to find and hidden dangers still exist.
(2) The management level and personnel quality need to be improved.
Because there are many computer users, computers are not used by special personnel, which often causes system damage or poor operation, and brings many problems to managers. However, there are no specialized computer professionals in the center, which are part-time, with limited professional and technical level, and the management level and personnel quality need to be improved urgently.
(C) a serious shortage of funds
According to management requirements, most central computers should be separated from internal and external networks. However, due to insufficient funds, the annual budget can only basically meet the needs of computer updating, not to mention supplementing and perfecting, and meeting the needs of work. On the network side, firewall and network protection software are faced with the problem that they need to invest money to update their versions and virus databases every year.
(d) Lack of security software and equipment.
When the computer hard disk is damaged and needs to be replaced, there is no special degaussing equipment to deal with the hard disk. In addition, according to the management requirements, some reports need to be transmitted remotely, but there is a lack of unified special encryption software, and there are security risks in sending them through the public network.
Third, the next work plan
According to the above problems, I, xxx, plan to increase the budget of computer and network security in my future work, and arrange relevant personnel training and purchase relevant equipment and software, hoping to get strong support from xx Bureau and xxx.