#report# Introduction The hard work has come to an end inadvertently. Looking back at the work during this period, there are some problems. The self-examination report should also keep up with the pace of time. The following is a report on the progress of data security work compiled by us. Welcome to read it!
1. Report on the progress of data security work
Our bureau has always attached great importance to network information security system work, established a special leadership group, established and improved the network security confidentiality responsibility system and Relevant rules and regulations are managed uniformly by the Bureau Information Center, and each department is responsible for its own network information security work. Strictly implement various regulations on network information security and confidentiality, and take a variety of measures to prevent the occurrence of security and confidentiality-related incidents. Overall, our bureau’s network information security and confidentiality work is relatively solid and the effect is relatively good. In recent years, it has not The leakage problem was discovered.
1. Management of computer confidential information.
Since this year, our bureau has strengthened organizational leadership, strengthened publicity and education, implemented work responsibilities, strengthened daily supervision and inspection, and grasped the management of confidential computers. For the management of computer magnetic media (floppy disks, U disks, mobile hard disks, etc.), designated personnel shall be kept in custody and confidential documents shall be stored separately. It is strictly prohibited to carry magnetic media containing confidential contents to computers with Internet access for processing, storage, and transfer of processed files, resulting in Establish a good security and confidentiality environment. Confidential computers (including laptops) have been physically isolated from the Internet and other public information networks, and confidentiality measures have been implemented in accordance with relevant regulations. So far, there has not been a single computer loss or leak accident; other non-confidential The use of confidential computers (including laptops) and the Internet has also been implemented in strict accordance with the bureau's computer confidential information system management regulations to ensure the security of agency information.
2. Computer and network security.
The first is network security. Our bureau is equipped with anti-virus software, network isolation cards, and has adopted security protection measures such as strong passwords, database storage backups, mobile storage device management, and data encryption. It has clarified network security responsibilities and strengthened network security work.
The second is to implement a leadership review and signature system in terms of information system security. All information uploaded to the website must be reviewed and signed by the relevant leaders before uploading; second, regular security inspections are carried out, mainly for SQL injection attacks, cross-site scripting attacks, weak passwords, operating system patch installation, application patch installation, and anti-virus Supervise software installation and upgrades, Trojan virus detection, port openings, system management rights openings, access rights openings, web page tampering, etc., and carefully keep a system security diary.
Third, in terms of daily management, we must effectively implement the "five-layer management" of external networks, websites and application software to ensure that "confidential computers do not access the Internet, and Internet computers do not involve confidentiality", and strictly follow confidentiality requirements to handle CDs, Management, repair and destruction of hard drives, USB flash drives, mobile hard drives, etc. Focus on the "three major security" investigations: first, hardware security, including lightning protection, fire protection, anti-theft and power connection, etc.; second, network security, including network structure, security log management, password management, IP management, Internet behavior management, etc. ; The third is application security, including websites, email systems, resource library management, software management, etc.
3. The hardware equipment is used reasonably, the software settings are standardized, and the equipment is in good operating condition.
Anti-virus software is installed on every terminal in our bureau. The application of system-related equipment has always been under standardized management. The use of hardware equipment complies with relevant national product quality and safety regulations. The operating environment of the unit's hardware meets the requirements. Printer accessories, ribbon racks and other basic equipment are original products; the lightning protection ground wire is normal, the problematic lightning protection socket has been replaced, the lightning protection equipment is running basically stably, and there is no lightning strike accident; the UPS is operating normally. The website system is safe and effective, and there have been no security risks.
4. Communication equipment is operating normally.
The structure and configuration of our bureau’s network system are reasonable and comply with relevant security regulations; the various hardware devices, software and network interfaces used in the network are also put into use after passing safety inspections and qualifications. , it has been operating basically normally since installation.
5. Strict management and standardized equipment maintenance.
Our bureau implements a management system of “who uses, manages, and is responsible” for computers and their equipment. In terms of management, we first adhere to the principle of "system management". The second is to strengthen information security education and improve employees’ computer skills. At the same time, the bureau carried out network security knowledge publicity to make all personnel aware that computer security protection is an integral part of the "three defenses and one guarantee" work. Moreover, under the new situation, computer crime will also become an important part of security work. In terms of equipment maintenance, a network equipment fault registration book and a computer maintenance and repair form are specially set up to accurately register equipment faults and maintenance situations and handle them in a timely manner. External maintenance personnel are required to be accompanied by relevant personnel, their identity and handling status are registered, and the maintenance and management of the equipment are standardized.
6. Website security and related requirements.
Our bureau has relevant requirements for website security. First, use an exclusive permission password lock to log in to the backend; second, upload files for pathogen detection in advance; third, the website is maintained in modules and permissions, and regular access to the backend is required. Clean up junk files; fourth, have a dedicated person responsible for updating the website.
7. Formulation and implementation of safety systems.
In order to ensure the security of the computer network, the network administrator system, computer security confidentiality system, website security management system, network information security emergency response plan, etc. have been implemented to effectively improve the work efficiency of administrators. At the same time, our bureau has formulated a computer system security self-examination work system based on its own situation to achieve four guarantees: first, the system administrator will regularly check the central computer system every Friday to ensure that there are no hidden dangers; second, make security inspection work records to ensure The third is to implement a regular inquiry system for leaders, and the system administrator reports on the computer usage to ensure that the situation is always available; the fourth is to regularly organize overall personnel to learn relevant network knowledge, improve computer usage levels, and ensure prevention.
8. Safety education.
In order to ensure the safe and effective operation of our bureau’s network and reduce virus intrusion, our bureau has conducted training on relevant knowledge of network security and system security. During this period, everyone conducted detailed consultations on computer-related issues encountered in actual work and received satisfactory answers.
9. Self-examination of existing problems and suggestions for rectification.
We have discovered some weak links in management during the management process. In the future, we will make improvements in the following aspects.
(1) If the lines are irregular or exposed, the lines should be rectified immediately within a time limit, and rodent-proof and fire-proof safety work should be done.
(2) Strengthen equipment maintenance and promptly replace and maintain faulty equipment.
(3) During the self-examination, it was found that some individuals did not have strong computer security awareness. In future work, we will continue to strengthen computer security awareness education and prevention skills training to make employees fully aware of the seriousness of computer cases. Combining civil defense and technical defense to ensure the unit’s network security work is done well.
2. Report on the progress of data security work
In accordance with the requirements of the Municipal Government Office's "Notice on Carrying out Network and Information Security Inspections in Key Areas", our bureau has carefully conducted network information security Self-examination, the relevant situation is now reported as follows:
1. Information security self-inspection organization and development status
1. An information security inspection action group was established. In order to standardize information security work and implement relevant regulations on information security, our bureau has clarified that the director will be the team leader, and the heads of relevant departments and relevant office personnel will be the team members responsible for comprehensively investigating the important information systems of the website and filling in relevant reports. Establish files and retain them, and implement website information security management work specifically for individuals.
2. Organize information investigation. The information security inspection team conducted item-by-item inspections and confirmations against the actual situation of the information system, and comprehensively checked, sorted out, and analyzed the self-inspection results to improve the control of the network and information security status of the entire site.
2. Information security work situation
1. Self-examination of the basic situation of system security.
The XX Bureau website system is a real-time system. It currently has 1 Dell server and 1 TP-LINK router. The system uses the Windows operating system. The disaster recovery situation is system-level disaster recovery. The system is connected to the Internet. , there are management and control firewalls provided by outsourced network companies to provide security protection.
2. Safety management self-examination.
In terms of personnel management, part-time information security officers have been designated, and all personnel in important positions have signed security confidentiality agreements.
In terms of asset management, dedicated personnel have been designated for asset management, and the "Asset Management System" and "Equipment Maintenance and Scrap Management System" have been improved.
In terms of storage media management, the "Storage Media Management System" has been improved and the "Storage Media Management Record Form" has been established.
3. Discovered by self-examination. Main problems
1. Insufficient security awareness. It is necessary to continue to strengthen the information security awareness education of unit employees and improve their initiative and consciousness in doing security work.
2. The rules and regulations system has been initially established, but it is not yet complete and cannot cover all aspects of information system security.
3. Equipment maintenance and updates are not timely enough.
IV. Improvement measures and rectification effects
Based on the deficiencies discovered during the self-examination process and combined with the actual situation of our unit, we will focus on rectification in the following aspects:
1. Strengthen information security education and training for on-the-job employees, and enhance information security prevention and confidentiality awareness.
2. It is necessary to innovate and improve the information security working mechanism, further standardize office order, and improve information work security.
3. Continuously strengthen capital investment in computer information security management, maintenance, updates, etc., maintain equipment and update software in a timely manner to ensure information system security prevention.
3. Report on the progress of data security work
According to the spirit of the document "Notice on Carrying out Network and Information Security Inspections in Key Areas of the City in 20xx" (Hong Gongxin No. 20xx177) , the leaders of our bureau attached great importance to it and immediately organized and carried out a global information system security inspection. In accordance with the requirements of the "Computer Information System Security Protection Regulations of the People's Republic of China" and the "XX Municipal Government Information System Security Inspection Guidelines", our bureau has carefully organized self-examination of the information security management of government websites. The situation is now reported as follows:
Since the operation of our bureau’s information system, we have been able to strictly follow the requirements of superior departments, actively improve various security systems, fully strengthen the education and training of information security staff, fully implement security precautions, and make every effort to ensure information security work funds. , information security risks have been effectively reduced, and emergency response capabilities have been effectively improved, ensuring the continued safe and stable operation of the government information system
1. Implementation of the information security system
1. Establishing a management organization . Our bureau established an information security and confidentiality management leading group in 2010, and after adjustment in 20xx, Director xx served as the team leader, and deputy researcher xx was in charge of information security work. The heads of each department are members, and the office is located in the bureau office, with dedicated personnel responsible for handling daily work.
2. Establish and complete an information security system. Our bureau has specially formulated rules and regulations related to information work, including information work management, internal computer security management, computer and network equipment management, data, information and information security management, network security management, computer operator management, and website content management. , website maintenance responsibilities and other aspects have been detailed, further standardizing the information security management work of our bureau. The information security system was revised this year to improve the system and ensure security protection measures for government information systems.
2. Daily information security management
1. In the process of information collection and uploading, the office coordinates the process, and all departments and subordinate units report the information to the bureau office. The information will be uploaded and released after review by the bureau office, thereby ensuring the accuracy and security of the information uploaded, and resolutely implement the management principle of "whoever is in charge is responsible, whoever runs is responsible, whoever uses is responsible".
2. Our bureau strictly controls the sending and receiving of documents, has improved the counting, sorting, numbering, and signing system, and requires information managers to perform full system backups on a regular basis.
3. Each confidential computer in our bureau is managed on an independent intranet and does not have contact with the external network. Firewalls, anti-virus software, etc. are all domestic products. The official document processing software specifically uses Microsoft’s office system and Kingsoft. The company's WPS system and third-party service outsourcing of information systems are all domestic companies.
4. In order to ensure that our bureau’s network information security work is carried out effectively and smoothly, our bureau requires each department and subordinate unit to carefully organize and study relevant laws, regulations and network information security knowledge, so that all personnel can They can all correctly understand the importance of information security work, master the regulations and requirements for safe use of computers, and can correctly use computer networks and various information systems. All staff members sign the "Network Information Security Statement".
3. Implementation of security precautions
1. The structure and configuration of our bureau’s network system are reasonable and comply with relevant security regulations; the various hardware devices used in the network, The software and network interfaces were put into use after passing safety inspections and qualifications, and have been operating normally since installation.
2. Our bureau implements a leadership review and signature system. All information uploaded to the website must be reviewed and signed by the relevant leaders before being uploaded; second, regular security inspections are carried out, mainly for SQL injection attacks, cross-site scripting attacks, weak passwords, operating system patch installation, application patch installation, and anti-virus Supervise software installation and upgrades, Trojan virus detection, port openings, system management rights openings, access rights openings, web page tampering, etc., and carefully keep a system security diary.
3. Our bureau effectively implements the "five-layer management" of the intranet, extranet, website and application software to ensure that "confidential computers do not access the Internet and computers that do access the Internet do not involve confidentiality" and are handled strictly in accordance with confidentiality requirements. Management, repair and destruction of optical discs, hard drives, USB drives, mobile hard drives, etc. Focus on the "three major security" investigations: first, hardware security, including lightning protection, fire protection, anti-theft and power connection, etc.; second, network security, including network structure, security log management, password management, IP management, Internet behavior management, etc. ; The third is application security, including website, resource library management, software management, etc. Confidential computers are managed by dedicated personnel. Official documents, finance, personnel and other systems are all managed by dedicated personnel.
IV. Construction of emergency response mechanism
1. An emergency plan has been formulated, and with the deepening of informatization and the actual situation of our bureau, it is in the stage of continuous improvement.
2. Update systems and software in a timely manner, backup important files and information resources in a timely manner, and restore data.
5. Main problems discovered during the information security inspection and their rectification status
1. Main existing problems
First, there are few professional and technical personnel, and the information system The amount of effort that can be invested in security is limited.
Second, the rules and regulations system has been initially established, but it is not yet complete and cannot cover all aspects of information system security.
Third, equipment maintenance and updates are not timely enough.
2. The next step of rectification plan
Based on the deficiencies discovered during the self-examination process and combined with the actual situation of our bureau, we will focus on the following aspects for rectification:
< p> First, we must strengthen the training of professional information technology personnel and further improve the technical level of information security work so that we can further strengthen the security prevention and confidentiality of computer information systems.The second is to innovate and improve the information security working mechanism, further standardize office order, and improve information work security.
The third is to innovate and improve the information security working mechanism, further standardize office order, and improve information work security.
Finally, it is hoped that the municipal government can regularly organize training on information system security to further improve the professional level of information system management staff and further strengthen the security prevention work of information systems.
4. Report on the progress of data security work
Under the leadership of the county party committee and county government, our town conscientiously follows the county’s overall deployment and requirements on e-government work, and conducts e-government external affairs The network information security situation has been carefully inspected, and the self-examination report on our town’s e-government work is now reported as follows:
1. Organization and system construction
First, the leadership attaches great importance and the organization is sound . Our town attaches great importance to e-government work and has established a town e-government work leading group with the town mayor as the team leader and the heads of relevant town departments as members to uniformly lead the town's e-government work and study and decide on major issues in the town's e-government construction. The leading group office is located in the town party and government comprehensive office, and designated party and government comprehensive office members who are proficient in computer operation and have a strong sense of confidentiality are responsible for daily work such as information updates and network maintenance, forming a sound organization, clear division of labor, and well-established responsibilities. Work pattern. The second is to formulate a system and act according to the rules. According to the requirements of city and county documents, a confidentiality management system for office automation equipment, various management systems and maintenance systems for e-government work have been formulated, including systems for dedicated maintenance, document release, review and issuance, etc. The third is to carry out irregular inspections. Our town's e-government work leading group conducts inspections on the environmental safety, equipment safety, information security, management system implementation and other aspects of the e-government work office from time to time, and promptly corrects existing problems to eliminate safety hazards.
2. Network and information security
First, strengthen network operation and maintenance. Strengthen the construction of the network operation and maintenance team and further enrich the network operation and maintenance personnel. The town party and government comprehensive office has appointed a part-time network information administrator to be responsible for timely provision and review of the information content of the department. At the same time, in accordance with the county security management requirements, our town’s e-government security and confidentiality measures were formulated and improved, and the security and confidentiality work responsibility system was implemented, and no network abnormalities were found.
3. Construction of technical protection measures
Effectively carry out information security work. Special anti-virus and Trojan-killing software has been installed, a firewall has been deployed at the Internet exit, and vulnerability scanning and virus and Trojan horse detection are regularly conducted to effectively prevent network attacks such as viruses, Trojan horses, and hackers, and ensure the security of information and network operations.
IV. Existing difficulties and deficiencies
Although the e-government work in our town is carried out in an orderly manner, there are still some difficulties and deficiencies, mainly reflected in: First, office computers The equipment is old and aging, and the computers specially used for e-government affairs have been used for a long time and run slowly. Second, the agency staff are older, have low computer knowledge, and have not fully kept up with their training. Third, the information cannot be fully updated in a timely manner, and e-government management and use need to be further strengthened.
5. Improvement measures
First, strive to improve business quality. Strengthen publicity and education, improve the town's personnel's awareness and sense of responsibility for e-government, and actively organize personnel to participate in county-wide e-government training, laying a more solid foundation for the effective implementation of e-government. The second is to strengthen system construction. Improve a series of rules and regulations such as the management and use of e-government, formulate targeted measures for existing weak links, and implement them in actual work to further improve the application level and efficiency of e-government. The third is to strengthen the daily management of e-government affairs. Regularly upgrade virus databases and scan for system vulnerabilities to ensure that computers dedicated to e-government affairs are always in a healthy state.
5. Report on the development of data security work
1. Implementation of various network information security systems
Our bureau strictly implements the "xx Provincial Judicial Administrative System Information Network Management Regulations (Interim)", and formulated the "Information Collection and Release Management System of the xx Municipal Justice Bureau", the "Network Equipment Maintenance and Management Regulations of the xx Municipal Justice Bureau" and the "Data Backup and Mobile Storage Equipment Management System". We also sign a responsibility letter with relevant departments, regularly inspect the implementation of the system, and promptly rectify any problems found.
2. Management of hardware and network equipment
We focused on checking the access situation of the internal network and external network, and eliminated the use of equipment and mixed devices on the internal and external networks. In order to avoid potential safety hazards such as connection, internal and external networks are strictly physically separated.
Computer users are strictly prohibited from switching between internal and external networks without authorization. Anti-virus software is regularly upgraded and maintained by network managers. The use of wireless network cards, Bluetooth and other wireless interconnection devices is prohibited. There are dedicated personnel responsible for the management and maintenance of the computer room. Unrelated personnel are not allowed to enter the computer room without approval, let alone use the network equipment and data in the computer room.
Network and hardware equipment ensure normal operation 24 hours a day, and the operating temperature is kept below 25°C. The dedicated firewall for the intranet is set correctly and the relevant security policies are enabled normally. The network lines in the IP address allocation table are clearly marked and documented. All hard drives and mobile devices will be inspected in accordance with confidentiality requirements. All files stored in U disks must comply with confidentiality requirements. U disks used for internal and external network transmission must not store files. Internal and external network computers must be used strictly separately, and no files must be stored on external network computers. Manipulate internal files.
3. Usage of software system
Strictly implement the online information release principle of "who publishes, who is responsible", and comply with the "XX Municipal Justice Bureau Information Collection and Release Management System" There are approvals and records for accessing information online, so as to "do not access the internet if it involves confidentiality, and do not access the internet if it involves confidentiality", and conscientiously fulfill the responsibility of ensuring network information security. Network managers regularly back up relevant programs, data, and files. Each computer is installed with genuine Rising anti-virus software. Regular updates, anti-virus, and Trojan scans are performed. Operating system vulnerabilities are discovered and repaired in a timely manner to ensure that the computer is not invaded by viruses and Trojans. .
For outstanding problems in website and application system program upgrades, accounts, passwords, software patches, virus detection, external interfaces, and website maintenance, we will clean and investigate them one by one, and can update and upgrade them in a timely manner Update and upgrade to further strengthen security precautions, promptly plug loopholes, eliminate hidden dangers, and resolve risks.
Do a good job of uninstalling and cleaning up all non-work-related software programs such as stock trading, games, chatting, downloads, and online videos on all computers, and prevent the use of computers to engage in non-work-related activities.
IV. Existing problems
First, the computer room does not have lightning protection equipment. We will step up efforts to solve this problem in the near future.
Second, some staff members do not have strong network security awareness and prevention skills. We must further strengthen computer security awareness education and prevention skills training for overall personnel, improve prevention awareness, and fully understand the relationship between computer networks and The seriousness of information security cases requires the knowledge of computer security protection to be truly integrated into the improvement of staff's professional quality.
Through self-examination, the global employees’ awareness of network and information security and confidentiality has been further improved, and the basic skills of information network security have been further improved, ensuring the efficiency of network operation in the region, strengthening network security, and standardizing office order. , providing an important safety guarantee for the smooth development of various judicial administration tasks.