1. Company's self-inspection report on network security inspection.
In order to further strengthen the network information security of radio and television industry, safeguard public interests and national security, according to the spirit of the Notice of the State Administration of Press, Publication, Radio, Film and Television on Launching the Network and Information Security Inspection Action of Radio and Television Industry. Our bureau attached great importance to it, immediately convened a special meeting, carefully deployed the self-inspection action on the network and information security of the radio and television industry in our city, organized special classes, and conducted a comprehensive, serious and careful inspection on the network and information systems and radio and television websites related to the production, broadcasting, transmission and coverage of radio and television programs in our city. The situation of self-inspection is reported as follows: 1. Deployment of self-inspection work.
(1) study documents and understand the spirit. Hold a special meeting in time, conscientiously study and implement the relevant documents and meeting spirit of the Provincial Radio and Television Bureau and Yichang Radio and Television Bureau on carrying out radio and television network and information security inspection, carefully deploy self-inspection work, and formulate self-inspection implementation plans.
(2) Organize special classes and act quickly. Zhijiang city Radio and Television Network and Information Security Self-inspection Working Group was established, with Xiong Guangfu, Party Secretary and Director of the Bureau (Taiwan) as the team leader, and Liu Xiaoli, member of the Party Group and Deputy Director of the Bureau (Taiwan) as the deputy team leader. The members of the Self-inspection Working Group are composed of people familiar with business, with information security knowledge and strong technical ability, and business backbones of technical support institutions.
Second, the self-inspection work
(1) Information security management
1, the information security system is sound and the responsibilities are implemented. A leading group for information system security management was set up, and the person in charge of security management and the security administrator were implemented. A series of information system safety management systems have been established, such as Computer Room Access Safety Management System, Security Administrator's Job Responsibilities, Account Use Registration and Operation Authority Management System, Information Inspection, Preservation, Clearing and Backup System, Safety Education and Training Work System, Information Release Audit System, Radio and Television Program Replay Review System, etc. The operation managers of each system strictly follow the systems in their daily operations. The Bureau (Taiwan) regularly and irregularly inspects and checks the implementation of various safety systems by operators, and makes timely rectification when problems are found, thus effectively avoiding safety accidents caused by improper operation of operators. The safe and stable operation of various information systems ensures the safety of the system without accidents.
2, the asset management personnel responsible for standardized operation. Formulated the relevant regulations on the distribution, use, maintenance, maintenance and scrapping of equipment, established the detailed ledger of equipment and the ledger of equipment in and out, and insisted on taking stock once every six months, which ensured the consistency of accounts and facts and ensured the safety and integrity of assets.
3, the implementation of information security funds, earmarking. Every year, the bureau (Taiwan) allocates special funds for the management of information security construction. This year, the expenses for the construction, operation and maintenance of information security protection facilities, information security-related inspection, evaluation and management were included in the annual budget. The budget for this year is150,000 yuan, and up to now, 88,000 yuan has been paid.
(II) Technical protection situation
Network boundary security protection measures are in place. The actual network connection is consistent with the network topology diagram, and the security areas are divided according to the importance. The correct isolation measures are adopted in different areas, and the external network is connected to the internal network by a secure encrypted transmission method. The configuration of safety functions is reasonable and effective. Important data transmission and storage security protection measures have been formulated. Important data is encrypted and stored as required and backed up.
(3) Emergency work situation
The emergency response mechanism is perfect. We have established information security plans, emergency plans for safe broadcasting of radio and television, and work plans for preventing natural disasters. We have set up a safety broadcasting group, a technical support group, an emergency repair group and a logistics support group, which are in charge of by special personnel, and made backups of important signals and data as required, thus ensuring the smooth progress of security work.
(four) safety education and training
Network administrators, system administrators and staff are given regular or irregular information security education and training, and through special lectures, quiz and other forms, they can understand the basic protection knowledge of information security and master the basic skills of information security. At present, professional training has been conducted three times.
Third, the existing problems and risk analysis
(A) the problems existing in the radio and television broadcast control system
1, the broadcast player has no spare player. The daily broadcast time of the radio station is about 17 hours, and only one broadcaster works. If the broadcaster fails, it can only stop broadcasting for maintenance, and the signal will be interrupted throughout the city.
2. The TV broadcaster of Zhijiang Village Channel is not ready to broadcast. The daily broadcast time of Zhijiang Village Channel is about 16 hours, which is mainly aimed at rural demand. If the broadcaster fails, it will directly lead to the suspension of broadcasting and signal interruption.
(2) Problems existing in signal access or wireless transmission system
1, the equipment of the wireless launch system is aging, and there is a lack of spare machines and spare parts. The basic environment of the computer room is poor, so it is necessary to further strengthen the technical transformation and improve the basic guarantee level.
2. Insufficient investment in radio and television network information and safe broadcasting. Dual-route configuration and backup equipment failed to meet the requirements of the detailed rules for the implementation of Decree No.62 of the State Administration of Radio, Film and Television, and there are weak links in safe broadcasting, so network security needs to be further strengthened.
(3) Problems existing in the power supply system
1 Although there are dual power supplies in the computer room of the Radio and Television Bureau, there is no ups power supply. According to the current power calculation, at least one three-phase 6kva ups power supply should be provided to meet the power supply requirements of the whole computer room (analog TV front end, optical fiber transmission system, radio and television broadband front end, etc.).
2. The sports road machine room does not adopt dual power supply. Although there is a generator as a backup power supply, the power of the generator is too small (purchased in 1992), the voltage is low, and the frequency is unstable, so it can't meet the current demand. After the mains power failure, it can't supply power to high-power equipment such as wireless transmitter, so the problem of dual power supply (standby mains power) must be solved to ensure the normal work of the machine room.
(D) risks of editing and broadcasting network viruses
In order to facilitate the work, our bureau has networked relevant departments and offices according to the actual needs. Because some departments have irregular management and convenient work, illegal use of mobile storage devices will bring viruses into the network, which will lead to some machines not working normally or paralysis.
(V) Risk detection by safety technology
At present, we have not entrusted a third party to carry out safety technology testing, testing tools and penetration testing.
Iv. rectification measures and work suggestions
First, further establish the information security related system of Jianluo, and strictly implement it, and solve the problems in time without concealing or shirking.
The second is to continue to implement the "accountability of leaders" and the system of leading cadres on duty. Bureau (Taiwan) members of the leadership team should implement the division of labor, supervise and direct in person, and ensure the safety of radio and television programs and the smooth transmission network.
The third is to increase investment in radio and television networks and information security, and acquire and update wireless transmitter standby machines, radio and television broadcast standby machines, and safety technology testing instruments and equipment. Coordinate with relevant departments to quickly solve the problems existing in the power supply system to ensure the power supply demand of the broadcasting room.
Fourth, strengthen the internal management and coordination of the bureau (station), and put an end to the illegal use of mobile storage devices to prevent viruses from being brought into the network and affecting information security.
Fifth, strengthen the training of information security management and operators, enhance confidentiality awareness and safety awareness, and improve the business skills of network information security staff.
2. The company network security inspection work self-inspection report
According to the spirit of the document "Notice on Carrying out Special Inspection on Information Security and Network Management of E-government Network in xx City" issued by Nanxin Lianfa [XX] No.4, our bureau actively organized and implemented it, and made a self-examination on the construction of network security infrastructure, network security prevention technology and network information security and confidentiality management, and made a profound analysis on the construction of network information security of our bureau. Now the self-examination situation is reported as follows: 1. Strengthen leadership and set up a leading group for network and information security work.
In order to further strengthen the security management of the global network information system, our bureau has set up a leading group for the security and confidentiality of the network and information system, which is headed by the director and has an office, so that the division of labor is clear and the responsibilities are specific to people. Ensure the smooth implementation of network information security.
Second, the current situation of network security in our bureau
Since 1997, the statistical information automation construction of our bureau has gradually developed from a small local area network to a four-level interconnection network with the national bureau, the autonomous regional bureau and the county bureau. Cisco 7600 and 3600 switches are used in the network core, 3com4226 switch is used in the data center, and 3com4226 switch, Cisco 2924 switch and Lenovo Tiangong ispirit 1208e switch are used in the collection layer. The total number of wired access points can be 150, and about 80 have been used so far. The backbone of the data center is gigabit switched, and 100 megabytes are switched to the desktop. Internet export is provided by the Municipal Information Office, which is a dual 100-megabit optical fiber; It is directly connected with the statistics bureau of the autonomous region by using 2 trillion optical fibers, and the statistics bureaus of counties and districts and three development zones use Tianrongxin virtual private network software to connect to the network of the statistics bureau of the autonomous region from the Internet, with a total bandwidth of 4 trillion, and then connect to our bureau. Horizontally, actively promote the interconnection between the Municipal Bureau of Statistics and the government network. At present, it has achieved optical fiber connection with more than 100 municipal party and government departments and 12 county and district governments. Our bureau uses Tianrongxin hardware firewall to protect the network, uses Weisi network isolation card and file body armor software to protect key computers, installs genuine Kingsoft Internet antivirus software, and carries out virus prevention and control on global computers.
Three, my bureau network information security management
In order to do a good job in informatization construction and standardize statistical informatization management, our bureau has specially formulated the Rules and Regulations on Informatization of xx Municipal Bureau of Statistics, which provides detailed regulations on informatization management, internal computer security management, computer room management, computer room environment security management, computer and network equipment management, data, information security management, network security management, computer operator management, website content management, website maintenance responsibility and other aspects, further standardizing our information security management.
In view of the computer security work, our bureau has formulated the Management System of Classified Computers, and the computer users have signed the Post Responsibility Letter of xx Municipal Bureau of Statistics, so that whoever uses computers will be responsible for the strict and standardized management of the data and information generated in our bureau's intranet.
In addition, our bureau organizes relevant computer security technology training every year on a global scale. Comrades of computing stations also actively participate in the training of the Municipal Information Office and other computer security technologies, which improves the skills and awareness of network maintenance and security protection, and effectively guarantees the normal operation of our statistical information network.
Fourth, the shortcomings of network security and corrective measures
At present, the network security of our bureau still has the following shortcomings: First, the awareness of security prevention is relatively weak; Second, the virus monitoring ability needs to be improved; Third, unexpected events such as malicious attacks and computer virus attacks are not handled in time.
In view of the current deficiencies in network security in our bureau, the following rectification measures are put forward:
1, strengthen the training of computer operation technology and network security technology in our bureau, and strengthen the awareness of computer operators on network virus and information security.
2. Strengthen the study of computer technology and network technology of the comrades in the computer station of our bureau, and constantly improve the technical level of the computer professionals in our bureau.
3. The company network security inspection work self-inspection report
According to the spirit of the higher-level network security management document, Taojiang County Education Bureau set up a leading group for network information security. Under the leadership of the group leader, Deputy Director Zeng Ziqiang, it made plans, defined responsibilities, and carried out concrete implementation, and conducted a comprehensive investigation on the network and information security of our system. Finding, analyzing and solving problems ensure that the network can keep a good operation and provide a powerful information support platform for the development of education in our county. First, strengthen leadership and set up a leading group for network and information security.
In order to further strengthen the system-wide network information system security management, our bureau has set up a leading group for network and information system security and confidentiality, so that the division of labor is clear and the responsibilities are specific to people. The safety work leading group is headed by Zeng Ziqiang, deputy head of Wu Wanfu, and members include Liu Linsheng, Wang Zhichun and Su Yu. The division of labor and their respective responsibilities are as follows: Deputy Director Zeng Ziqiang is the first person in charge of the security and confidentiality of computer networks and information systems in our bureau, and is fully responsible for the management of computer networks and information security. Wu Wanfu, director of the office, is in charge of computer network and information security management. Liu Linsheng is responsible for the daily affairs of computer network and information security management, and receiving information and documents issued by higher education authorities. Wang Zhichun is responsible for the daily coordination and supervision of computer network and information security management. Su Yu is responsible for network maintenance and daily technical management.
Second, improve the system to ensure that the network security work has rules to follow.
In order to ensure the normal operation and healthy development of computer network in our system, strengthen the management of campus network and standardize the network use behavior, according to the relevant provisions of the Measures for the Administration of Education and Scientific Research Computer Network in China (Trial) and the Notice on Further Strengthening the Network Security Management of Taojiang County's Education System, the Measures for the Administration of Network Security of Taojiang County's Education System, the Registration Form for the Audit of Online Information Release, the Monitoring and Inspection System of Online Information, and the Taojiang River have been formulated.
Third, strengthen management and strengthen network security technical preventive measures.
The computer network of our system has strengthened technical preventive measures. First, Kaspersky firewall is installed to prevent viruses and reactionary bad information from invading the network. The second is to install Rising and Jiangmin anti-virus software. The network administrator will upgrade the virus database of anti-virus software every week, upgrade and kill the anti-virus software in time, and solve the problems immediately when found. Third, the network is connected with the lightning protection network of the office building. The computer department strengthens the doors and windows, buys fire extinguishers and puts them in a prominent position to ensure lightning protection, theft prevention and fire prevention of the equipment and ensure the safety and integrity of the equipment. The fourth is to update the system and software of the server in time. Fifth, pay close attention to CERT messages. Sixth, timely backup of important documents and information resources. Create a system recovery file.
The network security leading group of our bureau conducts a comprehensive inspection on the environmental safety, equipment safety, information safety and the implementation of management system of the whole system computer room, school office computers, multimedia classrooms and school electric classrooms every quarter, and corrects the existing problems in time to eliminate potential safety hazards.
4. The company network security inspection work self-inspection report
After our district received the Notice of the Office of the Leading Group for Information Work of xx Municipality on Carrying out Network and Information Security Inspection in Key Areas issued by the Office of the Leading Group for Information Technology, the leaders of the High-tech Zone Management Committee attached great importance to it, promptly convened relevant personnel to implement it one by one according to the requirements of the document, and carefully arranged self-inspection, and conducted a survey on the computer network and information security work equipped by various ministries and bureaus of the government. The self-inspection situation is reported as follows: 1. The leaders attached great importance to it, and the organization and system were perfect.
In recent years, the network and information security work in high-tech zones has been improved day by day. The leaders of the Management Committee attach great importance to the construction of computer management organizations. Based on the guiding ideology of "controlling the source, strengthening inspection, clarifying responsibilities and implementing the system", a network security working group with the deputy director of the Management Committee as the supervisor and the director of the office as the person in charge has been established, and there are special information managers. All uploaded information is reviewed by the director of the office. Under the supervision and guidance of the relevant departments, the Hi-tech Zone Association has established and improved the security management responsibility system, the computer and network security management regulations and the document security work system according to the Regulations on the Security Protection of Computer Information Systems of the People's Republic of China and the Administrative Measures for the Prevention and Control of Computer Viruses, so as to effectively prevent the computer information system from being kept secret for a long time and eliminate unsafe signs in the bud.
According to the requirements of the document, the High-tech Zone formulated the emergency plan for the security emergencies of the portal website of the High-tech Zone in time, and organized emergency drills according to the emergency plan.
Two, strengthen safety education, regular inspection and supervision to strengthen safety education.
In every step of network and information work in high-tech zones, information security education is put in the first place, which makes all the staff of the management committee realize that computer security protection is an organic part of the central work of high-tech zones, and under the new situation, network and information security will also become an important part of creating a "safe and harmonious high-tech". In order to further improve the awareness of network security, we often organize personnel to check the computer security protection of relevant ministries and bureaus. Through the inspection, we found that some personnel are not aware of safety, and a few computer operators have not implemented the system enough. In this regard, we criticize the unqualified ministries and bureaus according to the inspection contents in the inspection plan and make rectification within a time limit. When installing anti-virus software, all ministries and bureaus use the anti-virus software approved by the competent department of the state to check and kill viruses in a timely manner. They do not use unknown and non-antivirus software, USB flash drives and other carriers, do not visit illegal websites, and consciously strictly control and block the source of viruses. When the computer equipment of the unit is sent out for repair, a designated person will follow and contact. When the computer is scrapped, the hard disk and other storage carriers will be removed or destroyed in time.
Third, the information security system is improving day by day.
In the management of network and information security, we have established the idea of managing personnel by system, and formulated the relevant system of network information security, requiring that the uploaded contents provided by the ministries and bureaus of the High-tech Zone Management Committee be submitted to the information administrator after being reviewed and signed by the heads of the ministries and bureaus, and uploaded after being reviewed and approved by the office director; Major contents will be uploaded after being issued by the leaders of the Management Committee, which will be used as the internal control system of the computer network in the High-tech Zone to ensure the confidentiality of website information.
According to the requirements of the Notice, the website of Hi-tech Zone has mainly done the above work in the past, but there are still some aspects that need to be improved urgently.
First, it is necessary to further strengthen contact with the municipal government information center in the future, so as to find the gap and make up for the shortcomings in the work.
Second, it is necessary to further strengthen the computer security awareness education and prevention skills training for the staff of the High-tech Zone Management Committee, improve their awareness of prevention, fully realize the seriousness of computer network and information security cases, and truly integrate computer security protection knowledge into the improvement of staff's professional quality.
Third, it is necessary to further strengthen the network and information security management system, improve the working skills of managers, and often hire professionals to train managers, so as to truly integrate the learned knowledge into the network and information security protection work, rather than passing it lightly; Do the combination of civil air defense and technical defense, and really set up an invisible barrier between network and information security.
5. The company network security inspection work self-inspection report
In order to ensure the network and information security of the tax system, further strengthen the publicity and management of network news, and effectively prevent the occurrence of sudden emergencies such as deliberate attacks, destruction of network information systems, and dissemination and pasting of illegal information. According to the principle of "whoever is in charge is responsible, who is responsible for running and who is responsible for using", the work will be implemented to people. The State Bureau set up an information security inspection working group, which is responsible for the security inspection of each office of the State Bureau, and mainly adopts the combination of self-examination of each office and spot check of some offices to carry out network security cleaning and inspection. I. Current Situation and Risks
With the development of information construction of local tax system in Yili prefecture, the pattern of collection and management based on computer network has taken shape. The four-level wide-area network of General Administration-District Bureau-Prefecture (city) Bureau-County (city) Bureau has been established, and gradually extended to grass-roots tax collection units, and the construction process of local tax system network has gradually accelerated. At present, there are more than 700 WAN nodes and more than 700 networked computer devices in the local tax system of Yili Prefecture. At the same time, in order to improve the efficiency of tax collection and management, better publicize tax work and serve taxpayers, the tax authorities of counties (cities) have established Internet access websites according to their work needs. At the same time, networking and information exchange have been partially realized with other government departments. In a word, the network and information system have become an important part of the whole tax system and an important infrastructure related to the national economy and people's livelihood.
With the rapid development of tax information construction, the risks of network and information security are gradually exposed. First, with the development of taxation and the requirements of business system, tax authorities at all levels have gradually realized networking and information exchange with relevant external departments. In addition, in order to facilitate taxpayers to pay taxes, Xinjiang local tax system has opened Internet declaration, online inquiry and other services, and the local tax system network has changed from a completely closed intranet in the past to a network logically isolated from the external network and the Internet. Second, most of the key equipment in the network and information system, such as hosts, routers, switches and operating systems, adopt foreign products, which has great technical and security risks. Third, the level of computer application operators in the system is uneven, and due to insufficient funds, safety protection equipment and technical means are not satisfactory. Fourth, hostile forces and criminals driven by interests have been ready to move, posing a great threat to the important financial and financial departments of the country. The above aspects constitute the main risks of tax system network and information security.
Two, establish and improve the network and information security organization.
In order to ensure that the network and information security work is taken seriously and the measures can be implemented in time, the local taxation bureau of Yili Prefecture has set up a network and information security leading group:
Team leader:
Members:
The leading group has an office, which is responsible for daily work. The director is Che Yanxia, director of information department, and the deputy director is Wang Shoufeng, deputy director of the office. Members: Wang Hongxing, Liu Zhonghui, Zhong Wang and Wang Hua.
Three, establish and improve the network and information security system and rules and regulations.
The Office of Network and Information Security is responsible for reviewing and monitoring the information published on the internal and external websites in the name of the organization; The Information Office is responsible for the maintenance and technical support of the website and the monitoring and maintenance of other application information systems; Finance Department is responsible for relevant financial support; The agency service center is responsible for the monitoring and maintenance of infrastructure such as electricity, air conditioning, fire prevention and lightning protection.
The Office of Network and Information Security is responsible for coordinating the work in case of emergency, and drafting the report to the leading group, public security department or higher authorities or informing the whole system according to the severity of the incident; It is also responsible for the monitoring and prevention, emergency treatment and data and system recovery of various websites, application systems and database systems, as well as the security prevention, emergency treatment and network recovery of network systems and the tracing of security incidents afterwards. In order to do a good job in the self-inspection of the network security of the state direct tax system, the Information Office conducted network security knowledge training for network administrators of the whole system through video training on August 10. And deploy the network security self-inspection work.
Establish and improve various security systems, including (1) log management system; (2) Safety audit system; (3) Data protection, safe backup and disaster recovery plan; (4) Access system for computer rooms and other important areas; (5) the use and maintenance system of hardware, software, network and media; (6) the management system of account, password and communication confidentiality; (7) Management system for prevention, discovery, reporting and removal of harmful data and computer viruses; (8) Provisions on the use and management of personal computers.
Four, Yili Prefecture Local Taxation Bureau computer network management.
(1) A firewall is installed in the local area network. At the same time, each computer is equipped with Rising antivirus software which is uniformly configured by the regional bureau. In view of the lack of registration numbers, we applied for 300 registration numbers from the regional bureau. Now the online version of Rising antivirus software can be online for 550 computers at the same time, which basically meets the needs of the local tax system in Yili. 95% of intranet computers in the whole state have installed desktop audit systems, and some units have reached 100%. Regular installation of system patches has strengthened the effectiveness in anti-tampering, anti-virus, anti-attack, anti-paralysis, anti-leakage and so on.
(2) Secret-related computers and all computers in the local area network have strengthened password settings, requiring that the startup password, document processing password and collection and management software password must be mixed with letters and numbers of not less than 8 digits. At the same time, there are identity authentication and access control between computers.
(3) The computers in the intranet have no illegal access to the Internet and other information networks; The net newspaper special computer installed in the self-service declaration area of the tax service hall of each unit is managed and checked by the network administrator every day to prevent illegal activities from being carried out by the net newspaper machine.
(4) Professional anti-virus software for mobile storage devices has been installed, and virus scanning must be carried out before the mobile storage devices are connected to computers. U disk virus isolators are equipped for computers in tax service offices, management departments and other units that often receive foreign data.
(5) The applications, services, ports and links on the server have been checked for security and strengthened.