3 self-inspection reports on network information security

Network information security self-inspection report 1

According to the spirit of the five-year joint work plan of xxx5 network inf

3 self-inspection reports on network information security

Network information security self-inspection report 1

According to the spirit of the five-year joint work plan of xxx5 network information security and confidentiality inspection, our bureau attaches great importance to it, deploys it in time, and seriously carries out self-inspection according to the requirements of doing a good job in network information security. The self-inspection is now reported as follows:

I. Self-examination

(1) Strengthen leadership and improve mechanisms. In recent years, our bureau regards network information security management as an important work, and has established and improved the network information security responsibility system according to the principle of "who is in charge, who is responsible, who is responsible for the use and who is responsible for the operation". A leading group for network information security management has been established, which is specifically responsible for organizing and implementing the overall network information security management and confidentiality review, and strictly checking whether the government information released through the network is classified. At present, our bureau has formed a working mechanism that the main leaders personally grasp, the leaders in charge directly grasp, the full-time staff specifically grasp, and all departments and directly affiliated units of the organs perform their duties and fully cooperate to ensure the security and confidentiality review of network information. And further do a good job in emergency response and notification of network and information security incidents, implement technical support teams, establish emergency plan disposal mechanisms, and improve emergency response and disposal capabilities.

(2) Improve the system and standardize management. In order to further standardize the management of network information security, our bureau has formulated rules and regulations such as the Measures for the Administration of Portal Website of Shanwei Municipal Bureau of Commerce, the Confidentiality Review System of Government Information Release of Shanwei Municipal Bureau of Commerce, and the Security and Confidentiality Management System of Computer Information System of Shanwei Municipal Bureau of Commerce, so as to further clarify the division of responsibilities, review procedures and accountability measures related to confidentiality review. Before the disclosure of government information through the Internet, in accordance with the "People's Republic of China (PRC) Law on Guarding State Secrets" and other laws and regulations and the relevant provisions of the state, the bureau office is responsible for the confidentiality and legality review of the government information to be disclosed, so as to ensure that there is no leakage, so as to ensure that the system manages people and procedures.

(3) Strengthen the construction of network information security protection system. Referring to the requirements of national information system level protection or classified information system level protection, our bureau has strengthened the security protection measures of network layer, application layer and data layer to ensure the security strategy of information system against leakage, tampering and attack and the normal operation of software and hardware equipment.

First, under the guidance of the Municipal Secrecy Bureau, secret-related computers have passed the technical inspection of information system security, installed a firewall, and installed professional anti-virus software, which has strengthened the effectiveness in tamper-proof, anti-virus, anti-attack, anti-paralysis and anti-disclosure.

Second, the classified computer information system is physically isolated and not networked, and no one is allowed to touch or view the classified computer information system except for the use and management of special personnel. It is forbidden to save or transmit any confidential documents and internal sensitive information in non-confidential computers and information systems. All confidential documents and internal sensitive information are saved in confidential computer information systems. The classified computer information system is equipped with a separate mobile storage medium, which is not used by other departments of this bureau, and it is forbidden to use all mobile storage media with unknown sources or without antivirus.

Thirdly, except for the individual use of wireless routing in government information public places, all other hardware facilities of the bureau are wired, which effectively avoids the leakage of information in the wireless LAN.

Fourth, when installing anti-virus software, all departments use anti-virus software approved by the competent state department to kill and kill viruses in time, and do not use unknown and non-anti-virus software, floppy disks, U disks, CD-ROMs and other carriers, and do not visit illegal websites, and consciously strictly control and block the source of viruses. It is not allowed to bring the USB flash drive outside the device into the device for use. Computers usually use multifunction machines to print and scan in local area networks, which are open and confidential.

(four) to strengthen the safety management of portal websites. First of all, strengthen the audit and monitoring of portal information release. Make it clear that the office is responsible for website maintenance and technical support, monitoring and maintenance of other application information systems, designate a special person to be responsible for website background management and website information uploading, and it is strictly forbidden to disclose confidential information. Strict implementation of the government information disclosure and confidentiality review system and the network information release and registration system, adhere to the principle of "first review, then disclosure" and "first instance", and strictly check whether the official documents and information to be disclosed through the website are classified.

Secondly, further improve the service level of the website. In recent years, our bureau has continuously updated, optimized and adjusted the layout of the portal website "Shanwei Merchants Network", and reprinted the information on major activities and decision-making arrangements of the municipal party committee and government in time; Timely feedback the implementation of superior decision-making and deployment; Timely release business operation and work dynamics to provide information guarantee for the city's business work. In 2005, xxx5 also set up service guide, data download, form download and other functions in the "service hall" column, mainly providing online services for the main business of foreign trade and economic cooperation; In the "Shanwei Investment Promotion" column, the investment environment publicity pictures are added and hyperlinked with the "Shanwei Investment Promotion Information Cloud Platform" system to publicize the investment environment in Shanwei with pictures and texts, further expanding the publicity level. At present, Shanwei Merchants Network has become a network information platform integrating market promotion, investment guidance, policy consultation, project progress and economic operation.

Second, the existing problems

(1) The rules and regulations system has been initially established, but it is still not perfect. The information system security system has not been fully covered, and the working mechanism needs to be further improved.

(2) Individual cadres and workers have a weak awareness of network information security and lack initiative and consciousness.

(3) The network security technical management personnel are less equipped, and the ability to deal with unexpected events such as malicious attacks and computer virus attacks is insufficient, and the investment in information system security is limited.

Third, the rectification measures

(a) improve the rules and regulations, constantly check all aspects of security policies and security systems, revise and modify the imperfect parts, and do not regularly check the implementation of security systems to ensure that the network information security system is implemented.

(2) Do a good job in network security publicity and education, enhance the confidentiality awareness of cadres and workers in the implementation of government affairs disclosure and government information disclosure, further improve the initiative and consciousness of network security work, and truly integrate computer security protection knowledge into practical work.

(3) Strengthen the maintenance of network lines and information systems, update and maintain faulty equipment in time, avoid major security risks, provide hardware guarantee for the stable operation of the network, and improve the modernization level of security work.

(four) to strengthen the training of computer operators in operation technology and network security technology, strengthen the awareness of network viruses and information security threats, improve the ability of security prevention and disposal, and achieve early detection, early reporting and early treatment.

Network information security self-inspection report II

I. Implementation of various systems of network information security

Our bureau strictly implements the Provisions on Information Network Management of Judicial Administrative System in * * Province (Provisional), and has formulated the Management System for Information Collection and Release of * * Municipal Bureau of Justice, the Management Regulations for Network Equipment Maintenance of * * Municipal Bureau of Justice and the Management System for Data Backup and Mobile Storage Equipment. And sign a letter of responsibility with relevant departments, regularly check the implementation of the system, and rectify the problems found in time.

Second, the hardware and network equipment management

Focus on checking the access situation of the internal and external networks, eliminate security risks such as sharing equipment and mixing between the internal and external networks, and strictly implement physical isolation between the internal and external networks. It is strictly forbidden for computer users to switch between internal and external networks without authorization, and the anti-virus software is regularly upgraded and maintained by the network management. It is forbidden to use wireless network cards, Bluetooth and other devices with wireless interconnection function. The computer room is managed and maintained by special personnel. Irrelevant personnel are not allowed to enter the computer room without approval, and network equipment and materials in the computer room are not allowed to be used.

The network and hardware equipment should operate normally for 24 hours, and the working temperature should be kept below 25℃. Intranet dedicated firewall is set correctly, and relevant security policies are enabled normally. The IP address allocation table network cable is clearly marked and recorded. All hard disks and mobile devices should be inspected according to the confidentiality requirements, and all files stored on the U disk must meet the confidentiality requirements. U disk used for internal and external network transmission shall not store files, and internal files shall not be stored or operated on external network computers.

Third, the use of software systems.

Strictly implement the principle of "whoever publishes online information is responsible", ensure that information is approved and recorded online in accordance with the "Management System of Information Collection and Publication of * * Municipal Bureau of Justice", ensure that "online is not classified, online is not classified", and earnestly perform the duties of network information security. Network management regularly backs up relevant programs, data and files, and each computer is equipped with genuine Rising antivirus software, which is updated regularly, antivirus and Trojan horse scanning. When operating system vulnerabilities are found, fix them in time to ensure that computers are not invaded by viruses and trojans.

Clean up and check the outstanding problems in the program upgrade, account number, password, software patch, virus killing, external interface and website maintenance of websites and application systems one by one, which can update and upgrade in time, further strengthen security precautions, plug loopholes, eliminate hidden dangers and resolve risks in time.

Do a good job of uninstalling and cleaning all software programs unrelated to work, such as stock trading, games, chatting, downloading, online videos, etc. , to prevent the use of computers to engage in work-related behavior.

Fourth, the existing problems

First, there is no lightning protection equipment in the computer room, and we will intensify our efforts to solve it in the near future.

Second, some staff members do not have strong awareness and skills of network security. It is necessary to further strengthen the computer security awareness education and skills training of all staff, improve their awareness of prevention, fully understand the seriousness of computer network and information security cases, and truly integrate computer security protection knowledge into the improvement of employees' professional quality.

Through self-examination, the overall staff's awareness of network and information security and confidentiality has been further improved, and the basic skills of information network security have been further improved, which has ensured the network operation efficiency of the whole region, strengthened network security, standardized office order, and provided an important security guarantee for the smooth development of judicial administration.

Network information security self-inspection report 3

Our bureau has always attached great importance to the work of network information security system, set up a special leading group, established and improved the network security and confidentiality responsibility system and related rules and regulations, which are managed by the bureau information center in a unified way, and all departments are responsible for their own network information security work. Strictly implement the provisions on network information security and confidentiality, and take various measures to prevent security-related incidents. Generally speaking, our bureau has done a solid job in network information security and confidentiality, and the effect is good. No leakage has been found in recent years.

First, the management of computer confidential information

Since the beginning of this year, our bureau has strengthened organization and leadership, strengthened publicity and education, implemented work responsibilities, strengthened daily supervision and inspection, and managed classified computers well. Used to manage computer magnetic media (floppy disk, U disk, mobile hard disk, etc.). ), take special personnel to keep confidential files alone, and it is forbidden to bring magnetic media containing confidential contents to computers on the Internet to process, store and transfer files, thus forming a good security and confidentiality environment. Confidential computers (including notebook computers) have been physically isolated from the Internet and other public information networks, and security measures have been implemented in accordance with relevant regulations. So far, there has not been a computer leakage accident; Other non-confidential computers (including laptops) and network use have also implemented relevant measures in strict accordance with the management measures of the bureau's computer security information system, ensuring the information security of the agency.

Second, the computer and network security situation

The first is network security. Our bureau is equipped with anti-virus software, network isolation card, strong password, database storage and backup, mobile storage equipment management, data

According to the security protection measures such as encryption, clear network security responsibilities and strengthen network security work.

Second, the information system security implements the leadership audit signature system. Any information uploaded to the website must be reviewed and signed by the relevant leaders before uploading; The second is to carry out regular security checks, mainly supervising SQL injection attacks, cross-site scripting attacks, weak passwords, operating system patch installation, application patch installation, anti-virus software installation and upgrade, Trojan virus detection, port opening, system management authority opening, access authority opening, webpage tampering, etc., and earnestly keeping a system security diary.

Third, in daily management, do a good job in the "five-layer management" of extranet, website and application software, ensure that "confidential computers are not connected to the Internet, and computers connected to the Internet are not classified", and manage, maintain and destroy CDs, hard disks, USB flash drives and mobile hard disks in strict accordance with confidentiality requirements. Focus on the "three major security" investigations: First, hardware security, including lightning protection, fire prevention, theft prevention and power connection; The second is network security, including network structure, security log management, password management, IP management, online behavior management and so on. Third, application security, including website, email system, resource management, software management, etc.

Three, the use of hardware equipment is reasonable, the software setting is standardized, and the equipment is in good running condition.

Every terminal in our bureau has installed anti-virus software and application specifications of system-related equipment. The use of hardware equipment conforms to the relevant national product quality and safety regulations, the unit hardware operation environment meets the requirements, and the basic equipment such as printer accessories and ribbon racks are original products; Lightning protection grounding wire is normal, and defective lightning protection socket has been replaced. Lightning protection equipment is basically stable, and there is no lightning strike.

Accidents; UPS is running normally. The website system is safe and effective, and there are no security risks at present.

Fourth, communication equipment is operating normally.

The composition and configuration of the network system of our bureau are reasonable and conform to the relevant safety regulations; All kinds of hardware equipment, software and network interfaces used in the network have also passed the safety inspection and appraisal before being put into use, and have basically operated normally since installation.

Five, strict management, standardize equipment maintenance

Our bureau implements the management system of "who uses, who manages and who is responsible" for computers and their equipment. In terms of management, the first is to adhere to the principle of "managing people by system". The second is to strengthen information security education and improve employees' computer skills. At the same time, the publicity of network security knowledge was carried out in the bureau, which made all employees realize that computer security protection is an organic part of the work of "three defenses and one guarantee". Moreover, under the new situation, computer crime will become an important part of security work. In terms of equipment maintenance, a network equipment fault register and a computer maintenance table are specially set up to register equipment faults and maintenance and deal with them in time. For foreign maintenance personnel, it is required to be accompanied by relevant personnel, and their identity and handling situation should be registered to standardize the maintenance and management of equipment.

Intransitive verb website security and

Our bureau has relevant requirements for website security. 1. Log in to the background with a password lock with exclusive authority; Second, upload files in advance to detect pathogens; Third, the website adopts module and authority maintenance, and regularly enters the background to clean up junk files; Fourth, the website is updated by a special person.

Seven. Formulation and implementation of safety system

In order to ensure the safety of computer network, the network administrator system, computer security system, website security management system and emergency plan for network information security emergencies have been implemented, which effectively improved the work efficiency of administrators. At the same time, our bureau formulates the computer system security self-inspection system according to its own situation, and achieves four guarantees: first, the system administrator regularly checks the central computer system every Friday to ensure that there are no hidden dangers; The second is to make safety inspection records to ensure the implementation of the work; The third is to implement the system of regular inquiry by leaders, and the system administrator reports the use of computers to ensure that the situation is always grasped; Fourth, regularly organize global personnel to learn network knowledge, improve the level of computer use, and ensure prevention.

Eight, safety education

In order to ensure the safe and effective operation of our network and reduce virus intrusion, our bureau has trained the related knowledge of network security and system security. During this period, we conducted a detailed consultation on computer-related problems encountered in practical work and got a satisfactory answer.

Nine, self-examination problems and rectification opinions

We found some weak links in the management process, and will improve in the following aspects in the future.

(a) for irregular lines, exposed, immediately rectification lines within a time limit, and do a good job of rat prevention and fire safety.

(two) to strengthen equipment maintenance, timely replacement and maintenance of faulty equipment.

(3) During the self-examination, it was found that individual personnel were not aware of computer security. In the future work, we will continue to strengthen computer security awareness education and prevention skills training, so that employees can fully realize the seriousness of computer cases. Combine civil air defense with technical defense, and do a good job in network security of the unit.