Detailed rules for the implementation of the Municipal Audit Bureau on doing a good job in computer and network security

According to the requirements of the document "Network Security Work Plan for Celebrating the 70th Anniversary of the Founding of the People's Republic of China in Ji 'an City" (Ji Wang Zi [2065438+09] No.2), in order to do a good job in computer network security in our bureau, further implement the responsibility of network security and information security management, ensure network security and information security in our bureau, earnestly strengthen system management and clarify responsibilities, the following specific working rules are formulated, please follow them.

I. Network management

1. Network administrators should pay close attention to and monitor network operation, adjust network parameters, schedule network resources, and keep the network safe, stable and smooth.

2. All staff consciously manage their various network accounts, set passwords with higher security level, resolutely put an end to weak passwords, default passwords, commonly used passwords and long-term unchanged passwords, resolutely prevent high-risk vulnerabilities from being fixed, and non-essential ports and services from being opened for a long time, and strengthen the prevention of violent account cracking.

3. Without permission, the functions of the computer network and the data and applications stored, processed and transmitted in the network shall not be modified, deleted or added.

4. Rectify the network problems found in inspection, evaluation and monitoring, and all kinds of hidden dangers reported by relevant departments, and review them one by one to ensure that the problems are completely solved without leaving any future trouble.

5. Guard against email attacks, carefully review abnormal addresses, log in at abnormal times and download emails in batches, and turn off the email automatic forwarding function of the email system.

6. When the unit uses the Internet and the audit intranet, it is not allowed to cross use. Under the existing conditions, the internal and external network machines are fixed, and the internal network machines are not networked.

Second, the website management

1. The information released to the outside world should have strong timeliness, and it is forbidden to publish information that violates national laws and local regulations, information that runs counter to the Party's principles and policies, and untrue information.

2. The staff shall not publish information on the website without authorization, and all information must be reported to the computer audit center, which will be released after being approved by the leaders in charge.

3. Deal with website anomalies in time. Because the website is managed by the government information center, the website administrator should deal with the abnormal situation of the website in time in combination with the relevant notices issued by the government information center.

Third, the computer room management

1, network management personnel should do a good job in network security, and all kinds of accounts of the server should be kept strictly confidential. Monitor the data flow on the network, detect the attack behavior and respond and deal with it.

2. Strengthen the awareness of server virus prevention, scan and detect viruses regularly, and deal with them immediately if they are found;

Adopt genuine anti-virus software authorized by the state and update it in time;

No new software may be installed on the server without certification permission;

Remote transmission data can only be transmitted after security testing.

3. It is forbidden to disclose, lend or transfer professional data and information.

4. Close unnecessary ports on the host and terminal, and enjoy access and remote desktop connection.

5. Back up data regularly.

Fourth, data security management.

1. Business data shall not be changed without approval.

2. Information administrators must strictly abide by professional ethics and discipline, and shall not disclose confidential information such as passwords and account numbers of any users, personal privacy and other information.

3. Take measures such as data classification, backup and encryption to strengthen the protection of personal information and important information. The adoption of cryptographic technology should meet the requirements of national management policies. Strict data access authorization, databases that store important data and a large amount of personal information should take strict security precautions when accessing the Internet. Computers that store important data and a lot of personal information data are not allowed to access the Internet.

4. It is forbidden to store, process or transmit state secrets on networked computers or non-confidential mobile storage media. Install a file security protection system on a work computer connected to the Internet. The system scans and monitors all files in computers connected to the Internet. Once it is found that confidential files are stored, operated or received, it will immediately report to the police. All employees are required to strictly abide by the confidentiality system in their work.

Five, the implementation details shall come into force as of the date of promulgation.