Emergency plan for computer room failure?

In order to scientifically respond to network and information security emergencies, improve the ability of information management center computer room to respond to information network emergencies, establish and improve the information security guarantee mechanism, effectively prevent, timely control and minimize the harm and impact of various information security emergencies, the Emergency Plan for Computer Room Failure of Information Management Center is specially formulated.

This plan adheres to the principle of "unified leadership, coordination, clear responsibilities, standardization according to law, integration of resources, prevention first, and strengthening monitoring". Applicable to network and information security emergencies that may occur in the computer room of the information management center.

The information management center sets up an information security group, which is the permanent organization of the information management center. Leader of emergency group: Feng; Deputy Head: Yongming Guo; Team members: Li Songyang and Song Zhiheng.

First, the emergency plan for water leakage in the computer room

(1) After the computer room leaks, the first witness shall immediately notify the network and information security team.

⑵ If the air conditioning system leaks, stop the faulty air conditioner immediately, clean up the accumulated water in the machine room, and contact the equipment supplier in time for treatment. If necessary, you can temporarily cool the server with an electric fan.

(3) If the wall or window leaks, it shall immediately notify the office of the Head Office, remove the accumulated water in time, and repair the wall or window to avoid unnecessary losses.

The second is the emergency plan for equipment theft or man-made damage.

(1) When equipment is stolen or damaged artificially, users or managers should immediately report to the information security team and protect the site.

(2) After receiving the report, the information security team shall notify the security department and the public security department to jointly verify the site situation, count the stolen materials or check the man-made damage, and make necessary video records and written records.

(3) The parties involved in the incident should actively cooperate with the investigation of the public security department and report relevant information to the information security team.

(4) The information security team will hold a meeting to discuss, and when the situation is serious, it should be reported to the relevant leaders of the group company for further decision.

Three, the computer room for a long time power outage emergency plan

After receiving a long-term power outage notice, you should post a power outage notice or telephone notice on the website in time, requiring intranet users to stop working, save data and shut down normally before the power outage. Because the design time of UPS power supply in the central computer room is 2 hours, all equipment in the computer room should be turned off after 50 minutes of power failure 1 hour.

Four, communication network fault emergency plan

(1) After a communication network failure occurs, the computer operator shall promptly notify the information security team and notify the person in charge to handle it.

⑵ The information network manager and the person in charge should find out the fault location of the communication network in time, or notify the relevant communication network operators and ask for help to find the reason. At the same time, isolate the fault area and cut off the network connection between the fault area and the server.

(3) The system administrator shall, together with the telecommunication technicians or responsible persons, detect the fault area, gradually restore the network connection between the fault area and the server, and restore the communication network to ensure normal operation.

(4) If the network fault cannot be responded or solved in time, the system administrator should contact the IT operation and maintenance outsourcer in time to solve the problem.

(5) The person in charge is responsible for writing the failure analysis report and reporting it to the information security team for future reference.

Five, bad information and network virus emergency plan

(1) When bad information or network virus is found, the network administrator should immediately disconnect the network cable to prevent the spread of bad information or network virus and notify the information security team.

(2) After receiving the report, the information security team should immediately inform all computer users in the local area network of anti-virus methods, isolate the network, and guide all computer operators to carry out anti-virus treatment until the network is in a safe state.

(3) The source of bad information should be further traced. Without the consent of the relevant leaders to release information, resulting in adverse effects and breaking the law, handed over to law enforcement departments for legal responsibility.

(4) When the situation is serious, it shall immediately report to the relevant leaders of the group company and take corresponding measures.

Six, computer software system failure emergency plan

(1) After the computer software system fails, the computer operator immediately saves the data and stops the computer from using the application program.

(2) The department head shall report the situation to the information security team and shall not handle it without authorization.

(3) The information security leading group quickly dispatched technicians for processing, and backed up the hard disk when necessary.

(4) Repair the computer system and ensure the safety of the original data as much as possible.

Seven, hacker attack emergency plan

(1) When the network is found to be illegally invaded, the content of the webpage is tampered with, the data on the application server is illegally copied, modified or deleted, or hackers are found to attack through the intrusion detection system, users or managers should disconnect the network and report to the information security team immediately.

(2) After receiving the report, the information security team should immediately shut down the network, prevent or delete the breached login account, and prevent suspicious users from accessing the network.

(3) Clean up the system in time, restore data and procedures, and try to restore the system and network to normal; When the situation is serious, it should immediately report to the relevant leaders of the group company and take corresponding measures.

Eight, computer room equipment hardware failure emergency plan

(1) After the hardware failure of the equipment in the computer room occurs, the information security leading group shall immediately determine the failed equipment and the cause of the failure, and conduct pre-disposal.

(2) If the faulty equipment cannot be repaired in a short time, start the standby equipment to keep the system running normally; Disconnect the faulty device from the network for troubleshooting.

(3) After troubleshooting, replace the standby equipment during the idle period of the network; If the fault still exists, please contact the relevant manufacturer for maintenance immediately, and fill in the equipment fault report form carefully for future reference.

Nine, emergency disposal

After an information network emergency occurs, the relevant personnel shall report to the information security team within 5 minutes, and the emergency team shall organize personnel to handle it in advance. Major events should be reported to the relevant leaders of the group company.

X. after-care treatment

After the emergency response, the information security team organized relevant personnel and technical experts to form an incident investigation team to conduct a comprehensive investigation and evaluation of the cause, nature, impact, consequences, responsibilities, emergency response capabilities, recovery and reconstruction of the incident, sum up experiences and lessons, rectify the institutions with hidden dangers, and restore normal working order.

XI。 Emergency communication support

All personnel of the information security team ensure smooth communication 24 hours a day.

Twelve. Equipment support

A certain amount of information network hardware and software equipment should be reserved, and special personnel should be appointed to keep and maintain it.

Thirteen. Data guarantee

A backup system should be established for important information systems to ensure that important data can be recovered urgently after being damaged.

Fourteen Team guarantee

Select the department familiar with the software and hardware system of the unit as the emergency support unit for sudden information network emergencies, and provide technical support and services.

Fifteen. publicize

The information security team should organize information network security education throughout the company to improve information security awareness and ability.

Sixteen, training quality documents, you are worth looking forward to.

The information security team shall organize information network security training to improve the emergency handling ability of information network events.

Seventeen, planning exercises

The network and information security team should organize drills, find out the problems existing in the emergency work system and working mechanism through drills, constantly improve the emergency plan and improve the emergency handling ability.

For more information about project/service/procurement bidding, and to improve the winning rate, please click on the bottom of official website Customer Service for free consultation:/#/? source=bdzd