Network security management regulations

Network security management means that people can surf the Internet safely, so what are the relevant regulations? Below I will introduce to you the relevant information about network security management regulations, I hope it will be helpful to you.

Network Security Management Regulations

Network security rules and regulations are in order to ensure the security of our unit’s computer information network. According to the "Information System Security Protection Regulations of the People's Republic of China" and "China The Interim Provisions of the People's Republic of China on the Management of International Networking of Computer Information Networks and the relevant provisions of the Qinhuangdao Municipal Party Committee and the Municipal Security Bureau, combined with the use of computer information networks in our unit, these measures are specially formulated.

1. Computer information network security and confidentiality management work is carried out under the leadership of the Security Committee and the Network Information Center (referred to as the "Network Center"), and a work responsibility system and an accountability system are implemented. The main person in charge of the party and government of each department is the person responsible for the information network security and confidentiality of the unit, signed -, and is responsible for the network information security and confidentiality management of the unit.

2. The weak current rooms of the network center and various networking departments are key departments of the computer information network and must be handled by dedicated personnel. The network center is responsible for the technical parameters of various equipment to ensure the safe operation of the information network. No one else may move the network equipment at will or modify the technical parameters of the equipment without authorization.

3. As the management department of the unit's network, the network center is responsible for the planning, construction, application development, operation and maintenance and user management of the unit's local area network. The computer IP address of the unit network is bound to the physical address of the computer network card and is managed uniformly by the network center. The network center combines the existing computer IP address with the bound physical address of the computer network card and the status of the computer user. Registration and filing. Units and individuals planning to connect to the network should go to the network center to download the application form. After filling it out, it will be reviewed and signed by the leader of the unit, and the corresponding network security and confidentiality responsibility letter will be signed. The network center will be responsible for installation and debugging. After the user connects to the Internet normally, the password will be managed and changed by the unit or individual himself. It is strictly prohibited to connect to the unit LAN without authorization.

4. The units connected to the network and the individuals connected to the network must accept the supervision and inspection of the relevant functional departments of the unit and cooperate with the necessary measures taken by the unit. Information service stations such as unit homepage content and news updates are maintained and serviced by designated functional departments. No unauthorized unit or individual can change its content.

5. Units that operate OA and other public information service systems on the unit network should go to the network center to complete the registration procedures in accordance with regulations, and file with the unit confidentiality committee. The public information service system established upon approval should technically ensure "review before posting" in accordance with relevant national requirements, and should also establish corresponding administrators and management systems. Relevant systems include:

(1) Security protection technical measures;

(2) Information release review and registration system;

(3) Information monitoring, preservation, Clearance and backup system;

(4) Bad information reporting and assistance in investigation and handling system;

(5) Managerial personnel position responsibility system. Without permission, any network-connected unit or individual is not allowed to open BBS and other public information service systems.

6. All units and individuals should consciously abide by the relevant regulations on computer information network security on the Internet. It is not allowed to carry out any activities that interfere with network users, damage network services and network equipment; it is not allowed to enter unauthorized computer systems through the network; it is not allowed to use network resources with an untrue identity; it is not allowed to steal other people's accounts and passwords to use network resources; it is not allowed to use network resources; Stealing an IP address that has not been legally applied for to access the network; no secondary agent is allowed to be opened without the permission of the unit, and no one is allowed to change the IP address settings without authorization.

7. It is prohibited to download any software on the Internet that has not confirmed its safety, and it is strictly prohibited to use pirated software and game software. No unit or individual is allowed to use the personal email address assigned by the unit to register information on the public network, is not allowed to visit malicious and unhealthy websites, and is not allowed to open unfamiliar emails at will.

8. All software of the network system is not allowed to be copied privately and given away to other units or individuals. Violators will be severely dealt with.

9. It is strictly prohibited to use storage media such as floppy disks, U disks, and optical disks at will. If necessary for work, foreign floppy disks, U disks, and optical disks must be checked for viruses on a stand-alone computer that is not connected to the Internet, and they can be used online after being confirmed to be non-toxic. . The parties involved will be held responsible for virus infringement caused by private use.

10. It is strictly prohibited to spread computer viruses through any means and media. Those who spread and are infected with computer viruses will be given appropriate sanctions depending on the severity of the case. Those who create viruses or modify virus programs must be dealt with severely.

11. If a virus is discovered, the virus-infected equipment should be isolated in a timely manner. If the situation is serious, the relevant departments should be reported and handled promptly and properly. Carry out anti-virus monitoring in real time and carry out intelligent upgrades of anti-virus software and virus codes.

12. Attention should be paid to protecting the security of network data information, and data backup should be performed for key data stored in the database and key application systems.

13. No one may use the Internet to engage in activities that endanger national security or leak state secrets. No one may access, copy or disseminate information that is detrimental to social security or immoral. Anyone who violates these management regulations and engages in one of the following behaviors will be given a warning and stopped from using the network by the network center. In serious cases, the network center will submit it to the administrative department or the relevant judicial department for handling.

1. View, produce, download, copy, publish or otherwise use information containing the following content:

(1) Inciting resistance and undermining the constitution, national laws and administrative regulations Implementation of laws and regulations;

(2) Inciting to subvert state power, undermine national unity and ethnic unity, and overthrow the socialist system;

(3) Fabricate or distort facts, deliberately spread rumors, Disturbing social order;

(4) Publicly insulting others or fabricating facts to slander others;

(5) Promoting feudal superstition, obscenity, pornography, violence, murder, terror, and instigating crimes;

(6) Spreading "" cult remarks, etc.

2. Activities that destroy or misappropriate information resources in computer networks and endanger computer network security.

3. Stealing other people’s accounts.

4. Lending or transferring user accounts without permission causing harm.

5. Deliberately create and spread computer viruses and other destructive programs.

6. Changing the structure of the network without authorization.

7. Accepting network users without authorization in accordance with the relevant regulations of the country and the unit.

8. The censorship of online information is not strict, resulting in serious consequences.

14. These rules and regulations shall be implemented from the date of promulgation.

2 Network Security Rules and Regulations Chapter 1 General Principles

Article 1 is to protect the security of the campus network system, promote the application and development of the school computer network, and ensure the normal operation and safety of the campus network. This security management system is formulated for the rights and interests of network users.

Article 2 The campus network is an important part of the school's public service system. It is managed by the information center and provides comprehensive services for teaching, scientific research, academic exchanges, and management. It is dedicated to the management of online resources. have.

Article 3

The campus network system referred to in this management system refers to the main and auxiliary nodes of the campus network invested and purchased by the school and maintained and managed by the school network information center. It is an integrated system of hardware and software for campus network applications and services composed of equipment, supporting network cable facilities, network servers, and workstations.

Article 4 The school network information center is responsible for the safe operation of the campus network system and the management and maintenance of system equipment. The school network information center can entrust personnel designated by relevant departments to manage sub-node equipment on their behalf. No department or individual may install, dismantle or change network equipment without the consent of the unit responsible for the campus network.

Article 5: No unit or individual may use networked computers to engage in activities that harm campus network and local area network servers and workstations, and may not harm or invade unauthorized servers or workstations.

Chapter 2 Security Protection Operation

Article 6 Except for the unit responsible for the campus network, other units (departments) or individuals may not attempt to log in to the main node, auxiliary node, or node of the campus network in any way. Modify, set, delete and other operations on servers and other equipment; no unit or individual is allowed to steal or destroy network facilities under any pretext. These behaviors are regarded as damaging to the safe operation of the campus network.

Article 7

The contents of the WWW server in the campus network that publishes information to the outside world must be reviewed by the leaders of each unit. After the unit leaders sign their opinions, they must be submitted to the relevant leaders of the school for review and filing. Later, the school network information center technically opened its external information services.

Article 8 Accounts and passwords opened in various servers on the campus network are owned by individual users. The school network information center keeps user passwords confidential and shall not provide this information to any unit or individual.

Article 9 Network users are not allowed to use various network equipment or software technologies to engage in interception or theft of user accounts and passwords. This activity is considered to be an infringement of the rights and interests of network users.

Article 10 Construction and construction activities on campus shall not endanger the security of computer network systems.

Article 11 After an incident or hacker attack occurs on the campus network owner, auxiliary node equipment and servers, the responsible unit of the campus network must report to the school and the public security agency within 24 hours.

Article 12 It is strictly prohibited to use software of unknown origin that may cause computer viruses on the campus network; software of unknown origin that may cause computer viruses should be checked and disinfected using anti-virus software recommended by the public security department.

Article 13 It is strictly prohibited to use the campus network for gambling activities or playing games.

Article 14 All staff and users of the campus network must accept and cooperate with the supervision and inspection conducted by the school network information center and the necessary measures taken.

Article 15 The campus network shall implement unified management and hierarchical responsibility system. The network center manages school management resources, managers of each department are responsible for the management of resources at the same level, and computer system administrators manage each computer system.

Article 16

It is strictly prohibited for any user to connect to the campus network without authorization. It is strictly prohibited for any non-school personnel to use the campus network. All other departments and individuals who use the campus network of the school must follow relevant regulations. Register and sign the corresponding information security responsibility letter, consciously abide by the "Tonghua No. 13 Middle School Campus Network Management System", and assume relevant responsibilities should problems occur.

Article 17 All school staff are obliged to help review campus online information and prevent information involving state secrets or state prohibited information from being accessed online.

Article 18 Campus network staff and users are obliged to promptly report to network management personnel and consciously destroy information that is harmful to social security and unhealthy information on the Internet and destroy it immediately.

Article 19 All levels of user departments within the campus network must appoint network security officers to be responsible for corresponding network security and information security work, and regularly educate network users on information security and network security.

Article 20

The Network Center will only configure corresponding user names and e-mail addresses for departments and individuals that meet the set user names, and regularly check their usage. The user name and other management rights set by the school network center belong to the user, and any network insecurity caused by the user name, etc. will be borne by the user.

Article 21 No unit (department) or individual may use the campus network to produce, copy, review and disseminate the following information:

1) Incite resistance, undermine the constitution and laws, Implementation of administrative regulations;

2) Inciting to subvert state power and overthrow the socialist system;

3) Inciting to split the country and undermine national unity;

4) Inciting ethnic hatred, ethnic discrimination, and undermining ethnic unity;

5) Fabricating or distorting facts, spreading rumors, and disrupting social order;

6) Promoting feudal superstition and obscenity , pornography, gambling, violence, murder, terror, instigating crimes;

7) Blatantly insulting others or fabricating facts to slander others;

8) Damaging the credibility of state agencies;

p>

9) Other violations of the Constitution, laws and administrative regulations.

Article 22

The system software, application software and information data of the campus network and subnets must be kept confidential. The confidentiality level of information resources can be divided into:

(1) Can be disclosed to the Internet;

(2) Can be disclosed to the school;

(3) Can be disclosed to relevant units or individuals;

(4) Only for use within the unit;

(5) Only for personal use.

Article 23

All networked computers and Internet users must be registered promptly and accurately. Administrative units at all levels and teaching business units where multiple people use computers to access the Internet must strictly manage the use of computers and the person in charge of the department shall be the person in charge of network security. The public computer room of the school is not allowed to be open to the public. The computer room staff records the identity of the Internet users, the time of accessing and disconnecting from the Internet, and the computer number. Records of network usage in the public computer room must be kept for one year.

Article 24

The unit responsible for the campus network must implement various management systems and technical specifications, monitor, block and remove harmful information on the Internet. In order to effectively prevent illegal activities on the Internet, the campus network must have unified export management and unified user management. All users entering and exiting the campus network to access information must use the proxy server set up by the responsible unit of the campus network.

Chapter 3 Liability and Punishment for Breach of Contract

Article 25

Violation of the provisions of Article 5 and Articles 21 and 22 Once the behavior is verified, it will be reported to the relevant departments of the school, and corresponding administrative disciplinary sanctions and financial penalties will be imposed depending on the circumstances; those that cause significant impact and losses will be reported to the municipal public security department, and the individual will bear relevant responsibilities in accordance with the law.

Article 26

Once the interception or misappropriation in violation of the provisions of Article 9 is verified, the school will be referred to the school for administrative sanctions and announced on the campus website; causing economic consequences to others. If the victim suffers a loss, he or she will double the compensation for the victim's loss and close all types of service accounts he or she has; if the behavior is bad, has a large impact, and causes heavy losses to others, the case will be reported to the public security department.

Article 27 Once the violation of the provisions of Articles 12 and 13 is verified, all types of service accounts owned by them will be closed; if the behavior is bad, has a large impact, and causes heavy losses to others, The case will be reported to the public security department.

Article 28 Intentionally spreading or creating computer viruses that endanger the security of the campus network system shall be subject to the provisions of Article 23 of the "Regulations of the People's Republic of China on the Security Protection of Computer Information Systems" be punished.

Chapter 4 Others

Article 29 The network security management leading group is responsible for the supervision and implementation of this management system, and specific penalties will be implemented by the school.

Article 30 The responsible unit for the campus network specified in this management system is the school network information center.

Article 31 This management system shall be implemented from the date of promulgation.

3 Government Network Security Management Rules and Regulations 1. Comply with relevant national laws and regulations, strictly implement the security and confidentiality system, and shall not use the Internet to engage in illegal and criminal activities such as endangering national security, leaking state secrets, etc., and shall not create, browse, or Copy and disseminate reactionary and pornographic information, do not publish reactionary, illegal and false information on the Internet, do not curse and attack others on the Internet, and do not leak other people's privacy online. It is strictly prohibited to carry out any hacking activities and sabotage activities of a similar nature through the Internet, and strictly control and prevent the intrusion of computer viruses.

2. The network security administrator is mainly responsible for the system security of the entire unit network (including local area network and wide area network).

3. Good and thorough log auditing and detailed analysis are often powerful weapons for predicting attacks, locating attacks, and tracking down attackers after being attacked. Log audits should be conducted on network equipment operating status, network traffic, user behavior, etc. The audit content should include the date and time of the event, user, event type, whether the event was successful, etc. Network equipment logs must be kept for three months.

4. After the network administrator realizes that the network is under attack, he should determine his identity and issue a warning to stop possible cybercrimes in advance. If the other party does not listen to the advice, he must protect the security of the system. If the situation arises, you can intervene in good faith and report to the supervisor.

5. Every month, safety management personnel should submit the duty and incident records of the month to the supervisor, and save and archive the system record files for reference.

6. Changes to network device policy configurations, and the addition and replacement of various hardware devices must be approved in writing by the person in charge; changes must be subject to technical verification before being made, and detailed registration and records must be carried out in accordance with regulations. Organize and archive various software, on-site data, and files.

7. Regularly scan network equipment for vulnerabilities, analyze and repair them. Security vulnerabilities in network equipment software may be exploited, so upgrade regularly according to the upgraded version provided by the manufacturer.

8. For those who need to connect and connect computers, they need to fill in the network outreach and access application form (Attachment 10, "Network Outreach and Access Application Form").

9. Redundancy of key network equipment and key network links is required to ensure business needs during peak hours and to eliminate single points of failure in equipment and links.

10. IP addresses are important resources of computer networks. Computer end users should use these resources under the planning of the Information Department and must not change them without authorization. In addition, some system services have an impact on the network. Computer end users should use them under the guidance of the Information Department. It is prohibited to open system services in the computer at will to ensure the smooth operation of the computer network.

11. Back up network equipment security files and security policies every month.

Article 1 of 4 Network Security Management Rules and Regulations In order to effectively strengthen the network security management of the school campus network and maintain the normal operation of the school campus network, in accordance with the "Security Protection of Computer Information Systems of the People's Republic of China" Regulations, "Measures for the Security Protection and Management of International Networking of Computer Information Networks", "Interim Provisions of the People's Republic of China on the Management of International Networking of Computer Information Networks" and other relevant laws and regulations, this specification is specially formulated.

Article 2 The school information center is in charge of school network security work under the leadership of the principal’s office. The network administrator and information officers of each department are responsible for the specific affairs of school network security management. The information center should perform the following responsibilities for school network security management:

1. Communicate and implement superior regulations and laws on network security, and stop violations of network security regulations and laws.

2. Determine the person responsible for safety management (the office director in charge of the information center is the first responsible person).

3. Purchase and equip software and hardware for application and network security management (such as firewalls, routers, anti-virus software, etc.).

4. Conduct security checks and audits on information posted on the campus network.

Article 3 The school network administrator shall be specifically responsible for the school’s network security and information security work under the leadership of the office, including technical support for network security, review of information release, preservation and backup of important information, and illegal Report information and assist in investigation and handling work.

Article 4 The school information center can conduct security checks on all computers on campus. Relevant departments or individuals should actively cooperate and provide relevant information and information.

Article 5 Any department or individual in the school that accesses, processes, or transmits confidential information through the network must take corresponding confidentiality measures to ensure confidentiality. Computers in important departments should focus on strengthening security management and security.

Article 6 The network configuration (such as IP address, etc.) of all computers in the school should be planned and configured uniformly by the network administrator. No department or individual may change the configuration information without authorization.

Article 7 The computer room where the school provides computer services to students must be managed by a dedicated person in charge. Students are prohibited from browsing pornographic websites, using the Internet to spread reactionary remarks, etc. If there is any violation, they shall be punished according to the school's regulations. Relevant regulations will be dealt with seriously.

Article 8 Schools should establish a filing and regular review system for websites and personal homepages. The construction of the school website should be based on the principles of being conducive to teaching and scientific research management, conducive to internal and external publicity, conducive to the study, work and life of school teachers and students, and conducive to saving network resources, and strictly implement the procedures for filing and regular review. Websites or personal homepages that have not been reviewed or failed to pass the review should be banned.

Article 9 Any department or individual in the school who builds a website or homepage on the public Internet must strictly abide by relevant laws and regulations and must not damage the reputation and interests of the school.

Article 10: No department or individual in the school may use the campus network to endanger national security, leak state secrets, infringe on the interests of the country, society, or collectives, or engage in any illegal or criminal activities.

Article 11 Any department or individual in the school may not use the campus network to produce, copy, review and disseminate the following information:

1. Incite resistance and undermine the implementation of the constitution and laws and administrative regulations

2. Inciting to subvert state power and overthrow the socialist system;

3. Inciting to split the country and undermine national unity;

4. Inciting Ethnic hatred, ethnic discrimination, and destruction of ethnic unity;

5. Fabricating or distorting facts, spreading rumors, and disrupting social order;

6. Promoting feudal superstition, obscenity, pornography, Gambling, violence, murder, terror, instigating crimes;

7. Blatantly insulting others or fabricating facts to slander others;

8. Damaging the image of the school and the interests of the school;

p>

9. Infringement of other people’s intellectual property rights;

10. Other violations of the constitution, laws, and administrative regulations.

Article 12 No department or individual in the school shall engage in the following activities that endanger campus network security:

1. Enter the school information network or use school information network resources without permission ;

2. Deleting, modifying or adding functions to the school network without permission;

3. Deleting, processing or transmitting data on the school network without permission Delete, modify or add applications;

4. Deliberately create and spread computer viruses and other destructive programs;

5. Use various hacking software to carry out hacking activities

6. Without the approval of the school, privately establish a website on the campus network or provide external network services;

7. Harm others on BBS, message boards, and chat rooms Carrying out personal attacks, making negative, vulgar remarks, publishing all kinds of unauthorized advertising information, using the names of various public figures and other unhealthy content as their online names;

8. Others Endangering the security of computer information networks.

Article 13: No department or individual may violate legal provisions or infringe upon the freedom of communication and confidentiality of communication of campus network users.

Article 14 Accounts and passwords opened on various servers in the campus network are owned by individual users within the school. Network administrators should keep user passwords confidential and shall not provide this information to any department or individual.

Article 15 On-campus network users are not allowed to use various network equipment or software technologies to engage in interception or theft of user accounts and passwords. This activity is considered to be an infringement of the rights and interests of on-campus network users.

Article 16 In order to effectively prevent illegal activities on the Internet, the campus network must have unified export management and unified user management. No department or individual may open a proxy server or other application servers without the approval of the school information center.

Article 17 The school information leadership group must implement various management systems and technical specifications, and effectively monitor, block, and remove harmful information online. Network administrators should regularly check network security protection management and the implementation of technical measures, focus on strengthening the management and monitoring of interactive columns such as campus network electronic bulletin boards, message boards, chat rooms, etc., and regularly review and inspect the content of these columns , promptly discover and delete all types of harmful information.

Article 18 All types of servers opened by the school must maintain logging functions, and the historical record retention period shall not be less than 6 months. Network administrators should check the system logs of each activated server from time to time in accordance with the relevant technical supervision requirements of the public security department.

Article 19 For those who violate this code, the school office will give a warning according to the circumstances, instruct relevant departments, network administrators and parties involved to write a written inspection and shut down for rectification; if the circumstances are serious, the school will The parties concerned will be given corresponding administrative disciplinary sanctions in accordance with relevant regulations; those that cause significant impact and losses will be reported to the public security department, and the individual will bear relevant responsibilities in accordance with the law.

Article 20 Once the interception or misappropriation behavior in violation of the provisions of Article 15 is verified, the school will be referred to the school for administrative disciplinary sanctions and announced in the school; if it causes economic losses to others, the person shall pay double compensation. If the victim suffers losses, all types of service accounts owned by him or her will be closed; if the behavior is bad, has a large impact, and causes heavy losses to others, the case will be reported to the public security department.

Article 21 Anyone who intentionally spreads or creates computer viruses that endangers the security of the campus network system shall be punished in accordance with the relevant provisions of the "Computer Information System Security Protection Regulations of the People's Republic of China".

Supplementary Provisions

Article 23 This specification will be revised in a timely manner based on the actual situation of the school's campus network operation and in conjunction with the relevant regulations of the superior department.

Article 24 The Information Office of Zhenjiang Higher Vocational and Technical School is responsible for the interpretation of these specifications and will be implemented on a trial basis from the date of release.

5 Township network security management rules and regulations are designed to strengthen the security, confidentiality, use and management of our town’s information network and government information network. This system is specially formulated in accordance with the provisions of relevant laws and regulations such as the "Regulations on the Specific Scope of State Secrets and Their Classification", the "Regulations on the Security Management of International Networking of Computer Information Systems".

1. The Party and Government General Office is responsible for the computer network-related equipment and consumables of its own government agencies.

2. The Party and Government Office and the Finance Office are responsible for purchasing equipment and consumables related to computer networks. If you need to install relevant software or replace computer-related accessories due to work needs, you should report to the office in time, and the office will coordinate the configuration.

3. The management, use, maintenance and cleaning of computers in each station should be clearly assigned to the responsible person, and whoever uses them should be responsible; they should be cleaned regularly to prevent soot, paper scraps, tea, etc. from entering the computer. Ensure safe operation. After get off work, the computer should be turned off and the power supply and network cable should be cut off. In case of thunderstorms, the main power supply of the switch should be cut off. At the same time, protect the computer. If someone causes damage to the computer or causes it to be stolen, compensation should be paid according to the price.

4. If the computer network fails, it should be reported to the office in time. The Party and Government General Office will contact professional and technical personnel to come to the site for maintenance and repair. It is prohibited to send the host outside for repair to ensure information security.

5. The computer’s random accessories, software and outsourced software should be registered, registered, and virus-checked at the Party and Government General Office before use, and should be properly kept; if dual hardware and dual networks are physically separated according to regulations, Users are not allowed to withdraw the isolation card without authorization.

6. Confidential documents, materials, and information at each site should be protected by security and must not be stored on computers without confidentiality measures. You are not allowed to access other people's confidential documents without authorization.

7. Employees of government agencies should browse the county party committee, county government, town government and other office information networks every day during work to ensure timely and accurate processing of official documents.

8. Institutional employees should learn computer knowledge and operating skills and actively participate in computer operation training. Strictly follow computer operating procedures and use computers and network facilities correctly to avoid damage caused by improper operation.

9. Institutional employees should make full use of the advantages of large network capacity, wide coverage, and fast transmission, consciously learn and apply relevant online knowledge, check work-related information, and improve the quality and level of work. However, employees are not allowed to browse unhealthy web pages, play games or chat during working hours, or use paper to print or download materials, files or information that are not related to work.

10. Employees of government agencies who violate this system will be dealt with in accordance with the Confidentiality Law and relevant regulations and disciplinary provisions. Those who violate criminal law will be transferred to judicial organs for disposal.

?

Articles related to network security management regulations:

1. Selected network security management system templates

2. Enterprise network security Management System

3. Network Security Management System Measures

4. Government Network Security Management System Sample

5. Latest IT Information Security Management System Sample

6. Three articles on school network security management systems

7. The latest 2017 Network Security Protection Law and Regulations