Common sense of computer network system security

1. Safe work of computer information system

Right (√) Chapter I General Provisions Article 1 In order to protect the security of state secrets handled by computer information systems, these Provisions are formulated in accordance with the Law of People's Republic of China (PRC) on Guarding State Secrets, the Regulations of People's Republic of China (PRC) on the Security Protection of Computer Information Systems and the actual situation of our region.

Article 2 These Provisions shall apply to computer information systems that collect, process, store, process, transmit, output and use state secret information within the administrative area of this autonomous region (hereinafter referred to as classified computer information systems). Article 3 The State Secrecy Bureau of the autonomous region shall be in charge of the security of classified computer information systems in the whole region.

The administrative offices, city and county (District) security departments are responsible for the security management of local computer information systems. State organs, enterprises, institutions and security agencies at all levels are responsible for the security of classified computer information systems of their own systems, departments and units.

Article 4 The system of declaration and examination and approval shall be implemented for classified computer information systems. The use of classified computer information systems by state organs, enterprises and institutions affiliated to the autonomous region shall be reported to the State Secrecy Bureau of the autonomous region for examination and approval by the security organ of the unit.

The administrative office, city and county (District) belongs to the state organs, enterprises and institutions using classified computer information system, by the security department of the unit reported to the local security department at the same level for examination and approval, and reported to the autonomous region State Secrecy Bureau for the record. Article 5 Confidential computer information systems that have not been declared and approved shall not be put into use.

Computer information systems that have not been declared and approved shall not involve state secrets. Chapter II Hardware Security Management Article 6 When building a new classified computer information system, security management and security technical preventive measures must be planned and implemented simultaneously.

The classified computer information system that has been completed and put into use shall improve the safety management and safety technical preventive measures, and go through the formalities of declaration and approval in accordance with these Provisions. Article 7 The hardware, equipment and premises of classified computer information systems must meet the following requirements: (1) The location of computer rooms shall be kept at a safe distance from the residences of overseas institutions and personnel in accordance with the relevant provisions of the state, and necessary control areas shall be set up according to the classified degree of the information processed and the relevant provisions.

No one is allowed to enter without the approval of the security agency. (2) Try to choose domestic models; When foreign computers must be used, the safety performance should be checked by the local security department at the same level before installation and debugging.

(3) Safety protection measures should be taken to prevent leakage of electromagnetic information. (4) All kinds of safety technical equipment and measures used in computer information systems must be approved by the State Secrecy Bureau.

(5) Other physical safety requirements shall conform to the relevant national confidentiality standards. Article 8 Where it is necessary to update, lease or sell the hardware equipment of the classified computer information system, the hardware equipment must be treated with confidentiality technology, and it must be confirmed that there is no state secret information in the system, and it can only be carried out after the approval of the security organ of the competent department.

Chapter III Software Security Management Article 9 If the information and matters handled by classified computer information systems have not been classified according to legal procedures, their classification and confidentiality period shall be determined in accordance with relevant state regulations. Article 10 Once the classification and duration of state secret information and matters involved in classified computer information systems are determined, the following security measures shall be taken: (1) Mark the corresponding classification marks, which cannot be separated from the text.

(two) computer media should indicate the highest security level of stored information. (three) should be managed according to the corresponding confidential documents.

Eleventh top secret state secret information shall not enter the classified computer information system without the approval of the State Secrecy Bureau of the autonomous region. Article 12 For all kinds of programs involving state secret information in classified computer information systems, program security measures shall be set in the links of database building, retrieval, modification and printing, and the security measures shall be managed according to the highest security level of the secret information handled.

Thirteenth classified computer information system shall not handle business unrelated to the business of the system; If it is necessary to undertake other business due to special circumstances, it shall be reported to the local secrecy department at the same level for approval by the secrecy department of the competent department. Article 14 Computer media storing state secret information shall comply with the following matters: (1) The use of computer media shall not be reduced; (two) when it is no longer used to apply for scrapping, it shall report to the security department at the same level for registration, and destroy it according to the requirements of the security department after approval; (three) when maintenance is needed, it should ensure that the stored state secret information is not leaked.

Fifteenth computer software classified computer information system, shall not be open to academic exchanges, shall not be published. Sixteenth confidential computer information system in the process of work, all kinds of waste paper should be destroyed in a timely manner with a pulverizer.

Article 17 The documents marked with the classification mark printed by the classified computer information system shall be managed according to the documents with corresponding classification. Chapter IV Network Security Management Article 18 Technical measures such as system access control, data protection, system security monitoring and management shall be adopted for networking classified computer information systems.

Nineteenth access to classified computer network information systems should be controlled in accordance with the authority, and shall not be operated without authorization. Databases that have not taken technical security and confidentiality measures shall not be networked.

Article 20 Confidential computer information systems shall not be directly or indirectly networked with overseas institutions, foreign institutions in China and international computer networks. Twenty-first computer information systems that have been networked with international computer networks should establish a strict security management system; The security work organization of the networking unit shall designate a special person to conduct security inspection on the online information.

State secret information shall not be stored, processed or transmitted in computer information systems connected to the international network. Chapter V System Security Management Article 22 The security management of classified computer information systems shall be under the leadership responsibility system, and the competent leader of the system user unit shall be responsible for the security work of the classified computer information system of his own unit, and designate relevant institutions and personnel to undertake it specifically.

Article 23 The security organization of a unit shall assist the leaders of the unit to guide, coordinate, supervise and inspect the security work of classified computer information systems. Article 24 Users of classified computer information systems shall formulate corresponding management systems according to the classification and importance of the information handled by the system.

Article 25 The secrecy department at or above the county level shall, in accordance with the relevant laws and standards of the state, regularly conduct security measures and security technical inspections on the classified computer information systems under its jurisdiction.

2. Security technology to prevent common sense content

Common sense of security technology prevention:

1. Do not connect confidential computers and networks to the Internet or other public information networks.

2. Mobile storage media such as USB flash drives shall not be crossed between classified computers and non-classified computers.

3. Data on the Internet and other public information networks shall not be copied to classified computers and networks without protective measures.

4. Don't set the password of confidential computer in violation of regulations.

5. Without authorization, you may not install software or copy other people's files on confidential computers.

6. Wireless peripherals shall not be used for confidential computers.

7. Confidential computers and mobile storage media shall not be sent through ordinary mail channels or illegally handed over to others for use and storage.

8. Do not take confidential laptops and removable storage media out without authorization.

9. Do not leave computers, mobile storage media, fax machines, photocopiers and other office automation equipment for handling classified information to external personnel for maintenance.

10. Office automation equipment such as confidential computers shall not be sold, given away or discarded without professional sales.

1 1. Don't connect the all-in-one machine that handles confidential information with ordinary telephone lines.

12. Video and audio input devices shall not be equipped and installed on computers connected to the Internet in classified places.

13. Don't bring your mobile phone into important confidential places.

14. Do not store or process confidential information on computers connected to the Internet and other public information networks.

15. Don't store or process confidential information on the unclassified office network.

16. Confidential information shall not be published on the * * * portal.

17. Do not use computers with wireless interconnection function to process confidential information.

18. Personal computers and mobile storage media shall not be used to store or process confidential information.

19, office automation equipment that has not been tested by security technology shall not be used in key departments and parts that are classified.

20. Don't use ordinary fax machines, telephones and mobile phones to transmit or talk about confidential information.

3. Computer security and confidentiality

The purpose of computer network system security protection is to protect sensitive information, secret information and important data, as well as computer/network resources.

System security needs to achieve three goals:

● Confidentiality: Information and resources cannot be disclosed to unauthorized users or processes.

● Integrity: ensure that information and resources are not modified or utilized by unauthorized users or processes.

● Availability: Ensure that information and resources are used when needed by authorized users or processes.

The task can be said as follows: ensure that information and resources can not be leaked to unauthorized users or processes, and at the same time ensure that information and resources can not be modified or utilized by unauthorized users or processes, and ensure that information and resources can be used when needed by authorized users or processes.

This explanation is still a bit far-fetched, as if

4. How to do a good job in network security and confidentiality?

(1) Strengthen organizational leadership and enhance confidentiality awareness. First, strengthen leadership and enrich the team of confidential talents. Leaders at all levels should always adhere to the concept of "no small matter in confidential work", set an example and take the lead in setting an example, and strengthen team building. It is necessary to regularly carry out professional technical training in informatization, improve the professional quality and level of security personnel, and cultivate a full-time security work team with reasonable structure, exquisite technology and multi-skills. The second is to improve the system and implement the post responsibilities of personnel. For the use and maintenance of computers, storage media, files and computers classified in public security networks, it is necessary to implement the management of assigning personnel and responsibilities, adhere to the principles of "who is in charge and who is responsible" and "who uses and who is responsible", clarify the confidentiality responsibilities at all levels, and sign confidentiality responsibility letters step by step to create a strong atmosphere of "everyone talks about confidentiality and everyone is responsible". The third is publicity and education to raise the awareness of confidentiality. By organizing the study of confidentiality laws and regulations and computer security knowledge, we will further enhance the awareness of security personnel and reduce misunderstandings and blind spots.

(2) Focus on key points and pay special attention to safety management. First, actively prevent and manage key parts. It is necessary to start with improving the internal confidentiality prevention ability, determine the degree of confidentiality and specific confidentiality measures according to the principles of active prevention and highlighting key points, and according to the work characteristics and scope of various units and departments, and do a good job in risk assessment. The second is to put people first and strengthen the management of secret-related personnel. File management shall be carried out for confidential and communication staff engaged in confidential work, and regular political examination shall be conducted to prevent people with impure thoughts, unstable positions or defective personalities from mastering secret information, and to build a solid defense line for confidential work ideologically and from the source. Third, strict standards and unified management of key projects. Strict management of all kinds of mobile storage media, computers and other equipment, unified numbering, and carefully check the relevant information for registration and filing, the implementation of various equipment use management regulations. Without approval, it is forbidden to take the mobile media storing confidential information out of the office or use the working media on the Internet computer. At the same time, focus on the use and management of mobile Internet terminal devices such as smart phones, and timely introduce new measures to prevent leaks. Fourth, audit at the same level and manage sensitive information well. To contribute business work or related events to the news media, internal examination and approval should be carried out in advance to prevent classified content from accessing the Internet.

(3) Pay attention to the construction of work style and improve the long-term mechanism of confidentiality. First, increase investment and improve infrastructure construction. Increase investment in "hardware", insist on spending money on the basis of confidentiality, ensure that equipment is in place, invest necessary manpower, material resources and financial resources in infrastructure construction, equip key places such as confidential rooms, confidential rooms and archives rooms with high quality and high sensitivity confidential cabinets and alarm systems, and purchase special security tools and protection software. For classified computers with problems, it is necessary to hire a special person to check and maintain them in time, so that a special person is responsible, always keep the equipment running normally and efficiently, and resolutely put an end to leaks caused by inadequate infrastructure. The second is to focus on the grassroots and strengthen guidance and assistance. In view of the fact that some grass-roots staff lack the knowledge of network security and confidentiality, a special help group can be set up to assign special personnel to conduct one-on-one training for grass-roots security officers, with strengthening security and confidentiality education and improving computer network knowledge and defense technology as important contents. In accordance with the unified requirements, guide the grass-roots units to use special planes and manage them by special personnel, and make clear provisions on what information can be accessed online and what information cannot be accessed online. The third is to strictly reward and punish and build a safety warning line. Many hidden dangers and accidents are largely caused by the lack of confidentiality supervision and punishment mechanism. All units should establish a performance appraisal system for confidential work linked with quantitative assessment of personnel and promotion of ranks, give moral and material rewards to units and individuals who have done a good job in confidential work, and give sanctions to those who violate confidentiality disciplines and rules and regulations. Especially for those who are compromised due to illegal operations, we must resolutely punish them until they are investigated for criminal responsibility, and build a "warning line" for confidentiality work. Fourth, strengthen supervision and put the problems in place. All units should strengthen the supervision and inspection of security work, highlight the irregular inspection of daily management and special inspection of major holidays or important tasks, so as to ensure regular inspection of security order, regular inspection of key parts, timely inspection in sensitive seasons, and follow-up inspection of major hidden dangers, so as to block and eliminate hidden dangers in time. In view of the hidden dangers and signs found, it is necessary to organize relevant personnel to seriously find the root causes, delve into the reasons, ask about the responsibilities, and enhance the sense of urgency and responsibility in safety work.