Sample self-examination report on network security of government agencies (two articles)

Part 1: Self-inspection report on network security inspection of government agencies

In accordance with the spirit of the "Notice of the Hengyang Municipal People's Government Office on Carrying out Network and Information Security Inspections in Key Areas of the City", on September 10 On the same day, the Municipal Electric Power Administration Office took the lead in organizing a self-examination of the city government’s information system. The self-inspection situation is summarized as follows:

1. The organization and development of network and information security self-inspection work

Starting from September 10th, the Municipal Electric Power Administration Office took the lead to conduct a comprehensive investigation on the current network and information security of each municipal unit. This investigation focused on self-examination by each unit. The Municipal Electric Power Administration Office Conducted by spot checks. The focus of the self-examination includes: network maintenance in the central computer room of the Electric Power Administration Office, password protection upgrades for party and government portal maintenance, thorough investigation of the operation of information systems in municipal units, client computer virus detection in municipal units, and network data traffic monitoring in municipal units and data analysis, etc.

2. Information security work

Through the efforts of the Electricity and Technology Office and various units in the first half of the year, our city has mainly completed the following work in terms of network and information security:

1. All systems connected to the municipal e-government network are implemented in strict compliance with the regulations. Our office operates in accordance with the "Changning Municipal Party and Government Portal Information Release and Review System", "Changning Municipal Network and Information Security Emergency Plan", "China? According to system requirements such as "Changning" Party and Government Portal Online Reading System on Duty" and ""China Changning" Party and Government Portal Emergency Management Plan", regular safety inspections are organized to ensure that all safety and security measures are implemented.

2. Organize information security training. Special training on website penetration attacks and protection, virus principles and protection, etc. was conducted for municipal government departments and information security technicians to improve information security skills.

3. Strengthen inspections of party and government portals. Regularly conduct external web security inspections on sub-websites of each department, issue security risk scanning reports, and assist and urge relevant departments to implement security reinforcement.

4. Ensure information security during important periods. A series of effective measures have been taken, including implementing a 24-hour duty system and daily security reporting, signing information security guarantees with key departments, and strengthening real-time monitoring of Internet export access to ensure the security of information systems during the 18th National Congress.

3. Analysis of the main problems discovered during the self-examination and the threats faced

Through this self-examination, we also discovered some problems that still exist:

1. The rules and regulations of some units are not complete enough and fail to cover all aspects of information system security.

2. The safety awareness of the staff in a few units is not strong enough, and the daily operation and maintenance management lacks initiative and consciousness. The rules and regulations are not strictly implemented and the operations are not standardized.

3. There are computer virus infections, especially the security issues caused by mobile storage devices such as USB flash drives and mobile hard drives that cannot be ignored.

4. Information security funding is insufficient, and risk assessment level protection needs to be strengthened.

5. Information security managers have insufficient information security knowledge and skills and mainly rely on the strength of external security service companies.

IV. Improvement measures and rectification results

On the basis of careful analysis and summary of the self-inspection work of each unit in the previous period, on September 12, our office selected 3 comrades to form an inspection team , conduct random inspections on the security of important information systems of some municipal agencies. The inspection team scanned the portals of 18 units and conducted security checks on 15 important business system servers, 46 clients, 10 switches and 10 firewalls using a combination of automatic and manual methods.

The inspection team conscientiously implemented the concept of "inspection is service" and conducted detailed and thoughtful security inspections of random inspection units in accordance with the requirements of the "Notice of the Office of the Hengyang Municipal People's Government on Carrying out Network and Information Security Inspections in Key Areas of the City" inspection and provided a comprehensive security risk assessment service, which was welcomed and affirmed by the service unit.

The inspection ranged from self-examination verification to management system implementation, from website external security scanning to important business system security testing, from overall network security evaluation to on-site inspection of the physical environment of the computer room. We comprehensively understood the current information security status of each unit and discovered some security issues. Some safety hazards were eliminated in a timely manner, targeted rectification suggestions were put forward, and relevant units were urged to conscientiously implement rectifications according to the reports. Through the information security inspection, all units have further improved their ideological understanding, improved the security management system, strengthened security precautions, implemented rectification of security issues, and the city's security assurance capabilities have been significantly improved.

5. Opinions and suggestions on strengthening information security work

In response to the problems discovered above, our city has actively carried out rectifications. The main measures are:

1. In accordance with the requirements of the "Notice of the Office of the Hengyang Municipal People's Government on Carrying out Network and Information Security Inspections in Key Areas of the City", all units are required to further improve the rules and regulations and implement all systems in place.

2. Continue to increase security education and training for all agency staff, improve information security skills, and proactively and consciously do security work.

3. Strengthen information security inspections, urge all units to implement security systems and security measures, and strictly hold accountable those responsible for security incidents that lead to adverse consequences.

4. Continue to improve information security facilities, closely monitor and supervise e-government networks, and establish comprehensive security protection from the aspects of border protection, access control, intrusion detection, behavioral auditing, anti-virus protection, website protection, etc. system.

5. Intensify the promotion of emergency management work, establish an emergency support technical team based on the city's information security officer team, strengthen inter-department collaboration, improve emergency plans, conduct emergency drills, and ensure security The impact of the incident is minimized.

Part 2: Self-examination report on network security inspection of government agencies

In order to ensure the network and information security of the tax system, further strengthen the management of online news publicity and effectively prevent deliberate attacks and network damage Information systems and the occurrence of emergencies such as dissemination and pasting of illegal information. In accordance with the principle of "whoever is in charge is responsible, whoever runs is responsible, whoever uses is responsible", the work is implemented by people. The state bureau has established an information security inspection working group to be responsible for the security inspection of each department of the state bureau. It mainly adopts a combination of self-inspection of each department and spot inspection of some departments to carry out network security cleanup and inspection work.

1. Current situation and risks

With the development of informatization construction of Yili Prefecture’s local tax system, a collection and management pattern based on computer networks has initially taken shape. The four-level wide-area network of the General Administration - district bureau - prefecture (state, city) bureau - county (city) bureau has been established and is gradually extending to grassroots collection units. The construction process of the local tax system network is also gradually accelerating. At present, the number of wide area network nodes of the Yili Prefecture Local Taxation System has reached more than 700, and there are more than 700 networked computer equipment. While completing the heavy taxation tasks, in order to improve the efficiency of tax collection and administration, better publicize taxation work and serve taxpayers, all county (city) tax authorities have established Internet access websites according to work needs. At the same time, networking and information exchange with other government departments have been partially achieved. In short, the network and information system have become an important part of the entire tax system and an important infrastructure related to the national economy and people's livelihood.

While the construction of tax informatization continues to flourish, the risks of network and information security are gradually revealed. First, with the development of taxation and the requirements of business systems, tax authorities at all levels have gradually realized networking and information exchange with relevant external departments. In addition, in order to facilitate taxpayers to pay taxes, the Xinjiang local tax system has opened Internet declaration, online inquiry and other services. The local tax system network has transformed from a completely closed intranet in the past to a network that is logically isolated from the external network and the Internet. Second, most of the key equipment in networks and information systems, such as hosts, routers, switches, and operating systems, use foreign products, which poses major technical and security risks. Third, the level of computer application operators in the system is uneven. In addition, due to insufficient funds, safety protection equipment and technical means are not satisfactory.

Fourth, hostile forces and profit-driven criminals have been ready to move, posing a huge threat to the country's important fiscal and financial sectors. The above aspects constitute the main risks of tax system network and information security.

2. Established and improved network and information security organizations

In order to ensure that network and information security work is taken seriously and measures can be implemented in a timely manner, the Yili Prefecture Local Taxation Bureau established a network and information security organization Leading Group:

Team leader: Chief Economist Cheng Aimin

Members: Che Yanxia, ??Wang Shoufeng, Wang Hongxing, Liu Zhonghui, Wang Zhong, Ouyang Can, Wang Hua, Chu Tianyu

The leading group has an office, which is specifically responsible for daily work. The director is Che Yanxia, ??the director of the information department, and the deputy director is Wang Shoufeng, deputy director of the office. The members are: Wang Hongxing, Liu Zhonghui, Wang Zhong, and Wang Hua.

3. Established and improved the network and information security responsibility system and rules and regulations

The Network and Information Security Office is responsible for the review and review of information published on internal and external websites in the name of the agency. Monitoring; the Information Department is responsible for the maintenance and technical support of the website and the monitoring and maintenance of other various application information systems; the Planning and Finance Department is responsible for relevant financial support; the Agency Service Center is responsible for the monitoring and maintenance of infrastructure such as electricity, air conditioning, fire protection, and lightning protection. .

The Network and Information Security Office is responsible for coordinating work when an emergency incident occurs, and drafting a report to the leadership group, the public security department or the relevant superior department or notifying the entire system according to the severity of the incident; and is responsible for Monitoring and prevention, emergency response and data and system recovery of various websites, application systems and database systems, as well as security prevention, emergency response and network recovery of network systems and subsequent investigation of security incidents. In order to do a good job in self-examination of network security in the state and local tax system, the Information Office conducted video training on August 10 to train network administrators throughout the system on network security knowledge. And deploy network security self-examination work.

Various security systems have been established and improved, including (1) log management system; (2) security audit system; (3) data protection, security backup, disaster recovery plan; (4) computer room and others Access system for important areas; (5) Use and maintenance system of hardware, software, network, and media; (6) Management system for account, password, and communication confidentiality; (7) Prevention, discovery, reporting, and removal of harmful data and computer viruses management system. (8) Regulations on the use and management of personal computers.

4. Computer network management of Yili Prefecture Local Taxation Bureau

(1) A firewall is installed on the local area network. At the same time, each computer was equipped with Rising anti-virus software uniformly configured by the district bureau. In view of the insufficient number of registration numbers, an additional 300 registration numbers were applied to the district bureau. Now the online version of Rising anti-virus software can be online for 550 computers at the same time. Basically meet the intranet office needs of Yili Prefecture Local Taxation System. The number of desktop audit systems installed on intranet computers across the state has reached 95, and some units have reached 100. Regularly install system patches to enhance the effectiveness in anti-tampering, anti-virus, anti-attack, anti-paralysis, anti-leakage, etc.

(2) Password settings must be strengthened for confidential computers and all computers in the local area network. It is required that the power-on password, document processing password, and collection management software password must be a mixture of letters and numbers of no less than 8 characters. At the same time, there is identity authentication and access control between computers sharing each other.

(3) The computers on the intranet are not illegally connected to the Internet and other information networks; the dedicated computers for online reporting installed in the self-service declaration area of ??the tax service hall of each unit are managed and inspected by the network administrator every day. To prevent the use of online reporting machines for illegal activities.

(4) Professional anti-virus software for mobile storage devices has been installed. Mobile storage devices must be scanned for viruses before they are connected to the computer. For computers in tax service offices, management departments and other units that often receive external data, All are equipped with virus isolators that use USB disks.

(5) Security checks and reinforcements have been carried out on applications, services, ports and links on the server.

(6) Back up the official document processing and file management software database on a daily basis to ensure data security.

Strictly enforce the sending and receiving of files, and require information administrators to perform full system backups on a regular basis, burn discs and store them off-site.

(7) There is no processing, transmission, or forwarding of confidential or sensitive information through e-government extranets, Internet mailboxes, communication tools, etc.

(8) Detailed emergency plans have been formulated, and as the degree of informatization deepens, they will be combined with the actual situation of each bureau and will be continuously improved in the future.

(9) The state bureau’s online information release is managed by a dedicated person in the office, and all information to be released on the internet is reviewed in accordance with regulations.

(1). Network security publicity slogans (2). Network security publicity terms (3). Internet financial security publicity terms (4). 2021 network security knowledge questions and answers (5).2021 55 cybersecurity knowledge promotion slogans in 2021 (6). Contents of cybersecurity knowledge promotion materials in 2021 (7). Employment directions for cyberspace security majors (8). 2021 College Entrance Examination Cybersecurity and Law Enforcement Professional Courses (9). 2021 College Entrance Examination Cyberspace Security Professional Courses (10). Cybersecurity and Law Enforcement Major University Rankings 2021 Latest National Rankings (Attached is the list of institutions)

5. Existing Problems

According to the "Notice" During the self-examination process, we also found some deficiencies. Based on the actual situation, we will make rectifications in the following aspects in the future.

(1) Safety awareness needs to be strengthened. It is necessary to continue to strengthen the safety awareness education of agency cadres and improve their initiative and consciousness in doing safety work.

(2) Equipment maintenance and updates should be timely. It is necessary to increase the timely maintenance and upkeep of lines, systems, etc., and at the same time, in view of the rapid development of information technology, it is necessary to increase the intensity of updating.

(3) The level of safety work needs to be improved. The management and protection of information security is still at a primary level. Improving the modernization level of security work will help us further strengthen the prevention and confidentiality of computer information system security.

(4) Strengthen computer security awareness education and prevention skills training, and fully realize the seriousness of computer leak cases. Integrate computer security protection knowledge into actual work, rather than writing it down on paper; combine civil defense with technical defense, and regard technical measures for computer security protection as an invisible barrier to protect information security.

(5) The working mechanism needs to be improved. Innovating security working mechanisms is an inevitable requirement of the new situation in information work, which is conducive to improving the operational efficiency of agency network information work and further standardizing office order. ;