Computer Safety Self-inspection Report Part I
* * * * (hereinafter referred to as * * *) has carried out relevant secrecy work in accordance with relevant national secrecy laws and regulations and relevant secrecy requirements of higher authorities such as * * *, * * and * *, and now the situation is reported as follows: 1. Basic information.
At present, there are 29 desktop computers for daily office work in the center, including 4 confidential computers (none of which are networked), 8 networked computers 18, and 7 unconnected computers. 14 laptop.
According to the management requirements, the network room and comprehensive room of the station are responsible for the security management of computers and networks, formulate relevant rules and regulations such as confidentiality regulations and Internet access management regulations, conduct regular or irregular security inspections, implement physical isolation measures for classified computers, and manage and use desktop computers in different departments; Laptop computers are classified and managed according to the purpose of use, managed and maintained by the network room of the station, and the use and return registration system is implemented.
In order to strengthen confidentiality and information security, the center also purchased hardware firewall and network security protection software at the end of 20xx, which basically solved the problems of network attacks and virus and Trojan horse transmission in the local area network.
Second, the existing problems
Although the center has continuously improved the management requirements from the system and strengthened the investment in hardware equipment, there is still a big gap from the full realization of information security monitoring and protection.
(a) Insufficient computer and network equipment
According to the nature of work and the number of staff in the center, there is a serious shortage of computers in the center at present. In case of centralized overtime, inter-departmental adjustment is needed. A large number of public computers have caused difficulties in management, and there are great problems in information confidentiality, security, anti-virus and Trojan horse. Trojan horses and viruses spread through mobile media such as USB flash drives from time to time. Although network protection software can find and deal with it in time, it lacks security control equipment for anti-scanning detection, so potential threats are difficult to find and hidden dangers still exist.
(2) The management level and personnel quality need to be improved.
Because there are many computer users, computers are not used by special personnel, which often causes system damage or poor operation, and brings many problems to managers. However, there are no specialized computer professionals in the center, which are part-time, with limited professional and technical level, and the management level and personnel quality need to be improved urgently.
(C) a serious shortage of funds
According to management requirements, most central computers should be separated from internal and external networks. However, due to insufficient funds, the annual budget can only basically meet the needs of computer updating, let alone supplement and meet the needs of work. On the network side, firewall and network protection software are faced with the problem that they need to invest money to update their versions and virus databases every year.
(d) Lack of security software and equipment.
When the computer hard disk is damaged and needs to be replaced, there is no special degaussing equipment to deal with the hard disk. In addition, according to the management requirements, some reports need to be transmitted remotely, but there is a lack of unified special encryption software, and there are security risks in sending them through the public network.
Third, the next work plan
According to the above problems, I * * plan to increase the budget for computer and network security in my future work, and at the same time arrange relevant personnel training and purchase relevant equipment and software, hoping to get strong support from the Bureau of * * and * *.
Computer Security Self-inspection Report Part II
According to the spirit of the relevant documents of the superior, the company leaders attached great importance to it, deployed according to the requirements of the documents, actively organized personnel, convened relevant personnel in time, implemented them one by one, and made careful arrangements. In view of the implementation measures emphasized at the meeting, they made a careful and detailed self-examination of the computers equipped by the company's organs and subordinate secondary institutions. The self-inspection is now reported as follows: 1. The development of secrecy work.
According to the requirements of the document, self-check by function, sum up while self-checking: Since the establishment of the computer information system in our company in 20xx, we have attached great importance to the construction of computer management institutions. Based on the guiding ideology of "controlling the source, strengthening inspection, clarifying responsibilities and implementing the system", the information center, local area network station and system network administrator are established to manage the legality, accuracy and confidentiality of uploaded information and data. In order to ensure the safe and normal operation of the management information system of XXX company in XXX county, ensure the information security of enterprises and protect the technological achievements of enterprises, the security and confidentiality system of the management information system of XXX bureau in XXX county is formulated.
Second, the results achieved
Disconnect the direct physical connection between the information system and the Internet, and completely isolate the office intranet from the Internet. If it is really necessary to access the Internet, a public access area should be set up in the office of the company's information center, and security measures should be taken to access the Internet only through the external network to solve the problem of employees accessing information online.
(A) to strengthen the management of computers and peripherals inside and outside the network:
Office equipment is strictly forbidden to "use one machine for two purposes". The information intranet shall not be connected with the external network in any form, and access measures such as registration and filing, IP/MAC address binding shall be strictly implemented for computers accessing the intranet. Strengthen the security management of intranet and intranet computers, and put forward strict requirements in password setting and virus prevention. For intelligent peripherals with hard disk and memory, the risk of information leakage or Trojan virus implantation should be reduced by setting the storage function to cancel or shorten the storage time. Strengthen the maintenance and scrap management of computers and peripheral equipment.
(B) to strengthen the remote mobile office and remote maintenance management:
It is forbidden for mobile office equipment such as notebook computers and smart phones to remotely access our company's information intranet through VPN. Disconnect the remote maintenance function of all servers in the information system and open the ports. If the system needs to be debugged, the remote maintenance personnel must sign a confidentiality agreement with the information system development and debugging personnel accessing the intranet, otherwise the remote maintenance cannot be carried out.
(c) Strengthening network monitoring and access control:
Check the running logs and statistical analysis reports of the network system regularly to check the abnormal state of the network. The network access and access strategy of all units and companies affiliated to the company should avoid transparent connection and adopt comprehensive strategy for access. Disconnect the Internet download path of the intranet anti-virus database, manually download and copy it to the system database, and pay attention to killing storage media during operation.
(4) Safe use of removable storage media:
Follow "unified procurement, unified identification, unified filing and tracking management". Mobile media should be killed for the time being, and office and private use should not be mixed.
(five) the implementation of foreign service business system transformation:
The marketing system is set up in the business charge hall, and the electricity fee is inquired through the local area network. If the use of electricity fee is suspended through the Internet and online payment, the announcement and information release should be made well. The finance department adopts the high beam financial system, which is an independent financial network and is not connected with any external network, including LAN.
(six) to strengthen the internal and external network mail management:
Internal and external e-mail systems should be completely isolated, and the e-mail system shared with municipal companies and their subordinate units should not be built separately. The administrative department should do a good job in the security of every external mail, and the external mail can only be used after virus inspection.
(7) Strictly control external websites:
Our company has no external website, so it is impossible to run any scripts and plug-ins on the server side. Disconnect all peripheral ports connected to the external network from the server to ensure the safe and stable operation of the system.
(eight) to strengthen the computer room on duty and safety management:
The computer room should be manned 7*24 hours to ensure the normal operation of the monitoring system and smooth communication. Strengthen equipment password management, set strong password mode and change it regularly. Upgrade antivirus software and patches in time, and adopt manual updating method. Make an emergency plan and exercise regularly.
(nine) to strengthen computer security management:
Confidential information is not online, and online information is not confidential. First, the information center personnel are required to strictly abide by the confidentiality system, and it is forbidden to talk with irrelevant personnel about all kinds of online information that manages the technical development content of information systems; Information center staff are strictly forbidden to change online information without permission, and it is strictly forbidden to inquire about all kinds of confidential documents online without permission; The work "authority" of Internet users shall be authorized by the staff of the Information Center in accordance with the provisions of the Bureau. Without approval, Internet users' job numbers or passwords shall not be informed to others, and it is strictly forbidden to change the work "authority" of Internet users without authorization. The waste paper used by the information center staff must be crushed to avoid leakage. Without the approval of the leader, it is strictly forbidden to take out or lend, copy or copy the relevant materials and floppy disks to others. If the work needs it, you must go through the corresponding procedures through the software.
According to the relevant provisions of the superior documents, it is strictly forbidden for all departments to surf the Internet. Computers that need to access the Internet due to work needs must run on their own, and may not access the LAN at the same time. Personnel who need to enter the information center must abide by the regulations, and shall not operate the equipment casually to inquire and obtain relevant information of the information center. The reception work of foreign units coming to our company to understand the computer management information system is handled by the information center. It is strictly forbidden for all departments and LAN networking workstations to demonstrate the system, copy system files or provide technical documents; Personnel from other units must register with valid certificates or letters of introduction when entering the computer room of the information center, and obtain the consent of the competent director. Without permission, other irrelevant personnel are not allowed to enter the computer room of the information center. It is strictly forbidden for the relevant personnel of each department to copy the relevant procedures and technical documents of the company's MIS system to other units or individuals. Those who violate this regulation will be dealt with severely according to the relevant regulations. The information center regularly organizes full-time and part-time information workers to study the confidentiality system and check the implementation of the system; Any unit or individual that violates the regulations will be dealt with severely in accordance with the confidentiality provisions of the company's information system. Effectively guard against the secrecy of computer information systems, and eliminate unsafe signs in the bud.
Three, strengthen safety education, regular inspection and supervision.
In every step of our company's website construction, information security education is the top priority. Make all employees realize that computer security protection is an organic part of the company's central work. Under the new situation, computer security will also become an important part of our county's "security XXX" and "security power". In order to further improve computer security awareness, we often organize personnel to check the computer security protection of relevant departments. Do not use unknown software, floppy disk, CD, U disk and other media, do not visit illegal websites, and consciously strictly control and block the source of the virus. At the same time, when the computer equipment is sent for repair, there will be designated personnel to follow. When the computer is scrapped, the hard disk and other storage media should be removed or destroyed in time.
Fourth, the information security system is improving day by day.
In website management, we have established the idea of managing people by system, and formulated the document "Duty System of Computer Room of Information Center of XXX Bureau of XXX County, Duty Personnel's Job Responsibilities, and Management System of End-user Workstation", which requires the uploaded content provided by each department and office to be submitted to the backstage of the website after being audited by the heads of each department and office and the information center, and then released after being audited by the website administrator. The main contents are issued by the company's main leaders and released as the internal control system of our company's computer network to ensure the confidentiality of website information.
According to the notification requirements of the superior documents, the safety work of the information department of our company has been self-examined, mainly in the above aspects, but there are still some aspects that need to be improved urgently.
First, in the future, it is necessary to further strengthen the working contact with the county security bureau and the municipal company, find the gap and make up for the shortcomings in the work.
Second, it is necessary to further strengthen the computer information system security awareness education and prevention skills training of all employees in our company, formulate information system security emergency plans, fully understand the seriousness of computer information security cases, and truly integrate computer security protection knowledge into the improvement of employees' professional quality.
Computer safety self-inspection report Part III
In order to implement the spirit of the Notice of the State Cryptography Administration, the Provisions on the Management of Classified Computer Networks of Nanjing Party and Government Organs (No.32 [2007] of Ning Wei Ban Fa) and the Notice on Further Strengthening the Management of Classified Networks (No.36 [201/KLOC-0] of JiNing), and further strengthen the prevention of network theft and leakage, our bureau strictly follows.
In order to strictly observe the confidentiality discipline, plug loopholes, eliminate hidden dangers, and strengthen the secrecy work of organs, our bureau has set up a leading group for secrecy work, with the office as the main responsibility office, the director as the team leader, the director of the office as the deputy team leader, and the secrecy personnel as members. In charge of the leadership is responsible for grasping, handling personnel specific. Strictly implement the leadership responsibility system for confidential work, define responsibilities according to their respective division of labor, combine confidential work with practical work, and arrange confidential work synchronously during research, deployment, inspection and summary. Fill in the registration form of confidential network security management in time.
Second, strengthen the management of secret-related personnel.
Clarify the person in charge of the security management of the security computer and the security computer information system of our bureau, and arrange security personnel with high political quality and strong sense of responsibility. Be able to earnestly perform confidentiality duties, strictly abide by confidentiality regulations, sign confidentiality responsibility letters with all secret-related personnel on a regular basis, perform confidentiality duties and obligations, and abide by confidentiality discipline and relevant regulations. The change of the personnel involved in the classified network can be reviewed according to the regulations, and the examination and approval procedures can be performed in time, and the confidentiality period can be managed according to the situation. The confidentiality period is generally 6 months to 3 years. For the transfer or retirement of confidential personnel, it is necessary to promptly clean up confidential documents undertaken and kept by individuals, and only after verification by the confidential room can the work transfer or retirement procedures be handled. In order to strengthen the security management of computers and their networks, prevent the occurrence of computer and its network leaks, and ensure the security of state secret information, we should strengthen the computer security awareness of computer network managers, leading cadres and secret-related personnel who operate computers. Our bureau adopts various ways and channels to publicize and educate computer security-related personnel.
First, we should conscientiously study the State Secrets Law, the State Security Law of People's Republic of China (PRC) and the Measures for the Implementation of the Law on Guarding State Secrets of People's Republic of China (PRC), and require them to be implemented in light of the actual situation.
The second is to conduct warning education. Through the internet information leakage incidents in recent years, all government departments are required to learn lessons, further attach importance to and strengthen the safety management of online information, and ensure the safety of computers and their networks.
Third, standardize the operation of cryptographic equipment.
Our bureau has 1 classified network, that is, e-government intranet. The confidential computer is stored in the safe in the confidential room, and the confidential personnel of this bureau will keep the password equipment, so the responsibility will be borne by the people. The implementation of personnel, posts, responsibilities and post responsibility system, to prevent the occurrence of computer network leaks and other liability accidents. Check the use and management of password equipment regularly or irregularly, find hidden dangers, plug loopholes, prevent risks, and ensure the absolute safety and normal operation of password equipment.
Fourth, ensure the security of the classified environment.
For computer network management, it is strictly forbidden to make, store, transmit and use confidential documents, information and internal information in computers on the Internet. Last year, our bureau conducted a comprehensive inventory of the classified environment: there was no computer leak incident throughout the year; The confidential computer is not infected with Trojan virus, and wireless devices such as wireless network cards are not installed; Do not use non-confidential mobile storage media; No record of illegal access to public information networks such as the Internet; The security situation is good. In order to standardize the safety management of computers and their networks, our bureau has mainly taken the following measures:
First, the computer implements the relevant provisions and requirements of the documents of the superior security department, and constantly enhances its ability to do a good job in computer security management according to law;
The second is to formulate various confidential and non-confidential computer and network management systems in this bureau; The third is to strictly regulate the flow of classified information and strictly implement the principle of "classified information does not go online, and online information is not classified".
Fifth, improve the ledger of confidential documents.
Our bureau has established a complete account for the registration of classified vectors, which is registered and managed by the office security personnel. Through the ledger, the functions of secret-related personnel in sending and receiving documents, registering, transmitting, filing and destroying documents are clarified, so that the secrecy work can be truly rule-based, well-documented, institutionalized, standardized and scientific. Under the leadership of the confidential bureau of the municipal party Committee, the confidentiality work of our bureau has gradually become standardized and institutionalized, and there has never been a secret-related accident. Through careful self-examination, this year's confidential work organization of our bureau can achieve the organization and leadership in place, personnel management in place, and confidential operation norms. In the future work, our bureau will further strengthen the importance of confidentiality work, strengthen the management of confidential content, strive for new achievements in confidentiality work, actively explore and study new situations and new problems in confidentiality work in the new period, and ensure the smooth development of confidentiality work in urban management system.