1. Strengthen the organization and leadership of government website security work and improve the sense of responsibility.

From the annual performance evaluation of Harbin municipal government website, it can be seen that quite a few department leaders do not take the construction and safety management of government websites as an important task, and there is a problem of emphasizing construction over management. Drawing on the advanced experience of other provinces (cities) in China, first, it is suggested that the municipal government should incorporate the government website into the performance appraisal system of local governments and departments as one of the contents of the comprehensive evaluation of leading bodies and as the basis for the selection and appointment of leading cadres. Second, in accordance with the principle of who is in charge and who is responsible for the operation, strengthen management and clarify responsibilities to ensure that the safety management of government websites is implemented to everyone, layer by layer, so that website management is not lacking and information security is guaranteed.

2. Establish and improve the government website safety management system, and seriously implement it.

First, establish a government website security management system to guide and restrict the website security construction and management. When there are related problems in the website, the staff should report to the relevant person in charge of the website quickly so as to deal with them in time; The second is to establish a daily website inspection system, and designate personnel to check the operation of the website every day to find and properly solve existing problems in time; The third is to establish a specific person-in-charge system, which is responsible for the network management, database service maintenance and information processing of the website; The fourth is to establish a holiday duty system, update information in time, and ensure the uninterrupted operation of the website; Establish a log record filing system, truthfully record the daily work of the website and keep it as a technical management file.

3. Strengthen the training of talents and coordinate the construction of emergency system in Harbin.

First, strengthen the safety management training of government websites. By participating in training in information security, information technology and information management, the overall ability of website staff to build and manage websites will be further improved. The second is to strengthen technical support and guarantee work. Harbin Information Security Evaluation Center was established to provide technical support and technical support services for the websites of party and government organs, enterprises and institutions in Harbin. The third is to establish a special emergency plan for government websites to ensure that accidents on government websites can be handled quickly and timely. The fourth is to establish an information security inspection and supervision mechanism. According to the established technical specifications, standards and systems, information security inspections are carried out on a regular basis, and the relevant responsible persons are punished according to regulations for violations found during inspections. For the safety problems and hidden dangers found in the inspection, it is necessary to clarify the responsible departments and responsible persons and rectify them within a time limit.

4 overall planning of government website group construction, the implementation of intensive management.

Actively promote the intensive construction of government websites under the cloud model. First, according to the overall requirements of e-government construction in Harbin, make overall planning and unify the website operation carrier to avoid dispersion and repeated construction, that is, use the basic environment of Harbin information center platform as the website operation carrier of Harbin municipal government; The technical team of Harbin information center platform undertakes the construction and daily operation technical maintenance of Harbin municipal government website; For units or departments that lack the ability to build and maintain websites, independent websites will no longer be built, and the platform of Harbin Information Center will carry the government information disclosure and other government services that it should provide to the public. The second is to establish a unified standard, improve the mechanism of government information disclosure and government information resource sharing, plan and build a "Harbin, China" portal website group and content management system, further integrate government websites of various departments, establish a unified station group management platform according to the principle of unified planning and step-by-step implementation, and incorporate the websites of various government agencies in Harbin into the station group platform for operation, thus forming a resource sharing and sharing system with the portal website of the municipal government as the core and the websites of government agencies as the group. The third is to strengthen the management of website group construction, strengthen security, establish an emergency mechanism, and provide services such as security technical support, information technology training, and network security risk assessment for Harbin municipal government website construction units based on the existing technology and talent advantages of Harbin information center platform.

5. Increase the construction of safety technology system.

Technical protection is a powerful measure to ensure the information security of websites. In terms of technical protection, we mainly do the following work.

First, we must strengthen the security of the network environment. First of all, it is necessary to install a website firewall (WAF), a website tamper-proof system, a network firewall and an intrusion detection system. On the basis of the traditional network firewall, the website firewall (WAF) improves the website security protection ability from the application layer of the network, and uses the intrusion detection system to identify the illegal invasion, malicious attacks and abnormal data traffic of hackers, further optimizing the configuration of the website firewall (WAF) and the network firewall, and blocking the illegal invasion and malicious attacks of hackers. The website tamper-proof system is the last protective barrier of the website. Once the protection fails, the homepage or content of the website is tampered with. The tamper-proof system can instantly restore the tampered content of the website, so as to avoid political events and influence, and at the same time give the website administrator a short breathing space, modify and improve the website security configuration file in time, and ensure the safe and stable operation of the website.

The second is to strengthen the security management of the website platform. On the basis of the existing central platform, further optimize and improve the network structure, rationally allocate network resources, configure the next generation firewall, virus protection system, network security detection and scanning equipment and network security centralized audit system, and continuously improve the security system construction of Harbin Information Center platform from the aspects of border protection, access control, intrusion detection, behavior audit, anti-virus protection and security protection, so as to ensure that under the basic environment of Harbin Information Center platform, big data platform, large industrial system information-aided decision-making platform and cloud, etc.

The third is to strengthen the security of website code. A secure website should not only have a good network environment, but also have a high-quality application system. At present, network security incidents caused by imprecise website code and poor security are common, which requires website technical developers to develop good code writing habits, try not to use unknown codes and plug-ins, strictly filter sensitive characters when writing programs, and have corresponding code detection mechanisms and means in time when developing systems. Deploy a webpage tamper-proof system. The webpage tamper-proof system has the ability to intercept illegal modifications and recover illegally modified files in real time, which can effectively solve the problem of webpage tampering and realize the protection of website information when other protection measures fail.

The fourth is to strengthen data security. In order to strengthen the security of the database, the genuine database system is adopted, and the database is hidden in a safe area by dividing the network security domain. At the same time, the database is configured safely through the security hardening service, and the access rights of the database are set strictly to ensure the security of the database. Deploy a data disaster recovery system, regularly back up the data of websites and key application systems, and use the computer room environment of the municipal government building to back up these data in different places to ensure the safety of key data and prevent irreparable losses.

With the rapid development of information technology, hackers, Trojans and other means of attack and intrusion are also varied and endless, which poses a great threat to the security management of government websites. Governments at all levels and departments should earnestly enhance the awareness of government website security responsibility, strengthen the leadership of government website security work, further strengthen supervision and management, clarify the division of responsibilities, strengthen security precautions, take safety as their own responsibility, and create a good environment for the safe and stable operation of Harbin municipal government website and important information systems.