The safety protection measures for microcomputers that are not connected to the internet shall be implemented in accordance with the relevant provisions of the state. Article 4 The security protection of computer information systems shall focus on maintaining the security of the following computer information systems in important fields and key units such as state affairs, economic construction, national defense construction and cutting-edge science and technology:
(1) State organs and national defense units at or above the county level;
(2) Banking, insurance, securities and other financial fields;
(3) the fields of postal services, telecommunications, radio and television;
(4) the fields of energy and transportation;
(five) national and provincial key scientific research units;
(6) key websites;
(seven) other important areas and key units as prescribed by the state. Article 5 The public security organ is the competent department of computer information system security protection, and its main responsibilities are:
(a) to publicize the laws, regulations and rules on the security protection of computer information systems;
(two) to supervise, inspect and guide the security protection of computer information systems;
(three) to organize the training of computer information system security management personnel;
(four) to investigate and deal with illegal and criminal cases that endanger the security of computer information systems;
(five) to provide security guidance for the construction of computer information systems in important fields and key units;
(six) responsible for the prevention and control of computer viruses and other harmful data;
(seven) to supervise and inspect the sales activities of special products for computer information system security;
(eight) other duties that should be performed according to law. State security organs, state secrecy organs and other relevant government departments shall do a good job in the security protection of computer information systems within the prescribed scope of duties. Article 6 The construction and application of computer information systems shall comply with national laws, regulations and other relevant provisions.
New computer information systems in important fields and key units shall be reported by the system construction unit to the public security organ of the people's government at the same level for the record within 30 days after the system is completed. Article 7 Computer information systems shall be protected by security levels. The standards for the classification of safety grades and the specific measures for the protection of safety grades shall be implemented in accordance with the relevant provisions of the state. Article 8 The filing system shall be implemented for the international networking of computer information systems. Citizens, legal persons and other organizations using computer information network for international networking shall fill in the user record form when the access unit goes through the formalities of network access. The access unit shall, within 30 days from the date of formal access to the network, go through the filing formalities with the acceptance unit designated by the provincial public security organ, and report the changes of users of this network regularly. Article 9 Users of computer information systems in important fields and key units shall establish computer information system security management organizations and designate security management personnel.
Security management agencies and security management personnel are responsible for checking the operation and environment of computer information systems, compiling operation logs, eliminating potential safety hazards in time, and formulating emergency plans for possible violations and sabotage.
Security management personnel shall participate in computer information system security knowledge training organized by public security organs. Tenth important areas and key units of computer information system users should establish the following security management system:
(a) the computer room safety management system;
(2) information release audit registration system;
(three) information monitoring, storage, deletion and backup system;
(four) virus detection and network security vulnerability detection system;
(five) the account registration and operation authority management system;
(six) safety education and training system;
(seven) the system of reporting and assisting in the investigation of illegal cases;
(eight) other management systems related to safety protection. Eleventh users of computer information systems in important fields and key units shall implement the following technical measures for security protection:
(a) measures to keep the system network operation log and user usage log for more than 60 days;
(two) safety audit and early warning measures;
(3) Spam cleaning measures;
(4) Measures for identity registration and identification and confirmation;
(five) computer virus prevention and control measures;
(six) restrictions on the transmission of massive information and prevention measures for harmful data;
(seven) other safety technical measures stipulated by the state. Twelfth Internet service business units before opening, must pass the information network security review of the public security organs of the people's governments at or above the county level according to law, and obtain the license issued by the relevant departments according to law.
The business unit of the Internet service business premises shall fulfill the obligation of computer information system security protection according to law, and shall not stop implementing security technical measures without authorization.