Accidents are inevitable in our study, work or life. In order to reduce the consequences of accidents, an excellent emergency plan is often prepared in advance. How to write an emergency plan? The following is a model essay on network security management emergency plan that I compiled for you, hoping to help you.
Emergency plan for network security management 1 In order to ensure that all emergency work can be carried out efficiently and orderly when network security problems occur and minimize losses, this plan is formulated according to the relevant regulations on Internet network security and the work requirements of Xuhui District Education Information Center, combined with the actual work of our school's campus network.
I. Composition of emergency agencies
1, leading group and responsibilities
Team leader: Ma Weidong
Deputy Head: Yang Haitao
Members: Wang Chunfeng, Jiang Jinghong, Yu Ying and Fan Xiantao.
Main responsibilities:
(1) Strengthen leadership, improve organization, strengthen work responsibilities, and improve the formulation of various emergency plans and the implementation of various measures.
(2) Make full use of various channels to publicize and educate network security knowledge, organize and guide the popularization of network security knowledge in the whole school, extensively carry out network security and related skills training, and constantly improve the awareness of prevention and basic skills of teachers and students.
(3) Do a good job in material support, actively equip network security facilities and equipment in strict accordance with the requirements of the plan, implement network lines, exchange equipment, network security equipment and other materials, strengthen management, and maintain good working conditions.
(4) Take all necessary measures, organize all forces, comprehensively deal with network security accidents, and minimize adverse effects and losses.
(5) Mobilize all positive factors to fully guarantee and promote the safe and stable operation of the school network.
2, website bad information accident handling action team and responsibilities
Team leader: Jiang Jinghong
Members: Yao and Lu
Main responsibilities:
(1) Once the school website has bad information (or the webpage has been modified by hackers), close the website immediately.
(2) Back up the directory where the bad information appears, the HTTP connection logs within one week before and after the bad information appears, and the network connection logs within one week before and after the bad information appears in the firewall.
(3) Print the bad information page and keep it.
(4) Completely isolate the directory of bad information so that it can no longer be accessed.
(5) Delete the bad information, check all the contents of the whole website to ensure that there is no bad information, reopen the website service and test the website operation.
(6) Modify the directory name, carry out safety inspection on the directory, upgrade the safety level, upgrade the program, eliminate unsafe hidden dangers, close unsafe columns, reopen the network connection of the directory, and conduct tests. After normal, modify the parent link of the directory again.
(7) Check the HTTP log and firewall network connection log comprehensively to determine the source IP address of the bad information. If it comes from a school, immediately escalate the incident to the highest urgency, immediately report to the leader of the leading group, and assist in reporting the case to the public security organ.
(8) During the whole process from the accident to the incident handling, the leader of the leading group must be constantly reported to explain the occurrence, cause and handling process of the accident.
3, the network malicious attack accident handling action team and responsibilities
Team leader: Yu Ying
Members: Chen,,.
Main responsibilities:
(1) When a malicious network attack is found, immediately judge whether the attack comes from inside or outside the school; What are the attacked devices? How big is the scope of influence. And quickly infer the worst result of this attack, and judge whether it is necessary to cut off the network connection between the server of the campus network and the public network urgently to protect important data and information;
(2) If the attack comes from outside the school, immediately find out the IP address from the firewall and filter it. At the same time, a firewall is set to filter such attacks and decide whether to call the police according to the severity of the situation.
(3) If the attack comes from a school, immediately determine the source of the attack and find out which switch, computer, teacher or student the attack comes from. Then immediately rushed to the scene, closed the computer network connection, and immediately analyzed the computer to determine whether the attack was unintentional, intentional or exploited. Temporarily detain the computer.
(4) Restart the network equipment connected to the computer until the network communication is fully restored.
(5) Analyze the computer, remove all viruses, malicious programs, Trojan horses and junk files, test and run the computer for more than 5 hours, and monitor it at the same time. If there is no problem, return to the computer.
(6) During the whole process from the accident to the incident handling, the leader of the leading group should be constantly reported to explain the occurrence, cause and handling process of the accident.
4, the school major activities network security processing group:
Team leader: Fan Xiantao
Members: Sun Xin, Chen
Main responsibilities:
(1) Evaluate the major activities of the school (such as school celebrations, competitions and other activities with special requirements for network security) and determine the required network equipment and environment.
(2) Turn off all other network devices and computer devices connected to the network that may adversely affect the network to ensure the smooth flow of the network.
(3) Provide backup for important network equipment, and replace the equipment as soon as possible in case of problems.
(4) Monitor external network connections, put an end to illegal connections, and immediately ask the higher authorities for help in case of major problems.
(5) The equipment, environment, possible accidents and impacts required for this incident should be reported to the leading group in advance, and any problems arising during the incident should be reported to the leader of the leading group immediately.
5, communication liaison group and responsibilities
Team leader: Wang Chunfeng
Members: Sun Xin, Jie Chen
Main responsibilities: get in touch with school leaders, relevant offices and departments quickly, and guide personnel and facilities into the scene of the incident; Contact relevant departments and individuals and organize the dispatch of personnel; Responsible for liaison and reporting with foreign countries.
Second, urgent action
1, the leading group issues relevant news and alarms according to law, and comprehensively organizes various network security defense and disposal work. All relevant organizations are ready to carry out emergency tasks at any time.
2. Organize relevant personnel to conduct a comprehensive inspection of network hardware and software equipment and computer equipment inside and outside the campus, and block and update the equipment and network environment with potential safety hazards. Strengthen the management of campus network computers and equipment, and strengthen the network security education for school network users (students and teachers).
4. Strengthen the software protection and hardware protection of important network equipment to ensure the normal operation of the software and hardware environment.
5, strengthen all kinds of duty, keep communication smooth, keep abreast of the school situation, and spare no effort to maintain normal teaching, work and life order.
6, according to the plan to carry out the material preparation.
Three. Related actions after network security incidents.
1. The leading group immediately rushed to the command post at the same level after learning of the fire emergency, and the network security accident handling teams quickly assembled and stood by.
2, leading groups at all levels in the superior unified organization and command, quickly organize rescue protection at the same level.
(1) Ensuring the information security of the website is the primary task, and ensuring the connection of the school public network. Send out an emergency alarm quickly, and all relevant members will focus on accident analysis and determine the treatment plan.
(2) Ensure the information security of other access devices in the school: After analysis, all network connections of other access devices can be quickly closed and cut off to prevent security accidents that breed other access devices.
(3) Analyze the network, determine the source of the accident and handle it according to relevant procedures.
(4) After the accident source treatment is completed, gradually restore the network operation and monitor whether the accident source still exists.
(5) In view of this accident, in order to further determine the relevant safety measures, sum up experience and strengthen the prevention from the accident to the whole process, it is necessary to report to the leader of the leading group in time, obey the arrangement and pay attention to confidentiality.
3. Actively do a good job in ideological publicity and education for teachers and students, quickly restore normal order, and fully safeguard the security and stability of the campus network.
4, quickly understand and master the accident situation, timely summary report.
5, quickly find out the cause of the incident afterwards, find out the responsible person, and report to the leading group for handling according to the responsibility.
Fourth, others.
1, in emergency operations, all departments should cooperate closely and obey the command to ensure the smooth implementation of government decrees and all work.
2, each department should according to the plan, combined with the actual situation of the department, carefully formulate the emergency plan of the department, and earnestly implement the organizational measures.
3. This plan shall be formally implemented as of the date of promulgation.
Emergency plan for network security management 2 i. General rules
1. Compilation purpose
In order to ensure the safety of network information in our school, standardize and strengthen the report management of network information security incidents in our school, coordinate organizational forces to deal with them promptly and decisively, and minimize the losses and impacts caused by network information security incidents, this plan is specially formulated.
2. Compilation basis
This plan is compiled according to National Overall Emergency Plan for Public Emergencies, National Emergency Plan for Network and Information Security Incidents, Tianjin Overall Emergency Plan for Emergencies, and tianjin polytechnic university's Implementation Opinions on Strengthening School Network Information Management.
3. Working principle
Unified leadership and clear responsibilities. Under the leadership of the school network information management leading group, according to the principle of "who is in charge, who is responsible, who is in charge, who is responsible", the safety responsibilities of emergency response departments and departments at all levels will be clearly implemented, which will improve the emergency response level of network information security in our school.
Quick response and scientific disposal. In accordance with the rapid response mechanism, timely access to information, tracking and judgment, scientific decision-making, decisive disposal, to minimize the harm and impact caused by network information security incidents.
Give priority to prevention and strengthen monitoring. Widely publicize the basic knowledge of campus network information security, effectively implement the preventive measures of network information security, and strengthen the campus network system public opinion monitoring.
area of application
The school network information security incidents mentioned in this specification refer to incidents caused by sudden network public opinion, equipment failure and natural disasters. On campus, it damages the reputation and image of our school, affects the normal operation of the school's network information system, and causes serious effects such as website attack, business interruption and system paralysis.
Two. Categories and grades of network information security incidents
A Class of Network Information Security Events
According to the different causes and mechanisms, campus network information security incidents are mainly divided into the following three categories:
Internet public opinion event: refers to the interruption or paralysis of our school's network information system due to virus infection, network attack and illegal invasion; Spreading information prohibited by laws and regulations through the internet, maliciously spreading rumors to discredit the school and affect the safety and stability of the school.
Fault events: refer to computer software and hardware failures, safeguard facilities failures, man-made sabotage accidents and other events.
Disaster event: refers to the network information security event caused by natural disasters and other emergencies.
Second, the level of network emergencies
According to the nature, severity, controllability and influence scope of network information security incidents, they are divided into four grades: particularly significant (Grade I), significant (Grade II), significant (Grade III) and general (Grade IV).
1. Particularly serious network information security incident (level I). It refers to a network information security incident that is very diffuse and harmful, causing a large area of paralysis of our school's network or seriously affecting our school's reputation, security and stability, and deriving other major security risks.
Major network information security incidents (Level II). It refers to a network information security incident with strong diffusion and great harm, which causes local paralysis of our school's network or affects our school's reputation and school's security and stability.
3 major network information security incidents (level III). Refers to the basic non-proliferation, less harmful, network information security incidents that occurred in individual departments of our school.
4. General network information security incidents (level IV). Refers to the non-proliferation and less harmful network information security incidents that occurred in individual departments of our school.
Third, the emergency handling organization
After the network information security incident, the school network information management leading group is responsible for overall leadership and coordination of network information security emergency response.
Leader of leading group: in charge of school leaders.
Team members: school office, Party Committee Propaganda Department, Information Center, Student Affairs Office, Youth League Committee and Security Office.
Fourth, emergency response.
1. Advance disposal
After the network information security incident, the incident department must implement pre-treatment at the first time, control the development of the situation and report to the school network information management leading group in time.
1. Control the development of the situation and prevent it from spreading. The incident department took various technical measures to control the development of the situation in time and prevent the spread of the incident to the maximum extent.
2. Quickly judge the nature and degree of harm of the incident. Analyze the cause of the incident as soon as possible, preliminarily judge the impact, harm and possible scope of the incident according to the operation of the network and information system, and put forward countermeasures and suggestions.
3. Report the information in time. The incident department should report the incident information to the school network information management leading group in time according to the requirements of the plan while handling it in advance. Event information generally includes the following elements: the time of the event, the name of the network information system where the accident occurred, the operating unit, the location, the cause, the source of information, the type and nature of the event, the degree of harm and loss, etc.
4. Keep records and evidence of the occurrence, development and disposal of the incident. In the pre-disposal process, the incident unit should try to keep relevant evidence, and record the occurrence, development and disposal process of the incident in detail by means of manual recording, screen capture and file backup, so as to provide objective evidence for the investigation and handling of the incident.
Emergency response and incident handling
1. Start emergency response.
After the network information security incident, the school office, on the basis of pre-disposal, organized and convened the member units of the school network information management leading group to grasp the development of the incident in time according to the basic response procedures, coordinate the responsible comrades of the member units, judge the level, influence scope and development trend of the incident, and start the emergency plan of the network information security incident according to the judgment results.
According to the controllability, severity and influence range of campus network information security incidents, the corresponding level of emergency response is issued. For particularly serious or major network information security incidents, the school network information management leading group shall report to the principal's office meeting, determine the emergency response level and scope, and formulate corresponding emergency response plans. For large or general network information security incidents, the school network information management leading group will organize and convene relevant departments to formulate disposal plans and carry out emergency disposal work.
4. Formulate and implement the disposal plan.
After the launch of this plan, the leading group of network information management of the school studied and formulated the policies, measures and guiding opinions of our school to deal with network information security incidents; To be responsible for guiding the emergency handling of particularly important and significant network information security in our school, and guiding and coordinating all departments to do a good job in emergency handling of large and general network information security incidents.
Among them, the school office organizes and coordinates all departments of the school to guide network public opinion, implement emergency support work, and implement the safety responsibility of network information emergency disposal; Convene all members and relevant departments to formulate plans for handling network information security incidents; Organize the implementation of the decision of the school network information management leading group, release the response level of the plan, and supervise and inspect all departments to implement the rectification of network information security accidents.
The Propaganda Department of the Party Committee is responsible for monitoring, collecting and analyzing network public opinion of network information security incidents and reporting important information in a timely manner; According to the development of online public opinion, formulate online public opinion guidance opinions; According to the development degree of network information security incidents and the research decision of the school network information management leading group, it is responsible for news release, drafting press releases and situation announcements, reporting incident information timely, accurately and objectively, and correctly guiding public opinion.
The information center analyzes and finds out the causes of network information security incidents, and formulates technical guidelines for emergency handling of network information security; According to the technical guidance, jointly formulate the school network information security disposal plan; According to the network public opinion, screen the harmful information of campus network; Seal up dangerous and harmful domain names, IP addresses and emails.
The Student Affairs Office and the Youth League Committee actively guide the dissemination of positive online public opinion information through online public opinion guidance teams and online civilized volunteer teams; Guide college students to spread positive online public opinion information and monitor the spread of harmful online public opinion; Carry out ideological and political education on network security and educate students to establish a correct view of network public opinion.
The security department prohibits the closure of school electronic reading rooms and online classrooms that create and disseminate negative public opinions about the network information security incidents that public opinion monitoring has received; For criminals who seriously affect the reputation, safety and stability of the school, contact the higher authorities to guide the public security organs to help.
The network information security incident generating unit shall, according to the pre-disposal and the research decision of the school network information management leading group, cooperate with the members of the school network information management leading group to implement the network information security incident disposal.
13. Emergency end.
The handling of network information security incidents is basically completed, secondary disasters are basically eliminated, and the emergency handling work is over after the risks are controlled.
Verb (abbreviation for verb) dealing with the aftermath
First, recovery and reconstruction.
Recovery and reconstruction work in accordance with the principle of "who is in charge, who is responsible, who is in charge, who is responsible", the incident unit is responsible for organizing the development of recovery, rectification or reconstruction programs, and reported to the school network information management leading group for review and implementation.
2. Investigation and evaluation
The leading group of school network information management, together with the place where the incident occurred and relevant departments, investigated and evaluated the causes, nature, impact, responsibilities and lessons of campus network information security incidents, and determined the responsible person. The handling process and results of network information security incidents shall be filed with the school network information management leading group.
Supervision and inspection of intransitive verbs
The school network information management leading group is responsible for supervising and inspecting the implementation of this plan. Departments and responsible persons who violate this plan and cause serious adverse consequences will be investigated for their corresponding responsibilities in conjunction with relevant departments.
Seven. supplementary terms
This plan is explained by the school network information management leading group. All departments can refer to this plan, combined with the actual situation of the department, formulate specific implementation measures, and send them to the school network information management leading group for the record.
This plan shall be implemented as of the date of issuance.
Emergency Plan for Network Security Management 3 In order to implement the Network Security Law of the People's Republic of China, the overall arrangement of the Ministry of Education on educational network and information security and the Notice of Henan Provincial Department of Education on Printing and Distributing Information Technology Security Incident Reports and Disposal Procedures (for Trial Implementation), properly handle emergencies that endanger network and information security, curb the impact of emergencies and the spread of harmful information, ensure campus network and information security, and maintain campus and social stability, it is hereby announced.
First, the definition of campus network and information security incidents
1. Definition of information technology security incidents. According to the Guidelines for Classification and Grading of Information Security Incidents (GB/T20986-2007, hereinafter referred to as the Guidelines), the information technology security incidents mentioned in this plan (hereinafter referred to as security incidents) refer to other information security incidents other than harmful program incidents, network attacks, information destruction incidents, equipment and facilities failures, disaster incidents and information content security incidents.
2. Scope of application. This plan is applicable to the reporting and handling of information technology security incidents in our school, and the reporting and handling of information content security incidents are still carried out in accordance with relevant regulations.
3. Classification of security incidents. According to the guidelines, safety accidents are divided into four levels: particularly serious accidents (level I), serious accidents (level II), serious accidents (level III) and general accidents (level IV).
4. Independent decision of security incidents. In the event of a security incident, the level of the security incident should be determined independently according to the guidelines according to the importance of the information system, the loss situation and the impact on work and society.
Second, the organization and job responsibilities
(1) Network Security and Informatization Leading Group
The leading group for network security and informatization is directly responsible for the network and information security of the school, making comprehensive analysis and research on the network and information security of the school, making work plans, providing personnel and material security, guiding and coordinating all units of the school to implement the network and information security work plan, and handling all kinds of emergencies that endanger the campus network and information security.
(two) the leading group consists of two working groups.
1. Network Security Coordination Group
It consists of the heads of the Propaganda Department, the Information Technology Center and relevant departments. Its responsibilities are: when network and information security incidents occur in the campus network, it is responsible for organizing and coordinating relevant departments to clean up harmful information in time, actively searching for illegal information sources together with relevant departments, paying attention to the incident handling trends, reporting the handling situation in time, and completing the incident handling work report.
2. Network Security Technical Group
It is composed of technicians from the information technology center and relevant departments. Its duties are: when a network security incident occurs, it should be found and handled urgently, the scene and records of the incident should be kept, the causes should be found out and the problems should be dealt with as soon as possible, and the normal operation of the network should be resumed as soon as possible.
Third, the emergency treatment process
After the emergency, under the unified leadership of the leading group, all emergency working groups quickly arrived in place and entered the working state, and carried out their work according to the following emergency handling procedures.
(1) After confirming the occurrence of network and information security incidents, report to the school network security and informatization leading group (hereinafter referred to as the leading group) as soon as possible.
(2) After learning about the network and information security incidents, the leading group quickly understands and grasps the incident, determines the nature of the incident according to the situation, and starts the corresponding working mechanism.
(3) Under the unified command of the leading group, the network security disposal team quickly started its work according to the division of responsibilities and working procedures:
1. Network Security Technical Group
(1) Disconnect from the network. If harmful information is found on the school's website, mail and other servers or its data has been tampered with, the network connection of the server should be cut off immediately to prevent the spread of harmful information.
(2) Keep relevant records. Protect the scene of the incident and keep relevant records completely.
(3) Find the root cause and solve the problem. Use various network management tools to analyze the cause of the incident, determine the root cause of the accident, and deal with it according to relevant procedures, so as to completely eliminate the network security problem.
(4) Restore system operation. Take measures to restore the normal operation of the system as soon as possible, and conditionally enable the standby service system. If there are no conditions, the system can only be restored after solving the problem.
(5) Restore network operation. After the network security problem is solved, gradually restore the network operation, and monitor whether the security problem is completely solved until the network runs normally.
(6) Improve the network security protection capability. Summarize the experience of this incident and take corresponding network security measures to improve the network security defense capability.
2. Network Security Coordination Group
(1) Grasp the situation quickly. The personnel of the coordination team should arrive at the scene quickly to understand the details of the matter. The contents of the situation include: time and place, brief course, type and classification of events, scope of influence, degree of harm, preliminary reasons and emergency measures taken.
(2) Emergency report. The coordination group truthfully reports information to the leading group. When the leading group thinks that the situation is serious, it should immediately report orally to the Science and Technology Department of the education department, and report to the local public security organ when it involves man-made subjective sabotage.
(3) Pay attention to the disposal process. Track the incident handling process, pay close attention to the development trend of the incident, and make up the report in time if there is any new major situation. Further grasp the losses caused by the incident, find and analyze the causes of the incident, fix the system loopholes, restore the system services, and minimize the impact of security incidents on normal work.
(4) write a report. Submit it to the Science and Technology Department of the Education Department in the form of a written report within 8 hours after the safety incident is discovered (see Annex 1 for the content and format of submission). The report shall be submitted to the Science and Technology Department of the Provincial Education Department by the person in charge of information technology security, the information technology security management department, the system users and the operation and maintenance unit of the school * * *, which shall be audited by the principal person in charge of the school, signed with the official seal.
(5) Assist in investigation and evidence collection. If there is a safety accident involving man-made subjective damage, we should actively cooperate with the public security department to carry out the investigation. Attach great importance to incident investigation and evidence collection, coordinate relevant departments to provide necessary guarantee conditions, and assist public security departments to carry out incident investigation and evidence collection.
(6) Put forward rectification measures. Further summarize the lessons of the incident, judge the current situation of information security, investigate potential safety hazards, further strengthen the system construction, and enhance the school's network and information security protection capabilities.
(7) Write a rectification report. Afterwards, the rectification report shall be submitted in the form of a written report within 5 working days after the disposal of the safety incident (see Annex 2 for the content and format). Afterwards, the person in charge of information technology security in the school, the information technology security management department, the system user unit and the operation and maintenance unit will write a rectification report, which will be signed and sealed by the main person in charge of the unit and submitted to the Science and Technology Department of the Provincial Education Department.
IV. Reporting and Disposal of General Safety Incidents
When a general safety accident occurs, emergency treatment should be carried out in time under the leadership of the school leading group. Submit a rectification report to the Science and Technology Department of the Provincial Education Department within 5 days after the incident is handled (see Annex 2 for the content and format of the report).
Verb (abbreviation of verb) Report and disposal of rectification safety problems.
The competent department of information technology security shall, under the guidance of the school leading group, timely organize emergency response when receiving information problems from the information security departments such as the Ministry of Education, the Provincial Department of Education, the Provincial Public Security Department, the Provincial Industry and Information Committee and the Provincial Internet Emergency Office, and submit rectification reports to the Science and Technology Department of the Provincial Department of Education and the Provincial Education Information Security Monitoring Center as required. (See Annex 3 for the content and format of submission)
Work requirements of intransitive verbs
In the emergency action of safety accidents, all relevant departments and personnel should obey the command and cooperate closely to ensure the smooth implementation of government decrees and all work.
;