Mingde College of Guizhou University Network Information Security Emergency Response Plan (Trial)
To scientifically respond to network and information security (hereinafter referred to as information security) emergencies,Establish a sound information security emergency response mechanism,Effectively prevent, timely control and minimize the harm and impact of various information security emergencies in our school,Ensure physical, operational and data security of important computer information systems,This plan is formulated。
This plan is applicable to emergency events that may affect college security and normal public order in the operation of campus network and network information of our college。
1. Working principles and requirements
(1) Working principles
1.Prevention first, strengthen monitoring。Publicize and popularize information security knowledge,Implement the idea of putting prevention first,Establish an attitude of constant readiness,Prepare the ideas, plans, mechanisms and work of information security emergencies,From the law, management, technology, talent and other aspects,Take various measures,Improve public awareness of prevention and comprehensive information security guarantee level of basic networks and important information systems。Strengthen the daily monitoring of information security hazards, discover and prevent major information security emergencies, take effective and controllable measures in a timely manner, quickly control the scope of the incident, and strive to minimize losses。
2.People-oriented, coordinated combat。Taking the protection of public interests and the legitimate rights and interests of teachers and students as the primary task, the leading group for Network information Security emergency work of the College shall provide unified leadership and coordination, urge relevant departments to cooperate and implement the work in detail, improve the emergency work system and mechanism, and avoid the loss of the College, teachers and students to the greatest extent。
3.Clarify responsibilities and combine them。In accordance with the principles of "who is responsible for who is in charge, who is responsible for who is operating" and "combining strips and pieces and focusing on strips", the security responsibility system and linkage working mechanism are established and improved。According to the functions of the departments, each performs its own duties, strengthens the coordination and cooperation between the departments and departments of the college, and jointly performs the management responsibilities of emergency response work。
4.Strengthen reserves and make unremitting efforts。Strengthen technical reserves, standardize emergency handling measures and operation processes, regularly conduct plan drills to ensure that emergency plans are effective, and realize scientific, procedural and standardized emergency handling of public information security emergencies。
(2) Job requirements
Control the situation, limit it to the shortest time and the smallest scope, reduce the impact and loss to the lowest extent, and restore the normal teaching, scientific research and life order of the college as soon as possible。Implement the work responsibility and accountability system。Where in the process of implementing this plan, due to work delay, dereliction of duty or disobedience to command, not timely handling, resulting in small things to drag big, big things to drag difficult, difficult to drag chaos, have serious consequences, to investigate the relevant personnel responsible。Specific requirements are as follows:
1.Clarify responsibilities for network information security。Strengthen and improve the security management of the campus network, adopt a management system of unified management and various units (departments) responsible for different levels, implement the person in charge of each unit (department) and the person directly responsible, and sign the security responsibility letter。All units (departments) shall establish and improve internal security guarantee systems,In accordance with the principle of "who is in charge, who is responsible" and "who hosts, who is responsible",Implement the responsibility system,Clarify responsible persons and responsibilities,Refine work measures and processes,Establish and improve the management system and implementation measures,Strengthen the review and filing of information,Ensure network and information security。The person in charge of each unit (department) is the first person responsible for the management of campus network information security。
2.Information review will be strengthened。All classified computers are not allowed to access the Internet and must be physically isolated。Computers connected to the Internet shall not store documents involving state secrets or internal secrets of the Institute。All types of servers at all levels to provide information services, must be registered in advance, approval, the establishment of use norms, the implementation of responsible persons, and have the appropriate security measures(For example, log retention, security authentication, real-time monitoring, anti-hacker, and anti-virus)Strengthen log analysis of network devices, collect information in a timely manner, and troubleshoot unstable factors。加强BBSSpecial management of interactive columns such as message boards,The content release of interactive columns shall implement an audit system,It shall not be published without review,Implement a block responsibility system,The moderator is responsible for the information security of this block,Prevent information from being published without review,If information is released without review,The information Posting function should be turned off immediately,Until the cause is found and ruled out。Interactive columns should be availableIPAddress, identity registration and identification and confirmation functions, no legal procedures and do not meet the conditions of electronic announcement services should be immediately closed。For illegal websites to do: find one, ban one,And timely report to the competent leadership to prevent its spread。Establish an effective network anti-virus working mechanism, do a good job of online upgrade of anti-virus software, and ensure that the virus library is updated in time。
3.Implement the campus network24Hourly monitoring, remote control if necessary。The network administrator should check the status of the hardware equipment of the campus network frequently。Real-time monitoring of users' Internet access, if any abnormal behavior is found, the user's network connection should be immediately closed, recorded in time, and issued warnings and criticism and education, if serious violations are found, the relevant departments should be reported immediately。The relevant responsible person of all servers should check every day, carefully make inspection records, understand the working status of the server, timely handle abnormal phenomena and accidents and make records。
4.Strengthen rapid response to emergencies。Network management office, as the management department of campus network, should have strict network information supervision。The network administrator is specifically responsible for the corresponding network security and information security work, and does not allow any network information that violates the national network management regulations. The network information security incident should be:
(1Timely report to relevant departments and leaders after discovery。
(2Protect the site and immediately isolate it from the network to prevent the impact from spreading。
(3Timely forensics, analysis, find the cause。
(4Eliminate harmful information, prevent further spread, and minimize the impact of the incident。
(5In the process of disposing of harmful information, no unit or individual shall retain, store, distribute or disseminate the harmful information found。
(6) To investigate the relevant responsibilities。According to the actual situation of the oral warning, written warning, stop their use of the network, serious circumstances and consequences of the great impact, submitted to the college security department and the national judicial organs for handling, investigate the unit (department) responsible person and directly responsible person administrative or legal responsibility。
5.Rectify promptly and strengthen prevention。All units (departments) shall actively cooperate with the routine inspection of the network management Office and accept its technical guidance。In view of the security risks and problems existing in the network, the rectification plan is put forward in time and implemented in place, and the information security mechanism is improved to prevent the recurrence of information security incidents。Gradually establish a long-term working mechanism for information security management, realize campus network information security management, and create a good network environment。
6.In the important and sensitive period, we will increase the efforts of cybersecurity education and publicity。Strengthen students' legal awareness and safety awareness education, improve their responsibility awareness and prevention ability;Carry out safe and civilized Internet education and guidance work, purify the campus network environment, collect information in a timely manner, and troubleshoot unstable factors;Persist in24Hourly duty system, open the duty telephone, ensure that the hotline contact with the superior authorities, telecommunications departments and local public security organs, actively do prevention work, find problems in time to deal with, prevention before it happens。
7.Do a good job of fire, waterproof, anti-theft, lightning, rat and other work in the computer room and outdoor network equipment。In case of an accident, immediately organize personnel to save themselves and call the police。
2. The organization and responsibilities of emergency handling
(1) Organizational structure
College set up network information security emergencyEmergency response Leadership Team。The group leader shall be the school leader in charge;The deputy leader shall be the main person in charge of the Party office, the school office, the Publicity Department and the computing center;MemberIt is composed of the general Office of the hospital, the publicity department, the Educational Affairs Department, the Student Affairs Department, the Security Department, the Youth League Committee, the training center and other departments concerned and the main person in charge of the party and government of the incident unit。
Under the unified leadership of the Party committee and the administration of the college, the leading group keeps abreast of the occurrence and development of the situation, summarizes, analyzes and reports the situation at any time, ensures the safety of the college's campus network, and pacifies the situation as soon as possible。
(2) Duties
The publicity department is responsible for the monitoring, management and guidance of public opinion, the work of dissuasion, channeling and legal publicity, and the work of external news liaison。
The Security Department is responsible for investigating and dealing with network violations, and punishing violators according to relevant evidence and the impact or damage degree of the situation。When necessary, we will conduct in-depth on-site understanding and work with relevant personnel。
The computing center is responsible for the hardware and software system management of the campus network and daily network supervision.Do a good job of daily inspection and log preservation of campus network information system security to ensure timely discovery and disposal of unexpected events。
Iii. Emergency classification and disposal methods
(1) Event classification
According to the controllability, severity and scope of influence of public information security emergencies, it is generally divided into four levels: Level I (particularly significant), level II (major), level III (large), level IV (general).。
(1Class I (especially important)。Major network and information system of the whole school large-scale breakdown, the development of the college beyond the control of the college, the college security and normal public order caused particularly serious damage to the emergency。
(2Level II (Major)。Important network and information systems cause paralysis of the whole school, causing serious damage to the security of the college and normal public order, which requires cross-unit coordination to deal with emergencies。
(3Class III (larger)。The breakdown of an important network and information system in a certain area will cause certain damage to the security of the college and normal public order, but it does not require cross-unit coordination to deal with emergencies。
(4Level IV (General)。Important network and information systems are damaged by certain procedures, which has a certain impact on the rights and interests of teachers, students and other organizations of the College, but does not endanger the safety of the college and normal public order emergencies。
(2) Disposal methods
(1If the network exit and core switch are damaged, the relevant personnel shall immediately go to the scene to find out the cause of the accident and repair or start the standby equipment and exit as soon as possible, and notify the relevant situation in a timely manner。
(2If the cable system is damaged, immediately organize personnel to repair it, and decide on the scope of notification depending on the size of the impact。
(3If the campus network server is attacked, immediately stop the server from publishing information, restore normal information and find the attacker。
(4If the network is paralyzed due to a virus or network attack, keep in touch with the relevant departments at the higher level and relevant professional companies in a timely manner, and come up with a repair plan for the specific situation to restore normal operation。
(5If the main information system of the College is damaged, the relevant server shall be immediately removed from the network, and the cause of the damage shall be found, and the recovery measures shall be formulated according to different circumstances。
(6Where harmful information affecting political stability is found, published or disseminated, personnel shall be organized to carry out the practice24Hourly network monitoring,And open the network monitoring telephone,It is found that the electronic bulletin board, message board and other interactive columns within the scope of the college, websites, web pages, and personal home pages have published or disseminated harmful information that may affect political stability,Immediate disposal: Preserve information evidence,Delete or hide related information,Reduce the impact as quickly as possible,And notify the relevant management department or individual to deal with。If the situation is serious, immediately close the above relevant network columns or websites, home pages, and wait for further treatment。
(7On the use of campus networks to spread gossip and leak state secrets,Once found,Save information evidence immediately,Delete or hide related information,Eliminate the effect,And criticize and educate the relevant management departments or individuals,Order correction;In serious condition,In accordance with the provisions of network information management,Until the responsible person is held legally responsible。
(8For those who use the campus network to engage in illegal online gathering or other illegal activities, in line with the principle of "who is in charge, who is responsible", once the above situation occurs, immediately close the corresponding website, notify the main person in charge of the relevant unit, resolutely take mandatory measures, carry out emergency disposal, and resolutely stop。
(9)对利用校园网电子邮件系统和其他途径发送危害国家安全、宣扬法轮功邪教和扰乱社会秩序的各种谣言的,Keep abreast of the situation,And immediately by deleting, hiding, sorting and other means of processing information;By lowering user levels, blocking user accounts, criticizing educational network users, hiding related pages and even dealing with related users according to relevant disciplines,Timely elimination of potentially harmful information。
4. Starting and suspending the plan
(1) The pre-plan was launched
发生Ⅲ级After the above network information security emergencies, this emergency plan will be activated。
(2) Suspension of the pre-plan
After the emergency treatment of network information security emergencies, the situation has been restored or effectively controlled, and the university's network information security emergency response leading group has discussed and decided to end the emergency state, and reported to the relevant leaders and departments。
Attachment: Flow chart of network information security emergency response
