Opinions of the National Informatization Leading Group on Strengthening information security
Yangzhou Nature Network Information Co., LTD. December 28, 2012 Read: 5670
On September 7, 2003, the General Office of the CPC Central Committee and The General Office of the State Council issued a notice to forward the Opinions of the National Informatization Leading Group on Strengthening Information Security and Security Work, and required all localities to conscientiously implement it in light of actual conditions。
The Opinions of the National Informatization Leading Group on Strengthening the work of Information Security are put forward to further improve the ability and level of information security work, safeguard public interests and national security, and promote the healthy development of information construction。Specific suggestions are as follows:
I. General requirements and main principles for strengthening information security
Second, the implementation of information security level protection
Third, strengthen the construction of information protection and network trust system based on cryptography technology
Fourth, build and improve the information security monitoring system
5. Attach importance to information security emergency handling
Sixth, strengthen the research and development of information security technology, promote the development of information security industry
Seventh, strengthen information security legal construction and standardization
8. Accelerate the training of information security personnel and enhance the awareness of information security of the whole people
9. Guarantee information security fund
10. Strengthen the leadership of information security and establish a sound information security management responsibility system. The National and provincial State Secrets Protection Bureaus inspect the confidentiality of computer information systems of some provincial organs
In accordance with the requirements of the Notice of the Office of the Central Security Commission of the Communist Party of China and the National Administration for the Protection of State Secrets on the confidentiality inspection of the use and management of computer information systems,In accordance with the provisions and standards of the National Administration of State Secrets Protection and the Provincial National Administration of State Secrets Protection on the confidentiality management of secret-related computers and Internet computers,Provincial National Bureau of State Secrets Protection on the basis of self-inspection of local and provincial organs,From July to August, the use and management of computer information systems in some provincial organs were randomly checked。At present, the following problems have been found in the confidentiality inspection of some important departments and key parts of provincial organs:
1. At present, the internal LAN of most units in our province has not been approved by the security department。The provincial Bureau has issued several documents, and the confidentiality of the internal office LAN of each unit has not attracted enough attention。
2, according to the provisions of No.17 of the Central Government (2003), the e-government network is divided into classified networks and non-classified networks, namely e-government internal network and e-government external network。Some units do not have a clear division of the network, and all the networks are connected to the INTERNET。
3. The classified computers of some departments can access the Internet through telephone lines at will;Some after self-checking, there are some computers have the history of the Internet;A few departments also have serious problems with computers on the Internet storing classified information。
4, classified computer management is not strict。When we checked, the office door was open, the computer was on, but the people weren't there, and the computer had all kinds of internal information on it。Some units have not yet formulated the corresponding management system for secret-related computers and computers on the Internet。There is a widespread situation that the computer is not fortified, the magnetic medium is not standardized, the management can not keep up, and the supervision and inspection are not implemented。
(5) The construction and use of secret-related computer systems must go through certain capital verification and approval procedures in accordance with relevant state regulations before they can be constructed and put into use。However, there are still a few departments that ignore the relevant national regulations when building secret-related computer systems。In the bidding and bidding, the construction party does not check the qualification of secret-related systems, the security and confidentiality scheme of network systems is not reported for approval, and the completed secret-related networks are often operated without approval。
Both the Internet and the Internet involve state secrets, which are acts of revealing state secrets and must be taken seriously by leaders at all levels。It is hoped that all localities, departments and units will carefully inspect the above problems, and effectively raise the security and confidentiality of the computer to the level of national security and interests, and the safe, healthy and orderly development of e-government。And strengthen the leadership of the confidential organization,Intensify publicity, education, supervision and inspection,Enhance the confidentiality awareness of leaders and cadres at all levels,Implement the confidentiality responsibility system,We will effectively strengthen the use and security management of secret-related computers and computers on the Internet,To give full play to the active role of computers in promoting the process of office automation and informatization,And ensure the security of state secret information。
Some problems of e-government security and secrecy
First, the relationship between e-government and confidentiality departments?
The responsibility of the confidentiality department in the construction and application of e-government is security and confidentiality management。Security and confidentiality management is one of the security and confidentiality elements of e-government security and confidentiality system framework。Security and confidentiality management involves all aspects, but also involves the whole process of e-government construction and application。The e-government security and confidentiality system framework also includes other security and confidentiality elements: security and confidentiality policies, security and confidentiality regulations, security and confidentiality organizations, security and confidentiality standards, security and confidentiality services, security and confidentiality technologies and products, and security and confidentiality infrastructure。Security and confidentiality management is closely related to each element。Management should be clear about the strategy, such as "secret minimization" is a strategy, the purpose is to ensure the focus, the core, to ensure that the protection must be maintained, the release must be released。Management also needs to improve laws and regulations, such as the amendment of the secrecy law should consider e-government and government openness, information disclosure and so on。Laws and regulations should be used to clarify which government affairs and information should be disclosed and which should be kept secret, regulate behaviors, and ensure the healthy development of e-government construction and application。We know that management is achieved through the organization, the construction of e-government should improve the relevant security and confidentiality organization。Management should improve standards and norms, such as the government Intranet should be in accordance with the relevant confidentiality standards of the secret-related network requirements, management should also standardize services, strengthen system security and confidentiality assessment and security and confidentiality training。In addition, the management of security technology and products is reflected in the promotion of technological progress and product testing and certification。Security security management should also be strengthened in the construction of security security infrastructure, such as public key infrastructure PKI and backup and disaster recovery system security security management。
Second, what work should be done by the confidentiality department in e-government?
Generally speaking, the security department should do a good job of security management in the construction and application of e-government。Specifically, it should be reflected in the following aspects:
(1) Correctly define secret-related networks, and do a good job in dividing internal and external government affairs networks。
In the construction of e-government, the common problems encountered by government departments are: it is difficult to grasp the division of internal and external government networks in local areas and departments。That is, whether to build a secret network (government affairs Intranet), how big to build is conducive to both confidentiality and convenient work。In the past, there was a misunderstanding that the division of the network was a matter for the government department, and as long as you classified it as a secret network, the security department would then manage it according to the requirements of the secret network。Such a result often leads to unclear definition of the degree of confidentiality of online business information resources, network division is not reasonable, resulting in congenital deficiencies, increasing the difficulty of security and confidentiality management。In the planning stage of e-government construction, the security department should assist the government department to correctly define the secret-related network, and do a good job in dividing the internal and external government networks。
(2) Focus on the security and confidentiality management in the construction and application of the government Intranet。
The government Intranet is a secret-related network, which must be managed in accordance with the set of requirements for secret-related networks set by the Central Security Commission and the State Administration of State Secrets Protection。The key point of the security and confidentiality management of e-government affairs is to do a good job in the security and confidentiality management of government affairs Intranet。Security and confidentiality management should run through the construction and application of government Intranet。
(1) Urge the government departments to plan and build the security and confidentiality facilities of the government Intranet simultaneously。Reserve and guarantee security and confidentiality of construction funds。
(2) Strengthen the management, supervision and training of classified information system integration qualification units, requiring government departments to select units with classified information system integration qualification to undertake the design and construction of government Intranet。
(3) Actively publicize the confidentiality requirements of secret-related information systems to the government departments, so that the government departments can clearly understand the specific requirements and correctly grasp the standards。
(4) Assist the government departments to do a good job in the design and demonstration of the internal security and confidentiality scheme of government affairs, and reduce the security and confidentiality risks caused by the inherent shortcomings of the scheme。
(5) Strengthen project supervision to ensure the implementation of the security and confidentiality measures proposed in the scheme during the actual construction of the government Intranet。
(6) Do a good job in the system evaluation. The Security and confidentiality Evaluation Center of the National Administration of State Secrets Protection and related agencies will evaluate the government affairs network by on-site testing and expert evaluation, and give the evaluation conclusions as the basis for approval。
(7) Before network operation, check and urge the implementation of security and confidentiality management organizations, personnel and systems of government departments, and implement strict examination and approval。
(8) After the network is approved for operation, strengthen inspection, find problems and plug loopholes in time to eliminate hidden dangers。
(3) Strengthen the confidentiality management of government external networks and government websites
The government extranet has a large scale, many users, and is logically isolated from the Internet, resulting in greater security risks。The confidentiality management of the government affairs external network is mainly reflected in clear requirements, supervision and inspection, to ensure that state secret information is not handled on the government affairs external network, and to ensure that the government affairs external network is physically isolated from the government affairs internal network and other secret-related networks。
Government websites include the websites of the central government and various departments and local governments and departments at all levels, built on the Internet。The information published on the website will be known worldwide in the first place。The security management of government websites is mainly reflected in the supervision of relevant departments to strictly implement the Internet information confidentiality review system, and strictly prohibit information involving state secrets from going online。Strengthen the security inspection of Internet information, once the discovery of confidential information, should be deleted immediately, and seriously investigate and punish and investigate the responsibility of the relevant personnel。
附件:Opinions of the National Informatization Leading Group on Strengthening information security
The Opinions of the National Informatization Leading Group on Strengthening the work of Information Security are put forward to further improve the ability and level of information security work, safeguard public interests and national security, and promote the healthy development of information construction。Specific suggestions are as follows:
I. General requirements and main principles for strengthening information security
Second, the implementation of information security level protection
Third, strengthen the construction of information protection and network trust system based on cryptography technology
Fourth, build and improve the information security monitoring system
5. Attach importance to information security emergency handling
Sixth, strengthen the research and development of information security technology, promote the development of information security industry
Seventh, strengthen information security legal construction and standardization
8. Accelerate the training of information security personnel and enhance the awareness of information security of the whole people
9. Guarantee information security fund
10. Strengthen the leadership of information security and establish a sound information security management responsibility system. The National and provincial State Secrets Protection Bureaus inspect the confidentiality of computer information systems of some provincial organs
In accordance with the requirements of the Notice of the Office of the Central Security Commission of the Communist Party of China and the National Administration for the Protection of State Secrets on the confidentiality inspection of the use and management of computer information systems,In accordance with the provisions and standards of the National Administration of State Secrets Protection and the Provincial National Administration of State Secrets Protection on the confidentiality management of secret-related computers and Internet computers,Provincial National Bureau of State Secrets Protection on the basis of self-inspection of local and provincial organs,From July to August, the use and management of computer information systems in some provincial organs were randomly checked。At present, the following problems have been found in the confidentiality inspection of some important departments and key parts of provincial organs:
1. At present, the internal LAN of most units in our province has not been approved by the security department。The provincial Bureau has issued several documents, and the confidentiality of the internal office LAN of each unit has not attracted enough attention。
2, according to the provisions of No.17 of the Central Government (2003), the e-government network is divided into classified networks and non-classified networks, namely e-government internal network and e-government external network。Some units do not have a clear division of the network, and all the networks are connected to the INTERNET。
3. The classified computers of some departments can access the Internet through telephone lines at will;Some after self-checking, there are some computers have the history of the Internet;A few departments also have serious problems with computers on the Internet storing classified information。
4, classified computer management is not strict。When we checked, the office door was open, the computer was on, but the people weren't there, and the computer had all kinds of internal information on it。Some units have not yet formulated the corresponding management system for secret-related computers and computers on the Internet。There is a widespread situation that the computer is not fortified, the magnetic medium is not standardized, the management can not keep up, and the supervision and inspection are not implemented。
(5) The construction and use of secret-related computer systems must go through certain capital verification and approval procedures in accordance with relevant state regulations before they can be constructed and put into use。However, there are still a few departments that ignore the relevant national regulations when building secret-related computer systems。In the bidding and bidding, the construction party does not check the qualification of secret-related systems, the security and confidentiality scheme of network systems is not reported for approval, and the completed secret-related networks are often operated without approval。
Both the Internet and the Internet involve state secrets, which are acts of revealing state secrets and must be taken seriously by leaders at all levels。It is hoped that all localities, departments and units will carefully inspect the above problems, and effectively raise the security and confidentiality of the computer to the level of national security and interests, and the safe, healthy and orderly development of e-government。And strengthen the leadership of the confidential organization,Intensify publicity, education, supervision and inspection,Enhance the confidentiality awareness of leaders and cadres at all levels,Implement the confidentiality responsibility system,We will effectively strengthen the use and security management of secret-related computers and computers on the Internet,To give full play to the active role of computers in promoting the process of office automation and informatization,And ensure the security of state secret information。
Some problems of e-government security and secrecy
First, the relationship between e-government and confidentiality departments?
The responsibility of the confidentiality department in the construction and application of e-government is security and confidentiality management。Security and confidentiality management is one of the security and confidentiality elements of e-government security and confidentiality system framework。Security and confidentiality management involves all aspects, but also involves the whole process of e-government construction and application。The e-government security and confidentiality system framework also includes other security and confidentiality elements: security and confidentiality policies, security and confidentiality regulations, security and confidentiality organizations, security and confidentiality standards, security and confidentiality services, security and confidentiality technologies and products, and security and confidentiality infrastructure。Security and confidentiality management is closely related to each element。Management should be clear about the strategy, such as "secret minimization" is a strategy, the purpose is to ensure the focus, the core, to ensure that the protection must be maintained, the release must be released。Management also needs to improve laws and regulations, such as the amendment of the secrecy law should consider e-government and government openness, information disclosure and so on。Laws and regulations should be used to clarify which government affairs and information should be disclosed and which should be kept secret, regulate behaviors, and ensure the healthy development of e-government construction and application。We know that management is achieved through the organization, the construction of e-government should improve the relevant security and confidentiality organization。Management should improve standards and norms, such as the government Intranet should be in accordance with the relevant confidentiality standards of the secret-related network requirements, management should also standardize services, strengthen system security and confidentiality assessment and security and confidentiality training。In addition, the management of security technology and products is reflected in the promotion of technological progress and product testing and certification。Security security management should also be strengthened in the construction of security security infrastructure, such as public key infrastructure PKI and backup and disaster recovery system security security management。
Second, what work should be done by the confidentiality department in e-government?
Generally speaking, the security department should do a good job of security management in the construction and application of e-government。Specifically, it should be reflected in the following aspects:
(1) Correctly define secret-related networks, and do a good job in dividing internal and external government affairs networks。
In the construction of e-government, the common problems encountered by government departments are: it is difficult to grasp the division of internal and external government networks in local areas and departments。That is, whether to build a secret network (government affairs Intranet), how big to build is conducive to both confidentiality and convenient work。In the past, there was a misunderstanding that the division of the network was a matter for the government department, and as long as you classified it as a secret network, the security department would then manage it according to the requirements of the secret network。Such a result often leads to unclear definition of the degree of confidentiality of online business information resources, network division is not reasonable, resulting in congenital deficiencies, increasing the difficulty of security and confidentiality management。In the planning stage of e-government construction, the security department should assist the government department to correctly define the secret-related network, and do a good job in dividing the internal and external government networks。
(2) Focus on the security and confidentiality management in the construction and application of the government Intranet。
The government Intranet is a secret-related network, which must be managed in accordance with the set of requirements for secret-related networks set by the Central Security Commission and the State Administration of State Secrets Protection。The key point of the security and confidentiality management of e-government affairs is to do a good job in the security and confidentiality management of government affairs Intranet。Security and confidentiality management should run through the construction and application of government Intranet。
(1) Urge the government departments to plan and build the security and confidentiality facilities of the government Intranet simultaneously。Reserve and guarantee security and confidentiality of construction funds。
(2) Strengthen the management, supervision and training of classified information system integration qualification units, requiring government departments to select units with classified information system integration qualification to undertake the design and construction of government Intranet。
(3) Actively publicize the confidentiality requirements of secret-related information systems to the government departments, so that the government departments can clearly understand the specific requirements and correctly grasp the standards。
(4) Assist the government departments to do a good job in the design and demonstration of the internal security and confidentiality scheme of government affairs, and reduce the security and confidentiality risks caused by the inherent shortcomings of the scheme。
(5) Strengthen project supervision to ensure the implementation of the security and confidentiality measures proposed in the scheme during the actual construction of the government Intranet。
(6) Do a good job in the system evaluation. The Security and confidentiality Evaluation Center of the National Administration of State Secrets Protection and related agencies will evaluate the government affairs network by on-site testing and expert evaluation, and give the evaluation conclusions as the basis for approval。
(7) Before network operation, check and urge the implementation of security and confidentiality management organizations, personnel and systems of government departments, and implement strict examination and approval。
(8) After the network is approved for operation, strengthen inspection, find problems and plug loopholes in time to eliminate hidden dangers。
(3) Strengthen the confidentiality management of government external networks and government websites
The government extranet has a large scale, many users, and is logically isolated from the Internet, resulting in greater security risks。The confidentiality management of the government affairs external network is mainly reflected in clear requirements, supervision and inspection, to ensure that state secret information is not handled on the government affairs external network, and to ensure that the government affairs external network is physically isolated from the government affairs internal network and other secret-related networks。
Government websites include the websites of the central government and various departments and local governments and departments at all levels, built on the Internet。The information published on the website will be known worldwide in the first place。The security management of government websites is mainly reflected in the supervision of relevant departments to strictly implement the Internet information confidentiality review system, and strictly prohibit information involving state secrets from going online。Strengthen the security inspection of Internet information, once the discovery of confidential information, should be deleted immediately, and seriously investigate and punish and investigate the responsibility of the relevant personnel。
附件:Opinions of the National Informatization Leading Group on Strengthening information security
Wechat public account