Emergency Plan for Internet and Information Security Incidents of Jiangsu Family Press Vocational College

1 General Principles

1.1 Preparation Purpose

According to the requirements of the "Emergency Plan for the Education System of Jiangsu Education System"，Establish and improve the working mechanism of the school's network and information security monitoring and emergency response，Improve the ability of schools to respond to network and information security emergencies，Effective prevention、Timely control and maximize the hazards and influence of various emergencies of various types of networks and information security in our school，Make sure the campus network and important information system security，Special Formation of this plan。

1.2 Preparation basis

"Network Security Law of the People's Republic of China"、"Law of the People's Republic of China"、"National Cyber ​​Security Emergency Plan"、"Education System Network Security Emergency Plan"、"Classification of Information Security Event Classification Guide"、"Emergency Plan for Network Security in Jiangsu Province"、"Jiangsu Education System Cyber ​​Security Emergency Plan" and other related documents and other related documents。

1.3 Applicable range

This plan applies to the response work of our school's network and information security incidents，Instructs the emergency response work of the school's network and information security emergencies。

1.4 Working principles

（1) Unified command、Close collaboration。School Network and Information Security Work Leading Group coordinated and coordinated the school's network and information security emergency command work，Establishing with the provincial education network information department、Coordination and linkage mechanism of professional institutions，Strengthen prevention、Monitoring、Report and emergency treatment close links，Do a good job of fast response、Correct response、Decisive disposal。

（2) Holding management、Clear responsibility。According to the "Who is in charge and who is responsible、Who is responsible for operational maintenance、Who uses who is responsible "，The main leader of the school's party and government is the first responsible person in the school's network and information security work，The person in charge of each department is the first responsible person in the department's network and information security work，Division of each Division，Management responsibilities of jointly performing emergency disposal work。

（3) Active prevention、Strengthen drill。Based on safety protection，Strengthen early warning，Take a variety of measures，Jointly build a network and information security guarantee system。Standardize emergency response measures and operation processes，Regular plan exercises，Make sure an important role in emergency plans。

2 Event classification classification

2.1 Event classification

Network and information security events are divided into harmful program events、Sky Bet app Internet attack event、Information Destruction Incident、Information content security event、Equipment facilities failure and disaster event, etc.。

（1) Harmic program events are divided into computer virus events、worm incident、Trojan Horse Incident、Zombie Network Incident、Mixed program attack event、Webpage internal malware event and other harmful program events。

（2) Internet attack events are divided into refusal service attack events、Back door attack event、Vulnerability attack event、Internet scanning eavesdropping event、Internet fishing event、Interference events and other network attack events。

（3) Information Destruction Event is divided into information tampering incident、Information counterfeit incident、Information leakage、Information Stealing Incident、Information loss incident and other information destruction events。

（4) Information content security incident refers to the prohibition of information through the spread of network communication，Organization illegal series、Inciting the rally parade or speculation sensitive issues and endanger national security、Event for social stability and public interests。

（5) Equipment facilities are divided into software and hardware itself、Faculture faults in the periphery protection、Human destruction accidents and other equipment and facilities fail。

（6) Disaster event refers to the network and information security incident caused by other emergencies such as natural disasters。

（7) Other events refer to the network and information security incident that cannot be attributed to the above categories

2.2Event grading

With reference to the hierarchical regulations of the Jiangsu Education System Network Security Event, the network and information security incidents of our school are divided into four levels: particularly important(ⅰLevel), major(ⅡLevel), larger(ⅢLevel), general grade IV)。

（1) Special major(ⅰLevel)

School network or important information system (website) suffers from particularly serious losses，A global large -scale paralysis occurred，Lost business processing capabilities; important sensitive information or key data of important information system (website) is lost or stolen、Tampered、counterfeit，Especially serious threat to the safety and normal order composition of the school's system; network virus erupted in large areas of the school and seriously affects the security of our school's information system;，emergencies that cause particularly serious impacts。

（2) Significant(ⅡLevel)

School network or important information system (website) suffers serious losses，Causes long -term interruption of the system or local paralysis，Business processing capacity is greatly affected; important sensitive information or key data of important information system (website) is lost or stolen、Tampered、counterfeit，serious threat to the safety and normal order of the school's system; cyber virus explodes in large areas and affects our school's information system security;，emergencies that cause serious impacts。

（3) Larger(ⅢLevel)

A part of the network or an important information system (website) suffers a large loss，Cause system interruption，Business capabilities are affected; data loss or stolen by important information system (website)、Tampered、counterfeit，It has a serious threat to the safety and normal order of the school's system; network virus is widely spread within the scope of multiple units (departments);，emergencies that cause a large impact。

（4) General(ⅳLevel)

Except the above situation, it has a certain impact on the security of our school's network and information department，But it does not endanger the overall security and normal order of the school's network and information system。

3 Organization and responsibilities

3.1Leading Group for Network and Information Security (referred to as leadership group) and responsibilities

Group  Long: School Party Secretary and President

Deputy Leader: In charge of the Propaganda Department、Smart Campus Center、Leadership of the Security Office

Cheng  Member: The main person in charge of each unit (department)

job  Responsibility:

（1) Implement the country、Provincial and higher -level units The policies and laws and regulations on the security of the network and information security，Organize the formulation of rules and regulations related to school network and information security。

（2) Leaders' overall planning school network and information security work，Establish and improve the linkage disposal mechanism，Start the emergency plan，Organizational command responsible for the disposal of network and information security incidents。

（3) Review、deployment、Check the prevention and early warning of the network and information security incidents、Emergency disposal、Investigation and evaluation、Information release、Emergency protection and other work，Research to solve problems in disposal work。

3.2Internet and information security emergency response work office and responsibility

Network and Information Security Work Leading Group set up a network and information security office (referred to as online information office，Located in the Smart Campus Center) and the Emergency Response Office of the Internet and Information Security Emergency Response (referred to as Emergency Office)，Emergency Office is located in the Propaganda Department。

Master  Ren: Minister of Propaganda Department

Deputy Director: Smart Campus Center、The main person in charge of the Security Office，The main person in charge of each unit (department)

Cheng  Member: Information security officers of each unit (department).

job  Responsibility:

（1) Organize the drafting school's "Emergency Plan for Internet and Information Security Event" and other related regulations。

（2) Undertake duty and urgent work，Guide all units (departments) to establish early warning and prevent and control of network and information security emergencies; receive and handle network and information security emergency information reports，Cooperate with relevant departments to actively carry out response to disposal。

（3) Responsible for the prevention and early warning of network and information security incidents、Emergency disposal、Investigation and evaluation、Information release、Emergency Emergency、Hidden dangers investigation and rectification; organize network and information security training，Regular organizational drills; collect statistics from information security incident reports、Preparation statistical report、Summary work、Writing work summary; responsible for communication and contact work with the superior network and information security emergency work agency。

（4) Complete other tasks assigned by the leading group of network and information security work。

4Monitoring and Report

4.1 Clarify the responsibility of network and information security monitoring

（1) Propaganda Department is responsible for Internet public opinion monitoring，and school official website、Information monitoring of the official new media platform。

（2) Smart Campus Center is responsible for monitoring the communication and resource usage of the network and information system，Paralysis of the network and information system，Application service interruption or data tampering、Lost, etc.。

（3) Safety Office is responsible for security of peripheral facilities、Examination of Internet employees，and the connection and coordination work of the relevant departments of the public security organs after the incident。

（4) All units (departments) sky bet login are responsible for the second -level website managed by the unit (department)、Application information system、Information review and monitoring of dynamic special websites and new media platforms。

4.2 Implement the monitoring report responsibility system

All units (departments) should designate a special person to be responsible for information monitoring，To implement the responsibility system，According to "Early Discovery、Early Report、Early disposal "principle，Strengthen the collection of various types of networks and information security emergencies and related information that may cause emergencies、Analysis and judgment and continuous monitoring。

When a network and information security emergencies occur，Report to the Emergency Office in a timely manner in accordance with regulations，The content of the report mainly includes information source、The scope of influence、Event nature、Event development trends and measures taken。The daily report system should be implemented during important sensitive periods，All units (departments) will report the monitoring situation in time in time in accordance with the report frequency required by the superiors and schools。

4.3 Report process

4.3.1 All units (departments) are responsible for information monitoring once they find the network and information security incident，It should be taken immediately to control the situation，and report to the person in charge of the unit (department) and the emergency office for the first time，and perform emergency response according to this plan。

4.3.2 For general(ⅳLevel)Grade network and information security incident，Treatment by the Emergency Office，Report the handling situation to the leadership group。

4.3.3 For a larger occurred(ⅢLevel), major(ⅡLevel), Extraordinary(ⅰLevel)network and information security incident，Report to the leadership group as soon as possible by the Emergency Office，After receiving the report, the leadership group，Should quickly convene network and information security conferences，Research to determine the situation of network and information security emergencies，and start the corresponding level response in accordance with the "Emergency Plan for the Education System of the Jiangsu Education System"。

5 Emergency disposal of network and information security incidents

5.1 Campus Network

Related units (departments) on the network and information security incident that occurred on campuses directly processed by the authority，Emergency disposal of the following process。

5.1.1 Campus network bad information disposal

  （1) Information security officers in the network and information security event units (departments) should timely delete bad information，Check all the content of the entire website，Make sure no other bad information。

  （2) Information security officer shall report the specific situation of the incident to the emergency office。

  （3) Smart Campus Center immediately organizes technical personnel to cut off the website server external network connection through the internal network firewall。Related directory of backup bad information、Log。Directory of bad information in isolation，For safety test，Remove the hidden dangers of unsafe，Close the insecurity column。If the server is destroyed, restore backup data。Re -connect to the website server and firewall outer network connection，Test the website to run。

5.1.2 Campus network abnormalities and network malicious attack accident disposal

  （1) Smart Campus Center immediately organizes technical personnel to determine the source of the attack and the scope of influence。As required, you can urgently cut off the server of the center network and the network connection of Sky Bet app the public network，To protect important data and information。If the attack is from outside the school，Blocking and filtering such attacks through network security protection equipment，Contact the experts to analyze and study response measures，Determine whether the situation is seriously determined whether to turn off the external network access; if the attack is from the school，Find OK Source，Cutting off attack source related equipment network connection。Find the attack source computerIPAfter the address，Close the computer campus network connection，To notify users and affiliated departments for processing。

  （2) If the attack source comes from office computers in the school，Computer users need to clear the virus、Malicious procedures、Trojan horse program or reinstallation operating system，Run24Over the problem, I will apply for an network of networking，Smart Campus Center testing has no problems before accessing the campus network。

  （3) If it is found that it is a subjective malicious network attack in the school，Emergency Office Affairs Light，Submit to the school security office for treatment in accordance with school regulations，Suspected of violating the law transferred to the public security organs to deal with it in accordance with the law。

5.1.3 Emergency disposal of loopholes in network system

  （1) Smart Campus Center received a system vulnerability report or regular scan inspection and found that high -risk system vulnerabilities were found，Organize related technical personnel to conduct research and analysis，Formulate a solution。

  （2) Need to perform closed protocols and ports on core network equipment and servers、Operation of stop service，From the smart campus center in24Complete treatment within hours.

  （3) The operation of the smart campus center to assist the use department to complete the operation of the operating system patch as soon as possible。

  （4) You need to apply software for upgrade and update，Smart Campus Center notify the use of the department to contact software manufacturers to complete the processing in time，Close the server outside the server before the processing is completed。

  （5) You need to upgrade the patch on the office computer，Notification of the loopholes and processing steps by the smart campus center on the campus network，All units (departments) organizations carry out upgrade and maintenance work。

5.1.4 Computer virus emergency treatment

  （1) All units (departments) information security officers found that the computer infected the virus，The office computer of the infected virus should be disconnected immediately，It is forbidden to connect to the network before the virus is completely cleaned,and data backup of the hard disk of the device。Enable anti -virus software to treat antivirus treatment for the machine，At the same time through the virus detection software, other machines scan and remove the virus。

  （2) If the device infected with the virus is the server，and the anti -virus software cannot clear the virus，Information security officers shall immediately contact the relevant product manufacturers to study and report to the head of the department and the person in charge of the smart campus center。The person in charge of the Smart Campus Center organizes relevant technical personnel to study and take measures to restore backup，and immediately inform relevant units (departments) to do a good job of investigation。

5.2 Internet public opinion negative information

Because the school's negative Sky Bet app information of the Internet public opinion other than the campus network does not directly process the authority，Emergency response to the following process。

5.2.1 The Propaganda Department is responsible for designating a special person to conduct Internet public opinion monitoring，Daily timing search、Collect negative public opinion information，Improved the number of daily search times。After the emergency,，Report to the leadership group immediately，Organize personnel24Hours Collection Information，Monitor the first time、Collect、Research and judge the development of public opinion，Report public opinion dynamics in time。Public opinion monitoring and information collection personnel must watch the network in time、Broadcast、TV、Newspapers and other media，Real -time collection check information source、diffusion situation (reprinted broadcast frequency、Click rate、ratings) and other related indicators，Follow the development of public opinion、Destructability、Disposal results and other conditions，Provide reference opinions for the leading group。

5.2.2 When dealing with negative public opinion information，Resolutely maintain the authority of the party and the country，Maintain social stability，Maintain the school image。Emergency response work office is responsible for launching incident surveys in time，Quickly form a report，To clarify the facts、Elimination effect provides strong evidence。For the survey situation，Research in time and propose the countermeasures and suggestions of emergency response to the leadership group。Based on the nature and severity of the leadership group, the leadership group decides whether to report to the superior authorities、Request support、Delete online negative information。

5.2.3 Give full play to the spirit of unity and collaboration，Communication up and down、Left and right coordination，Power unified、Division of each Division，Forms a strong working force。Seeking truth from facts、Post information step by step，Refer to the above measures，Report the leadership group for review，Decide whether to organize a press conference based on the nature and evolution of the event。The Propaganda Department is responsible for organizing the relevant network、Newspapers、Broadcast、Contact and reception work of the media such as TV and other media。​​If the network and information security incident occurred on the campus，For information release and news reports，Refer to the above measures。

6Later disposal and guarantee

6.1 Later disposal

6.1.1 After the disposal of major network and information security incidents above, after the handling of the handling of information security incidents，Investigation and evaluation work in accordance with the "Emergency Plan of the Jiangsu Education System Network Security Event"。After the disposal of a larger network security event is over，The leadership group organizes to conduct investigation, processing, summary evaluation work，And the survey results are reported to the Provincial Education Network Security Emergency Office。General network security incidents are organized by the Emergency Office to conduct investigation, processing, summarizing and evaluation work，Report to the leadership group，Report Elements: Incident time、Location、Reason、Information source，Event type、Nature、Harm and loss，Event development trend、Take disposal measures, etc.。

6.1.2 Schools and Sky Bet app individuals give commendation and rewards for the collective and individuals that have made outstanding contributions to the emergency response work of network and information security;、Lie Bao、The important situation of concealment and omissions of the network and information security incidents or other misconducts in emergency response、Missing behavior，To investigate the responsibility of the relevant responsible person; constitute a crime，Criminal responsibility for investigation in accordance with the law。

6.2 Work Security

6.2.1 System guarantee。Establish and improve the emergency work mechanism of network and information security incidents，According to the "Who is in charge and who is responsible、Who is responsible for operational maintenance、Who uses who is responsible "，Implement the responsibility for the emergency work of the network and information security to the specific department、Specific positions and individuals。

6.2.2 Technical Guarantee。Continuously strengthening school network and information security emergency technology support team building and network security materials protection，Monitor the Internet and information security incidents、Defense、Emergency disposal and emergency technology support work。

6.2.3Organization。Regularly organize network and information security knowledge training，Strengthen the study and emergency drill of emergency plans for network and information security incidents，Improve the awareness of the prevention of network and information security management and technical personnel、Safety skills and emergency treatment capabilities。

6.2.4 Fund guarantee。School provides necessary funding guarantees for the emergency work of the network and information security，Used to support the construction of network and information security emergency technology support team、Monitoring and early warning、Publicity Education、Training Expo、Development of material guarantee。

7 Attachment

7.1 This plan is responsible for explanation by the emergency response work office of the leading group of network and information security work。

7.2 This plan is implemented from the date of release.

Annex: Emergency disposal flowchart for network and information security incidents in Jiangsu Family and Accounting Vocational College