In order to further strengthen the network security work, ensure the system and information security of the company, prevent the network virus harm and malicious attack, and maintain the normal network use order, the network security management system is hereby formulated according to the provisions on network security management and the actual situation of our company.

1、 Virus detection and network security vulnerability detection

(1) The company's network system is maintained by a special department. No one is allowed to contact, use and change the hardware and software resources of the company's network system without permission.

(2) Once the office computer of each department of the company is found, the computer virus shall be removed in time; If it cannot be removed, it shall timely report to the computer management personnel of relevant departments and take isolation and control measures. After confirming that the system virus is cleared, it can be put into use again.

(3) It is prohibited for any department or individual to install hacker software, to attack local area network and other computers through the company's network, and to spread hacker software and viruses.

(4) For the potential safety hazards of system software and application software, the computer management personnel of relevant departments of the company must timely obtain relevant remedial measures from the system software developer and application software developer, such as installing patch software and formulating new security policies.

(5) The office personnel of all departments of the company are strictly prohibited from installing other software on the office computer without permission to avoid virus infection and Trojan horse injection. It is strictly prohibited to change the computer settings and safety protection rules without permission. The company has the right to investigate the relevant responsibilities for the consequences.

(6) Classified computers must be physically isolated from computers connected to the Internet.

Article 2 system data management and Security Assistance

(1) Computers connected to the Internet must consciously abide by network laws and regulations. It is strictly prohibited to use computers to engage in the following activities:

① Delete, modify and add the functions, programs and data on the office network and home page system without permission;

② Deliberately making and spreading computer viruses and destructive programs;

③ Other acts endangering the safety of the office network.

④ It is strictly prohibited to transfer confidential documents on the Internet and LAN, especially confidential documents above the confidential level.

(2) No department or individual is allowed to download and transmit information with political problems and pornographic contents through the Internet in the local area network and the education network.

(3) It is strictly prohibited to use software with unknown origin and causing virus infection on the network. It is strictly prohibited to change the office computer system and related software through system setting software.

(4) After the server and network equipment are attacked, the network management and technical personnel shall immediately take measures to solve the problem and do a good job in system protection.

Article 3 account use registration and operation authority management system

(1) The main network equipment and computer server system in the LAN shall be managed by the system administrator in a unified manner. No one except the administrator shall operate the network equipment or modify the network settings without authorization.

(2) All network equipment and computer server systems in the LAN shall be correctly assigned with permissions and protected with passwords. The passwords shall be modified regularly. Any non system administrator is prohibited to use or guess the passwords of various administrators.

(3) The network system shall be backed up to ensure timely recovery in case of system failure.

(4) The setting and modification of the network system shall be well registered and filed. Major changes must be reported to the leader in charge and can only be carried out with approval

Article 4 safety education and training

(1) The technical competent department of the company is responsible for taking the lead in holding regular network security meetings to report the network security situation and solve network security problems.

(2) The technical competent department of the company regularly holds network security training courses to learn network laws and regulations, improve the network security awareness of all employees and improve the network security level.

Article 5 network line safety maintenance

The company entrusts a special unit to supervise and maintain the safe operation of network lines.

Article 6 attach importance to the safety protection of computer entities. All departments of the company shall do a good job in fire prevention, waterproof, anti-theft and lightning protection.

Article 7 in case of violation of this management system, relevant departments will be requested to give corresponding criticism and education, circulate a notice of criticism, give administrative sanctions or give a warning, and investigate other responsibilities according to the circumstances. Those who violate national laws and administrative regulations shall be punished in accordance with the provisions of relevant laws and administrative regulations; If a crime is constituted, criminal responsibility shall be investigated according to law.