Article one Network and information system security event definition。Network and information system security events (hereinafter referred to as security events) in this process refer to information system content security events, harmful program events, network attack events, information destruction events, equipment and facility failure events, disaster events and other information security events。

Article 2 Scope of application。This procedure is applicable to the reporting and disposal of security incidents occurring on campus。

Article 3 Security event classification。According to the Information Security Incident Classification and Classification Guide (GB/T20986-2007(hereinafter referred to as the "Guidelines") classify security incidents into four levels: Particularly significant incidents (ILevel I), Major Events (Level II), Major Events (Level III) and general events (Level IV)。

Article 4 Security incident determination。In the event of a security incident, the level of the incident shall be determined by the Centre for Modern Education and Technology in accordance with the Guidelines, depending on the importance of the network and information system, the extent of the damage, and the impact on work and society。

Article 5 Security incident reporting and handling。Reporting and disposal are divided into three steps: Emergency report and disposal, in-process report and disposal, and post-rectification report and disposal。

(1) Emergency report and disposal

1.Any department or individual once found a security incident, should be the first time to report the department's security responsible person and modern education and technology center。

2.After receiving the report, the security responsible person of the department shall immediately organize the network and information system administrator and other relevant personnel to take effective measures such as network disconnection as soon as possible according to the actual situation, minimize the damage and impact, and keep the site。

3.After receiving the report, the Modern Education and Technology Center shall immediately organize technical personnel for emergency treatment, further determine the level of security incident, and report to the network and information system security work leading Group (hereinafter referred to as the leading Group).。Incidents involving subjective sabotage should be reported to the public security organs at the same time。Paired genusITo level III security incidents, the leading group should report to the relevant departments and contact the public security and other departments。

4.The emergency report includes: (1) Time and place;（2Brief history;（3Event type and classification;（4) Sphere of influence;（5Degree of harm;（6Preliminary cause analysis;（7Emergency measures taken。

5.Paired genusITo level III security incidents, the information network center should work with the local public security organs to do a good job of emergency handling。Incidents involving subjective destruction should assist the public security organs to do a good job in obtaining evidence and handling。

6.Relevant departments should follow up the development of the incident in a timely manner, and report any new major situation in a timely manner。

(2) Reporting and handling of the situation

1.The situation report should be made after the security incident is discovered8Submit a written report to the leading group within hours. The content and format of the report are in the attachment1。

2.The situation report shall be prepared by the department's safety chief, organized management and operation and maintenance personnel, and prepared with the cooperation of the Modern Education and Technology Center. After review by the main person in charge of the department, the report shall be signed and stamped with the official seal and submitted to the leading group。The leading group reports to the relevant departments according to the report。

3.The handling of security incidents includes: timely understanding of losses, finding and analyzing the causes of incidents, repairing system vulnerabilities, restoring system services, minimizing the impact of security incidents on normal work, and actively cooperating with public security departments to carry out investigations in case of security incidents involving subjective sabotage。

(3) Post-rectification report and disposal

1.The rectification report shall be made after the security incident has been handled5Submit the rectification report in the form of a written report within working days. See the attachment for the content and format of the report2。

2.The post-event report shall be prepared by the department's safety chief, organized management and operation and maintenance personnel, prepared by the modern Education and Technology Center, reviewed by the main person in charge of the department, signed and stamped with the official seal and submitted to the leading group。The leading group reports to the relevant departments according to the report。

3.Post-incident handling includes: further summarize the lessons of the incident, study and judge the security situation, investigate the security risks, further strengthen the system construction, and improve the security protection capacity。If the security incident involves subjective sabotage, it should continue to cooperate with the public security department to carry out investigations。

Article 6 Related supporting mechanism。The modern Education and technology Center should constantly improve the emergency handling mechanism of security incidents。Each secondary department shall improve its own emergency handling of security incidents according to the actual situation, establish a duty system, and achieve early detection, early reporting, early control, and early resolution of security incidents。

Article 7 This procedure shall take effect from the date of promulgation。