In the early stage of information con暗花struction of government departme男場nts, due to lack of construction experi物討ence, there is a phenomenon of empha視劇sizing construction, emphasizing 照場application and neglecting securit裡匠y, resulting in the lack of necessar輛遠y security protection measures fo業如r the information systems of s志麗ome government departments. At th麗船e same time, problems such as impe線小rfect network security system, inadequa醫雪te implementation and weak netwo線道rk security awareness emerge one 長來after another. With the rapid d銀煙evelopment of e-government "one stop", 行哥"two networks", "four libraries場站" and "ten gold" and the impro小新vement of information level, the d時動ata center not only plays a basic要朋 supporting and ensuring role for來見 the rapid development of public 信一service business of government uni票船ts, but also is of great significance舞時 to improve the internal management l土男evel of government institutions, a些子nd then improve the efficiency o站電f resource allocation and information學可 security, This also means that the de頻自pendence of government agencie慢關s on it information systems has r村照eached an inseparable position for場你 a moment. It is particularly important放車 to protect important informat林黑ion systems and sensitive data. At pre日化sent, government agencies and units m為從ainly face the following security ri從信sks at the level of it operation and m章在aintenance:
1. The identity is not clear and the錢這 authorization is not clear. At pre和銀sent, the IT affairs of government答訊 organs and units basically adopt 說她the project system, and few units水資 have their own it operation and ma師雜intenance team. Even for importa門一nt units in first tier cities, their op光刀eration and maintenance is outs新員ourced to third-party companies. 空老As a third-party operation and mai動吧ntenance company, there are often many術中 problems in the identity and authoriz她小ation of its personnel, such as what l也房evel of account the operation and ma吃山intenance personnel can use, what 船老authority they have, and how long th生分e authority is maintained. If it is n讀林ot clearly specified in advance, i黃見t will lead to operation and ma生亮intenance security problems;
2. The operation is opaque and討理 the behavior is uncontrollable. It can能說 be found from the previous securi爸暗ty incidents in major government dep長的artments that the service personn身算el of some third-party service c多明ompanies log in to the core system an我拿d database without authorization for務歌 many times during the service period坐錢, resulting in the leakage of citi舊時zens' privacy information. After the 船靜occurrence of time, the problem was no這門t exposed, which itself shows t唱從hat the operation of the third能快-party company is opaque and the pro會和cess is uncontrollable. Similar cases 門信are not uncommon in the industr男短y. In this case, the security of use就算rs' private information can only re區長ly on the ethics and professional eth問年ics of third-party operation and maint志視enance personnel. Obviously, this ki草一nd of it operation and maintenan女說ce operation without supervision carr雜得ies great risks;
3. It is difficult to audit afterwar工道ds and the responsibility is not clear.媽紙 Due to the fact that the operation an南問d maintenance work is mostly han要妹ded over to a third party and 體水the lack of effective identity au舊農thentication and authority contro火年l, there is a lot of and unregul錢問ated flexible operation room f和快or it operation and maintenance, so 長東that after the security incident,日廠 the relevant departments can 吧慢not timely and effectively pursue th器門e responsibility of dereliction of du少報ty, and a lot of human and material 好小resources need to be invested f到短or investigation afterwards.