Full text of enterprise safety papers (5)

1 Information security threats in enterprise office

The enterprise office information system is a comprehensive management system based on the company firewall, server, access to the web, mail, company internal network, office PC, database, Internet technology and corresponding auxiliary hardware equipment. From the perspective of security situation, there is a serious threat to the enterprise office information system. Information equipment provides convenience and resource sharing, but at the same time, it is fragile and complex in terms of security, posing a threat to data security and confidentiality. The potential security threats mainly include the following aspects: information leakage: information is leaked or disclosed to an unauthorized entity; Destroy the integrity of information: the data is added, deleted, modified or destroyed without authorization and suffers losses; Denial of service: legal access to information or other resources is unconditionally blocked; Unauthorized access: a resource is used by an unauthorized person or in an unauthorized manner; Eavesdropping: stealing information resources and sensitive information in the system by various possible legal or illegal means; Business flow analysis: through long-term monitoring of the system, use statistical analysis methods to study some parameters, and find valuable information and laws; Counterfeiting: through deceiving the communication system (or user), an illegal user can pretend to be a legitimate user, or a user with less privileges can pretend to be a user with more privileges. Hackers mostly use fake attacks; Bypass control: the attacker uses the system's security flaws or security vulnerabilities to obtain unauthorized rights; Authorization violation: someone who is authorized to use a system or resource for a certain purpose, but uses this permission for other unauthorized purposes, also known as "internal attack"; Trojan horse: software contains a harmful program segment that cannot be detected. When it is executed, it will damage the user's security; Trap gate: a "mechanism" set in a system or a component to allow violation of security policy when specific data is input; Repudiation: This is an attack from users, such as denying a message they have passed, forging a letter from the other party, etc; Replay: copy and resend the intercepted legal communication data for illegal purposes; Computer virus: a program that can infect and invade the computer system during its operation; Inadvertent personnel: an authorized person divulges information to an unauthorized person for some benefit or due to carelessness; Media abandonment: information is obtained from abandoned disks or printed storage media; Physical intrusion: the intruder bypasses the physical control to gain access to the system; Stealing: important security items, such as tokens or identity cards, are stolen; Business fraud: a pseudo system or system component deceives a legitimate user or system to voluntarily give up sensitive information.

2 Information security strategy in enterprise office

2.1 Protect network security

Network security is to protect the security of the communication process between the network end systems of all parties within the enterprise. Ensuring confidentiality, integrity, authentication and access control is an important factor of network security. The main measures to protect network security are as follows: comprehensively plan the security strategy of the network platform; Formulate management measures for network security; Use firewall; Record all activities on the network as far as possible; Pay attention to the physical protection of network equipment; Check the vulnerability of the network platform system; Establish a reliable identification mechanism.

2.2 Protection of application security

Application security protection mainly refers to the security protection measures established for specific applications (such as Web server, database server, ftp server, etc.). This security protection measure is independent of any other security protection measures of the network. Although some protective measures may be an alternative or overlapping of network security services, such as the encryption of network payment and settlement packets on the application layer by Web browsers and Web servers, which are encrypted through the IP layer, many applications have their own specific security requirements. Because the application layer has the most stringent and complex requirements for security, it is more inclined to take various security measures at the application layer than at the network layer. Although the security on the network layer still has its specific position, people can not rely on it to solve the security of enterprise information systems. The security business on the application layer can involve the security of applications such as authentication, access control, confidentiality, data integrity, non repudiation, Web security, EDI and network payment.

1、 Analysis of the Current Situation of Enterprise Archives Information Security

1. Talent shortage

Because the information security assurance technology of enterprise archives has been widely applied in recent years, for enterprise archives, the information security awareness and technical level of archivists are limited, and the personnel in each archives division are older, and their acceptance ability and operation level are limited, which is also a problem that enterprises need to solve urgently at present. Talents are an important factor in the construction of archive information security. The strength of archive management personnel's information security awareness, the level of modern equipment operation, and the sense of responsibility will all have an impact on archive information security. It can be imagined that an archive manager who is lack of professional skills, sense of responsibility and security awareness will undoubtedly make the security of archive information as if it were placed in a position where no one is defending, and will be defeated by the "enemy".

2. Incomplete legal system

For our enterprise, the construction of archives information security is just starting, and the management system of enterprise archives information security is relatively few. We still need to constantly strengthen management and develop various management systems in our work, which is conducive to the implementation of archives information security management.

2、 Measures for the Construction of Enterprise Archives Information Security System

The security of file information simply means that the content of file information is complete, controllable, undamaged and unknown to illegal users. The security of archives information includes the security of physical archives information and the security of archives information management system.

Author: Miao Bei, Lei Xuefeng Unit: Xi'an Changqing Science and Technology Engineering Co., Ltd

Content analysis of visual safety management

(1) Visual management of personnel safety. Personnel safety visualization includes uniform dress and standardized labor protection. On this basis, the enterprise identifies its internal employees according to different posts and types of work, and distinguishes them by wearing badges, armbands, helmets, uniforms, colors, etc., which has a certain psychological effect, so that people have a sense of honor and responsibility. At the same time, it is conducive to the standardized and refined management of daily safety production, for example, The badge manager can clearly see whether each post holder has a certificate, whether the certificate is within the validity period, and whether the type of work is within the permitted scope; By wearing different armbands, we can distinguish whether the performance is good or not, and formulate corresponding reward and punishment system to reward the advanced and spur the backward.

(2) Visual safety management of tools, equipment, facilities and processes. The visual safety management of tools, equipment, facilities and processes is often ignored by many enterprises, but it is vital. According to the statistics of the State Administration of Work Safety on the factors that cause accidents in a period of time, the safety production accidents caused by tools, equipment, facilities and processes account for more than 40% of the accident rate, so it is necessary to ensure that enterprises' tools, facilities Good safety of equipment, facilities and processes is an important link to ensure the safe production of enterprises. The safety visualization of tools, equipment, facilities and processes plays an irreplaceable role in their safety management. By establishing accounts for tools, equipment and facilities, pasting identification labels (including names, inspection conditions, custodians, safety precautions) Maintenance records of supporting equipment and other measures ensure that the maintenance of tools, equipment and facilities is carried out on the head of the people, standardize their maintenance and reasonable use to ensure continuous safety and reliability. At the same time, for special equipment, the operator's attention and awareness of prevention can be raised through warnings, warning signs and so on to avoid risks. For some equipment, such as fire extinguishers, fire hydrants, Users can make it clear at a glance through the method of diagram. Generally, the division of process is to distinguish different media in the pipeline through the color identification of different pipes and valves. At the same time, the arrows on the pipeline indicate the flow direction of media or the switch of valves to avoid misoperation.

(3) Visual safety management of the operation and production site. According to the relevant requirements, all rules and regulations, job responsibilities, operating procedures, etc. of the enterprise should be published in an effective way, which can be made clear to the employees at a glance by hanging signs. On this basis, in order to achieve safe production and civilized production, The following aspects should also be achieved: ensure that the workplace is in order to eliminate the mixing and misplacement of goods, and there must be complete and accurate information display, such as semi-finished products area, product waiting area, qualified product area, waste product area, including sign lines, sign boards and color, and use visual symbols to place all kinds of goods in a standardized manner; Hang banner slogans, "safe passage", "no smoking" and other warning signs, workshop layout plan, fire equipment layout plan, etc. to create a clear and standardized safety production atmosphere.

The visual management mode that the unit should adopt

In combination with the current situation of the unit and relevant requirements, our visual safety management requirements are unified, simple, distinct, practical and strict. Unification: eliminate all kinds of messy phenomena, and the implementation of safety visualization is not just an empty imagination. First, comply with the requirements of the specifications issued by the relevant departments, and then coordinate and consider the technical, physiological, psychological, social and other factors to implement. For example, according to the requirements of machinery manufacturing and processing enterprises, the color of all staff's work clothes is navy blue. Simplicity: that is, all kinds of visual display signals should be easy to understand and clear at a glance. The color and logo of the same signs must also comply with relevant specifications and standards. For example, "Be careful of electric shock", "No fireworks" and other specified patterns and color requirements. The "layout plan" and "process flow chart" without uniform standards shall be distinguished according to appropriate colors. Distinctive: All signs and labels shall be hung and installed at obvious positions so that relevant personnel in the workplace can see clearly when they look up. For example, the operating instructions of the lathe can be made into an exhibition stand in front of the lathe operator. Practicality: Do not talk about frills, but pay attention to practical results, and arrange signs, signs and warning signs scientifically and reasonably in combination with the actual situation of the workplace. In particular, it is not allowed to make the place appear to be full of signs and various colors, which will not work but may make the place feel uncomfortable. Strict: safety visualization is a kind of "visible management", which requires each participant to know what to do, what not to do, and how to deal with violations of rules and regulations as soon as they see the relevant signs.

1、 Procedures for safety management

1. Troubleshooting and identification of hazard sources

The hazard sources are different according to the nature of the enterprise, but they are all in three aspects: first, the hazard sources caused by human factors, such as illegal operation; The second is the source of danger brought by environmental factors. In hot weather, field operators are prone to heatstroke, and the places where inflammable and explosive materials are stored are prone to fire; The third is the possible hazard sources in the operation of facilities and equipment. For example, if elevator, electric water heater, natural gas boiler and other equipment are used, accidents such as elevator trapping and falling, electric water heater leakage and scalding, natural gas leakage, fire and explosion may occur. Therefore, the hazard sources in the above three aspects should be carefully checked and identified to ensure that there are no missing items, which is the basis for good safety management.

2. Risk assessment of hazard sources

According to the probability of the occurrence of the hazard source (that is, possible, basically impossible, extremely impossible), the severity of the hazard loss caused by the accident (minor injury or loss, moderate injury or loss, severe injury or loss), and the risk level (negligible risk, allowable risk, basically allowable risk, basically impermissible risk, impermissible risk), Divide the risk level.

3. Develop risk control measures according to risk level

For negligible risks, no prevention and control measures may be taken; There should be corresponding control measures or management objective plans to prevent and control the admissible risks and basically admissible risks; Basic unacceptable risks shall be taken as management objectives, special control measures shall be formulated and operation control shall be strengthened, and emergency plans shall be formulated for unacceptable risks.

1 Safety audit process

1.1 Safety audit method

The process safety audit method adopts the factor grouping scoring method, that is, different audit teams review the existing management and operation status of the enterprise by consulting document records, communication and interview, on-site observation and testing, and score against the audit factor checklist in their charge. The final score of the audited enterprise is obtained through collective discussion and summary by the audit team.

1.2 Safety audit process

The implementation of enterprise process safety audit is generally carried out by an independent professional audit team.

2 Application case analysis

This paper applies the audit checklist to a chemical enterprise to conduct safety audit on the leadership, relevant functional departments, production departments and process management of contractors (carriers) of the chemical enterprise. The audit scoring criteria are divided into three levels: