Issued by the Teaching Affairs Office on September 13, 2005
Article One: In order to strengthen the security administration of the campus computer network, based on the Administrative Method for Security Protection of the International Internet of Computer Information Network and other relevant regulations, and in the light of the actual situation of our university, we hereby formulate this method. Article Two: This method is applicable to the security administration of the computer information network on the campus.
Article Three: The Leading Group for Informatization Construction of Yan’an University is in charge of the security of the university’s information network. The Information Center of the university is specifically responsible for the examination on the truthfulness of the information in the campus network, the Party’s Publicity Department is responsible for the examination on the political ideology of the information in the Campus network, the Network Center is responsible for the implementation of technical safety of the campus network, and the relevant colleges and units are responsible for the concrete work for security supervision of their websites.
Article Four: The university’s Leading Group for Informatization Construction fulfill the following responsibilities for the security administration of the network information system:
1. Formulating relevant regulations of the university concerning information network security;
2. Carrying out publicity and education on civilization on the Internet and campus network;
3. Organizing security inspection, implementing the laws and regulations concerning information security, and pushing adjusting hidden security problems;
4. Handling incidents that violate the relevant regulations concerning information network security, and cooperating with the public safety in investigating and handling illegal criminal cases that threaten security of the information system;
5. Examining and approving the level of security protection, choosing vital computer information systems, and urging the administrative department of the campus network to do security supervision on the computer information system and the international Internet well;
6. Carrying out other responsibilities stipulated by the law, regulations, and rules.
Article Five: A part-time post of network information security inspector is established under the Leading Group of Informatization. The network information security inspector can carry a permission and inspect the security of all the computer information systems on campus, and the relevant units should actively cooperate, and provide information and materials.
Article Six: The person in charge of the network information of the unit that uses network information is overall responsible for the security administration of the network information of the unit.
Article Seven: Units that use network information should establish the following regulations for security administration:
1. Regulation for responsibility of security administration, defining the responsibilities for security administration of staff members of the unit;
2. Regulation for security protection, safeguarding information security, safety of the facilities of computer network, the system, facilities and operational environment of information, and normal operation of computer functions;
3. Regulation for safe operation, stipulating the limits to the right to operate the network information system, and the procedure;
4. Regulation for security inspection, regularly inspecting condition of the network information system, and timely discovering and handling problems;
5. Other regulations for security administration.
Article Eight: Saving, taking, handling, and transmitting information that belongs to national secret via the network must be protected by correspondent security measures, and the safety of national secret must be assured.
Article Nine: For the network of crucial information system in the confidential departments, high-tech research sectors, and important departments, security administration should be emphatically strengthened.
Article Ten: Networking of the information system of the computers used by units and individuals must be registered at the Network Center according to the regulation. No units or individuals can get networking without permission.
Article Eleven: For the computer information systems that have been networked, In case of changing the configuration information that concerns the security administration of the network information, such as IP address, Network interface, and so on, a change of registration must be done at the Network Center according to the regulation. No units or individuals can change configuration information without permission.
Article Twelve: Places that provide computer services for students must work according to the work schedule stipulated by the university, and cannot extend opening hours without permission.
Article Thirteen: In public internet circumstances, “three definitions” must be carried out, i.e., defining people, defining time, and defining computers. A person using a computer must show his (or her) citizen ID, or student ID, or working ID or other valid credentials, and the administrators are responsible for checking seriously.
Article Fourteen: As for the legal cases occurred with network information, the relevant unit should take measures to prevent proliferation, keep the relevant record, and report to the Leading Group of Informatization Construction of the university within 24 hours.
Article Fifteen: In case of one of the following behaviors, warning or closing down computers and network for rectification will be imposed, and the responsible person of the unit will be called to account when necessary, and the case may be transferred to the public safety if the situation is serious;
1. Violation of the regulations for ranking protection of security of computer information system, and the relevant security rules of this method, threatening the security of computer information system;
2. Violation of the filing system of the international internet of computer information system;
3. Failure to report security accidents of information network as timely as stipulated;
4. Refusing to do improvement before the deadline after receiving notification from the Leading Group of Informatization Construction requiring improvement on security situation;
5. No units or individuals can produce, reproduce, access and disseminate the following information:
(1) Instigation of resistance and destruction of implementation of the Constitution, law and administrative regulations;
(2) Instigation of Subversion of the state power and overthrowing of the socialist institution;
(3) Instigation of splitting the nation and undermining integrity of the nation;
(4) Instigation of ethnic hatred, ethnic discrimination, and undermining national solidarity;
(5) Fabrication or distortion of facts, spreading rumors, and disturbing social order;
(6) Publicizing feudal superstition and obscenity, pornography, gambling, violence, murder, terrorism and abetting crimes;
(7) Blatantly insulting other people or fabricating facts to slander other people;
(8) Damaging reputation of the state organs;
(9) Other violations of the Constitution, law, and administrative regulations;
(10) Affecting the overall situation of the development of the university, being detrimental to the stability and solidarity, and negatively affecting the administration of the university or the units.
6. No units or individuals can undertake the following activities that Jeopardize security of the information security of computer network:
(1) Logging on the computer information system, or using the information resources of the computer network without permission;
(2) Deleting, changing or adding information functions of the computer network without permission;
(3) Deleting, changing, or adding the data saved, processed, or transmitted via computer network and the applied programs without permission;
(4) Deliberatively producing and spreading computer virus to destroy programs;
(5) Other hazards of the security of computer information network.
7. Other behaviors that violate administrative regulations of security of the information network.
Article Sixteen: Each unit is responsible for administering its own pubic networking computer labs and the networking computers in offices well, warning those who have been discovered to have violated the relevant state laws and regulations and the regulations of the university concerning security administration of network information, or imposing administrative punishment to the responsible person of the unit or the persons concerned.
Students spreading reactionary opinions, and browsing pornographic websites should be punished according to the relevant rules of the Stipulation of Student Administration of Yan’an University.
Article Seventeen: Regarding violation of Articles 12, 13, and 14 of this method, warning should be imposed; as for the units and individuals who refuse to do correction, connection to the campus network should be cut off, and punishment should be imposed in accordance with the situation.
Article Eighteen: Violating this method, and using computer information system to save, download, process, or transmit information resulting in divulgence of state secrets should be punished according to the Law of Keeping State Secrets of People’s Republic of China.
Article Nineteen: Violation of the rules of this method that constitutes violation of public safety administration should be punished according to the Regulation for Punishment of Public Safety Administration; those that constitute crimes should be called to criminal account.
Article Twenty: Relevant organs of the university should decide punishment for the behaviors in security administration of network information in accordance with this method. Closing down computers for rectification and cutting off networking are to be handled by the Network Center.
Article Twenty-One: The Network Center, the Publicity Department, the Information Center as implementation organs of the Leading Group of Informatization Construction, and their staff members should handle matters strictly according to the law, and impose administrative punishment to those who have violated the law and are derelict, and call those committed crimes to criminal account.
Article Twenty-Two: The Information Center of the university is responsible for interpreting this method.
