table of Contents
Overview
Emergency response usually refers to an organization's preparations for the occurrence of various accidents and the measures taken after the incident. Its purpose is to reduce the losses caused by emergencies, including the lives and property losses of the people, the economic losses of the state and enterprises, and the corresponding adverse social effects. The problems dealt with by emergency response are usually public emergencies or major security incidents. Minimize losses by implementing contingency plans for various public emergencies launched by governments or organizations. Emergency plan is a complex and systematic emergency response plan, including plan management, emergency action plan, organization management, information management and other links. The relevant executive bodies include emergency response-related responsible units, emergency response commanders, emergency response implementation organizations, and the parties involved in the incident. In order to prevent and defuse major security risks, improve the public safety system, integrate and optimize emergency response forces and resources, and promote the formation of an emergency response management system with Chinese characteristics that integrates command, specialization and regularity, responsiveness, upper and lower linkage, and peace and war, and improves disaster prevention , Disaster reduction and disaster relief capabilities to ensure the safety of people’s lives and property and social stability.
In March 2018, the Ministry of Emergency Management of the People's Republic of China was formally established. Its main responsibilities include: organizing the preparation of national emergency plans and plans, guiding all regions and departments to respond to emergencies, and promoting the construction of emergency plan systems and plan drills. Establish a disaster report system and uniformly release the disaster situation, coordinate the construction of emergency forces and material reserves and uniformly dispatch during disaster relief, organize the construction of a disaster relief system, guide the emergency rescue of safety production and natural disasters, and undertake the state's command of responding to particularly major disasters. Guide the prevention and control of fires, floods, droughts, and geological disasters. Responsible for the comprehensive supervision and management of production safety and the supervision and management of production safety in the industrial, mining, commerce and trade industries.
Network security and informatization are the two wings of one body and the two wheels of driving. Cyber security has become a national strategy and has become the core of building a cyber power. General Secretary Xi Jinping pointed out in 2014: Without network security, there would be no national security, and without informationization, there would be no modernization. At the 2018 National Cyber Security and Informatization Work Conference, it was once again emphasized: Without cyber security, there would be no national security, there would be no stable economic and social operation, and the interests of the broad masses of people would not be guaranteed. Network security issues are no longer simply security issues in the field of Internet technology, but are closely related to economic security and social security, and even national strategic issues related to military, diplomatic and other national economy and people’s livelihood. Network security means that the hardware and software of the network system and the data in the system are protected from being damaged, altered, or leaked due to accidental or malicious reasons, ensuring the continuous, reliable, and normal operation of the system, and the uninterrupted network services. In the face of various new and strange viruses and countless security vulnerabilities, it has become an inevitable need for the development of an information society to establish an effective network security emergency system and make it continuous.
Cybersecurity emergency response refers to monitoring, analyzing, coordinating, processing, and protecting asset safety for security incidents that have occurred or may occur. Network security emergency response is mainly for people to have an understanding and preparation for network security, so that they can respond in an orderly manner and properly deal with unexpected network security incidents. When an exact network security incident occurs, emergency response personnel should take timely actions to limit the scope of the incident’s spread and impact, and prevent potential losses and damages. Implementers should assist users in inspecting all affected systems, and on the basis of accurately determining the cause of security incidents, propose an overall solution based on security incidents, eliminate system security risks, assist in tracing the source of the incident, and assist in subsequent treatment. The country attaches great importance to network security, and institutions and enterprises are facing more and more complex network security issues, making emergency response work very important.
Emergency response work
Mainly include the following two aspects:
First, take precautions, that is, make preparations before an incident occurs. For example, conduct risk assessment, develop safety plans, conduct safety awareness training, issue safety notices for early warning, and various other preventive measures.
Second, to make up for it, that is, the response measures taken after the incident, the purpose of which is to minimize the loss caused by the incident. These actions may come from people, or they may come from the system.
For example, after an incident is discovered, emergency measures are taken to perform system operations such as system backup, virus detection, backdoor detection, virus or backdoor removal, isolation, system recovery, investigation and tracking, and intrusion forensics . The above two aspects of work are complementary to each other. First of all, pre-planning and preparation can provide a guiding framework for the response actions after the incident. Otherwise, the response actions may fall into chaos, and the unstructured response actions may cause greater losses; secondly, the post-event response may find that The inadequacy of the advance plan allows us to learn lessons and further improve the safety plan. Therefore, these two aspects should form a positive feedback mechanism to gradually strengthen the organization's safety precaution system. Cybersecurity emergency response requires institutions and companies to consider technology, management, and law in practice to ensure that emergency response to cybersecurity incidents is orderly, effective, and effective, and to ensure that the losses of the institutions and companies involved are minimized , While deterring the perpetrators. Cyber security emergency response is to require emergency response implementers to have a clear understanding of network security, make predictions and preparations, so as to respond in an orderly manner and properly handle emergencies in the event of network security incidents.
