近日，备受关注的四川眉山高考志愿被篡改案已成功告破，3名犯罪嫌疑人分别以涉嫌非法提供公民个人信息罪或侵犯通信自由罪，被公安机关拘留。经警方查证，此案是典型的内鬼勾结外校招生人员，涉案中学的副主任将学生密码信息泄露给某校招生人员，由此引出这一被篡改闹剧。除了四川眉山，河南、广东湛江等地也相继曝出考生志愿被篡改事件。这一系列事件反映出，我国教育行业内网信息安全方面存在很大的漏洞。

recently，Concern about the university entrance exam of meishan sichuan tampered case has successfully volunteer GaoPo，Three suspects were suspected of illegally provide citizens with personal information sin or correspondence freedom encroachment crime，By the public security organ in detention。The police check，The case is typical in the ghost finally collusion admissions officers，Involving the deputy director of the middle school students will leak out to password information instruction admissions officers，Drawn out the tampered farce。In addition to sichuan meishan，henan、Guangdong zhanjiang, also have to expose the examinee volunteer tampered events。This reflects a series of events，China education network information security industry have a lot of holes。

实际上，近些年来曝光的信息泄密事件不只发生在教育行业，在 IT业、金融业、通信业、政府机关等企事业单位都曾经多次曝出内部人员泄密案例。在今年的3.15晚会上，央视新闻更是曝光国内多家大型银行内部人员私自出售用户个人信息的现象。

In fact，In recent years the exposure information leak happened in education industry not only，In the IT industry、Financial industry、Telecommunication industry、The government institutions and enterprises and institutions have many internal personnel to expose the leak case。In this year's 3.15 party，CCTV news is exposure the domestic many large-scale bank internal personnel who sell the phenomenon of customer information。

其实从技术上说，所有的这种内部人员泄密事件都没有太多技术含量，可为什么会有如此多泄密事件发生？溢信科技作为我国最早从事内网安全领域的企业，国内领先的专业内网安全解决方案提供商，它认为，企事业单位经常发生内部人员泄密事件重要原因，就是信息安全意识不足，没有做好内网安全的相应防护措施，甚至有些连基本技术监控都做不到。

In fact from technological said，All this internal personnel are not leak too much technology content，But why do so many leak happened？Science and technology as the first letter spill in China in the field of network security in enterprise，The domestic leading professional network security solution provider，It said，Enterprises and institutions often happen internal personnel leak important reasons，Information security consciousness is insufficient，Not ready to the safety of network protection measures accordingly，Even some even basic technology monitoring can't do。

如何突破信息安全瓶颈？溢信科技认为，企事业单位内部的信息安全，应该着重做好三方面的工作。而且这三方面必须保持平衡，不能重此忽彼。只有三方面都得到有效的执行，才能从整体上提高内部的信息安全防护水平。

How to break through the bottleneck information security？Excessive believe that science and technology，Enterprise or business unit interior the information security，Should be emphasized on three aspects。And the three aspects to balance，This can not be heavy, 1 pet。Only three aspects are carried out effectively，To improve overall internal information safety protection level。

意为拳先

Means boxing first

首先要提高企业人员的信息安全意识，这里可以根据企业实际情况，采取多种形式，加强对全体人员的安全意识培训，尤其是中基层人员。培训最重要的目的就是让每个人都非常清楚地了解自己的权利与责任，公司这方面的奖励与惩罚等。

First of all to improve the enterprise personnel information safety consciousness，The enterprise according to the actual situation here，To take a variety of forms，To strengthen the safety awareness of all personnel training，Especially in the personnel。Training the most important the purpose is to let the everyone very clearly aware of their rights and responsibilities，The company rewards and punishment, etc。

同时企事业单位应该定期进行信息安全意识测评，根据反馈及时调整公司的安全策略。为了使安全策略体系化，可参考目前世界通行的信息安全标准如ISO27001。

At the same time enterprise or business the unit should be periodically information safety consciousness assessment，According to the feedback timely adjustments in the company's security strategy。In order to make security strategy systemization，The world can be reference information safety standards such as traffic ISO27001。

动则有度

Move is regularly

其次要建立完善的信息安全管理制度。对于权责与奖励，不能只是悬挂在脑海里，还要落实到文字。企事业单位需要根据各部门的安全需求，制订详细的信息安全管理文档，并以方便阅读的形式呈现在大家面前，使大家每天都能够接触到，而不是束之高阁。

Second set up perfect information security management system。For accountability and reward，Can't just hanging in the mind，To implement to text。Enterprises and institutions need according to each department's security needs，Formulate detailed information security management documentation，And for the form of reading to present in front of everyone，We can access to every day，Not on the shelf。

当公司内部发生变动时，管理人员要及时对相关同事的信息权限进行调整，否则就有可能发生不该发生的事情，比如辞职时利用职务之便将公司的机密拷贝到自己的U盘中。

When the company internal change，Management personnel should promptly to related colleagues information access adjustment，Or it could happen shouldn't happen，Such as resignation take advantage of their positions and corporate secrets copy to their own U plate。

公司内部信息外发时，要遵循合理的审批流程，确保信息的安全性。比如在银行内部，往往将业务网与普通的办公网进行物理隔离，而业务网中的文件需要向外传播时，必须通过管理人员的严格审查。

The company internal information when evaluate，To follow the reasonable examination and approval procedure，To ensure the security of information。For example in the bank inside，Often YeWuWang and common office will be conducted physical isolation，And YeWuWang files in the need to spread outside，Must through the management scrutiny。

三路齐出

All three way out

最后要运用技术手段建立信息安全防护体系。在许多传统行业中，往往连最基础的信息安全防护措施都没有。如最近曝光的兰州孕妇信息泄露事件中，某些部门内部人员可以通过即时通讯工具和移动存储设备轻易地就将孕妇信息带出。那要如何建立体系化的信息安全措施？企事业单位可以：

The last to use technology to establish information safety protection system。In many traditional industries，Even the most basic information often safety protective measures are not。Such as the latest information of the exposure of lanzhou pregnant women in the leak，Some department internal personnel can through the instant communication tools and mobile storage equipment is easy to pregnant women with the information。That is to how to establish the style of information security measures？Enterprises and institutions can：

1、要确保对机密信息相关的计算机操作能够进行审计，这一方面使得安全事件发生时能够有迹可查，另一方面能形成一股强大的威慑力，让泄密行为不会轻易出现。

1、Ensure that the confidential information related to the audit computer operation，On the one hand, make security event happens to have the mark to check，On the other hand can form a powerful deterrent capability，Let the leak behavior will not appear easily。

2、对公司内部存在的各种信息传播渠道，如电子邮件、U盘等，设置安全控制策略。通过对外发文件的名称、附件、大小等进行限制，可大幅降低信息泄露的机率。

2、Inside the company for existing all kinds of information transmission channels，Such as email、U plate and，Set safety control strategy。The name of the file through foreign hair、accessories、Limits on the size, etc，Can dramatically reduce the probability of information disclosure。

3、对核心机密进行强制加密，即使信息泄露也无法正常打开。利用加密还可以实现丰富的文档权限管理功能，如溢信科技备受客户推崇的产品IP-guard，其加密功能不仅可以使文档时刻处于加密状态，并且对文档的使用权限、文档外发、离线办公等都能进行精细的管理。

3、Confidential information in the core of compulsory encryption，Even if the information leakage also cannot normal open。Use of encryption can also achieve the rich document rights management function，Such as excessive believe technology customer praise highly products IP-guard，The encryption function can not only make the document moment in encrypted form，And the document access、Document evaluate、Offline office can for fine management。

溢信科技表示，目前我国大多数企事业单位信息安全意识仍很薄弱，虽然明白客观上可能存在着各种泄密风险，但是并没有引起高度重视。溢信科技在与许多企事业单位的接触中发现，目前信息安全方案的主要推进动力主要还是来源于政府，多数企事业单位只有看到同行、合作者，甚至是自己遭遇到了泄密事件，才会深刻感觉到内网安全的重要性，开始采取措施如购买IP-guard来实施内网安全防护。安全稳定是企事业单位发展的关键因素之一，俗话说，小心使得万年船，在网络环境越来越复杂的今天，企事业单位只有高度重视内网信息安全，提前做好各项防御工作，才能让自己走的更远更稳。

Excessive believe technology said，At present our country most enterprise or business the unit information safety consciousness is still very weak，Although understand objectively there might be all kinds of leak risk，But didn't the attention。Overflowing with many enterprises in letter technology unit in the contact of discovery，At present the main information security scheme of power is main or from the government，Most enterprise or business the unit only see together、partners，Even his encounters leak，Will feel the importance of the network security deep，Began to take measures such as buying IP-guard to the implementation of the network safe protection。The safety and stability of the enterprises and institutions development is one of the key factors，As the saying goes，Be careful makes ten thousand ship，In the network environment more and more complex today，Enterprise or business the unit only pay high attention to the network information security，The defense work well in advance，To let yourself go further and more stable。