Discussion on the Habitual Violation of Information Security in County-level Power Supply Enterprises

Abstract: With the continuous development of information construction of county-level power supply enterprises, information security issues are becoming more and more important, and as equipment, network users, some of their own bad habits will unknowingly bring hidden dangers to the entire information network and even accidents. This paper analyzes and expounds the characteristics, performance, causes and preventive measures of habitual violations, and reminds enterprises and individuals to put an end to violations and ensure safety.

First, the definition and characteristics of information security habitual violations.

Habitual violation belongs to the category of behavioral violation. The so-called habitual violation refers to those who stick to the old bad operation tradition and work habits and violate the safety work regulations.

There are many forms of habitual violation, which can be divided into the following three types according to the nature of the violation:

1. Habitual violation of command.

2. Habitual illegal operation.

3. Violation of labor discipline.

The information security habitual violation refers to the use of information systems or maintenance personnel in the process of operating the information system to develop a violation of information security procedures of the habitual bad behavior.

Information security habitual violations have the following characteristics:

1. Has a strong obstinacy. Generally speaking, people's habituation is related to their own psychological physiology, education level, temperament, environment and other factors. Once a habitual action mode is formed, it is often not easy to correct. As long as their safety psychology and work attitude remain unchanged, habitual violations will occur repeatedly, unless the perpetrator is punished by the accident, it will attract enough attention.

2. It is easy to make people lose their due vigilance. The habitual violation of information security belongs to the operation violation behavior, which is a kind of "operation procedure" accepted by a certain group. Its concealment can not be seen through at a glance, and the harm is not recognized. As time passes, the habit becomes natural, which makes the employees regard this violation as "correct" operation, and then lose their vigilance.

3. Has a wide range of dissemination, easy to influence others. Some employees' bad habits and behaviors not only affect their own safety production, but also affect the surrounding employees. If this situation is not stopped in time, it is easy for other employees to follow suit. In particular, some new employees do not know the consequences of violating the rules and regulations. When they see the old employees in the class doing this, they blindly follow the rules and regulations, which is very easy to form habitual violations.

4. It is an inevitable factor that causes information security incidents. Habitual violation is a kind of bad behavior. It is essentially a blind behavior that violates the objective laws of safe production, or does not know it, or does whatever it wants, but it is used to it. This habit itself is a potential accident. If the conditions are ripe, it can easily be transformed into an information security accident.

5. It is a long-term violation of regulations, and it does not occur occasionally in one person, but occurs repeatedly in most people. The frequent violation of regulations has a certain hindrance to the safety management mechanism. Employees with habitual violations usually have a psychological adverse effect on the standard safety regulations and new regulations. They always think that their habitual methods are easy to use and effective, and the results will inevitably seriously hinder the implementation and implementation. If the production management cadres stick to the wrong illegal command habits, lack of new safety thinking mode, new safety concept and new safety management mechanism to learn or do not accept or understand poorly, it is bound to hinder the application of new safety thinking and the implementation of new management mechanism.

Second, the main performance of information security habitual violation

In the county-level power supply enterprises, habitual violations are mainly manifested in the following aspects:

1. Management level: First, there is no publicity about the harm of habitual violation of information security. Second, the violation is not corrected. Third, there are habitual violations at their own level. For example, unsupervised operation, unbacked up data, installation of pirated software, unidentified software downloaded on the Internet, failure to encrypt important information files, failure to clean up data saved by scrapped and idle computers in time, establishment of file sharing by intranet computers for intra-network data exchange, failure to adjust application system permissions in time according to post changes, etc.

2. User level: First, the awareness of information security is not strong, the most basic such as computer password setting empty or simple setting, leaving the computer to start the screen saver with password, etc. Second, they have no awareness of illegal behavior and always think that their behavior is the same as everyone else's, which is correct. The third is the lack of understanding of the consequences of violations, and it is not clear that information leakage is already an illegal act.

Causes of Habitual Violation of 3. Information Security

1. Lucky psychology. The common reason is that they always think that their computers do not store any important information, and others will not use their computers by chance. So as to freely expose their computers to the network.

2. Inert heart. This kind of employee's idea is that the preventive measures are too troublesome, the password is easy to remember, just set it casually and simply, after getting used to it, the passwords of the internal network and the external network will be set to the same or left blank, which is very easy to be used by network hackers and deduce all kinds of "door" events.

3. Discursive psychology. What work is so-so, careless, habitual, treatment of information security, of course, is no exception. This kind of person is not serious about the work environment he is engaged in, and he works carelessly, but he does not know that once a certain condition is met, it will lead to accidents.

4. Blind psychological. In the actual operation process, I knew that there were violations, but I believed that the law did not blame the public. Everyone else did this without an accident. I followed the crowd and would not have an accident. I was not aware of the hidden dangers and dangers of accidents. Finally, it is very likely to become the person responsible or victim of the accident caused by the violation.

IV. Prevention of Habitual Violations of Information Security

Anti-information security habitual violations cannot be achieved by one department or a few people alone. The key lies in leaders at all levels, the focus is on grass-roots teams and groups, and the central link is employees. Only by establishing the awareness that everyone is responsible for preventing and controlling habitual violations for a long time, mobilizing all staff, strengthening supervision and control, grasping and managing at all levels, and finally forming a good atmosphere of abiding by rules and disciplines and creating a good situation of information security. For the time being, the following should be done:

One is to strengthen staff training. Some legal knowledge about computers and networks should be publicized so that employees can understand and be familiar with them, such as regulations such as "China Information system Security Protection regulations" and "measures for the Administration of Security Protection of Computer Information Network International Networking". Cultivate good legal awareness, and at the same time combine information security cases to enhance employees' awareness of prevention.

Two is to formulate and strictly implement the safety management rules and regulations. Including access to the computer room system, computer room health management system, on-the-job personnel responsibility system, computer room maintenance system, emergency plans, etc.

Three is the establishment of investigation mechanism. Regular or irregular security routine inspections of computer systems must be recorded and implemented to avoid mere formality. As long as the illegal behavior is found in the work, it should be stopped in a timely manner and ordered to correct. For those who do not listen to advice, compulsory measures can be taken, such as stopping their work, suspending their studies, and training without pay. If we want to find one, stop one and correct one, we would rather listen to the scolding in advance than the crying afterwards, and never do it again. Only by strict supervision, strict management, strict requirements, increased assessment and punishment, it is possible to eradicate habitual violations and effectively control violations.

The fourth is to create a good information security atmosphere. Anti-habitual violations need to create a good information security atmosphere, to make full use of a variety of propaganda means to build up the "information security is equal to production safety" values and codes of conduct, to strengthen the awareness of all employees of information security production, so that every management cadre and worker can consciously use the "safety first" production thought, the "safety first" technical ability, the "safety first" production command principle, and the "safety first" cooperation spirit to regulate their own behavior.

The above is my understanding of the county power supply enterprise information security habitual violation. Call on unit decision makers not only to attach great importance to it ideologically, but also to give strong support in action, including financial and human resources. Only in this way can it be possible to ensure the safe use of network information by unit users and the protection of personal information.