Security Policy
1. Basis
(1) President Feng approved the case of "establishing a security mechanism for information infrastructure in China" on August 30, 1989.
(2) The "Plan for Establishing a Security Mechanism for Information Infrastructure in China" adopted by the 2718th meeting of the Executive Yuan on January 17, 1990
(3) On January 28, 1992, the 7th Jobs Group Meeting of the National Asset Security Council reported on the implementation of the second phase of the promotion of the ICT security program.
(4) Article 358, Article 359, Article 360, Article 361, Article 362 and Article 363 of the Criminal Law of the Republic of China.
2. Introduction
With the advent of the information society, the popularization and application of the Internet have become increasingly important, and many government agencies, school units, financial institutions, and private enterprises have successively adopted computer equipment. Processing business through the Internet and providing services to the outside world bring great progress and convenience, but if there is no perfect ICT security protection measures, it is vulnerable to computer hacker invasion or virus infection. , State secret security and social order pose serious threats. In view of this, the promotion of Infocom's security business is a very important Jobs.
3. Purpose
The establishment of the information security mechanism, combined with professional technical manpower, good management system and complete and improved software and hardware protection equipment, and the prevention and monitoring in advance, crisis response and recovery of major disasters, will reduce the damage of information security incidents To the lowest.
4. Organization
(1) Establish a security handling team for this office.
(2) This bureau and its sub-bureaus organize the information communication security communication network.
5. Jobs
(1) Safety prevention:
- Build relevant hardware and software protection equipment such as firewalls, anti-virus walls, intrusion detection systems, anti-virus software, vulnerability scanning systems, anti-hacking software, network management systems and asset management systems
- Off-site backup of important business systems and off-site backup of computer data.
- Transfer ICT safety education and training and train ICT safety technical personnel.
- Execute network vulnerability scans, bug fixes, update virus codes, and network system recovery drills.
- Distinguish the system security level and implement the information security monitoring.
- Implement relevant safety regulations such as information security management, network management and computer room management.
(2) Crisis management:
- Information on internal ICT security incidents is carried out through the ICT Security Notification Network of this bureau.
- Identify the causes of information security incidents, determine the scope of impact and damage assessment, and implement solutions.
- Apply for ICT security notifications online, and determine whether to request technical support from a technical service center.
- In the event of a major disaster information security incident, emergency response measures are implemented, remote backup is enabled to maintain important business operations, and remote backup data is used to quickly restore the system.
(3) Audit Jobs:
- Implement the security check Jobs irregularly every week.
- Every year, the Political Affairs Office, together with the Planning Section Information Section, performs the security audit Jobs (twice in this bureau and once in each branch).