|
 |
Purposes |
|
|
|
|
• |
The operation
guidelines is
stipulated to
enhance information
management in
different
departments and
establish a safe and
reliable
e-organization to
safeguard the
security of
information, system,
equipments, and
network.
|
|
|
|
|
• |
These operation
guidelines are made
in accordance with
“Information
Security Management
Essentials of the
Executive Yuan and
Its Subordinating
agencies”
with reference to
related laws and
regulations, such as
“Act of Computer
Processing of
Personal Data”
and the “National
Secret Protection
Law”
etc.
|
|
|
|
Definitions |
|
|
|
|
• |
It is the purpose of
information security
to ensure the
accuracy of data
processing, the
operators’ loyalty,
the reliability of
office machines
(including computer
software and
hardware,
peripherals, etc)
and the network. In
addition, it also
safeguards the
abovementioned
resources to be free
of interference,
damage, intruding,
or any other
malicious behavior
and intentions.
|
|
|
|
|
• |
The organizations
enumerated in the
operation guidelines
refer to all the
sections and
offices, and Chimei
Airport and Wanan
Airport.
|
|
|
|
|
• |
The information
security policy
mentioned in the
operation guidelines
refers to the
regulations,
measures, standards,
norms and codes of
practice of
information security
management
stipulated to
fulfill the goals of
information
security.
|
|
|
|
|
Scope of Information
Security |
|
|
|
|
|
• |
There are ten major
items in information
security:
stipulation and
evaluation of
information
security,
organization and
responsibility of
information
security, security
management and staff
training, security
management of
computer system,
network security
management, system
access control,
system development
and safety
maintenance
management, security
management of
information assets,
hardware and
environmental
security management,
sustaining operation
and planning
management.
|
|
|
|
|
Evaluation of
Information Security
Policy |
|
|
|
|
|
• |
The operation
guidelines should
undergo independent
and objective
evaluation every
year to reflect the
information security
management policy,
law, technology of
the government and
the latest
conditions of the
business units to
ensure the practical
operation of
information
security, and the
validity and
applicability of the
practices of
information
security.
|
|
|
|
|
• |
The assessment of
the operation
guidelines will be
conducted with the
means of information
security to relevant
units or personnel
regularly or
irregularly. The
contents include:
information
facilities and
system provider,
information and
information owners,
users, managers,
webmasters, and
other related
personnel.
|
|
|
|
|
• |
The information
owners should assess
and evaluate the
software and
hardware regularly
regarding the safety
to meet the security
standard. The
objects of
evaluation should
include the
evaluation of
operation system, to
ensure the accurate
and effective
implementation of
the software and
hardware.
|
|
|
|
|
• |
The units utilizing
information security
system should
cooperate to conduct
the information
security assessment
and to evaluate if
the personnel obeys
to the policy and
other related rules
and regulations of
information
security.
|
|
|
|
|
• |
Promotion of
Information Security
Policy and
Regulations:
1. Rules and
regulations related
to the role played
and the
responsibilities
taken by the
information security personnel are all
enumerated in the
operation manual.
2. For the personnel
that violates
related rules and
regulations for
information security
will be penalized with the due process of law.
|
|
