Information Security Policy Declaration
|
Information Security
Policy Declaration for the Website of Penghu
Aurport, Civil Aviation Administration,
Ministry of Transportation and Communication. |
|
- The operation guidelines are stipulated
to enhance information management in
different departments and establish a safe
and reliable organization to safeguard the
security of information, systems, equipment,
and the network.
These operation
guidelines are made in accordance with
“Information Security Management
Essentials of the Executive Yuan and Its
Subordinating Agencies”
with reference to
related laws and regulations, such as “Act
of Computer Processing of Personal Data” and
the “National Secret Protection Law.”
|
|
- It is the purpose of information
security to ensure the accuracy of data
processing, the operators’ loyalty, the
reliability of office machines (including
computer software and hardware, peripherals,
etc) and the network. In addition, it also
safeguards the abovementioned resources to
be free of interference, damage, intrusion,
or any other malicious behavior and
intentions.
The organizations
enumerated in the operation guidelines refer
to all the sections and offices, Chimei
Airport and Wanan Airport.
- The information security policy
mentioned in the operation guidelines refers
to the regulations, measures, standards,
norms and codes of practice of information
security management stipulated to fulfill
the goals of information security.
|
- Scope of
Information Security
|
- There are ten major items in information
security: stipulation and evaluation of
information security, organization and
responsibility of information security,
security management and staff training,
security management of computer systems,
network security management, system access
control, system development and safety
maintenance management, security management
of information assets, hardware and
environmental security management,
sustaining operation and planning
management.
|
- Evaluation of
Information Security Policy
|
- The operation guidelines should undergo
independent and objective evaluation every
year to reflect the information security
management policy, law, technology of the
government and the latest conditions of the
business units to ensure the practical
operation of information security, and the
validity and applicability of the practices
of information security.
The assessment of the
operation guidelines will be conducted with
the means of information security to
relevant units or personnel regularly or
irregularly. The contents include:
information facilities and system provider,
information and information owners, users,
managers, webmasters, and other related
personnel.
The information owners should assess and
evaluate the software and hardware regularly
regarding the safety to meet the security
standard. The objects of evaluation should
include the operation system, to ensure the
accurate and effective implementation of the
software and hardware.
The units utilizing
the information security system should
cooperate to conduct the information
security assessment and to evaluate if the
personnel obey the policy and other related
rules and regulations of information
security.
Promotion of
Information Security Policy and Regulations:
1.Rules and
regulations related to the role played and
the responsibilities taken by the
information security personnel are all
enumerated in the operation manual.
2.Personnel who violate related rules and
regulations of information security will be
penalized with the due process of law.
|
|