|
ˇ@
Assign appropriate job
responsibilities and
distribution rights and set up
an evaluation
and examination system and if
necessary, a mutual support
system for personnel who
handle sensitive or secret
information or whose job
requires them to have system
administration rights.
Deal with personnel who take
leave, retire, or are suspended
in accordance with the
established procedure for such
cases and immediately withdraw
their access rights to
the various system resources.
Provide information security
education and training to
personnel at different levels
based on their role and
function. To improve knowledge
of information security and
observance of security
regulations, encourage personnel
to gain an understanding of
the importance of information
security and potential security
risks.
Establish a procedure to handle
information security events and
assign relevant
personnel with the
responsibility to deal rapidly
and effectively with information
security events.
Establish a change management
reporting mechanism for
information infrastructure
and systems to avoid security
leaks.
Carefully handle and protect
personal information in
accordance with provisions of
the Computer-Processed Personal
Data Protection Act.
Set
up a system backup facility to
perform regular backups of
necessary information
and software to ensure speedy
recovery of normal operation
during breakdowns or
storage media failures.
Install a firewall to control
transfer of internal network
data and access from outside
networks and establish a
rigorous identification
procedure.
Do
not store confidential and
sensitive data and files in a
system open to the outside
world. Do not e-mail
confidential files.
Conduct regular internal network
data security and virus checks,
and update virus
definitions and other security
measures.
-
System access control
management
Depending on operating system
and security management
requirements, set up a
password confirmation and
modification procedure and keep
a record.
Assign access rights to
personnel of all levels
depending on job requirements.
Account
numbers and passwords to
restrict access must be
distributed by system
administrators
and changed on a regular basis.
|
