Sun, Jan 07, 2018 - Page 3 News List

Information security drafts finalized

THE SPECIFICS:The drafts set out the details for an umbrella bill on information security, with the Executive Yuan prioritizing the bill for review in the next session

By Lee Hsin-fang  /  Staff reporter

The Executive Yuan has finalized six drafts under an umbrella bill on information and communications security management, which the Cabinet hopes will be passed in the next session, sources said.

The six drafts include enforcement rules on information management, reporting and response rules on information security breaches, guidelines on the determination of responsibility for information security, evaluation guidelines on the enforcement of information safety plans, guidelines on sharing information regarding security and guidelines on commending and punishing public-sector personnel involved in information security incidents.

A clause in the bill proposing that information security authorities be allowed to search civilians’ homes in the case of a major information security breach was removed after it sparked controversy among lawmakers and the Executive Yuan conceded.

Sources said the Executive Yuan has prioritized the bill for review in the next legislative session.

The guidelines for determining the responsibility for security ranks information security breaches on a scale of “A” to “D,” with “A” being the most severe and “D” the least.

The rules for reporting and responding to security breaches mandate protocols for contacting higher-level agencies if a breach should occur and also ranks incidents according to four levels.

Levels 1 and 2 indicate low-level information security breaches, while levels 3 and 4 denote larger-scale hacks that should be reported to the Executive Yuan.

The guidelines for sharing information on security would allow intergovernmental exchanges on information security.

The guidelines for evaluating the enforcement of safety plans would set criteria to be applied when auditing agencies’ compliance to information safety rules, while the guidelines for commending and punishing public-sector personnel would define when merits or demerits are to be given in the wake of security incidents.

The drafts complement the umbrella bill by setting out specifics.

The Department of Cyber Security said it has scheduled 10 hearings on the bill from February onward and would invite academics, experts, legislators and business leaders to attend.

This story has been viewed 2363 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top