:::Skip to main content
Home Site Map 中文版 Contact US FAQs Bilingual Glossary RSS
  • font size
    A A A
:::
font size small icon font size medium icon font size large icon Share information to Facebook Forwarding information by email Pop-up print setting
Cyber Security Policy of National Property Administration, Ministry of Finance

I. Basis

1.Cyber Security Management Act

2.Enforcement Rules of the Cyber Security Management Act

II. Purpose

The policy is hereby set for the fortification of cyber security management; establishment of safe and reliable electronic

government; assurance of information, system, equipment, and internet security; and protection of the public's rights.

III. Cyber security policy

The cyber security policy of the National Property Administration (NPA) is ‘Cyber security is the responsibility of all’.

Each colleague must be familiar with and follow the cyber security protocol and concretely implement the protection

of information equipment and system in order to ensure the cyber security of the NPA.

IV. Definition of cyber security

It denotes the prevention of the information system or the information from unauthorized access, use, control, leak,

sabotage, change, destruction, or other forms of intrusion to ensure the confidentiality, integrity, and usability thereof.

V. Goal of cyber security

1. To ensure the confidentiality, integrity, and usability of the business information.

2.To ensure the effectiveness and continuity of the business information operations.

3. To ensure that cyber security measures comply with requirements of the policy and laws.

4. To ensure the proper protection and utilization of personal information.

5. To establish the concept of ‘Cyber security is the responsibility of all; cyber security protection begins with me;

     security when using information is top priority’.

6. The occurrence of cyber security events will be no more than 3 per year.

7. Each person should receive 3 hours or more of general cyber security educational training per year.

VI.  Principles and standards of cyber security

1. Each rule of the NPA’s cyber security management must comply with the related laws and regulations of the

    government (for example: the Criminal Code, the Classified National Security Information Protection Act, the

    Patent Act, the Trademark Act, the Copyright Act, and the Personal Information Protection Act).

2.The personnel of the NPA must receive cyber security educational training related to the job and be familiar with

    the duty of cyber security of the job.

3.Cyber security monitoring, reporting, and response mechanisms must be established in order to ensure the

    immediate processing of cyber security incidences.

4.Continued operational plan must be set. Regular drills must be held in order to ensure the continuance of business

    operations.

5. The policy requires an assessment at least once a year and shall be revised as necessary in order to reflect the

     up-to-date development status of the government’s cyber security management policy, laws and regulations,

     technology and business and ensure the feasibility and effectiveness of cyber security practice.

6. The policy herein must be in written, electronic, or other formats to notify the personnel of the NPA and public,

     private agencies (institutions) that have business with the NPA, and companies that provide information services to

     comply with said policy.

VII. Scope of cyber security

       The scope of cyber security is as follows. The relevant departments and personnel must set related protocols or

       implementation plans based on the following items and review the results on a regular basis:

1. Personnel security management.

2. Computer system security management. 

3. Internet management and access protocol. 

4. Access control management. 

5. Application system development and maintenance security management. 

6. Information asset security management. 

7. Real and environment security management. 

8. Continued operations management. 

9. Cyber security maintenance and audit/verification management. 

VIII. Cyber security organization

1.Establishment of cyber security organization

          The deputy supervising chief of the information business will be the Chief Cyber Security Officer and responsible

          for promoting and supervising cyber security related affairs while also establishing cross-departmental ‘cyber

          security handling unit’ which will coordinate  cyber security policy, planning, resource dispatchment and other items.

2. Division of labor in the cyber security organization

      (1)The principles of division of labor of cyber security organization are as follows:

                1. The study on cyber security, planning, measures, and technical protocol, and the research, construction, and

                     assessment of security  technology are to be spearheaded by the information department.

                2. The study on data and information system security, usage control and protection are the responsibility of

                     related  departments.

                3. The maintenance and audit of information confidentiality are the responsibility of the internal affairs office and

                     related departments and units.

    (2)Establish exclusive personnel for cyber security based on the Regulations on Classification of Cyber Security

              Responsibility Levels.

    (3)Shall there be insufficient manpower, ability and experience in cyber security, experts, scholars, organizations or

              groups may be consulted to provide consulting services.

    3.The connection between responsible agency and party of interest

    (1)Maintain appropriate connection to related responsible agency and party of interest.

             (2)Implement cyber security intelligence sharing according to the Cyber Security Information Sharing Regulations.

IX. Responsibilities

1. The personnel of the NPA must abide by the laws and regulations of the Classified National Security Information

    Protection Act, the Cyber Security Management Laws and its branch laws and the Personal Information Protection

    Act, Points on Information Security Management of Executive Yuan and Affiliated Agencies, and various operational

    protocols of the NPA.

2. Each department and unit supervisor is responsible for abiding, supervising, and executing the policy herein and

    related operational protocols.

X. Rewards and disciplinary actions

1. Personnel who perform well in the execution of cyber security operations will be rewarded according to ‘National

    Property Administration, Ministry of Finance and Affiliated Agency Personnel Discipline Regulations’ and

   ‘Regulations   on Working Temporary Personnel’.

2. Personnel who violate the cyber security regulations will be punished according to ‘National Property Administration,

    Ministry of Finance and Affiliated Agency Personnel Reward and Punishment Regulations’ and ‘Regulations on

    Working Temporary Personnel’; persons who violate provisions prescribed in Article 2 of ‘Public Functionaries

    Discipline Act’ shall be processed according to Article 19 of said Act;persons suspected to have violated the

   ‘Criminal Code’ shall be moved to  judicial agency for investigation; persons involved in national restitution will be

    held accountable for damages according  to the ‘State Compensation Law’.

3. Non-NPA personnel having violated the cyber security regulations will be held accountable for criminal and civil

    responsibilities. 

XI. Cyber security emergency event processing mechanism

      In the event of a cyber security event, it shall be handled and processed according to the reporting and response

      operational protocol of the NPA.

XII. Related documents and forms

1. Related documents

(1) 2A01 National Property Administration, Ministry of Finance Personnel Security Management Protocol.

(2)  2B01 National Property Administration, Ministry of Finance Computer System Security Management Protocol. 

(3) 2C01 National Property Administration, Ministry of Finance Internet Management and Usage Protocol.

(4) 2D01 National Property Administration, Ministry of Finance Access Control Management Protocol. 

(5) 2E01 National Property Administration, Ministry of Finance System Development and Maintenance Security

      Management Protocol. 

(6) 2F01 National Property Administration, Ministry of Finance Information Asset Security Management Protocol. 

(7) 2G01 National Property Administration, Ministry of Finance Real and Environment Security Management Protocol. 

(8) 2H01 National Property Administration, Ministry of Finance Continued Operations Management Protocol. 

(9) 2I01 National Property Administration, Ministry of Finance Cyber Security Maintenance and Audit Control Protocol. 

(10) 3001 National Property Administration, Ministry of Finance Points on Establishment of Cyber Security Processing

         Unit.

2. Forms used

         (1)4001 National Property Administration, Ministry of Finance 4-stage Cyber Security Document Table. 

XIII. Attached regulations

       The policy herein is enforced at the time of approval by the Director-general; same applies to revisions. 

Release date:2020-08-28 Last updated:2022-11-21