|
Article 8
|
Upon becoming aware of a cyber security incident, a government agency shall, within the following timeframes, complete damage-control or recovery operations and notify the notified agency under Paragraph 2, Article 17 of the Act in the manner designated by the competent authority:<br/>1. Within 72 hours after becoming aware of a level 1 or level 2 cyber security incident.<br/>2. Within 36 hours after becoming aware of a major cyber security incident.<br/>After completion of the damage control or recovery operations under the preceding paragraph, the government agency shall continue the investigation and handling of the cyber security incident, and shall submit the investigation, handling, and corrective action report on the cyber security incident to the notified agency referred to in the preceding paragraph within one month, in the manner designated by the competent authority.<br/>The timeframe for submission of the investigation, handling, and corrective action report under the preceding paragraph may be extended with the consent of the notified agency referred to in Paragraph 1.<br/>The investigation, handling, and corrective action report referred to in Paragraph 2 shall include the matters specified in Article 12 of the Enforcement Rules of the Act.<br/>Where the notified agency referred to in Paragraph 1 deems it necessary, or finds any violation of laws or regulations, impropriety, or other matter requiring improvement in the damage-control or recovery operations under the same paragraph or in the report submitted under Paragraph 2, it may require the government agency to provide explanations and make adjustments.
|