Chapter I. General Provisions |
| Article 1 | These Regulations are stipulated in accordance with Paragraph 4 of Article 10, Paragraph 4 of Article 17 and Paragraph 4 of Article 24 of the Cyber Security Management Act (hereinafter referred to as “the Act”). |
Info |
| Article 2 | Cyber security incident is classified into four levels.
The cyber security incident occurred to the government agency or the specific non-government agency (hereinafter referred to as “each agency”) under any of the following circumstances is the level-1 cyber security incident:
1. Minor breach of non-core business information.
2. Minor alteration of non-core business information or non-core information and communication sys-tem.
3. Impact on or interruption of non-core information and communication system operation which may be recovered within tolerable interruption time, resulting in impact on daily operation of each agen-cy.
The cyber security incident occurred to each agency under any of the following circumstances is the lev-el-2 cyber security incident:
1. Serious breach of non-core business information or minor breach of core business information not involving the maintenance and operation of critical infrastructures.
2. Serious alteration of non-core business information or non-core information and communication system, or minor alteration of core business information or core information and communication system not involving the maintenance and operation of critical infrastructures.
3. Impact on or interruption of non-core information and communication system operation, which cannot be recovered within tolerable interruption time, or impact on or interruption of core information and communication system operation not involving the maintenance and operation of criti-cal infrastructures, which may be recovered within tolerable interruption time.
The cyber security incident occurred to each agency under any of the following circumstances is the lev-el-3 cyber security incident:
1. Serious breach of core business information not involving the maintenance and operation of critical infrastructures, or minor breach of confidential information of general official affairs or core business information involving the maintenance and operation of critical infrastructures.
2. Serious alteration of core business information or core information and communication system not involving the maintenance and operation of critical infrastructures, or minor alteration of confiden-tial information of general official affairs, or core business information or core information and communication system involving the maintenance and operation of critical infrastructures.
3. Impact on or interruption of the operation of core information and communication system not in-volving the maintenance and operation of critical infrastructures, which cannot be recovered within the tolerable interruption time, or impact on or interruption of the operation of core information and communication system involving the maintenance and operation of critical infrastructures, which may be recovered within tolerable interruption time.
The cyber security incident occurred to each agency under any of the following circumstances is the lev-el-4 cyber security incident:
1. Serious breach of confidential information of general official affairs, or core business information involving the maintenance and operation of critical infrastructures, or the breach of classified na-tional security information.
2. Serious alteration of confidential information of general official affairs, or core business information or core information and communication system involving the maintenance and operation of critical infrastructures, or the alteration of classified national security information.
3. Impact on or interruption of core information and communication system involving the mainte-nance and operation of critical infrastructures, which cannot be recovered within tolerable interrup-tion time. |
|
| Article 4 | Each agency shall stipulate the operational regulations on the notification of the cyber security incident, the content of which shall include the following matters:
1. The process and the accountabilities of judgment and determination of levels of the incident.
2. Assessment of the impact scope and damage degrees of the incident and the response abilities of the agencies.
3. The process of internal notification on the cyber security incident.
4. The method of notification to other agencies impacted by the cyber security incident.
5. The exercises under the preceding four subparagraphs.
6. The contact window and methods of notification of the cyber security incident.
7. Other matters relating to the notification of the cyber security incident. |
|
| Article 5 | Each agency shall stipulate the operational regulations on the response of the cyber security incident, the content of which shall include the following matters:
1. The organization of the response team.
2. The exercise prior to the occurrence of the incident.
3. The mechanism of damage control on the occurrence of the incident.
4. The recovery, identification, investigation, and improvement mechanisms after the occurrence of the incident.
5. The preservations of records relating to the incident.
6. Other matters relating to the response of the cyber security incident. |
|