Chapter IV. Supplementary Provisions |
| Article 15 | For cyber security incidents affecting agencies, the competent authority may convene meetings based on the scope of impact and the extent of damage, and invite relevant agencies to discuss damage control, recovery, and other related matters in connection with the incident. |
|
| Article 16 | Under Paragraph 2, Article 17 of the Act, government agencies shall cooperate with cyber security drill operations planned or conducted by the notified agency, the contents of which may include the following matters:
1. Social engineering drills.
2. Reporting and response drills for cyber security incidents.
3. Cyber offense and defense drills.
4. Scenario-based drills.
5. Other necessary drills.
Under the preceding paragraph, specific non-government agencies shall cooperate with cyber security drill operations planned or conducted by the central competent authority in charge of the relevant sector. However, where such a drill may infringe upon the rights or legitimate interests of a specific non-government agency, it may be conducted only with the agency’s prior written consent.
Where cyber security drill operations planned and conducted by the competent authority under Paragraph 4, Article 10 of the Act may infringe upon the rights or legitimate interests of a specific non-government agency, such drill operations may be conducted only with the agency’s prior written consent. |
Info |
| Article 17 | For all cyber security drill operations planned and conducted in accordance with the preceding article, any participant who becomes aware of confidential or sensitive information of a government agency or a specific non-government agency during the course of the drills shall keep such information confidential. |
Info |
| Article 18 | If, before these Regulations enter into force, a government agency has, independently or jointly with other agencies, formulated a reporting and response mechanism for itself, its subordinate or supervised government agencies, or the specific non-government agencies under its jurisdiction, and has implemented such mechanism for one year or more, the agency, along with its subordinate or supervised government agencies or the specific non-government agencies under its jurisdiction, may, upon approval by the competent authority, continue to handle the reporting and response of cyber security incidents in accordance with such mechanism.
Where the reporting and response mechanism referred to in the preceding paragraph is amended, the amendment shall be resubmitted to the competent authority for approval. |
|
| Article 19 | The competent authority may delegate matters relating to the reporting, response, and drills for cyber security incidents, as well as other related tasks set out in these Regulations, to the Administration for Cyber Security, Ministry of Digital Affairs. |
|
| Article 20 | These Regulations shall come into effect on the date of promulgation. |
|