Chapter IV. Supplementary Provisions |
| Article 15 | For cyber security incident of each agency, the competent authority may convene meetings based on its impact scope and damage degrees and invite relevant agencies to discuss the damage control, recovery, and other relevant matters of such incident. |
|
| Article 16 | Under Paragraph 2 of Article 17 of the Act, the government agency shall, in coordination with the noti-fied agency, plan and conduct the cyber security exercise, the content of which may include the follow-ing matters:
1. Social engineering exercise.
2. The notification and response exercise of the cyber security incident.
3. Cyber offense and defense exercise.
4. Scenario exercise.
5. Other necessary exercise.
Under the preceding paragraph, the specific non-government agency shall, in coordination with the cen-tral competent authority in charge of the relevant sector, plan and conduct the cyber security exercise. However, it has imminent threats of infringement to the rights or legitimate interests of the specific non-government agency, such exercise may be conducted only with written consent of such agency.
Under Paragraph 4 of Article 10 of the Act, when the cyber security exercise planned and conducted by the competent authority has imminent threats of infringement to the rights or legitimate interests of the specific non-government agency, such exercise may be conducted only with written consent of such agency. |
Info |
| Article 17 | For all cyber security drills planned and conducted in accordance with the preceding article, any person-nel participating in cyber security exercise who learn confidential and sensitive information about government agencies or specific non-government agencies during the exercise must keep that information confidential. |
Info |
| Article 18 | If, before the enforcement of these Regulations, the government agency has, independently or jointly with other agencies, formulated the notification and response mechanism for itself or for its subordinate or supervisory government agencies or for its regulated specific non-government agencies, and have en-forced such mechanism for more than one year, and may be approved by the competent authority, they and their subordinate or supervisory government agencies or their regulated specific non-government agencies may continue to conduct the notification and response of cyber security incident according to such mechanism.
In case of change to the notification and response mechanism under the preceding paragraph, such change shall be submitted to the competent authority for approval again. |
|
| Article 19 | The competent authority may delegate the notification, response, exercise of cyber security incident, and other related tasks set out in these Regulations to the Administration for Cyber Security of the Ministry of Digital Affairs. |
|
| Article 20 | These Regulations shall come into effect on the date of promulgation. |
|