• Font Size:
  • S
  • M
  • L

Chapter Content

Title:

Reference Guidelines on the Cybersecurity Protection of Service Enterprises in Securities and Futures Markets  CH

Announced Date: 2024.04.19 (Articles 2, 3, 5, 7, 8, 12, 16 amended,English version coming soon)
Current English version amended on 2022.04.26 
Categories: Information Operations
Article Content Chapter Content Search Article No. Search Legislative History Chinese 
   Chapter 5 Cyberattack Protection Mechanism and Security Testing
Article 16    (Cyber-threat Protection Mechanism)
  1. A type 1 organization shall develop a cyber-threat protection mechanism to maintain business operation, e.g., intrusion detection and prevention mechanism, preventive measures against advanced persistent threats, and other protective mechanisms. A type 2 organization shall evaluate such development.
  2. A securities firm or futures commission merchant with online ordering service or an official website shall develop a protective mechanism against distributed denial-of-service attacks.
  3. A web application firewall shall be developed in the event an information and communication system offering external services is available.
Article 17    (Security Testing)
  1. An organization shall assess periodically the security of its own network environment, e.g., operating system, server, browser, firewall, and antivirus versions, etc.
  2. An organization shall remediate security vulnerabilities in the network environment periodically and retain relevant documents.
  3. A penetration test shall be administered on an annual basis in relation to the information and communication system of a type 1 organization. A type 2 organization shall evaluate whether to administer such periodic test.
  4. A type 1 organization shall perform an information and communication security health check on an annual basis, including inspection of the network infrastructure, malicious cyber activity, malicious activity of the user computer, malicious activity of the hosting server, directory server settings, and firewall connection settings. A type 2 organization shall evaluate whether to perform such periodic check.