|
Article 4
|
The cyber security responsibility levels of each agency under any of the following circumstances are Level-A:<br/>1. Its business involves classified national security information.<br/>2. Its business involves matters of foreign affairs, national defense, or homeland security.<br/>3. Its business involves the maintenance operation of information and communication system commonly used for nationwide people services or cross agencies.<br/>4. Its business involves the possession of personal information of nationwide people or public officials.<br/>5. It is a government agency, and its business involves matters of nationwide critical infrastructure.<br/>6. It is a critical infrastructure provider, and the central government level authority in charge of the subject industry, based on the consideration of the number of users, market share, the area and the substitutability of its business or maintenance operation of critical infrastructures and services, considers that the failures of or impact on its cyber security system might cause disasters or extremely serious impact on social public interests, people’s morale, or the security of people’s lives, body or property.<br/>7. It is a government medical center.
|