Article 3
|
(Definitions)
- Information technology outsourcing:
A situation where an organization outsources information and communication services in whole or in part to software and hardware suppliers, maintenance and operation contractors, and cross-institutional partners outside the organization.
- Information asset:
An asset pertaining to the processing of information, including hardware, software, data, documents, and personnel, etc., such as information of the operating system, applications, and other software of a server or a user’s computer.
- Information and communication system:
A system used for collecting, controlling, transmitting, storing, circulating, deleting information or otherwise processing, using, and sharing information.
- Information and communication service:
A service relating to the collection, control, transmission, storage, circulation, erasure, or other processing, use, or sharing of information.
- Cloud computing service:
A flexible, scalable, and self-operatable service available to users for the purpose of sharing computing resources through network technology.
- Trade secret:
A method, technology, manufacturing process, prescription, program, design, or other information that can be used in production, sale, or operation, meeting the following requirements:
- information not known to people whom such type informationcommonly involves
- information of an actual or potential economic value on account of its secrecy
- information for which everyone has taken reasonable measures of confidentiality
- Access:
Various ways of accessing information assets, including acquisition, use, safekeeping, inquiry, revision, adjustment, destruction, etc.
- Project officer:
The project manager, head of the department in charge of the particular business, or person designated thereby.
- Security by design:
The process of incorporating the concept of information and communication security into a service or product during its inception. Security requirements are listed, security risks identified, and control measures implemented during the design stage of the development process, as the basis for the verification of security functions to ensure a secure life cycle of the software.
- Privacy by design:
The process of incorporating the concept of privacy protection into a service or product during its inception. Privacy protection requirements are listed, relevant risks identified, and control measures implemented during the design stage of the development process, as the basis for the verification of security functions.
- Information and communication security event
An event where a system, service, or network is found upon evaluation to show signs of a possible breach of the information and communication security policy or failure of a protective measure, which impacts the operation of the information and communication system, constituting a threat against the information and communication security policy.
|