• Font Size:
  • S
  • M
  • L

Article NO. Content

Title:

Reference Guidelines on the Cybersecurity Protection of Service Enterprises in Securities and Futures Markets  CH

Announced Date: 2024.04.19 (Articles 2, 3, 5, 7, 8, 12, 16 amended,English version coming soon)
Current English version amended on 2022.04.26 
Categories: Information Operations
Article Content Chapter Content Search Article No. Search Legislative History Chinese
Article 17     (Security Testing)
  1. An organization shall assess periodically the security of its own network environment, e.g., operating system, server, browser, firewall, and antivirus versions, etc.
  2. An organization shall remediate security vulnerabilities in the network environment periodically and retain relevant documents.
  3. A penetration test shall be administered on an annual basis in relation to the information and communication system of a type 1 organization. A type 2 organization shall evaluate whether to administer such periodic test.
  4. A type 1 organization shall perform an information and communication security health check on an annual basis, including inspection of the network infrastructure, malicious cyber activity, malicious activity of the user computer, malicious activity of the hosting server, directory server settings, and firewall connection settings. A type 2 organization shall evaluate whether to perform such periodic check.