| Article 10 |
The cyber security responsibility levels of each agency shall be determined in accordance with the pre-ceding six articles; however, when the government agency submits or approves the cyber security re-sponsibility levels under Paragraphs 1 to 3 of Article 3, the levels of each agency may be adjusted, by taking into consideration the degree of impact of the following matters on national security, social public interests, the security of people’s lives, body, or properties, or the reputation of the government agency:<br/>1. Disruptions or interference with business operations related to diplomacy, national defense, home-land security, or critical infrastructure.<br/>2. Where its business involves personal information, official confidentiality, or other information which should be confidential by law or by contract - the quantity and nature of such information, and the unauthorized access, use, control, breach, damage, tampering, destruction or other in-fringement.<br/>3. Depending on different levels of each agency - the impact on, failure, or interruption of its func-tions.<br/>4. Other concrete matters relating to the provision, maintenance operation, size, or nature of information and communication system. |
|