| Information
Security
Policy
Declaration
for the
Website
of
Kinmen
Aurport,
Civil
Aeronautical
Administration,
Ministry
of
Transportation
and
Communication. |
| |
|
| |
Purposes |
| |
‧ |
The
operation
guidelines
are
stipulated
to
enhance
information
management
in
different
departments
and
establish
a safe
and
reliable
organization
to
safeguard
the
security
of
information,
systems,
equipment,
and the
network. |
| |
‧ |
These
operation
guidelines
are made
in
accordance
with
"Information
Security
Management
Essentials
of the
Executive
Yuan and
Its
Subordinating
Agencies"
with
reference
to
related
laws and
regulations,
such as
"Act of
Computer
Processing
of
Personal
Data"
and the
"National
Secret
Protection
Law." |
| |
|
| |
Definitions |
| |
‧ |
It is
the
purpose
of
information
security
to
ensure
the
accuracy
of data
processing,
the
operators'
loyalty,
the
reliability
of
office
machines
(including
computer
software
and
hardware,
peripherals,
etc) and
the
network.
In
addition,
it also
safeguards
the
abovementioned
resources
to be
free of
interference,
damage,
intrusion,
or any
other
malicious
behavior
and
intentions. |
| |
‧ |
The
organizations
enumerated
in the
operation
guidelines
refer to
all the
sections
and
offices,
Chimei
Airport
and
Wanan
Airport. |
| |
‧ |
The
information
security
policy
mentioned
in the
operation
guidelines
refers
to the
regulations,
measures,
standards,
norms
and
codes of
practice
of
information
security
management
stipulated
to
fulfill
the
goals of
information
security. |
| |
|
| |
Scope of
Information
Security |
| |
‧ |
There
are ten
major
items in
information
security:
stipulation
and
evaluation
of
information
security,
organization
and
responsibility
of
information
security,
security
management
and
staff
training,
security
management
of
computer
systems,
network
security
management,
system
access
control,
system
development
and
safety
maintenance
management,
security
management
of
information
assets,
hardware
and
environmental
security
management,
sustaining
operation
and
planning
management. |
| |
|
| |
Evaluation
of
Information
Security
Policy |
| |
‧ |
The
operation
guidelines
should
undergo
independent
and
objective
evaluation
every
year to
reflect
the
information
security
management
policy,
law,
technology
of the
government
and the
latest
conditions
of the
business
units to
ensure
the
practical
operation
of
information
security,
and the
validity
and
applicability
of the
practices
of
information
security. |
| |
‧ |
The
assessment
of the
operation
guidelines
will be
conducted
with the
means of
information
security
to
relevant
units or
personnel
regularly
or
irregularly.
The
contents
include:
information
facilities
and
system
provider,
information
and
information
owners,
users,
managers,
webmasters,
and
other
related
personnel. |
| |
‧ |
The
information
owners
should
assess
and
evaluate
the
software
and
hardware
regularly
regarding
the
safety
to meet
the
security
standard.
The
objects
of
evaluation
should
include
the
operation
system,
to
ensure
the
accurate
and
effective
implementation
of the
software
and
hardware. |
| |
‧ |
The
units
utilizing
the
information
security
system
should
cooperate
to
conduct
the
information
security
assessment
and to
evaluate
if the
personnel
obey the
policy
and
other
related
rules
and
regulations
of
information
security. |
| |
|
| |
Promotion
of
Information
Security
Policy
and
Regulations: |
| |
‧ |
Rules
and
regulations
related
to the
role
played
and the
responsibilities
taken by
the
information
security
personnel
are all
enumerated
in the
operation
manual. |
| |
‧ |
Personnel
who
violate
related
rules
and
regulations
of
information
security
will be
penalized
with the
due
process
of law. |
| |
|
|