在2013年11月20日 (三) 11:00所做的修訂版本 (編輯)
Cch (對話 | 貢獻)
←上一個 |
當前修訂版本 (2025年3月6日 (四) 10:50) (編輯) (撤銷)
Cch (對話 | 貢獻)
|
| (5個中途的修訂版本沒有顯示。) |
| 第1行: |
第1行: |
| - | ''' Kaohsiung Medical University Information Security Policy ''' | + | Please Reference |
| | | | |
| - | Document No. IS-A-001 | + | [https://olis.kmu.edu.tw/index.php/zh-tw/%E9%97%9C%E6%96%BC%E6%9C%AC%E8%99%95/%E8%B3%87%E5%AE%89%EF%BC%8F%E5%80%8B%E8%B3%87%EF%BC%8F%E6%99%BA%E8%B2%A1/%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E6%94%BF%E7%AD%96 資訊安全政策] |
| - | | + | |
| - | Confidentiality level general | + | |
| - | | + | |
| - | Revision 1.3 | + | |
| - | | + | |
| - | ==Objective== | + | |
| - | The set of policies aimed at ensuring Kaohsiung Medical University (hereinafter referred to as the school) belongs information assets confidentiality, integrity | + | |
| - | and availability, and comply with the requirements of relevant laws and regulations, harmless from internal and external threat of deliberate or accidental . | + | |
| | | | |
| - | ==Scope== | + | [https://olis.kmu.edu.tw/index.php/zh-tw/%E9%97%9C%E6%96%BC%E6%9C%AC%E8%99%95/%E8%B3%87%E5%AE%89%EF%BC%8F%E5%80%8B%E8%B3%87%EF%BC%8F%E6%99%BA%E8%B2%A1/%E5%80%8B%E4%BA%BA%E8%B3%87%E6%96%99%E4%BF%9D%E8%AD%B7%E7%AE%A1%E7%90%86%E6%94%BF%E7%AD%96 個人資料保護管理政策] |
| - | Information security management covers 11 management issues, to avoid human error, deliberate or natural disasters and other factors, resulting information is not | + | |
| - | When using, leakage, tampering, destruction, violations occur, our school has brought a variety of possible risks and hazards. Management issues are as follows: | + | |
| - | | + | |
| - | === Information security policy setting and evaluation. === | + | |
| - | === Information security organization . === | + | |
| - | === Information asset classification and control . === | + | |
| - | === Safety of personnel management and training . === | + | |
| - | === Physical and environmental security. === | + | |
| - | === Communication and job security management. === | + | |
| - | === Access control security . === | + | |
| - | === Safety system development and maintenance . === | + | |
| - | === Information security incident response and handling of . === | + | |
| - | === Business continuity operations management . === | + | |
| - | === Regulations and compliance policy implementation units . === | + | |
| | | | |
| - | Our school 's internal staff, outsourcing vendors and visitors and should comply with this policy . | + | [https://olis.kmu.edu.tw/index.php/zh-tw/%E9%97%9C%E6%96%BC%E6%9C%AC%E8%99%95/%E8%B3%87%E5%AE%89%EF%BC%8F%E5%80%8B%E8%B3%87%EF%BC%8F%E6%99%BA%E8%B2%A1/%E9%9A%B1%E7%A7%81%E6%AC%8A%E6%94%BF%E7%AD%96 隱私權政策] |
| - | | + | |
| - | ==Target== | + | |
| - | Maintain the confidentiality of our information assets , integrity and availability , and protect user data privacy. With all my colleagues in common | + | |
| - | Efforts to achieve the following objectives: | + | |
| - | | + | |
| - | === Protection of our business activities information from unauthorized access . === | + | |
| - | === Protection of our business activities information from unauthorized modifications to ensure that it is correct and complete . === | + | |
| - | === IT business continuity establish operational plans to ensure the continued operation of our business activities . === | + | |
| - | === School 's activities shall comply with the implementation of the requirements of relevant laws or regulations . === | + | |
| - | | + | |
| - | ==Responsibility== | + | |
| - | === School's management to establish and review this policy. === | + | |
| - | === Information security managers through appropriate standards and procedures to implement this policy. === | + | |
| - | === All personnel and outsourcing services vendors are required in accordance with relevant safety management procedures to maintain information security policies. === | + | |
| - | === All officers are responsible for reporting information security incidents and of any identified weaknesses. === | + | |
| - | === Any compromise information security behavior , depending on the seriousness will pursue its legal responsibility and administrative responsibility according to the school or the relevant provisions of punishment . === | + | |
| - | | + | |
| - | ==Review== | + | |
| - | This policy should be reviewed at least annually once only , to reflect the government decree , the latest technology and business development status , to ensure that the school forever | + | |
| - | Continued operation of network services and the provision of academic ability . | + | |
| - | | + | |
| - | ==Implementation== | + | |
| - | === Information security policy management review meetings with the information security policy audits. === | + | |
| - | === This policy will be "Information Security Committee" after the implementation of the resolutions , amendments are made. === | + | |
| - | | + | |
| - | [[Image: KMU-EDU-ISMS-Cert2013.jpg]] | + | |
