在2013年11月29日 (五) 09:12所做的修訂版本 (編輯)
Cch (對話 | 貢獻)
←上一個 |
當前修訂版本 (2025年3月6日 (四) 10:50) (編輯) (撤銷)
Cch (對話 | 貢獻)
|
| 第1行: |
第1行: |
| - | <pre> | + | Please Reference |
| - | Kaohsiung Medical University Information Security Policy | + | |
| | | | |
| - | Document No. IS-A-001 | + | [https://olis.kmu.edu.tw/index.php/zh-tw/%E9%97%9C%E6%96%BC%E6%9C%AC%E8%99%95/%E8%B3%87%E5%AE%89%EF%BC%8F%E5%80%8B%E8%B3%87%EF%BC%8F%E6%99%BA%E8%B2%A1/%E8%B3%87%E8%A8%8A%E5%AE%89%E5%85%A8%E6%94%BF%E7%AD%96 資訊安全政策] |
| - | | + | |
| - | Confidentiality level general | + | |
| - | | + | |
| - | Revision 1.3 | + | |
| - | | + | |
| - | 1. OBJECTIVE | + | |
| | | | |
| - | The set of policies aimed at ensuring Kaohsiung Medical University (hereinafter referred to as the school) | + | [https://olis.kmu.edu.tw/index.php/zh-tw/%E9%97%9C%E6%96%BC%E6%9C%AC%E8%99%95/%E8%B3%87%E5%AE%89%EF%BC%8F%E5%80%8B%E8%B3%87%EF%BC%8F%E6%99%BA%E8%B2%A1/%E5%80%8B%E4%BA%BA%E8%B3%87%E6%96%99%E4%BF%9D%E8%AD%B7%E7%AE%A1%E7%90%86%E6%94%BF%E7%AD%96 個人資料保護管理政策] |
| - | belongs information assets confidentiality, integrity and availability, and comply with the requirements of | + | |
| - | relevant laws and regulations, harmless from internal and external threat of deliberate or accidental . | + | |
| | | | |
| - | 2. SCOPE | + | [https://olis.kmu.edu.tw/index.php/zh-tw/%E9%97%9C%E6%96%BC%E6%9C%AC%E8%99%95/%E8%B3%87%E5%AE%89%EF%BC%8F%E5%80%8B%E8%B3%87%EF%BC%8F%E6%99%BA%E8%B2%A1/%E9%9A%B1%E7%A7%81%E6%AC%8A%E6%94%BF%E7%AD%96 隱私權政策] |
| - | | + | |
| - | Information security management covers 11 management issues, to avoid human error, deliberate or natural | + | |
| - | disasters and other factors, resulting information is not When using, leakage, tampering, destruction, | + | |
| - | violations occur, our school has brought a variety of possible risks and hazards. Management issues are as | + | |
| - | follows: | + | |
| - | | + | |
| - | 2.1 Information security policy setting and evaluation | + | |
| - | 2.2 Information security organization | + | |
| - | 2.3 Information asset classification and control | + | |
| - | 2.4 Safety of personnel management and training | + | |
| - | 2.5 Physical and environmental security | + | |
| - | 2.6 Communication and job security management | + | |
| - | 2.7 Access control security | + | |
| - | 2.8 Safety system development and maintenance | + | |
| - | 2.9 Information security incident response and handling | + | |
| - | 2.10 Business continuity operations management | + | |
| - | 2.11 Regulations and compliance policy implementation units | + | |
| - | | + | |
| - | Our school internal staff, outsourcing vendors and visitors and should comply with this policy. | + | |
| - | | + | |
| - | 3. TARGET | + | |
| - | | + | |
| - | Our school colleagues should maintain the confidentiality, integrity and availability of our information | + | |
| - | assets and protect user data privacy to achieve the following targets: | + | |
| - | | + | |
| - | 3.1 Protection of our business activities information from unauthorized access. | + | |
| - | 3.2 Protection of our business activities information from unauthorized modifications to ensure that it is | + | |
| - | correct and complete. | + | |
| - | 3.3 IT business continuity establish operational plans to ensure the continued operation of our business | + | |
| - | activities. | + | |
| - | 3.4 School's activities shall comply with the implementation of the requirements of relevant laws or | + | |
| - | regulations. | + | |
| - | | + | |
| - | 4. RESPONSIBILIEY | + | |
| - | | + | |
| - | 4.1 School's management to establish and review this policy. | + | |
| - | 4.2 Information security managers through appropriate standards and procedures to implement this policy. | + | |
| - | 4.3 All personnel and outsourcing services vendors are required in accordance with relevant safety management | + | |
| - | procedures to maintain information security policies. | + | |
| - | 4.4 All officers are responsible for reporting information security incidents and of any identified weaknesses. | + | |
| - | 4.5 Any compromise information security behavior , depending on the seriousness will pursue its legal | + | |
| - | responsibility and administrative responsibility according to the school or the relevant provisions of | + | |
| - | punishment . | + | |
| - | | + | |
| - | 5. REVIEW | + | |
| - | | + | |
| - | This policy should be reviewed at least annually once only , to reflect the government decree , the latest | + | |
| - | technology and business development status , to ensure that the school forever Continued operation of network | + | |
| - | services and the provision of academic ability . | + | |
| - | | + | |
| - | 6. IMPLEMENTATION | + | |
| - | | + | |
| - | 6.1 Information security policy management review meetings with the information security policy audits. | + | |
| - | 6.2 This policy will be "Information Security Committee" after the implementation of the resolutions , | + | |
| - | amendments are made. | + | |
| - | | + | |
| - | </pre> | + | |
| - | | + | |
| - | [[Image: KMU-EDU-ISMS-Cert2013.jpg]] | + | |
