元智大學 Yuan Ze University - 資服處 - 資安通識教育訓練

Published: August 01, 2023

1. Compliance with the Information Security Management Act Requirements
All agencies are required to complete the mandated information security education hours by the end of each year.

(1) Legal Basis for Training:
According to Article 4, Paragraph 4 of the "Regulations on the Classification of Information Security Responsibility Levels for the Ministry of Education, Its Affiliated Agencies, and Schools," our institution’s information security level is classified as Level C.

Based on the "Information Security Management Act" and the "Classification Measures for Information Security Responsibility Levels," specifically Appendix 5, which outlines the obligations for government agencies at Level C, agencies must implement "Awareness and Training" programs, focusing on "Information Security Education and Training."

(2) Hour Requirements:
Agencies must fulfill training hours according to their designated information security level.

Dedicated Information Security Personnel: Each individual must complete at least 12 hours annually of either "Information Security Professional Courses" or "Information Security Competency Training."
Non-dedicated Information Personnel: Each individual must complete at least 3 hours every two years of either "Information Security Professional Courses" or "Information Security Competency Training," and additionally 3 hours annually of "General Information Security Awareness Training."
General Users and Supervisors: Each individual must complete at least 3 hours annually of "General Information Security Awareness Training."

(3) Description of Course Requirements:

Information Security Competency Training: Training hours are earned by attending information security competency training courses provided by training institutions certified by the Information Security Office, Ministry of Digital Development (Information Security Talent Training Service Network).
Information Security Professional Training: Professional courses correspond to strategic, managerial, and technical aspects as outlined in the Information Security Competency Training Development Blueprint. (https://ctts.nics.nat.gov.tw/about/Training)
General Information Security Awareness Training: Courses that provide fundamental concepts related to information security or internal agency policies for information security management awareness.

2. Training Resources:

Information Services Office annually organizes general information security awareness courses (announcements to be made separately) 【General Awareness】
E-T Level Civil Servant Learning Platform: https://elearn.hrd.gov.tw 【General Awareness】【Professional】【Competency】
Local Area Network Center Courses 【Professional】【Competency】
Educational Institutions Information Security Certification Center Online Courses 【Professional】【Competency】
Information Security Talent Training Service Network 【Competency】

3. Supplementary Notes and Recommended Resources:
According to the National Information Security Meeting website announcement on November 24, 2020 (Republic of China Calendar Year 109), regarding frequently asked questions about the Information Security Management Act, section 3.16 clarifies that general information security awareness training may be conducted by agencies independently, either through in-person or digital courses. The term "general users and supervisors" includes not only personnel within the agency’s organizational structure but also any individuals operating the agency’s information systems (e.g., student assistants).