information and communication security

1. If a department or external personnel discovers or suspects an information and communication security incident, they should promptly report it to the university’s information security incident reporting contact This email address is being protected from spambots. You need JavaScript enabled to view it., or call Section of Network and Media at extension 2325, and inform their immediate supervisor.
2. If an information and communication security incident is discovered or suspected through notifications from Ministry of education information & communication security contingency platform or other cybersecurity intelligence organizations, the university’s information security incident reporting contact person will notify the “incident-affected unit” to handle the matter and inform their supervisor.

All information security incidents occurring within the Office of Library and Information Services’s operating environment are applicable.

1. Responsible Unit：Refers to the unit responsible for handling information security incidents, determining the scope of impact, conducting loss assessment, and executing incident analysis and handling.
2. Information Security Management Team：Supervises the analysis, handling, and reporting of information security incidents. The Office of Library and Information Services appoints internal staff according to ISMS regulations.
3. Information Security Working Team：Executes crisis management procedures, including incident analysis, handling, and reporting. Composed of members from Section of Network and Media and Section of System Development.

Reporting Procedure：

For detailed procedures, please refer to the Information Security Incident Management and Reporting Operating Procedure.。

The discoverer identifies a suspected information security incidentàInform the responsible unit→Determine whether it is an information security incident

•  Not an information security incident→The responsible unit replies that it can be handled independently or with assistance from other units
•   It is an information security incidentà Report to the Information Security Working Team→Carry out incident classification
•   Level 2 or above→Determine whether it is Level 3 or above
• Level 3 or above→Report to the Information Security Management Team→Report to the higher authorityàReport and respond according to the Cyber Security Incident Reporting and Response→Information Security Working Team handles the incident and reports the result
• Not Level 3 or above→Information Security Working Team handles the incident and reports the result
• Below Level 2→Responsible Unit Handling→Handle the incident and report the result

When the university outsources the construction, maintenance, or provision of information and communication system services, the contract shall stipulate that the vendor, upon becoming aware of an information security incident, must immediately report it to the university’s designated contact person.