Information Security
In response to the rapid development of the information age, information security is an integral component that cannot be ignored today. The diverse development and management needs of information education within the campus have led to the expansion of various information systems, related information teaching equipment, and IoT devices. This has consequently increased the relative risk of information security. Therefore, it is essential to comprehensively strengthen the control of information security in systems and networks, raise awareness of information security among faculty and students, adopt effective information security defense techniques and products, and conduct regular information security drills and email social engineering exercises to ensure the security of the school's information.
To safeguard the school's information security and approach various information security challenges with a rigorous and steadfast attitude, the Computer Center has implemented the Information Security Management System (ISMS) since 2008. Since 2009, it has annually undergone audits and received ISO 27001 certification from SGS, including the updated ISO 27001:2013 certification in 2014, demonstrating the continuous enhancement of the school's information security management and protection capabilities.
However, with the rapid evolution of internet applications and lifestyle changes, the dissemination of knowledge and learning at the school is no longer confined by physical limitations. The integration of the virtual and physical, as well as the development of diverse digital information teaching, is becoming a trend. Concurrently, the expansion of various information systems, related information teaching equipment, and IoT devices within different departments outside the information unit has not yet implemented or executed the Information Security Management System (ISMS). This has led to an increase in the risks and threats to campus information security.
In accordance with relevant policies, such as the Ministry of Education Letter No. 1100179797,"國立大專校院資通安全維護作業指引" and Letter No. 1112703805, "111年全國大專校院資安長會議" we are planning to implement the Information Security Management System (ISMS) throughout the entire school starting from 2023. This is aimed at reducing potential information security risks that the campus may face.
Objectives of this initiative include:
- Ensuring the continuous and sustainable teaching and research environment of the school, unaffected by information security incidents.
- Actively promoting and establishing an information and communication security management system in compliance with the Information and Communication Security Management Act and related regulations.
- Maintaining the confidentiality, integrity, availability, and legal compliance of core business information systems and information assets.
- Managing responsibilities for information and communication security in terms of classification, technology, awareness, and training, and planning the promotion of related strategies and performance indicators.
- Following the goal of "establishing a sound information security management system, providing secure and effective services, and ensuring the sustainable operation of business.