Cyber Security Incident Reporting and Response
Overview
In response to cyber security threats, the Administration continuously promotes governmental agencies executing cyber security tests, arranging cyber security defense mechanisms, and define the notification and response procedures for agencies.
To establish the national-level Information Sharing and Analysis Center (ISAC), Computer Emergency Response Team (CERT), and Information Security Control Center (SOC) in eight critical infrastructure domains, the Administration build a national information security joint defense system, linking governmental agencies and critical infrastructure providers, integrating the procedures of information security monitoring and management, incident notification and response, and information sharing.
Cyber Security Threat Detection and Defense Mechanisms
According to the "Cyber Security Management Act," agencies should implement cyber security threat detection and defense mechanisms. The Administration has also established a national-level monitoring center, to detect and analyze abnormal network activities, strengthen the governmental agencies’ security.
Cyber Security Incident Reporting and Response
When occurring Cyber Security incidents, agencies should follow the "Regulations on the Notification and Response of Cyber Security Incident" and immediately notify the Administration, taking action to contain or recover from damages, lower the impact on agencies, and ensure the preservation of evidence.
To promptly respond to the threat of cyber security incidents, lower incidents’ impact, and quickly resume normal service, the Administration has not only set the "Cyber Security Incident Reporting and Response Procedures" for governmental agencies to reference but also offers agencies 24/7 consulting services, guiding them in completing reporting and response processes. For those critical cyber security incidents, the Administration holds cyber security defense meetings, gathering experts to discuss and provide the defense measures to other agencies.
Cyber Security Incident and Tech Crime Investigation
After cyber security incidents occurred, the Administration supervises those victim agencies’ investigation, and preserving evidence. Analyzing the indicator of compromise (IoC), extrapolating threat trends, to manage cyber security risks. To combat tech crimes, the Administration also coordinates criminal investigation with the Investigation Bureau and Criminal Investigation Bureau.