Jump to the main content block
:::
  1. Home
  2. General
  3. Cybersecurity Zone

Information Security Policy of the University

1. Purpose

To ensure the confidentiality, integrity, and availability of the information assets of National Central University (hereinafter referred to as the University), and to comply with relevant regulations to protect them from intentional or accidental internal and external threats.

2. Scope

2.1 All faculty, staff, contract (hired) personnel, temporary personnel (such as interns, part-time workers, etc.), outsourced service vendors, and visitors of the University must comply with this policy.

2.2 The information security management scope covers 14 domains to avoid improper use, leakage, tampering, destruction, etc. of data caused by human error, intentional acts, or natural disasters, which could pose various risks and hazards to the University:

2.2.1 Information Security Policy

2.2.2 Organization of Information Security

2.2.3 Human Resource Security

2.2.4 Asset Management

2.2.5 Access Control

2.2.6 Cryptography

2.2.7 Physical and Environmental Security

2.2.8 Operational Security

2.2.9 Communications Security

2.2.10 System Acquisition, Development, and Maintenance

2.2.11 Supplier Relationships

2.2.12 Information Security Incident Management

2.2.13 Information Security Aspects of Business Continuity Management

2.2.14 Compliance

3. Information Security Management Responsibilities

3.1 The University's management shall establish and review this policy.

3.2 Management should actively participate in and support the information security management system through appropriate standards and procedures to implement this policy.

3.3 All faculty, staff, contract (hired) personnel, temporary personnel (such as interns, part-time workers, etc.), outsourced service vendors, and visitors of the University must adhere to relevant security management procedures to maintain information security policies.

3.4 All personnel and outsourced vendors of the University are responsible for reporting information security incidents and any identified vulnerabilities.

3.5 Any actions endangering information security will be subject to civil, criminal, and administrative responsibilities or be punished according to the relevant regulations of the University, depending on the severity.

3.6 The effectiveness of achieving information security objectives and the management system shall be regularly reviewed based on the "Effectiveness Measurement Table."

4. Information Security Policy

To ensure the smooth operation of the agency's business, prevent information or information systems from unauthorized access, use, control, leakage, damage, tampering, destruction, or other infringements, and ensure their confidentiality, integrity, and availability, this policy is formulated for all colleagues to follow:

4.1 Establish an information security risk management mechanism and periodically review the effectiveness of information security risk management in response to internal and external changes in the information security situation.

4.2 Protect the confidentiality and integrity of sensitive information and information systems to avoid unauthorized access and tampering.

4.3 Strengthen the resilience of core information systems to ensure the continuous operation of the agency's business.

4.4 Conduct information security education and training in response to changes in the information security threat situation to enhance the information security awareness of agency colleagues.

4.5 Reward personnel who have contributed to information security work.

4.6 Do not open emails from unknown sources or unidentifiable senders.

4.7 Prohibit multiple people from sharing a single information system account.

5. Review and Amendment

This policy should be reviewed at least once a year to reflect the latest developments in government regulations, technology, and business, ensuring the sustainable operation of the University and its ability to provide information services.

6. Implementation

6.1 This policy shall be implemented after approval by the University’s "Information Security and Personal Data Protection Promotion Committee" and the same applies to any amendments.

 

Login Success