資安事件管理國際標準ISO 27035應用於行政院資安事件通報及應變辦法之探討

Abstract

隨著網際網路發達，網路成了人們生活上不可或缺的，科技的進步卻也產生了安全性的疑慮，政府因應資通安全的需求，在一百零八年一月一日，行政院實施資通安全管理法六大子法，其中六大子法之三為資安事件通報及應變辦法，其內容是公務機關及特定非公務機關針對資通安事件分級、應變及資安事件應變小組之成立，本文將介紹國際標準ISO27035，將國際標準ITR小組成立整合應用於行政院實施的資通安全管理法六大子法之三資安事件通報及應變辦法。

With the development of the Internet, the Internet has become indispensable in people`s lives, and the advancement of technology has also generated security concerns. The government responds to the need for security. On January 1, 2019, the Executive Yuan implemented the six sub-laws of the Information and Communication Security Management Law. The third of the six sub-laws are the briefings and contingency measures for the security incidents. Its content is the establishment of a response team for the classification, response and security incidents of information and communication security incidents by public authorities and specific non-public organizations. This article will introduce the international standard ISO27035, and the international standard ITR group will be established and integrated into The third of the six sub-laws Law implemented by the Executive Yuan.