I. Purpose:
Chaoyang University of Technology (Hereinafter refer to as the university) strengthen the information security management to safeguard the university informational assets from internal and external threats of intentional or accidental. The university’s informational assets are many and complex to maintain. In order to achieve the uniformity of information security, hence the university establishes of the information security policy for the mutual compliance of related university personnel.
II. Scope of Application
The university information services include information network linkage service, internet application service, university administrative information service, and information security protection services for related information, hardware, software, personnel, service, and infrastructure, to prevent the information confidentiality, integrity, and applications from impacts caused by threat or weakness and affect the operation of university affairs.
III. Policy Content
To ensure the confidentiality, integrity, and applications of university information assets, provide what’s necessary for continuous operation and coordinate with the implementation of national information security policy, and enhance the protective capability of information security.
The information security is the mutual responsibility of the complete university faculty, all unit personnel must fully understand and implement his/her related responsibility.
In order to maintain the overall security of the university information assets, related target, cognition, the establishment of the operation protocol must consider the following:
1. Information security organization and responsibility
2. Information asset management
3. Personnel security management and training
4. Physical and Environmental Security Management
5. Communication and operation security management
6. Access and control security management
7. Information system acquisition, development, and maintenance security management
8. Information security incident management
9. Continuous operation management
10. Regulatory compliance
The establishment and maintenance of the information security management system is completely in accordance with the requirement of the law and integrate with the university’s background in organizational risk management
To effectively control the information security risk, the university must establish and implement the risk assessment operation procedure including risk assessment method, information security law and regulation requirement, risk accepting criteria, and the acceptable level of risk.
The information security is the mutual responsibility of the complete university faculty, all unit personnel must fully understand and implement his/her related responsibility.
In order to maintain the overall security of the university information assets, related target, cognition, the establishment of the operation protocol must consider the following:
1. Information security organization and responsibility
2. Information asset management
3. Personnel security management and training
4. Physical and Environmental Security Management
5. Communication and operation security management
6. Access and control security management
7. Information system acquisition, development, and maintenance security management
8. Information security incident management
9. Continuous operation management
10. Regulatory compliance
The establishment and maintenance of the information security management system is completely in accordance with the requirement of the law and integrate with the university’s background in organizational risk management
To effectively control the information security risk, the university must establish and implement the risk assessment operation procedure including risk assessment method, information security law and regulation requirement, risk accepting criteria, and the acceptable level of risk.
IV. The Amendment of the Policy
The policy is to be amended according the latest developments in nation’s law, information technology, and the school’s administrative affairs.
