資安事件管理國際標準 ISO 27035 應用於行政院資安事件通報及
應變辦法之探討
作者一 楊書豪 作者一服務單位 國立宜蘭大學研究生 作者一 E-mail a123321101@yahoo.com.tw 作者二姓名 林宜隆 作者二服務單位 元培醫事科技大學教授 作者二 E-mail cyberpaul747@gmail.com 摘要 隨著網際網路發達,網路成了人們生活上不可或缺的,科技的進步卻也產生了安全性的疑慮, 政府因應資通安全的需求,在一百零八年一月一日,行政院實施資通安全管理法六大子法,其 中六大子法之三為資安事件通報及應變辦法,其內容是公務機關及特定非公務機關針對資通安 事件分級、應變及資安事件應變小組之成立,本文將介紹國際標準 ISO27035,將國際標準 ITR 小組成立整合應用於行政院實施的資通安全管理法六大子法之三資安事件通報及應變辦法。 關鍵詞:資安事件通報及應變辦法、ISO27035 AbstractWith the development of the Internet, the Internet has become indispensable in people's lives, and the advancement of technology has also generated security concerns. The government responds to the need for security. On January 1, 2019, the Executive Yuan implemented the six sub-laws of the Information and Communication Security Management Law. The third of the six sub-laws are the briefings and contingency measures for the security incidents. Its content is the establishment of a response team for the classification, response and security incidents of information and communication security incidents by public authorities and specific non-public organizations. This article will introduce the international standard ISO27035, and the international standard ITR group will be established and integrated into The third of the six sub-laws Law implemented by the Executive Yuan.
Keywords: response and security incidents of information and communication security incidents 、ISO27035