To the central content area

Information Protection, Audit Guidance and Reporting

line sharePrint Content

The department oversees the information protection, audit guidance, and reporting exercises for the co-location server rooms under its purview. Following the national strategy of "Information security is national security 2.0" and the policy of upward centralization of information resources set forth by the Executive Yuan and its subordinate agencies, the department has implemented concurrent upward centralization of information security resources and colocation server rooms. This aims to strengthen the information protection facilities for the department itself and four tier-3 agencies (including the Climate Change Agency, the Resource Circulation Agency, the Environmental Management Agency, and the Toxic and Chemical Substances Agency), as well as one tier-3 institution (Environmental Research Institute). In this process, we have established a 24/7 Security Operations Center (SOC), gateway-type firewalls, intrusion prevention systems, application firewalls, a vulnerability reporting mechanism, an endpoint detection and response mechanism, antivirus software authorization, social engineering exercises, penetration testing, website vulnerability scanning, host vulnerability scanning, mobile application security testing, audits of affiliated government agencies and outsourced vendors, audits of specific non-governmental entities under our purview and general information security education and training courses. The department also provides guidance and assistance to all affiliated government agencies in complying with the Cyber Security Management Act. This includes reporting information security responsibility levels, developing information security maintenance plans, reporting the implementation of information security maintenance plans, conducting information security check-ups, conducting internal audits, formulating ISMS documents, conducting third-party verification of CNS 27001, appointing dedicated information security personnel, obtaining information security competency certificates, obtaining professional information security licenses, and managing information security incident reporting and response procedures.

Ministry of Environment