壹、目的
元長鄉公所(以下簡稱本所)為強化本所資訊安全管理作業,除遵循上級機關及政府資訊安全管理業務機關(行政院資通安全處)相關資訊安全作業內容外,並採用國際標準資訊安全管理標準(ISO/IEC 27001),建立一套適合本所資訊安全防護機制,確保本所資訊安全作業符合相關法令要求外,達到機密性、完整性及可用性之作業要求,使本所資訊安全管理擁有可信賴之服務環境。
- 資通安全管理法
- 國家機密保護法
- 個人資料保護法
- 文書處理手冊
- ISO/IEC 27001 (Information technology — Security techniques — Information security management systems — Requirements)
- ISO/IEC 27002 (Information technology — Security techniques — Code of practice for information security management)
- ISO/IEC 27005(Information technology — Security techniques —Information Security Risk Management)
- ISO/IEC 27006 (Information technology — Security techniques – Requirements for bodies providing audit and certification of information security management systems)
- ISO/IEC 27007 (Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing)
- ISO/IEC TS 27008(Information technology — Security techniques — Guidelines for the assessment of information security controls)
- ISO/IEC 27009 (Information technology — Security techniques — Sector-specific application of ISO/IEC 27001 — Requirements)
- ISO/IEC 27010 (Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications)
- ISO 31000 (Risk management — Guidelines)
- IEC 31010 (Risk management — Risk assessment techniques)