:::

  Airport Introduction

  Flight Information

  Service

  Announcement

  Aviation Safety Promotion

  Downloads

  Links

  Contact us
無障礙服務 / Disable Service
Welcome Visit Kinmen Country
Central Weather Bureau
Information For Foreigners
The Handy Guide for Foreigners in Taiwan
KMA Service e-mail

通過A+無障礙網頁檢測

Best viewed with 1024 * 768

 

  :::
 * Home / Web Security

Information Security Policy Declaration for the Website of Kinmen Airport, CAA, MOTC 

I.  Establishment of Information Security Policy for the Website of Kinmen Airport

1.  Purpose

The operation guidelines of the Kinmen Airport website are made in accordance with “Information Security Management Essentials of the Executive Yuan and Its Subordinating agencies” with reference to related laws and regulations, such as “Act of Computer Processing of Personal Data” and the “National Secret Protection Law” etc.

2.  Scope

The policy’s applicable subjects include the recruited staff, outsourced suppliers. Regarding all the relevant information assets and the organizations with connected operation with the Airport, they will all be informed in writing, electronically, or by other methods, and are expected to follow the policy together to ensure the security of information gathering, processing, transmission, storage and circulation.

3.   Definition

The nature of information security can be divided into the following three types:

 1. Confidentiality: Appropriately divide the confidentiality level of information assets, and give appropriate regulation and
  protection according to its confidentiality level.

2. Integrity: Ensure the integrity of various information assets and expect the organization to properly operate the asset.

3. Availability: Ensure various information assets can provide real-time and accurate service to satisfy the needs of the
  user.

Information security policy shall be maintained by special personnel or responsible unit, and the information security team shall regularly process necessary reviews and adjustment to maintain the appropriation and effectiveness of information security policy.

 

II. Objective of information security policy

Ensure the availability and integrity of information, safeguard the rights and benefits of civilians using public
  transportation.

Ensure the confidentiality of information, protect the privacy right of the information of connected organizations and
  civilians.

Ensure the accuracy of information, ensure the quality of the information system of connected organizations and
  civilians.

According to the above mentioned security policy, set up other various objectives as the clear targets for safeguarding information security.

1.  It contains a normal organization and handles comprehensive information security business.

2.  It contains the latest and the most accurate information assets list.

3.  The personnel recruitment and responsibility division meets the safety regulations; it appropriately offers information
  security educational training and clearly allows personnel to be aware of the reporting procedure for information security
  events.

4.  It regulates the protection measures, security equipment, and general management principles of tangible assets.

5.  The communication and information operation contains security management measures.

6.  The information accessibility has clear and appropriate control procedures.

7.  Software development and maintenance are included in the security consideration.

8.  The continuous operation of organizational business.

9.  Set up an information security audit system and implement the internal auditing of information security to ensure the
  information security of Kinmen Airport.

10. Ensure the relevant Airport outsourcing operation meets information security and set up a relevant control mechanism for
  outsourcing management.

11. The information operation meets the policy, and relevant laws and regulations.

 

III. Responsibility

1.  The information security team shall provide clear indications; timely amend the policy to ensure the policy meets the current
  demands.

2.  The Airport high-level managers shall positively participate in the information security activities, provide support and
  commitment for information security and appropriately review the policy.

3.   The Airport personnel shall implement the requirements of the policy through appropriate procedure.

4.   The Airport recruited staff, outsourcing suppliers, and all the relevant information assets and the organizations with
  connected operations with the Airport shall follow the policy.

5.   All the Airport personnel shall report the information security events or weakness found through the appropriate report
  mechanism.

6.  If any of the Airport personnel do not follow the policy or behave in any way that endangers the Airport information
  security, they will be subjected with appropriate punishment or legal activity.

7.  All Airport personnel shall be aware that the information obtained while working in the Airport is the Airport asset and shall
  not be used for other purposes without authorization.

 

IV. The review and amendment of information security policy

1.  Review

The policy shall be maintained by special personnel or a responsible unit, and regularly reviewed and adjusted by the information security team to maintain the appropriation and effectiveness of information security policy.

2.  Amendment

The policy shall be amended appropriately by the information security team regularly or according to the Airport organizational, operational, or environmental changes. It shall be implemented after being promulgated to meet the current condition.

 

top