Currently in Taiwan, in order to assist the industry to put into practice information security and personal information protection procedures, the Department of Commerce of the Ministry of Economic Affairs (MOEA) has commissioned the Science & Technology Law Institute of the Institute for Information Industry (III) to establish the "Taiwan Personal Information Protection & Administration System" (TPIPAS), which is intended to be used as a guiding principle for improving information security by the e-commerce industry. For e-commerce proprietors, it is often the case that ensuring information security does not require a massive budget. The reason is that the majority of information security incidents are caused by the organization's staff. Therefore, the first step in having an effective information security system is to establish an effective information security policy and to conduct continuous improvement on the procedure for controlling information in the business processes. Apart from fixing any security vulnerabilities, training personnel in developing information security awareness is often the best way to reduce information security incidents.
In the unfortunate event of an information security incident, management must carry out damage control and report it to the relevant government agency. In addition, the company also has the responsibility to inform the affected customers in a timely manner and offer to provide any required assistance. If the enterprise considers its information security capabilities inadequate, outsourcing external security vendors or engaging professionals from the Taiwan Electronic Commerce Computer Emergency Response Team (EC-CERT) is also an option. These external organizations can help the enterprise with assessing possible security vulnerabilities and provide consultation and the necessary technical support. Only with adequate security in place can an e-commerce enterprise be able to survive and continue to grow.
沒有留言:
張貼留言