:::

網站安全政策宣告

網站安全政策

本網站為保障您及本網站的資料安全,特制訂本資訊安全政策宣告。

一、適用範圍  

本網站的安全性政策,適用於您在瀏覽本網站時,所涉及的個人資料蒐集、運用與保護,但不適用於在本網站設置與其他網站之連結,當您點選連結至其他網站時,適用各該網站的隱私權保護及網站安全政策。


二、其他網站的連結

本網站的資安政策僅適用於「中華民國海軍全球資訊網」網站。本網站上可能含有其他非屬本網站或網頁的超連結(hyperlink),以致於網友可能經由本網站而連上這些網站。不論這些被連結的網站是否有其網站安全政策,或其內容如何,本網站的資安政策均不適用於這些網站。


三、網站安全措施與規範

任何未經授權而企圖上載或更改本校所提供的各項服務及相關資訊的行為,都是嚴厲禁止而且可能觸犯法律。為了網站安全的目的和確保這項服務能夠繼續服務所有的網路使用者,本網站提供了以下的安全保護措施:

  1. 使用網路入侵偵測系統,監控網路流量,以確認未經授權而企圖上載或更改、網站資訊或蓄意破壞者。
  2. 裝設防火牆防止非法入侵、破壞或竊取資料,以避免網站遭到非法使用,以保障您的權益。
  3. 裝設掃毒軟體,定期掃毒,以提供使用者更安全的網頁瀏覽環境。
  4. 定期進行弱點掃描,並提供適當的安全防禦措施。
  5. 定期進行備份作業,將所有資料備份到備援主機。
  6. 自動接收所有來自相關作業系統廠商或應用程式廠商所寄發的安全維護電子信通知,並依照電子信的建議,安裝適當的修補程式(PATCH)。

網際網路資料的傳輸不能保證百分之百的安全,本網站將努力保護本網站及您個人資料的安全。但由於資料傳輸過程牽涉您上網環境保全之良窳,我們並無法確保您傳送或接收本網站資料的安全,您須注意並承擔網路資料傳輸之風險。請您諒解此部份所造成的後果均非本網站所能控制範圍。

四、其他

本網站資安政策的修改由於科技發展的迅速,相關法規訂定未臻完備前,以及未來可能難以預見的環境變遷等因素,本網站將會視需要修改網站上所提供的資安政策的說明,以落實保障網路安全的立意。當本網站完成資安政策的修改時,我們會立即將其刊登於本網站上,並以醒目標示提醒您前往點選閱讀。

如果您對以上條款有任何疑問,歡迎與我們聯絡。

Security Policy

1. Personal Information Collection and Use Personal information will be used only for specific purpose related to the service we provide and will not be disclosed to any third party in accordance with the Computer-Processed Personal Information Law and other related regulations. When you use our website, we automatically collect the following information: date and time, the webpage you request, URL you are on, browser type, any action (such as downloads, etc) whether that action was successful or not. The information may help improve the efficiency of our website. We monitor any action which may cause a heavy load to our website.

2.Confidentiality Security and Training For employees who deal with sensitive and confidential information, and those who are entitled to manage systems because of job requirement, clear division of job in order to disperse rights and duties should be arranged; and evaluation and examination systems should be established; as well as mutual support systems. For employees who resign (ask for leave, suspended from duties), all related matters must follow concerned procedures and the authorization for all systems must be cancelled immediately. Based on the position and occupational ability of different levels of employees, education and training for information security should be conducted depending on the actual situation in order to make employees understand the importance and all possible risks, and enhance awareness to conform to the relative regulations accordingly.

3.Information Security Procedure and Protection We have operating procedures for information security issues, and impose necessary responsibility to employees concerned in order to tackle with these matters rapidly and efficiently. We have informing system for change management of information facilities and systems to avoid loophole in security. We process and protect personal information cautiously in accordance with related provisions of Computer-Process Personal Information Law. We carry system backup facilities, and update/backup necessary data and software periodically in order to be able to restore all data swiftly in case of damage or failure of saving media.

4.Management of Internet Security We establish firewalls to monitor data transmission and resource access between the external and the internal network at our link, and strictly conduct identity recognition operation. Any confidential and sensitive information or document is neither stored in open system nor delivered by e-mail. We periodically examine and inspect internal network for information security, latest virus code and other security measures.

5.System Access Control Management We set up password issuance and change procedures depending on operation system and security management requirement, and record it. The information center management staff should assign authorization account and password for employees to log in each system according to necessary authorization of each staff level, and update them regularly.

:::