我國資通安全管理法制初探

A Study for the R.O.C Information Communication Security Management Act

資訊科技創新與網路快速發展，各國貿易透過網路拓展至全世界，網路快速進步發展的同時，亦帶來資安問題與威脅。日益猖獗的網路攻擊趨勢逐漸朝向國家關鍵基礎設施為目標，如何佈署各關鍵基礎設施防範各層面的攻擊與威脅，為各國政府建構整個資訊安全防護策略為首要因應計畫。在行動裝置普及、雲端服務與物聯網逐漸升溫下，伴隨著資通安全事件、癱瘓關鍵基礎設施頻傳，造成損害不計其數，確保資安與防禦能力是各國正努力及關注的議題。為提升資安防護能力級國際立法趨勢，我國於2018年5月國會三讀通過資通安全管理法，翌年元旦正式施行。本文將對於主管機關、規範對象、資安稽核與罰則加以討論，最後提出建議與結論。

Since the rapid network development from information technology innovation, the trade of various countries has spread to the whole world through the Internet, it has also brought security problems and threats. With the proliferation of mobile devices, the development of cloud services and the internet, along with the security incidents and the frequent transmission of critical infrastructure, numerous damages have been caused. The Information Communication Security Management Act of R.O.C. was passed to third reading in May 2018, and officially implemented it on Jan, 1st, 2019. It also discusses issues such as the normative objects, leading organs, handling of incidents, and penalties. How to prevent critical infrastructure against all kinds of attacks and threats, and the governments has constructed the entire information security protection strategy as the primary response plan. Finally, conclusions and suggestions are made.