Summary of National Cyber Security Current Situation Survey in 2019

 

Summary of National Cyber Security Current Situation Survey in 2019

In order to understand the current status of the first year implementation of the Cyber Security Management Act, cyber threats encountered and protection measures by government agencies and schools at various cyber security responsibility levels, to review the completeness of the cyber security protection as the reference for the subsequent development of the cyber security policy. Through the National Cyber Security Current Situation Survey in 2019, we will review the current status of cyber security protection of the government agencies and schools, used them as references for drafting the National Cyber Security Program, and promoting the Cyber Security Management Act and various cyber security protection mechanisms.

There were 1,877 government agencies and 2,209 schools completed this survey.  In this online survey, the response rate of government agencies at all levels were above 60%, of which the agencies with cyber security responsibility level A and B reached 80%. The response rate of schools at all levels was close to 60%, of which colleges and universities reached 70%. The response rates are not only enough to reflect the current situation of the whole group, but also shows that units with higher cyber security responsibility levels will pay more attention to cyber security preparation.

In terms of the 2019 security budget planning, the overall increase is much larger than the previous survey.  The total security budget increased from 2.84 billion to 3.417 billion compared with 2017, and the overall cyber security funding ratio increased from 9.2% to 10.79%.  The allocation of cyber security personnel, more than half of the government agencies with cyber security responsibility level A and B follow the requirements of the Cyber Security Management Act.  The procurement of domestic security products (including services) with nearly 40% of government agencies purchase more than 80% of domestic products, which shows that high security level of government agencies with a high trust in domestic products.  To deal with matters, most of government agencies and schools’ core information systems at all levels have been implemented ISMS and passed third-party verification.  On the information asset management system, the government agencies with cyber security level A and B shows better performance.  The most of cyber security incidents in 2018 were hacking and trespass.  The biggest worry of cyber security was the interruption of network and information services.

This survey is conducted in every two years.  The purpose of this survey is to understand the current situation of government agencies and schools in the first year implementation of the Cyber Security Management Act, the cyber threats encountered and the protective measures taken, review the completeness of the cyber security protection, use the survey result as the reference for the future development of cyber security policies, and to build a comprehensive cyber security environment for Taiwan.

2019年我國資安現況調查摘要

為了解各資安責任等級之政府機關與學校於資通安全管理法施行第一年之情況，以及所遭遇之資安威脅與其防護措施，透過2019年資安現況調查，檢視政府機關與學校之資安防護完備性，以做為擬定國家資通安全發展方案、推動資通安全管理法及建立資安防護機制之參考。
本次調查，共1,877個政府機關與2,209個學校完成問卷調查，政府機關樣本回收率達6成以上，其中資安責任等級A級與B級政府機關更高達8成；學校樣本回收率也近6成，其中大專院校回收率達7成，足以推論母體的現況。同時，調查結果也顯示資安責任等級愈高之政府機關與學校，對於資安愈重視。

2019年資安預算編列方面，總資安預算較2017年28.4億提高至34.17億，整體資安經費占資訊經費比例自9.2%提高至10.79%；資安專職人員配置方面，超過6成之資安責任等級A、B級政府機關符合資安法規定；採購國內資安產品(服務)比例方面，近4成之政府機關採購國產品比例超過8成，資安責任等級愈高之政府機關對於國產品之信任度與資安產品自主發展政策之配合度愈高；資安法應辦事項方面，政府機關與學校之核心資通系統已導入及通過第三方驗證，各項資安防護要求已逐步落實；導入資訊資產管理系統部分，資安責任等級A、B級政府機關導入情形較佳；2018年發生資安事件來源，以駭客最多，而事件類型以非法入侵最多；政府機關與學校最大的資安隱憂為網路與資通服務中斷。

綜覽上述資安調查結果，資安責任等級A級與B級政府機關與學校大致符合資安法規定，期未來所有政府機關與學校均能符合資安法之法遵要求。本調查每2年進行一次，本次調查主要在了解政府機關與學校在資安法施行後第一年之執行情況，以及所遭遇之資安威脅及其防護措施，檢視資通安全防護之完備性，以做為擬定資通安全政策之參考。


Source : https://nicst.ey.gov.tw/Page/7AB45EB4470FE0B9/285fd050-3090-4fd9-ad3b-19b9c0b63d0e