The Regulation on cyber information safety and cyber security of the Ministry of Finance has just been issued under Decision No. 1013/QD-BTC dated May 19, 2023 of the Minister of Finance, replacing the old regulation issued under Decision No. 201/QD-BTC dated 12/02/2018. This regulation marks a new step in ensuring network information safety and network security at the Ministry of Finance.
In 2012, the Ministry of Finance issued the first regulation on information security at the Decision No. 2615/QD-BTC dated October 19, 2012. The Ministry of Finance has so far issued 04 more decisions to amend and update the regulation in line with requirements on cyber security from time to time. The Ministry of Finance's Regulation on cyber information safety and cyber security implements fully and comprehensively the provisions of the law and the guiding documents of competent authorities on cyber information security, cyber security, protection of state secret in cyberspace at the Ministry of Finance.
Regulation on cyber information safety and cyber security shall be applicable to administrative and non-business organizations under the organizational structure of the Ministry of Finance (defined at the Decree No. 14/2023/ND-CP dated April 20, 2023 of the Government providing functions, tasks and organizational structure of the Ministry of Finance), including 28 units, of which 24 are administrative units assisting the Minister in performing state management functions and 04 non-business units serving for state management of the ministry. Enterprises and other non-business units under the Ministry shall comply with the provisions of law and take responsibilities to the law for ensuring network safety and security at their units.
Specified at the regulation on cyber information safety and cyber security, the Ministry of Finance shall assign units under the Ministry to assume roles related to cyber safety and security in accordance with the law, such as: information system administration unit, information system operation unit, unit in charge of cyber safety and security of the information system administration unit, steering committee for response to cyber security incidents, unit in charge of response to cyber safety and security incident, cyber security incident response team, cyber security protection force. The decentralization and authorization of responsibilities for ensuring cyber safety and security in the Regulations shall comply with the provisions of law and be consistent with organizational apparatus and working methods of the Ministry of Finance.
Units in their assigned roles shall perform cyber safety and security tasks, including: Ensuring cyber safety and security for information systems, which includes taking procedures for classification of information system security level, identifying information systems critical for national security, implementing plans to ensure cyber safety and security for information systems; Managing cyber security risks, vulnerabilities; Monitoring cyber security; Checking and evaluating cyber safety and security; Responding to cyber security incidents; Preventing and handling of acts of infringing upon cyber security; Disseminating, grasping, propagating, training and fostering on cyber safety and security; Making reports on cyber security.
The Regulation specifically stipulates cyber security measures applicable to units of the Ministry's Headquarter (Departments and equivalent units under the Ministry), including regulations on information accounts; the user's computer; user; intranet system; internet connection; information system; end use of the information system; backup data to prevent problems.
Pursuant to the Regulation on cyber information safety and cyber security, the units under the Ministry shall promulgate specific regulations and rules to implement the Regulation and legal provisions on cyber safety and security at their units.
(Thu Hằng)
Loading...
