1.

A network intruder detection system is used and network traffic volume monitored to identify unauthorized attempts to upload or alter web page data or deliberately damage the web pages.

2.

A firewall is installed to prevent illegal intrusion, damage, stealing or damaging of data to prevent the illegal use of the website and protect the rights of users.

3.

Virus scanning software is installed and scanning for viruses carried out regularly to provide a safer web page environment for users.

4.

Simulation of hacker attack is carried out regularly and system recovery when there is a major security incident practiced. In addition, a suitable security level will be provided.

5.

Copying is carried out every day and the copies are all copied onto the reserve mainframe computer.

6.

Security notification emails from all related work system supply companies or application program supply companies are automatically accepted and in accordance with email suggestions suitable upgraded files are installed.

1.

There should be a firewall installed between Taroko National Park’s website and external link to control the data transmission and saving and retrieval between the Taroko N. P website and external links.

2.

The firewall should have a network service transmission server (for example proxy server) to provide Telnet, FTP, WWW etc network service transmission and control.

3.

The firewall is the hub of the whole Taroko N. P. website. Copies of the firewall mainframe and software should be saved for use when required.

4.

The Taroko N. P. firewall system should usually record all network activities. The record should include the date, time, IP and communications protocol to facilitate everyday management and future checking.

5.

The Taroko N. P. firewall record “log” should be checked by the firewall manager to see if there are any abnormalities. The log should be kept for at least one year.

6.

The Taroko N. P. firewall mainframe can only be accessed by the system terminal and cannot be accessed by any other means to ensure firewall security.

7.

The Taroko N. P. firewall security control settings should be regularly checked and adjusted when necessary to ensure that it plays the security control role it should.

8.

Copies should be made of the Taroko N. P. firewall system at regular intervals, with only single computer copies made, not using network copying or other method.

9.

The firewall system software should be regularly upgraded to counter various kinds of network attack.

1.

Copies from at least three different times will be made of important data.

2.

Data copies should be protected suitably. Security standards should, as much as possible, be the same as those of the main work place. The computer security measures of the main work place should, where possible, include a reserve work place.

3.

Copied data should be tested regularly to ensure that it is usable.

1.

When carrying out data recovery first the sameness and the completeness of the data should be checked.

2.

After the recovery of website data, except for major emergencies or when the mainframe or network operation cannot be restored, the data will be restored to a normal situation within 24 hours and it will be ensured that the copied data is complete and no more than two days old. After data is restored the programs and data banks will be able to able to operate normally immediately.

3.

Data copies should be regularly checked to ensure usability.

4.

After data recovery work is completed, related personnel should observe for three days to ensure the normal operation of the system and the accuracy of the newly-added data.