Security Policy-聲明-軍人之友社 - Friends of Armed Forces Association

:::

Website Security Policy Announcement
In order to protect the security of your data and this website, this website has formulated the following website security policy to explain the information security practices of this website.
1. Scope of policy application:
The following website security policy applies to the collection, use and protection of personal data involved when you browse this website, but does not apply to links to other websites set up on this website, when you click to link to other websites , Apply the website security policy of each website.

2. Information access control:
Formulate system access policies and authorization requirements, and inform employees and users of the relevant permissions and responsibilities in writing, electronically or by other means.
The resignation (remission) personnel shall immediately cancel all the authority of various information resources and include the necessary procedures for resignation (remission). Personnel position adjustments and transfers shall be in accordance with the system access authorization regulations, and their authority shall be adjusted within a time limit.
Establish a system user registration management system, strengthen user password management, and the maximum update cycle of user passwords should not exceed six months.
For system service vendors who perform system maintenance by remote login, strengthen security control, and establish a personnel roster to educate their related security and confidentiality responsibilities.
Establish an information security audit system, and conduct information security audits regularly or irregularly.

3. Website security measures and regulations:
Any unauthorized attempts to upload or modify the services and related information provided by this unit are strictly prohibited and may violate the law. For the purpose of website security and to ensure that this service can continue to serve all Internet users, this website provides the following security protection measures:

At the outlets connected to the external network, firewalls are set up to control data transmission and resource access between the external and internal networks, and perform rigorous identification operations.
Use a network intrusion detection system to monitor network traffic to identify unauthorized attempts to upload or change, web page information, or sabotage.
Install anti-virus software to scan for viruses regularly to provide users with a safer web browsing environment.
Establish system backup facilities to regularly perform necessary data, software backup and backup operations to prepare for disasters or storage media failures, which can quickly resume normal operations.
Simulate hacker attacks from time to time, exercise system response procedures when security incidents occur, and provide appropriate security defense levels.
Confidential and sensitive information or documents are not stored in an information system that is open to the public, and confidential documents are not sent by e-mail.
Automatically receive all security maintenance e-mail notifications sent from relevant operating system vendors or application vendors, and install appropriate patches (PATCH) in accordance with the e-mail recommendations.
Internet data transmission cannot guarantee 100% security. This website will strive to protect the security of this website and your personal data. In some cases, a standard SSL security system will be used to ensure the security of data transmission. However, because the process of data transmission involves the preservation of your online environment, we cannot ensure the security of the data you send or receive from this website. You must be aware of and bear the risks of network data transmission. Please understand that the consequences caused by this part are beyond the control of this website.

4. Security management of firewall:
The firewall has a forwarding server for network services (such as a proxy server, etc.) to provide the forwarding and control of network services such as Telnet, FTP, and WWW.
The firewall is the hub of the company's entire network. For the firewall host and software, a set of backups should be reserved for emergencies.
The firewall system of this unit usually records the activity events of the entire network. The data in the log file should at least include the date, time, start and end IP, communication protocol and other items of the event to facilitate normal management and future audit operations.
The log file (log) of the firewall of this unit is inspected and analyzed by the firewall management personnel for abnormal conditions; the log file should be kept for more than one year.
The firewall host of this unit can only be logged in by the system terminal, and it is not allowed to log in in any other way to ensure the security of the firewall host.
The security control settings of the firewall of this unit should be reviewed frequently and adjusted as necessary to determine the proper security control and management goals.
The firewall system of this unit regularly backs up data, and can only do stand-alone backups, and cannot use other methods such as the network to back up data.
The firewall system software of this unit is frequently updated to respond to various network attacks.

5. Principles of data backup operations:
The backup of important data should be maintained for at least three generations.
The backup data should have appropriate physical and environmental protection, and its safety standards should be as similar as possible to the safety standards of the main operating site; the security control measures of the computer media in the main operating site should be applied to the backup operating site as much as possible.
Test the backup data regularly to ensure the availability of the backup data.

6. Principles of data recovery operation:
When restoring data, first check the consistency and completeness of the data.
Web site data recovery, except for major emergencies, the host computer room or network operation cannot be recovered and other factors, the data can be restored to normal within 24 hours, and the backup data can be kept up-to-date and complete within two days. After the data is restored, the program And the database can be activated and operated normally immediately.
The backup data should be tested regularly to ensure the availability of the backup data.
After the data recovery operation is completed, the personnel of the relevant unit shall continue to observe for three days to ensure that the system is operating normally and that the newly added information is correct.

7. Modification of the information security policy of this website:
Due to the rapid development of science and technology, before the completion of relevant laws and regulations, and the unforeseen environmental changes in the future, this website will modify the information security policy description provided on the website as necessary to ensure network security. The conception. When this website completes the revision of the information security policy, we will immediately publish it on this website and remind you to click to read.

8. If you have any questions or comments on the above terms, please feel free to contact us through the contact information shown on this website.

LastPage GoTop Print

open

About Us
Perspectives Organization Chart
Our Services
Army Rewards Program Service of Soldiers and Contact Us Military Service Centers
Our Hotels
Taipei Hero House Taichung Hero House Kaohsiung Hero House Hualien Hero House
Restaurant
Taipei