Information Security and Compliance

In the Internet age, there are various online activities taking place all the time, such as remote working, online learning, e-banking, and online games. Subsequently, online scams are endless. Security awareness is important. At the same time we need to understand and comply with the requirements of relevant laws and regulations.

With the Personal Data Protection Act., the Combating Computer Crime Law and the Cybersecurity Law coming into effect, relevant protections have been obtained in different fields. However, while the laws are established, the cooperation of all parties is required in order to build a secure network environment.

Information security is a shared responsibility. In the daily use of network resources, besides protecting yourself, you also need to protect the privacy & data security of others. In case, you may have overlooked some important points, here are some tips and information for your reference:

• • Always pay attention to protect the personal data of yourself and others. When collecting, processing, storing and deleting personal data, you must pay attention to comply with the relevant applicable laws, policies and guidelines.
  • Do not conduct or attempt to conduct any action that endanger information security. For examples,
    • Deliberately spread spam mails, computer viruses and Trojan horse programs;
    • Use vulnerability of the website to gain benefits or steal someone’s personal data;
    • Unauthorized use of scanning tools to scan for vulnerabilities or intrusions on relevant networks without explicit consent or authorization of relevant persons or institutions. According to the Judicial Police, whoever commits the above-mentioned actions regardless of whether it is done for a good or malicious intention, it is illegal even if there is nothing damaged or stolen.
  • UM staff should not use communication tools or network services provided in public places to process any UM protected personal information and data. In addition, according to SAFP’s guideline, do not use personal email to process UM’s administrative information or data;
  • You need to comply with the Cybersecurity Law and University policies. In case you encounter any information security incident, you must notify ICTO Help Desk as soon as possible. ICTO colleagues will contact you for necessary incident information for investigation.

Reference

• • The Cybersecurity Law (Chinese) | (Portuguese)
  • Combating Computer Crime Law (Chinese) | (Portuguese)
  • Personal Data Protection Act (Chinese) | (Portuguese)
  • Judicial Police – Legal Knowledge
  • Acceptable Use Policy – ICTO Computing Facilities, Campus Network and Internet
  • ICTO Infosec. Website