Greater attention needed to respond to cyberinformation security threats

November 8, 2023

Greater attention needed to respond to cyberinformation security threats

The Government has recently required the intensification of response to cyberinformation security threats so as to build digital trust and protect the country’s prosperous development in the digital era, thus contributing to successfully completing the national digital transformation.

Under Directive 18 dated October 13, the Prime Minister requests ministers, heads of ministerial-level agencies, chairpersons of the People’s Committees of provinces and centrally-run cities, presidents and general directors of corporations, state corporations or economic groups, and enterprises that are members, or have affiliated units being members, of the National Cyber Information Security Incident Response Network, to employ active approaches in responding to cyberinformation security threats.

Specifically, they will be obliged to proactively identify threats and scan for vulnerabilities in their managing information systems at least once every six months; issue emergency response plans and scenarios for their information systems before the end of this year, and promptly update changes to these systems; and organize combat drills at least once a year for these systems at level 3 or higher levels in order to promptly assess the capability to prevent intrusion and detect weaknesses in system processes, technology or personnel.

Upon detecting security risks or threats that might lead to cyber attacks or unauthorized control of the system, they have to simultaneously handle risks and respond to threats.

Until the end of the year, incident response teams will be organized and consolidated in a professional and flexible manner, with at least five experts specialized in cyberinformation security, including outsourced experts, who have standard information security skills.

The agencies are also required to announce their contact information including telephone numbers, email addresses or other modes of communication for receipt of cyberinformation security incident reports on their web portals before the end of October.

The Ministry of Information and Communications will be responsible for providing guidance on organization of regular activities of incident response teams and combat drills for cyberinformation security staffs in agencies, organizations and enterprises; and using results of such drills as criteria for annual assessment of maturity and profession of such teams.

Enterprises providing telecommunications and Internet services are required to warn their customers about the risk of wide-range cyberinformation security incidents or upon detecting such risk that may affect customers, and guide them in reporting cyberinformation security incidents upon their occurrence.

Source: Vietnam Law and Legal Forum magazine

Original link: https://vietnamlawmagazine.vn/greater-attention-needed-to-respond-to-cyberinformation-security-threats-49183.html


Privacy Compliance

CJEU confirms that competitors can sue each other for GDPR infringements 

CJEU confirms that competitors can sue each other for GDPR infringements  A German pharmacy sued another pharmacy for failing to guarantee explicit consent when processing the health data of the clients as prescribed under GDPR. The German Court held that such activity does amount to unfair and unlawful practice. However, the Court was unsure whether […]

Learn more

Privacy Compliance

EDPB’s Guidelines on Legitimate Intesrest

EDPB’s Guidelines on Legitimate Intesrest Recently, the European Data Protection Board (“EDPB”) adopted Guidelines 01/2024 on processing of personal data based on Article 6(1)(f) GDPR (processing based on legitimate interest). Legitimate interest is one of the lawful grounds on which personal data can be processed. Its flexible nature makes it quite hard to actually apply […]

Learn more

Privacy Compliance

Can data subjects be data controllers?

Can data subjects be data controllers? With the rise of AI trained on user data, the question of whether data subjects be considered data controllers for the personal data in their AI prompts and outputs has once again taken the spotlight. This is not a new issue, the possibility of the data subjects acting as […]

Learn more