Greater attention needed to respond to cyberinformation security threats

November 8, 2023

The Government has recently required the intensification of response to cyberinformation security threats so as to build digital trust and protect the country’s prosperous development in the digital era, thus contributing to successfully completing the national digital transformation.

Under Directive 18 dated October 13, the Prime Minister requests ministers, heads of ministerial-level agencies, chairpersons of the People’s Committees of provinces and centrally-run cities, presidents and general directors of corporations, state corporations or economic groups, and enterprises that are members, or have affiliated units being members, of the National Cyber Information Security Incident Response Network, to employ active approaches in responding to cyberinformation security threats.

Specifically, they will be obliged to proactively identify threats and scan for vulnerabilities in their managing information systems at least once every six months; issue emergency response plans and scenarios for their information systems before the end of this year, and promptly update changes to these systems; and organize combat drills at least once a year for these systems at level 3 or higher levels in order to promptly assess the capability to prevent intrusion and detect weaknesses in system processes, technology or personnel.

Upon detecting security risks or threats that might lead to cyber attacks or unauthorized control of the system, they have to simultaneously handle risks and respond to threats.

Until the end of the year, incident response teams will be organized and consolidated in a professional and flexible manner, with at least five experts specialized in cyberinformation security, including outsourced experts, who have standard information security skills.

The agencies are also required to announce their contact information including telephone numbers, email addresses or other modes of communication for receipt of cyberinformation security incident reports on their web portals before the end of October.

The Ministry of Information and Communications will be responsible for providing guidance on organization of regular activities of incident response teams and combat drills for cyberinformation security staffs in agencies, organizations and enterprises; and using results of such drills as criteria for annual assessment of maturity and profession of such teams.

Enterprises providing telecommunications and Internet services are required to warn their customers about the risk of wide-range cyberinformation security incidents or upon detecting such risk that may affect customers, and guide them in reporting cyberinformation security incidents upon their occurrence.

Source: Vietnam Law and Legal Forum magazine

Original link:

Privacy Compliance


Dear Colleagues, Partners, and Friends, Mindful of the significant advancements in artificial intelligence (AI) in recent times, Privacy Compliance has undertaken a project aimed at updating our clientele, partners, and the general public on the prevailing state of AI globally and, more specifically, in Vietnam. With great pride, we hereby introduce the inaugural edition of […]

Learn more

Privacy Compliance

Vietnam Chapter | 2022 Data Protection Around The World | DLA Piper

Summary There is not a single comprehensive data protection law in Vietnam. Instead, regulations on data protection and privacy can be found in various legal instruments. Source: DLA Piper Download here: Data-Protection-Vietnam

Learn more

Privacy Compliance

EU hits Amazon with record-breaking $887M GDPR fine over data misuse

Luxembourg’s National Commission for Data Protection (CNPD) has hit Amazon with a record-breaking €746 million ($887 million) GDPR fine over the way it uses customer data for targeted advertising purposes. Amazon disclosed the ruling in an SEC filing on Friday in which it slammed the decision as baseless and added that it intended to defend itself “vigorously in this […]

Learn more