63
EC-CERT Taiwan E-Commerce Computer Emergency Response Team - Chinese Taipei
1.
About EC-CERT
1.1. Introduction
EC-CERT stands of “Electronic Commerce - Computer Emergency Response Team”, which is long term project supported by Ministry of Economic Affairs of ROC.
EC-CERT main job is included information security consulting service and website vulnerability inspection and penetration testing and security incident investigation
and response as well as security alert notice. EC-CERT offers those services in order to prevent E-fraud behavior caused monetary loss and keep smoothly
developing of Taiwan’s E-Commerce market.
1.2. EC-CERT Services
Figure 1.EC-CERT Services 1 Active information security consulting service
EC-CERT keeps exchanging security incidents report with G-ISAC and inform website operator caused by security incident. EC-CERT would contact web site
owner and provide security solution to reduce and prevent further loss.
Member Services
Active information
security consulting
service Website
vulnerability inspection
service
Information security alert
E-Commerce transaction
security regulations
assessment service
E-Commerce trading security
regulations trial assessment
service
64 2 Website vulnerability inspection and penetration testing service
EC-CERT vulnerability inspection and penetration testing service has been developed for a couple of years. The purpose of the service is help E-Commerce
firm understand the what, why, when, where, and how to testing web applications. The service delivers complete inspection of website, not only a
simple checklist or security issues that should be addressed but also correction procedures.
3 Information security alert service EC-CERT gathers various data regarding security threats, exchange security
information with domestic and foreign information security organizations, then interpret these data into alerts such as security leaks, malicious websites,
hackings and phishing, and recommend defensive measures so that E-Commerce operators can take advance prevention measures to reduce their
information security threats and to avoid potential loss. In additional, EC-CERT has been regularly issued lists of hacker relay station
domain and IP addresses so that E-Commerce operators can renew their relay station blacklist and update their information defense mechanism, and
effectively protect consumers from being linked to malicious relay stations, thus preventing security breach and sensitive information leaks.
4 E-Commerce security incident investigation and response EC-CERT work with Criminal Investigation Bureau to intervene security
incident investigation and response with in E-Commerce firms depend on necessary. When EC-Commerce website been security assaulted caused
personal information and transaction data leakage, EC-CERT offers security investigation and incident response handle.
5 E-Commerce transaction security regulations assessment service EC-CERT work out E-Commerce transaction security regulations, integrate
information safety management standard to provide E-Commerce operators with free on-site regulation assessments in order to help them keep and follow
security regulations.
2.
Activities Operations
2.1. Active information security consulting service