63 EC-CERT Taiwan E-Commerce Computer Emergency Response Team - Chinese Taipei 1. About EC-CERT

1.1. Introduction

EC-CERT stands of “Electronic Commerce - Computer Emergency Response Team”, which is long term project supported by Ministry of Economic Affairs of ROC. EC-CERT main job is included information security consulting service and website vulnerability inspection and penetration testing and security incident investigation and response as well as security alert notice. EC-CERT offers those services in order to prevent E-fraud behavior caused monetary loss and keep smoothly developing of Taiwan’s E-Commerce market.

1.2. EC-CERT Services

Figure 1.EC-CERT Services 1 Active information security consulting service EC-CERT keeps exchanging security incidents report with G-ISAC and inform website operator caused by security incident. EC-CERT would contact web site owner and provide security solution to reduce and prevent further loss. Member Services Active information security consulting service Website vulnerability inspection service Information security alert E-Commerce transaction security regulations assessment service E-Commerce trading security regulations trial assessment service 64 2 Website vulnerability inspection and penetration testing service EC-CERT vulnerability inspection and penetration testing service has been developed for a couple of years. The purpose of the service is help E-Commerce firm understand the what, why, when, where, and how to testing web applications. The service delivers complete inspection of website, not only a simple checklist or security issues that should be addressed but also correction procedures. 3 Information security alert service EC-CERT gathers various data regarding security threats, exchange security information with domestic and foreign information security organizations, then interpret these data into alerts such as security leaks, malicious websites, hackings and phishing, and recommend defensive measures so that E-Commerce operators can take advance prevention measures to reduce their information security threats and to avoid potential loss. In additional, EC-CERT has been regularly issued lists of hacker relay station domain and IP addresses so that E-Commerce operators can renew their relay station blacklist and update their information defense mechanism, and effectively protect consumers from being linked to malicious relay stations, thus preventing security breach and sensitive information leaks. 4 E-Commerce security incident investigation and response EC-CERT work with Criminal Investigation Bureau to intervene security incident investigation and response with in E-Commerce firms depend on necessary. When EC-Commerce website been security assaulted caused personal information and transaction data leakage, EC-CERT offers security investigation and incident response handle. 5 E-Commerce transaction security regulations assessment service EC-CERT work out E-Commerce transaction security regulations, integrate information safety management standard to provide E-Commerce operators with free on-site regulation assessments in order to help them keep and follow security regulations. 2. Activities Operations

2.1. Active information security consulting service