Subscribers of TWCERT/CC Newsletter

Service Awareness and Usage Rate

The ranking of service usage rate and service awareness are the same; "newsletter subscriber – TWCERT alliance member" had higher usage rate among the various services. Therefore, it can be discovered that alliance members are closer stakeholders who have frequent interactions with TWCERT/CC.

Newsletter subscriber TWCERT alliance member
Newsletter subscriber with information security department
Newsletter subscriber without information security department
Information security information sharing 95.6% 93.0% 87.4%
Information security event notification 94.1% 88.1% 85.4%
Information security awareness promotion 84.6% 80.4% 76.7%
Product vulnerability notification 74.3% 67.3% 52.4%
Malicious file detection service 53.7% 48.9% 46.6%
Network phishing notification 51.5% 48.0% 41.7%
Don’t know/did not use 0.7% 1.8% 6.8%

Source: Online Survey (2020)

Newsletter subscriber TWCERT alliance member
Newsletter subscriber with information security department
Newsletter subscriber without information security department
Information security information sharing 77.0% 55.1% 37.5%
Information security event notification 57.8% 40.2% 31.3%
Information security awareness promotion 48.1% 35.5% 29.2%
Product vulnerability notification 32.6% 22.4% 19.8%
Malicious file detection service 18.5% 15.0% 16.7%
Network phishing notification 14.1% 10.0% 7.3%
Don’t know/did not use 7.4% 24.9% 41.7%

Source: Online Survey (2020)

Evaluation of the Overall Satisfaction and Value Perceptions

Among the service values, "information security information sharing" was evaluated at 32.2% as "very helpful;" "helpful" was 57.2%. Approximately 30% of "Information security event notification" and "information security awareness promotion" were "very helpful" and about 55% evaluated them as "helpful." Over 25% evaluated "product vulnerability notification" and "network phishing notification" as "very helpful" and approximately 50% evaluated them as "helpful." 23.7% evaluated "malicious file detection service" as "very helpful" and 46.2% evaluated it as "helpful."

Information Security Information Sharing

Information Security Event Notification

Information Security Awareness Promotion

Malicious File Detection Service

Product Vulnerability Notification

Network Phishing Notification

Source: Online Survey (2020)

20% of the respondents were satisfied with the overall service quality from TWCERT/CC; approximately 50% thought that the service quality from TWCERT/CC was good. 20% indicated that the technical support was very good and 47.3% gave a "good" evaluation. The satisfaction level of the service quality last year was 74.3% and this year it slightly increased by 0.7% with a satisfaction level of 74.9%. The satisfaction level for technical support this year was 69.6%, which increased by 1.5% compared to last year’s 68.1%.

For the evaluation of the trust in TWCERT/CC, 31.6% of the respondents totally agree that they trusted TWCERT/CC and 52.5% "agree" that they trusted TWCERT/CC. As for the evaluation of service value, over 30% totally agree that the services provided by TWCERT/CC were valuable and 55.1% agree with the service value. The level of trust last year was 81.0%; this year it increased by 3.1% and reached 84.1% of positive trust. The service value experience increased by 4.8% from last year’s 81.6%; the service value experience for this year was 86.4%.

Service quality

Technical support

Trust to TWNIC

Value of TWNIC service

Source: Online Survey (2020)

Service quality

Technical support

Trust to TWNIC

Value of TWNIC service

Source: Online Survey (2019)

Participation in Events and Expectations and Preferences

Almost 90% of respondents hope that they can "download forum or course content briefings" from TWCERT/CC forum conferences or educational training contents, 68.6% wish that they can "add Chinese lecturers or real-time translation services", and 33% wish that they can "invite more foreign lecturers."

Source: Online Survey (2020)

Information Service

26.7% of the respondents always pay attention to information released by TWCERT/CC, 40% frequently pay attention and 29.5% only sometimes pay attention.

Source: Online Survey (2020)

Among the network issues that respondents wish to further understand, "information security / network security" had the highest ratio at 95%. Others include "innovative technology issues (such as 5G, IoT and AI)" and "network development trends" where approximately 60%-70% of the respondents were interested in them.

Source: Online Survey (2020)

Expectations and Recommendations

To TWNIC or TWCERT/CC, respondents wish they can provide more "new information security information knowledge sharing and solutions" (10.6%), such as: "through the regional network center, we learned that your unit has many information on information security and blacklists; we wish that you can provide them and share them" and "we hope that you can bring everybody information security related issues and information intermittently" and 10.4% mentioned "increasing the number of lectures/courses/seminars/trainings", such as "we hope that you can provide SMEs with more information security courses and information" and "provide online seminars, free lectures and training courses, and information security promotional videos for us to download."

Source: Online Survey (2020)

Taiwan CERT/CSIRT Alliance

Affirmed Information Sharing, Expecting Fast and In-Depth Contents

As an alliance member, they think that information sharing was the most helpful service item; information on information security is diverse and updated rapidly. When it comes to private enterprises, they might not necessarily have dedicated information security teams that can help collect information; therefore, having regular sharing of information is very useful information.

I think information sharing is most direct; we all work on information security here, and we usually only know about big events. But TWCERT/CC allows us to know what’s going on, and this is quite useful to us; we can learn about different situations that different industries encountered.

In addition to continuously providing information sharing, the alliance members also thought that TWCERT/CC provides a lot of information that covers sufficient range, and they pay attention to the technical aspects. But they also wish that in the future, TWCERT/CC could have better control of the timeliness and perform further analysis on the information so that not only can it achieve preventive effects, it can also be used as topics for educational trainings.

So it would be better if the extended on the information; for example, they can learn which domain was attacked more. They should perform some analyses on the information they accumulated and then hold educational training to share these vulnerabilities.

Stakeholders also mentioned that they wish that information related to domestic information security can be added because it would help meet actual market needs and raise the awareness of domestic information security dangers.

For example, we visit TWCERT/CC websites to read news on information security, but most of them seem to be foreign news and some people will feel that we are lucky because these foreign countries are far away from us. It would be better if there were more domestic news.

Simple and Convenient Introductions with Progress Report Notification Added

Even though alliance members might not necessarily have all used notification services before, but those who have used it before think that the notification method was convenient and easy; however, they wish that the communication after notification can be improved. They wish that they can receive progress reports after notification instead of ending the service when notification was completed. For the informant, even if the processing of the reported incident has not been completed yet, they should at least let the informant know about the acceptance progress of this incident. It was suggested that interactive feedback methods should be added after notification in the future to actively notify the informant of the progress, or provide open searches. This way the information will have better understanding of the progress in the future and will be more willing to submit notifications.

My experience on the notification process was easy; you can just fill in the form online, or I can just send them email to notify them of issues on their software. It was quite easy. However, sometimes I need to ask them to follow-up afterwards.

Cultivate Awareness for Active Notification and Provide Incentives to Collect Information

For the promotion of notification services, they mainly wish that the awareness for active notification can be cultivated. According to the experiences of alliance members, there are usually two situations when it comes to active notification in private enterprises. One is when an incident already happened and they are unable to handle it, then will the enterprise be willing to notify when they need help. The second is that they keep the notifications as records just like how police keep records of cases, and they don’t really need help.

Therefore, when it comes to active notification in the future, not only do they need to continue to communicate the awareness of the notification service and the trust for the notification unit, when incidents happen in the future, they can help detect or provide consultation services to increase interactions with enterprises and also strengthen their trust for the notification process. They should make the notification process transparent and add the role of legal adviser and make notifications into legally effective reporting processes so that notifications must be performed even if enterprises do no need help.

Sometimes business owners will make notifications just because they want you to perform free tests or services for them. They usually need this when something already happened, or when they received scam calls. The other type is like filing cases at police stations; they just want to keep the record for the case but they don’t actually need help.

In addition to increasing the willingness for private enterprises to send notifications actively, calling for notification loopholes from third-parties is also a method. For example, alliance operations mentioned practices used in other countries; TWCERT/CC can provide resources for notification rewards to attract third-party units such as white-hat hackers to collect information security loopholes and share them with TWCERT/CC.

Currently, TWCERT/CC is a great medium; it can collect great information from other countries, or have domestic units collect information on loopholes that other people found. If you report it to other countries, you can receive money rewards, but not in Taiwan. There are no information security consulting or technical resources.

Great Response from Events and Educational Training, Expecting More Events and Case-Sharing

Alliance members gave positive evaluations for event hosting and educational training, reasons include useful contents, not about conducting businesses, great lecturer arrangement and free of charge etc. They all hope that this can continue in the future and increase the number of sessions.

I couldn’t really give suggestions for the educational training because they’ve actually done great jobs; the lecturers they invited are also well-known in the industry. My initial response is that they’ve done very well and I hope that they can keep hosting these events.

Suggestions they gave for the content was that they wish there could also be industries that can share actual cases because technical courses are more common, and there are many similar lectures everywhere. Also, because TWCERT/CC has a neutral role, when they invite enterprises to come share actual cases, they will be more willing to do so. However, they must beware and control the timeliness of the sharing to increase reference value; they can also set themes by paying attention to the targets of the educational training. Learn about their information security level or technical capability before the event to maximize the benefits of the educational training.

What seems to be appealing is the sharing of actual cases; but they usually do that once a year or once every six months, and the cases might be time-sensitive, so their reference values were no longer that great.

I think the training should be divided into different levels; this will make it easier for lecturers to prepare and the audience would not have that much trouble listening. But since they don’t have many courses right now, dividing them into different levels might be a bit strange too.

Good Use of Third-Party Roles to Increase Exchanges and Interactions in the Industry

For suggestions on future developments, alliance members think that private enterprises can develop in two directions, internally and externally. Externally, TWCERT/CC can make good use of its third-party neutral role and work as a bridge in the industry, allowing industries to have the opportunities to share their experiences and increase mutual cooperation or exchange information. As for internally, an information security guideline should be formulated for private enterprises to use as reference. Since enterprises might not necessarily know about the risks or demands for information security within the enterprise, they usually have internal support in order to implement information security protection. If TWCERT/CC can provide industrial specifications as a reference, not only will this help increase people’s awareness of TWCERT/CC, it can also help industries improve information security literacy.

TWCERT/CC should host events and bring information security companies together to share experiences they encountered; they can achieve this with the third-party role that they play. Cooperation and exchanges will allow everybody to grow together.

Copyright© Taiwan Network Information Center