Investor Relations / Corporate Governance
Investor Relations
Information Security Management
1.Information Security Risk Management Framework:
(1) The company has established an Information Security Office and appointed information security personnel. (2) The Information Security Office is primarily responsible for planning and promoting information security policies, technical assessments, education and training, supervision, and audits to strengthen information security risk management.
(3) The tasks of information security management are driven by the Information Security Office to implement information security control measures.
2. Information Security Policy:
Strengthen personnel awareness, prevent data leaks, and implement daily operations to ensure the confidentiality, integrity, availability, and compliance of core system management business.
3. Specific Management Plan:
(1) The Information Security Office conducts regular information security risk assessments. Based on the size of the risk impact and the cost required for risk mitigation, priorities are set using the Plan-Do-Check-Act (PDCA) method to establish a multi-layered security defense and to create key performance indicators for information security.
(2) Joining information security collaborative organizations allows timely access to external information sharing and assistance in responding to security incidents.
A. Taiwan Chief Information Security Officers Alliance (CISO)
B. Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC)
4. Resources Invested in Information Security Management
(1) Regularly apply vulnerability patches to servers and personal computers to reduce the exposure risk of devices.
(2) Vulnerability Scanning and Penetration Testing
A. Annually perform vulnerability scanning and penetration testing on the company’s network equipment, application systems, and products.
(3) Annual Information Security Training and Phishing Drills
A. Conduct information security training for employees across the group, raise awareness about identifying phishing emails, and execute phishing drills. Analyze the results of these drills to establish improvement measures, continuously enhancing overall information security awareness.
B. Provide annual information security training for senior executives, integrating security awareness into daily management practices.
Stakeholder Contacts
Stock transfer agency
President Securities Corporation
Floor B1, NO.8, Dong Shin Rd., Songsan District, Taipei
TEL (02) 2746-3797
https://www.pscnet.com.tw
