Information Security Management

Information Security Management

Information Security Management

Information Security Object and Scope

Targets: Stakeholders (including employees, customers, suppliers, shareholders, etc.), and operation-related information software and hardware equipment.
Scope: In order to ensure the company’s information security, formulate relevant rules and regulations, formulate application technology and data security standards, and incorporate them into the management and operation system to protect the privacy protection and information security of employees, suppliers, and customers when conducting business contacts maintain.
(1) Information Security Risk Management Framework
The responsible unit for the information security of the company is the Information Department, which has an information supervisor and several professional information personnel, responsible for formulating internal information security policies, planning and implementing information security operations, and promoting information security policies. implement.
1. Information Communication Security Policy
The company attaches great importance to the security and privacy of stakeholders, including employees, customers, shareholders, and information assets related to operations. Considering the business needs of the company, establish information security-related management procedures and “personal data protection management procedures” to prevent possible risks and implement specific and effective security protection and personal data privacy protection measures.
2. Specific management plan
The company attaches great importance to the security and privacy of stakeholders, including employees, customers, shareholders, and information assets related to operations. Considering the business needs of the company, establish information security-related management procedures and “personal data protection management procedures” to prevent possible risks and implement specific and effective security protection and personal data privacy protection measures.
Information personnel have many years of experience in information security, act as a third party from time to time, simulate hacking methods to perform drills, and if loopholes are found in the test results, they will be repaired within the specified time limit and pass the retest.
(1) System specification: The company has established internal information security operation procedures to regulate the information security behavior of the company’s personnel, regularly inspects whether the relevant systems are in line with changes in the operating environment, and makes timely adjustments according to needs. Regularly perform internal audits to strengthen the operation management of the company’s information security.
(2) Technology application: In order to prevent various external information security threats, the company has built various information security protection systems (such as: anti-virus software) to enhance the security of the overall information environment.
(3) Personnel training: The company conducts personnel information security education and training practical courses and information security opportunity promotion from time to time, so as to enhance the information security knowledge and professional skills of the company’s colleagues.
(4) Implement specific information security management measures:
Classification Directions Related Measures

Authority Management

  1. Personnel account
  2. Privilege Management
  3. System operation
  • Personnel account authority management and audit
  • Regular inventory of personnel account permissions

Access Control

  1. Personnel access to internal and external systems
  2. Data Transmission Channel Security Measures
  • Internal/External Access Control
  • Data leakage control
  • Track record of operation behavior

External Threat

  1. Potential weaknesses in internal systems
  2. Protective measures against viruses and hackers
  • Host computer vulnerability detection and update measures
  • Antivirus and hacker detection, spam and malware detection

System Available

System availability status and handling measures when service is interrupted.

  • System/network availability status monitoring and notification mechanism
  • Contingency measures for service interruption
  • Data backup and system backup mechanism
  • Regular disaster recovery drills
3. Invest resources in information security management
(1) Prevent hackers from invading and stealing company confidential information by building an information security monitoring system and performing system vulnerability scanning. At the same time, establish a complete information system security protection network, including computer rooms, network equipment, and network connections And personal information equipment (such as: desktop computers, notebook computers, etc.) management to implement the protection of employee personal information, company confidential information, customers and suppliers.
(2) Conduct information security education and training every year. In 2022, the content of the course will be adjusted to “Information Daily Information Security Awareness Training”. Employees actively participate in and understand information security content that is closer to daily life. From time to time, announcements and promotions are made on various information security awareness. Through continuous training and promotion, employees’ awareness of information security will be enhanced and strengthened.
(2) In the most recent year and as of the date of publication of the annual report, the losses suffered due to major information security incidents, possible impacts and countermeasures: None.
error: 不可以按右鍵呦~~