Information Security Management

Information Security Management

Information security object and scope

Target: Including employees, customers, suppliers and shareholders, as well as operating-related information software and hardware equipment.
Scope: In order to ensure the company’s information security, formulate relevant rules and regulations, apply technology and data security standards, and incorporate them into the management and operation system to ensure privacy protection and information security maintenance when employees, suppliers and customers conduct business contacts.

Information Security Risk Management Framework

  1. SpeedTech Technology Co., Ltd. (hereinafter referred to as the company) is responsible for the information security department. The department has a information supervisor and several professional information personnel who are responsible for formulating internal information security policies, planning and implementing information security operations. Promotion and implementation of information security policies.
  2. The audit office of the company is the supervisory unit of information security supervision. This office has a supervisor in charge of supervising the implementation of internal information security. If any defects are found in the inspection, the inspected unit is immediately required to propose relevant improvement plans and specific actions, and regularly Track the effectiveness of improvements to reduce internal information security risks.
  3. The organization’s operating mode adopts regular audits and circular management to ensure the achievement of reliability targets and continuous improvement.

Information security policy and specific management plan

The company’s information security management mechanism includes the following three aspects:

  1. System specification: formulate the company’s information security management system and standardize personnel operations.
  2. Technology application: build information security management equipment and implement information security management measures.
  3. Personnel training: Carry out information security education and training to enhance the awareness of information security of all colleagues.

The management measures are described as follows:

  1. System specification: The company sets internal information security policies and information security operating procedures to regulate the information security behavior of the company’s personnel. It regularly reviews whether the relevant systems comply with changes in the operating environment, and adjusts them as needed. Regularly perform internal audits to strengthen the company’s information security operation management.
  2. Technology application: In order to prevent various external information security threats, the company has built various information security protection systems to enhance the security of the overall information environment.
  3. Personnel training: The company irregularly implements personnel information security education training courses and information security opportunities to promote information security knowledge and professional skills of the company’s colleagues.

The implementation of information security promotion in 110 years:

Information security education and training will be conducted quarterly this year, with one-day “Phishing and denial-of-access attack prevention basic education” and one-hour “Information Security Management and Application” courses, company-wide About 400 employees participated。

The information security management measures implemented by the company include the following:

categoryinstructionRelated measures
authority managementPersonnel account, authority management, system operationPersonnel account authority management and review
Regular inventory of personnel account permissions
Access controlPersonnel access to internal and external systems, data transmission pipeline security measuresInternal/external access control
Data leakage control
Operational behavior track record
External threatPotential weaknesses of the internal system, anti-virus and anti-hack protection measuresHost computer weakness detection and update measures
Anti-virus and anti-hacking, junk and malware detection
System availableSystem availability status and handling measures when service is interruptedSystem/network availability status monitoring and notification mechanism
Contingency measures for service interruption
Data backup and system backup mechanism
Regular disaster recovery drills

error: 不可以按右鍵呦~~