Information risk control

To reinforce information safety protection, the Company comprehensively promoted the introduction of the information security management system in 2012 and obtained the ISO 27001 information security management system (ISMS) certificate in August 2013. The Company continues to advance its cybersecurity system structure, requires employees to implement information safety management specifications, and build a comprehensive information safety protection force via information assets and risk assessments, monitoring operating impact analysis, business continuity drills, and other systems to include information safety awareness and concepts in the corporate culture and take steps forward to building the zero trust network structure.

Information safety protection	Protection item
EDR information safety protection	EDR
	MDR
	Avoid network or blackmailing software attack
Firewall	Stop hackers from attacking and paralyzing the network
Firewall	Control reasonable network use
Anti-virus software	Stop viruses from damaging corporate data
	Avoid viruses from affecting work efficiency
	Avoid external attacks of viruses from affecting goodwill
Anti-spam	Avoid excessive spam from affecting work efficiency
Anti-spam	Avoid viruses from being delivered to the Company via e-mail
E-mail sending/receiving record	Record e-mails sent/received and avoid deletion of mails by mistake, virus, and loss
E-mail sending/receiving record	For subsequent audits and proof
PC end protection	Peripheral data access control of USB disk/Bluetooth/Network Neighborhood/memory card
	Instant communication and file-sending control and webmail/cloud disk control
	Mobile communication network control
External personnel connection control	Control for the remote access of personnel to corporate resources
	Control for the WFH access of personnel to corporate resources
	Control for mobile communication equipment
Control for external computers	Internet connection control for partners/suppliers/customers when visiting the plant
Control for external computers	Control for private computers of employees when visiting the plant
Online behavior screening and control	Avoid employees from mistakenly accessing websites with malware
	Authorize online connection categories based on level and work requirements
	Statistics of employees' online behaviors/time/ranking
	Record online behaviors and perform anomaly analysis
Anti-virus wall	Stop internal viruses from external attack
	Stop new variants of malware from attacking
	Battle viruses and reduce internal infection opportunities
Centralized control of material figures and text	Stop internal viruses from external attack
	Centralized control of material files
	Knowledge base management and sharing

We comply with information safety policy requirements via the introduction of the ISO 27001 information security management system and regularly carry out information safety promotion and employee information safety educational training. Internal and external professional auditors and the organization carry out audits of the information safety management system each year, evaluate the information operating status, risk control, and event improvement, and report to the information safety processing team to control and minimize information safety risks.

Sustainable Management

Information risk control

Information risk control

Keywords Search

Popular Keywords: