Information Security Policy

In view of the increasing popularity of computer and network applications in recent years, and to ensure the security of the Company and information security-related data, information systems, equipment and networks, the Company has established the Information Security Policy. The top executive of the information department serves as the convener to review the information security governance policies of each subsidiary and to oversee their operations. The Policy is regarded as the guidelines for the division of organizational authority and responsibility, personnel training, computer hardware and software, network and physical environment management for information security management of the Company. Additionally, the Top Executive reports regularly to the Board of Directors on the implementation of information security risk management.

 

 

2021 Information Security Operations

Operation item

Description

Awareness-raising on Information Security

A total of 9 information security awareness-raising sessions were conducted in 2021.

Information Security Related Education and Training Program

A total of 4 information security education training sessions were conducted in 2021.

Syslog Server Import

Strengthen the storage of various logs in the NG Firewall and centralized Server (AD&VPN account access, DHCP, DNS, DB, and other logs) and network device logs.

Vulnerability Scanning and Evaluation

Evaluate the existence of known vulnerabilities by scanning various network devices and system servers in the Company’s network environment through vulnerability scanning, and analyze and fix the vulnerabilities for effective and feasible improvement solutions to achieve the purpose of reducing information security risks.

Firewall Protection

 

Examine the firewall to set connection rules so as to ensure that malicious attacks are blocked.

Additional application is required for special connection needs.

User Access Control System

 

Control user internet behavior with an automated website protection system.

Automatically filter users’ access to websites that may contain Trojan horses, ransomware or malware.

Data Loss Protection (DLP)

Conduct daily data access and loss protection control using DLP.

Data monitoring and protection

Conduct weekly monitoring measures for USB data copying, cloud uploading, shared slot data access and Web data uploading. If abnormal usage records are found, the Company will notify the departmental senior officer or those holding a higher ranking according to the relevant information.

Anti-virus software

Adopt anti-virus software and update virus patterns automatically to reduce the chance of virus infections.

Operating System Updates

The operating system is updated automatically. If the system is not updated for any reason, the Information Management Department will assist in updating it.

Mail Security Control

 

 

There is automatic mail scanning threat protection

to prevent unsafe attachments, phishing mail, and spam before users receive mail, with the protection extended against malicious links.

The anti-virus software scans personal computers for unsafe attachments after receiving emails.

Data backup mechanism

Perform daily backups on the important data system database.

Critical File Server Management

Store important files from all departments within the Company on servers and perform backups by the information unit.