Cybersecurity Risk Management

• Cybersecurity Risk Management Framework:

Cybersecurity is a key objective in the company’s digitalization strategy. The Cybersecurity Supervisor under the CEO’s Office formulates and promotes the cybersecurity policy, while dedicated personnel manage planning, implementation, and maintenance of the cybersecurity framework. Regular inspections and audits by the Audit Office ensure the system’s suitability, adequacy, and effectiveness.
 

• Cybersecurity Policy:

Applicable to the company and its overseas subsidiaries, the policy provides a framework and direction for corporate cybersecurity, defining management goals and guiding departmental security responsibilities. It strengthens cybersecurity to protect data, systems, equipment, and networks, minimizing risks of theft, misuse, leakage, tampering, damage, or service interruption due to human error, deliberate attacks, equipment failure, or natural disasters. The policy complies with Article 9 of the "Regulations Governing the Establishment of Internal Control Systems by Public Companies" and the "Cybersecurity Management Guidelines for TWSE/TPEx Listed Companies," ensuring confidentiality, integrity, and availability of information assets.
 

• Specific Management Measures:

Strategies focus on protection, compliance, and procedures:

1. Enhancing Cybersecurity Capabilities: Beyond firewalls, Network Security Monitoring (NSM) detects and analyzes risks, preemptively addressing vulnerabilities.
2. Improving Network, Endpoint, and Application Security: Antivirus software on all endpoints enhances anomaly detection. MPLS VPN secures networks and applications.
3. Regulatory Compliance: Adherence to the Enforcement Rules of the Cybersecurity Management Law by the Executive Yuan.
4. Education and Training: Annual cybersecurity training for all employees, with periodic awareness updates and irregular phishing email tests.

 

• Resources Invested:

Cybersecurity is a critical operational priority. Resources include: 

1. Dedicated Personnel: Full-time staff handle planning, technology adoption, and training to strengthen cybersecurity.
2. Education and Training: Mandatory annual training for all employees.
3. Announcements: Periodic notices communicate key security regulations and precautions.