To improve the security management of the group, a Group Cybersecurity Department has been established, with the Chief Financial and Information Officer as the highest responsible person. The Information Security Department is responsible for driving information security policies and resource all ocation. It is staffed with dedicated cybersecurity professionals to ensure that all information security management standards and control measures are effectively and continuously implemented.
All of customers' private and confidential information is disclosed on a need-to-know basis, and the Group has implemented three different types of control: People, Process and Technology to ensure the security of customers' private and confidential information. Below is a summary of the three controls:
To meet the requirements of internal information security regulations and external regulatory authorities, the group has established an Information Security Management System and information security management procedures. Nine information security objectives have been formulated, and the results of their achievement are recorded on a monthly basis.
Time of Abnormal Interruption of Dedicated Communication Line
Antivirus Software Virus Definition Update Achievement Rate
Network Equipment Failure Statistics
Statistics on Unauthorized Changes to Communication and Information Equipment
Incidents of Unauthorized Account Creation in AD / Mail Systems
Core Server Service Interruption Time
Failures in Backup of Critical Core Systems
Unpatched Critical Vulnerabilities Detected in System Scans
Statistics on the Number of Information Security Incidents
The Company inventory the information assets and update the record book of assets periodically. Every year, the risks related to the information assets are appraised, and the high risk items are controlled, to lower the chance of risks and their impacts, for the purpose of ensuring the Company’s long-term cybersecurity.