Information Security Risk Management


Planning and Monitoring of Information Security Systems


I、Information security manager and specialist

We established an information security manager and specialist in 2012, who are responsible for the planning and monitoring of information security systems and the execution of information security maintenance operations.



1.Information security management areas:

(1) Staff information security promotion and information security education training.

(2) Computer software copyright management.

(3) Network usage security management.

(4) System account authority management.

(5) Information asset security management.

(6) Host and data redundancy security management.

(7) Confidential file security management.

(8) Information environment and server room access security management.

(9) Information security auditing.


2.Information security structure:


III、Risk Management and Notification Mechanism

1.In the event of an information security incident that causes the computer system to fail to operate or affects the execution of the company's business, the staff in charge will promptly fill out the "Notification of Information Security Incident" to report the scope of impact, contingency measures, and the estimated time of completion of repair to each responsible officer.

2.We will do our best to protect data on a daily basis, promote information security from time to time, raise users' awareness of information security, and establish a disaster recovery and reconstruction mechanism to prevent risky disasters and respond to emergency information security abnormalities.


IV、Risk prevention and emergency response

1. Risk prevention:

(1) Security protection mechanism: The company plans to establish an overall protection environment for information system and network security, including system access control mechanism, system connection records, construction of firewall, virus scanning, intrusion detection system IDS, system security vulnerability detection, and database offsite backup. We also formulate information security management policies and systems and implement regular security audits, network monitoring, and personnel security management mechanisms to strengthen information security concepts and protection capabilities and reduce security threats and disaster losses.

(2) The Company establishes disaster recovery plans in accordance with the importance of existing information systems and takes different contingency measures according to the degree of impact; in order to reduce the scope of impact and recovery time of information security incidents.

(3) According to the "Code of Practice for the Use of Information Resources by Employees", the company establishes various standard operating guidelines and norms for the use of information resources by employees, such as the management of pirated software, illegal downloads, system authority passwords, and confidential leaks.


2. Emergency Response:

(1) Prepare "Host Backup and Disaster Recovery Procedures" and "Information Security Emergency Response Procedures" documents for emergency operations (emergency response measures for operating systems, enterprise dedicated lines and external network lines, hosts of various services, and network attacks).

(2) The disaster recovery mechanism of important hosts is verified annually to ensure the recoverability of important systems.

(3) Daily backup of data content is decided according to the characteristics of each host operating system and application system for data restoration in case of emergency.





- 意林行銷 -