Frame of Cyber security Management

The IT team of the company is responsible for devising and executing the company's IT security policy, and regularly reports to the Board of Directors.

The audit department is responsible for supervising IT security and conducting inspections based on computer operating system controls, including IT security inspections. We conduct regular follow-ups to mitigate risks.

WIN Information Security Risk Management Framework Diagram

Cyber security policy and implementation

To mitigate the risks of tampering, theft, and destruction of company information from internal and external threats, we ensure the integrity, confidentiality, and availability of information. The key points of relevant management measures are as follows:

Cyber security training
Cyber security training for new employee.
Equipment and account management
The equipment room shall be equipped with safety monitoring measures such as temperature control, abnormal warning, and uninterruptible power supply system. Additionally, it shall consider emergency response measures in case of earthquake or fire.
Base on the account-naming principles, employee accounts and their passwords should comply with complexity guideline, and passwords should be updated regularly.
The IT department is responsible for installing, managing, and monitoring software such as operating systems, anti-virus programs, and security software to ensure the integrity and security of the company's information technology infrastructure.
Virus Prevention and Security Updates
It is imperative that all company-owned computer equipment be equipped with up-to-date anti-virus software to safeguard against cyber threats and ensure the integrity and security of the company's information technology infrastructure.
To prevent illegal intrusions by hackers, it is essential to strengthen network controls and configure enterprise-level firewalls. Regular cyber security audits should be conducted in collaboration with customers to meet the high standards expected by both parties.
System development, data and network access security
The original program used for development and testing must be backed up regularly and accessed exclusively by dedicated developers or system administrators to ensure the security and integrity of the program.
Non-employees are strictly prohibited from utilizing any company-owned computers, equipment, accounts and passwords. Only essential services such as email, file sharing, and internet access will be permitted through approved devices.
Software usage
Unauthorised software is prohibited. All internal software installations must be completed by the IT Department, in accordance with the specific work type and corresponding security protocols.
Cyber Security Emergency
Depending on the nature and severity of the incident, there are 5 distinct levels of notification procedures that must be followed.

Cyber Security Management

Icon for Network Cybersecurity Maintenance

Network Hardware

Our company has implemented a variety of security measures to safeguard against potential threats, including firewalls, spam filters, mail auditing backup devices, NAS and tape backup systems, and more.

Icon for computer software maintenance

Software system

Anti-virus and backup management software.

Normal Maintenance Icon

Maintenance

Additionally, we conduct annual systematic disaster recovery exercises, regular cyber awareness training and drills, and annual audits to ensure that our systems remain secure and up-to-date.