Information security management
Information security management
We began digital transformation in recent years to enhance process efficiency and optimize management processes. As the degree of digitization increases, it is necessary improve our information security protection against external information security threats at the same time. Through building management mechanisms, personnel training, and protection tests and drills, we continuously optimize information security management. Currently, we are planning our information security management policy and will include information security issues, scenario drills and information security assessment, and audit results in our consideration and continual improvement in 2023 to review the integrity and suitability of policies and protection measures, build complete information security protection capability, and raise the information security awareness and response capability of employees.
Draw up information security management policy
・Establish relevant information security procedures to ensure the confidentiality, integrity, and availability of information assets. ・Protect the information of business activities from unauthorized access. ・Protect the information of business activities from unauthorized alteration and ensure information accuracy and integrity. ・Ensure the continuity of information operation. ・Periodically implement information security audits to ensure the proper implementation of information security.
2022 information security management mechanism
| Information security management items |
Implementation measures |
|---|---|
| Physical management | ●Automated monitoring and management of servers and network equipment in the server room. ●Migrate important system services to the cloud and set up a VPN to control use. |
| System management | ●Split control by segment and separate intranet and extranet management. ●Networking and instant messenger (IM) software management: Controlled use. ●Periodic password change and multi-factor authentication (MFA). ●Annual vulnerability scan and remediation of vulnerabilities. ●Disaster recovery (DR) drills every year. ●Email protection mechanism: Apply advanced threat protection (ATP) to the email accounts of important staff. |
| Hardware protection | ●Two-tier firewall: We updated our firewall equipment in 2022 and plan to update to the two-tier firewall structure in 2023 to enhance protection. ●Control of private computer use: No use of private computer equipment in the Company. ●Storage equipment control: No unauthorized USB storage device can be used. ●Optimize data backup: Periodic corporate data backup and synchronous cloud data backup for offsite backup. |
| Others | ●Strange email reminder: Block business email compromise (BEC). ●Dual circuit redundancy: Ensure undisrupted networking service. |