Information Security and Risk Management

Introduction to the organization

In order to ensure the security of the data, system and network of this company, the information security convener and information security specialists are responsible for the planning and implementation of information security affairs.

Information security risk management mechanisms:

Performs the management of information IDC software and hardware equipment, computer information file access security, network policy security, E-mail management security, and information system data control and access, etc.

Information security policy:

The goals of information security: To create a secure and trustworthy information security architecture operating environment to ensure the security of this company’s data, systems, equipment, files and networks, and to ensure the interests of this company as well as sustainable operation for the information systems of each unit.
                                                              

Specific information security management plans:

ItemSpecific plan
Firewall protection mechanismThe formulation of firewall information security rules, providing point-to-point SSL-VPN security protection and the formulation of rules for special requirements.
Antivirus software protectionInstall antivirus software, set automatic updates of virus signatures, reduce the chance of virus infection and ensure the security of computers.
Operating system updatesSet automatic update operation for the systems to allow the system to be in the best operating status, and prevent the risk of vulnerability intrusions and infections.
E-mail security controlSet automatic E-mail scanning threat protection mechanisms; the E-mails received by colleagues should be filtered first to block E-mails with malicious attachments, phishing E-mails and spam mails, as well as block and protect against malicious links.
Data backup mechanismBackup and remote backup mechanisms should be executed for each system to ensure the integrity and security of the data.
Use of file serversUse file servers to allow colleagues to place operation files, and the information unit will perform unified backup to ensure the integrity of the company’s data.

Blocking information security incidents and investment in disaster drill resources:

Check the operating system or important software updates of each system host, and perform important information security tasks such as disaster drill recovery process, and determine whether the information security concept and levels of the system, programs, software and hardware, network security and user are sufficient through occasional social engineering drills and information security health-check services, etc.

Emergency notification procedures for when information security situations occur:

When information security incidents occur, the information unit where it occurred will notify the information security convener. The convener will try to find out the cause of the incident and the measures to take, and then assign information security specialists to carry out information security processing and preventive implementation details to prevent similar information security incidents from occurring again.