The information on the security risk management framework, policies, specific management plans, and resources invested in the security management of Datacom.
A. Information Security Policy
In order to make the business of this agency operate smoothly, prevent the information or information system from being accessed, used, controlled, leaked,
destroyed, tampered, destroyed or otherwise violated without authorization, and ensure its confidentiality (Confidentiality), integrity (Integrity) ) and
availability (Availability), this policy is specially formulated as follows for all colleagues to follow.
1. Effectively manage information assets, continuously perform risk assessment, and take appropriate protective measures.
2. Protect the information and information communication system from unauthorized access and maintain the confidentiality of the information and information communication system.
3. Protection against unauthorized modification to protect the integrity of information and information communication systems.
4. Ensure that authorized users can use the information and information system when needed.
5. Comply with laws and regulations.
6. In response to changes in the information security threat situation, information security education and training should be conducted to improve the information security awareness of colleagues in the agency.
7. Do not open emails from unknown sources or senders that cannot be clearly identified.
8. It is forbidden for multiple people to share a single information system account.
9. The use of non-copyright software systems is strictly prohibited.
10. Unauthorized use of external storage media is strictly prohibited.
11. The backup of important personal computer data is approved according to the electronic approval process, and the information department will set up the backup.
B. Information security goals
1. Be aware of the occurrence of information security incidents, and be able to complete notification, response and recovery operations within the specified time.
2. The email open rate and attachment click rate of the email social engineering exercise shall be handled in accordance with the regulations of the superior authority.
3. To meet the requirements for the classification of information security responsibility levels, and to reduce the threat of exposure to information security risks.
4. Improve personnel information security protection awareness, effectively detect and prevent external attacks.
C. Approval procedures for information & communication security policies and objectives
The security policy of Information & Comminucation will be approved by Chief Security Officer after the review and survey of the Security Management Meeting of Information & Comminucation.
D. Publicity of information security policies and objectives
1. The information security policy and objectives of this agency shall be publicized to all personnel in the agency.
2. The agency shall publicize information security policies and objectives to stakeholders (such as IT service providers, and units related to the agency's connection operations).
E. Regular review procedures for information security policies and objectives
Infocom's security policies and objectives should be regularly reviewed for their appropriateness at Infocom's security management review meetings.
F. Organizational Structure
General Manager: Mr. Chung Kuo Sung
Deputy General Manager of Administration Department: Kuo Hui Ling
Handling and Response Team: Ye Ying Yi and IT Department
Audit Team: Hong Jiankai and Audit Office
F. The Information & Communication Chief Security Officer
On March 28, 2023, the company's board of directors approved the nomination of information department manager
Mr. Ye Yingyi by the general manager's office as the information & Communication security chief officer.
He will be fully responsible for the company's information security planning, monitoring, execution and appointment
of dedicated personnel and so on business.
