CONTACT US
Investor
Cybersecurity

Cybersecurity

In-depth Cybersecurity Analysis Report

I. Cybersecurity Risk Management Framework

1.1 Risk Management System

1.1.1 Risk Assessment Mechanism:

  • In accordance with ISO 27001 standards, a comprehensive risk assessment process has been established and is regularly re-evaluated to adapt to emerging threat landscapes.

  • A structured approach of Risk Identification → Risk Analysis → Risk Evaluation → Risk Response is adopted to ensure the effectiveness of risk management.

1.1.2 Governance Structure:

  • Board of Directors & Senior Management: Formulate cybersecurity policies and ensure alignment of cybersecurity strategies with corporate goals.

  • Dedicated Information Security Unit (Information Security Task Force): Responsible for conducting risk assessments, security monitoring, and incident response.

  • All Employees: Adhere to cybersecurity guidelines and continuously improve security awareness.

1.2 Risk Assessment Process

1.2.1 Annual Cybersecurity Risk Assessment:

  • Inventory of information assets and identification of potential threats and vulnerabilities.

  • Evaluation of the impact of risks on business operations and formulation of corresponding strategies.

  • Regular review of risk response plans to ensure feasibility and effectiveness.

1.2.2 Vulnerability Management and Penetration Testing:

  • Annual vulnerability scans and penetration tests to identify system weaknesses.

  • One round of vulnerability scanning and penetration testing conducted in 2024.

  • Remediation actions taken for high-risk vulnerabilities.

1.2.3 Cybersecurity Incident Response:

  • Establishment of incident classification and response mechanisms (ranging from low to critical risk levels).

  • Incident Reporting → Response Activation → Improvement Reporting.

  • No major cybersecurity incidents occurred from 2023 to 2024.

II. Cybersecurity Strategy

2.1 Cybersecurity Policy Objectives:

  • Confidentiality: Prevent unauthorized access to internal corporate information.

  • Integrity: Ensure accuracy and protection from unauthorized modifications.

  • Availability: Ensure that authorized personnel have normal access to information systems.

  • Compliance: Adhere to the Personal Data Protection Act and regulations applicable to listed and OTC companies.

2.2 Core Cybersecurity Management Standards

2.2.1 Access Control:

  • Implementation of the principle of least privilege based on job responsibilities.

  • Regular review and adjustment of access rights to maintain account security.

2.2.2 Data Protection and Backup:

  • Regular backup of critical business data and establishment of off-site backup mechanisms.

2.2.3 Supply Chain Security:

  • Require outsourced vendors to sign information security agreements defining clear responsibilities and obligations.

  • Periodic audits of suppliers’ cybersecurity measures.

III. Specific Management Measures

3.1 Identity Authentication and Access Control

3.1.1 Multi-Factor Authentication (MFA):

  • MFA is mandatory for high-risk systems such as ERP, CRM, and cloud management platforms.

3.1.2 Account Management:

  • Regular review of user permissions and deactivation of dormant accounts.

  • Terminate employee accounts upon resignation to mitigate access risks.

3.2 Network Security Management

3.2.1 Internal Network Protection:

  • Deployment of firewalls, intrusion detection, and prevention systems (IDS/IPS).

  • Prohibition of unauthorized device connections and enforced network isolation.

3.2.2 Email Security:

  • Activation of spam and phishing email filtering systems.

  • Regular social engineering drills to enhance employee security awareness.

  • Three social engineering test exercises conducted in 2024.

3.3 Cybersecurity Incident Response Mechanism

3.3.1 Incident Handling Process:

  • Incident reporting and initiation of response plans.

  • Documentation and submission of improvement reports.

3.3.2 Disaster Recovery Plan (DRP):

  • At least one disaster recovery drill conducted annually to ensure business continuity.

IV. Cybersecurity Resource Investment

4.1 Human Resources

4.1.1 Dedicated Cybersecurity Team:

  • A dedicated information security team is established to handle risk assessment and protection.

  • Monthly reviews of system security and access controls, with immediate adjustments for high-risk systems or personnel.

4.1.2 Cybersecurity Education and Training:

  • New employees receive cybersecurity training upon onboarding.

  • Company-wide cybersecurity awareness campaign held in 2024.

  • Additional training provided in 2024 for high-risk roles in the IT department.

  • Three phishing email simulation tests conducted in 2024 to boost fraud awareness.

4.2 Technical Resources

4.2.1 Systems and Tools:

  • SIEM (Security Information and Event Management): Automated analysis of security events.

  • Endpoint Protection (EDR/XDR): Defense against ransomware and malicious attacks.

4.3 Financial Resources

4.3.1 Cybersecurity Budget:

  • Increased investment in cloud security, endpoint protection, and incident monitoring.

  • Continued investment in AI threat detection and Zero Trust architecture to maintain cutting-edge security.

4.4 Compliance and Certification:

  • Regular external cybersecurity audits to ensure regulatory compliance.

Conclusion

Through a comprehensive cybersecurity risk management framework, clearly defined policies, actionable management measures, and continuous resource investment, the company effectively strengthens its cybersecurity defense, reduces information risks, and ensures sustainable business operations.

 

 

CONTACT US

In accordance with the General Data Protection Regulation (GDPR) implemented by the European Union, we are committed to protecting your personal data and giving you control over it.

By clicking "Accept All," you consent to our use of cookies to enhance your experience on our website, help us analyze site performance and usage, and deliver relevant marketing content. You can manage your cookie preferences below.

Manage Cookies

Privacy Preference Setting Center

In accordance with the General Data Protection Regulation (GDPR) implemented by the European Union, we are committed to protecting your personal data and giving you control over it.

By clicking "Accept All," you consent to our use of cookies to enhance your experience on our website, help us analyze site performance and usage, and deliver relevant marketing content. You can manage your cookie preferences below.

View Policies

Manage consent settings

Necessary Cookies

Always On

These cookies are essential for the operation of the website and cannot be disabled in our system. They are typically set in response to actions you take, such as requesting services—like setting your privacy preferences, logging in, or filling out forms. You can set your browser to block or alert you about these cookies, but some parts of the website may not function properly as a result.