To elevate employee's awareness of information security and response capabilities, we prioritized information security education and endpoint protection in 2024. Multiple sessions of information security policy advocacy and practical training have been conducted company-wide, with specialized courses tailored to the needs of various departments. Up to now, employee training hours have accumulated to 230 hours. Additionally, we organized simulated information security drills to help employees understand common security threats and prevention measures, thereby improving their practical response capabilities. Furthermore, dedicated information security personnel have received advanced professional training to ensure their ability to address complex security issues.
Since the establishment of the dedicated Information Security Department in December 2022, the department has been gradually enhanced. The General Manager also serves as the Chief Information Security Officer (CISO), supported by one dedicated security manager and two engineers. Plans are in place to recruit an additional engineer with relevant security certifications. The department is responsible for formulating, monitoring, and implementing the company's information security strategies and policies. Regular incident drills are conducted to bolster the department's capacity to handle real-world threats. The department also fosters collaboration with other departments to ensure the consistent implementation of security policies and measures company-wide.
In compliance with the Financial Supervisory Commission's guidelines for publicly listed companies and the ISO 27001 standards, we have established the Information Security Management Policy and the Information and Communications Security Maintenance Plan. These policies have been implemented across the company. To ensure comprehensive security coverage, we have established stringent security management systems and control measures, regularly evaluating and updating our policies to address emerging threats. Additionally, to enhance awareness of external security risks, we have joined the Taiwan Information Security Alliance. This enables us to adjust our defense strategies promptly through real-time global threat intelligence.
To strengthen the protection of endpoint devices, all endpoints have been equipped with antivirus software of the highest specification from the brand, coupled with active virus monitoring mechanisms. Moving forward, we plan to integrate Managed Detection and Response (MDR) between December 2024 and Q1 2025. Regular vulnerability scans and system patches are also conducted to ensure system security. To address both internal and external risks, we have established a dual-track security check mechanism and perform regular risk assessments to identify and mitigate potential vulnerabilities and threats.
The operations and plans of the Information Security Office for the first and second halves of 2024 have been reported to the 27th session, 21st board meeting (November 13, 2024).
To elevate employee's awareness of information security and response capabilities, we prioritized information security education and endpoint protection in 2024. Multiple sessions of information security policy advocacy and practical training have been conducted company-wide, with specialized courses tailored to the needs of various departments. Up to now, employee training hours have accumulated to 230 hours. Additionally, we organized simulated information security drills to help employees understand common security threats and prevention measures, thereby improving their practical response capabilities. Furthermore, dedicated information security personnel have received advanced professional training to ensure their ability to address complex security issues.
Since the establishment of the dedicated Information Security Department in December 2022, the department has been gradually enhanced. The General Manager also serves as the Chief Information Security Officer (CISO), supported by one dedicated security manager and two engineers. Plans are in place to recruit an additional engineer with relevant security certifications. The department is responsible for formulating, monitoring, and implementing the company's information security strategies and policies. Regular incident drills are conducted to bolster the department's capacity to handle real-world threats. The department also fosters collaboration with other departments to ensure the consistent implementation of security policies and measures company-wide.
In compliance with the Financial Supervisory Commission's guidelines for publicly listed companies and the ISO 27001 standards, we have established the Information Security Management Policy and the Information and Communications Security Maintenance Plan. These policies have been implemented across the company. To ensure comprehensive security coverage, we have established stringent security management systems and control measures, regularly evaluating and updating our policies to address emerging threats. Additionally, to enhance awareness of external security risks, we have joined the Taiwan Information Security Alliance. This enables us to adjust our defense strategies promptly through real-time global threat intelligence.
To strengthen the protection of endpoint devices, all endpoints have been equipped with antivirus software of the highest specification from the brand, coupled with active virus monitoring mechanisms. Moving forward, we plan to integrate Managed Detection and Response (MDR) between December 2024 and Q1 2025. Regular vulnerability scans and system patches are also conducted to ensure system security. To address both internal and external risks, we have established a dual-track security check mechanism and perform regular risk assessments to identify and mitigate potential vulnerabilities and threats.
The operations and plans of the Information Security Office for the first and second halves of 2024 have been reported to the 27th session, 21st board meeting (November 13, 2024).