Information security risk management and plan
The responsible for information security of Complex Micro Interconnection Co., Ltd. is the IT division, which is responsible for formulating enterprise information security policies, planning information security measures, and implementing relevant information security operations.
Information security management objectives
Maintain the continuous operation of information systems
Prevent hacking, various viruses and damage
Prevent improper and improper use by human intent
Prevent sensitive data leakage
Avoid accidental human negligence
Maintain the security environment
“Information security facilities and management
“1. Computer equipment safety management
“The computer host, various servers and other equipment are set up in a special computer room, the door control of the machine room is locked, and the entry and exit records are retained for inspection.
The computer room is equipped with independent air conditioning to maintain the operation of computer equipment in an appropriate temperature environment, and placed vapor-type fire extinguishers, which can be applied to fires caused by general or electrical appliances.
The host of the computer room is equipped with uninterrupted power and voltage regulation equipment to avoid the system crash caused by the unexpected instantaneous power failure .
Network security management
The entrance to the external network is connected to the enterprise-level firewall to block the illegal intrusion of hackers.
Taipei headoffice with Kunshan factories Site to site use data encryption to avoid illegal capture during data transmission
The staff must apply for an SSLVPN account to access the ERP system from the company’s intranet remotely, and can only log in and use through sslVPN’s secure way, and all of them have a usage record to audit.
Configure Internet behavior management and sifting devices, control Internet access, block access to harmful or policy-prohibited network addresses and content, strengthen network security, and prevent improper use of bandwidth resources
Virus protection and management
The server and the staff’s terminal computer equipment are installed with endpoint protection software, and the virus code is automatically updated to ensure that the latest viruses can be blocked, and the installation of potentially threatening system executable files can be detected and prevented.
System access control
The use of each application system by colleagues, through the system permission application procedure stipulated by the company, after approval by the competent supervisor, the information room establishes a system account, and the system administrator authorizes the application according to the functional permissions requested.
The password setting of the account stipulates the appropriate strength, word count, and must be text and numbered to pass
Ensure the continuous operation of the system
System backup: Build a backup system, adopt a daily backup mechanism, in addition to uploading a copy to the computer room and the ex-situ computer room, a copy is stored separately to ensure the security of the system and data.
Disaster recovery practice: Each system implements a practice once a year, after selecting the reference point of the restoration date, the backup media is stored back in the system host, and then the user’s division confirms the correctness of the reply data in writing to ensure the correctness and effectiveness of the backup media.
Rent two data lines of the telecommunications company, manage the equipment through the bandwidth, and the two lines are connected in parallel to each other for backup use to ensure that network communication is not interrupted.
Security publicity and education training
Reminder: Ask colleagues to change the system password regularly to maintain account security.
Lecture Publicity: Implement information security-related education and training courses for internal colleagues every year