CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

bg-inner
Jemmy

SPEAKER

Jemmy

EY Business Advisory Service Inc. Senior Director

Jemmy Chen has more than 15 years of experience as an information security and data/privacy protection consultant. He has assisted a number of financial holdings, banks, insurance, securities, semiconductor, information electronics companies and government agencies to implement information security risk management frameworks, design information security management systems, assess information system security risks, and obtain information security management systems ( ISO 27001) certification.

Speech

Security Vision Forum

SEP 22

#

Discloses Practice of Information Security Management in Annual Report

09/22 (Thu) 14:30 - 15:00 7F 701B
EY Business Advisory Service Inc. Senior Director / Jemmy

In November 2011, the Financial Supervisory Commission revised the " Regulations Governing Information to be Published in Annual Reports of Public Companies ", requiring all listed companies and publicly issued companies to disclose the operational overview of the information security management in their annual reports, including: information security risk management structure, information security policies, information security specific management plans, and resources invested in information security management, etc.. If there is a major information security incident, the losses suffered, possible impacts and countermeasures should also be explained. This year (111) is the first implementation of this requirement, and the content disclosed by each company can be viewed in the annual report. In this sharing, I will analyze the information related security actions disclosed by major listed companies, and discuss the direction and principles of disclosure from the information security practice, how to let investors and the public understand the efforts of each company to bet on information security, And strike a balance with over-disclosure of astute information.