CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
Jemmy Chen has more than 15 years of experience as an information security and data/privacy protection consultant. He has assisted a number of financial holdings, banks, insurance, securities, semiconductor, information electronics companies and government agencies to implement information security risk management frameworks, design information security management systems, assess information system security risks, and obtain information security management systems ( ISO 27001) certification.
#
In November 2011, the Financial Supervisory Commission revised the " Regulations Governing Information to be Published in Annual Reports of Public Companies ", requiring all listed companies and publicly issued companies to disclose the operational overview of the information security management in their annual reports, including: information security risk management structure, information security policies, information security specific management plans, and resources invested in information security management, etc.. If there is a major information security incident, the losses suffered, possible impacts and countermeasures should also be explained. This year (111) is the first implementation of this requirement, and the content disclosed by each company can be viewed in the annual report. In this sharing, I will analyze the information related security actions disclosed by major listed companies, and discuss the direction and principles of disclosure from the information security practice, how to let investors and the public understand the efforts of each company to bet on information security, And strike a balance with over-disclosure of astute information.