Overview of "Annual Reports and Public Prospectuses of Publicly Issued Companies Should Disclose Content Related to Information Security Risk Management", and overview of "major security incident information of listed and OTC companies", the current situation of "internal control systems of publicly issued companies to carry out information security-related operations", Reports of “information security management into corporate governance evaluation projects”, and reports the general situation of “encourage participation in security information sharing platforms”; and further introduced "Detailed Measures to Prevent Non-official Organizations from Leaking Personal Data" and "Government Zero Trust Network Instructions", Explain how the competent department will strengthen the planning direction of the organization's enterprise information security management in the near future.

If you know both the enemy and yourself, you will fight a hundred battles without danger of defeat. After looking at the painful experience of other listed companies, do you still think that your corporation has good management and not to pay attention to information security investment?

However, information security management is multi-faceted, and when companies are faced with so many important issues, how to spend money where it is needed most becomes an essential lesson for chief information security officers. Understanding the attacks that listed companies have suffered and the recent trend of hackers' attacks can help other corporations to lessen from the incident.

The speaker will analyze the security material information released by listed companies and compare the information security defense methods in their annual reports to identify the similarities and differences. Through the speaker's years of practical experience in the information security industry, he will guide you on how to respond to the latest information security attack trends.

According to the “Regulations Governing Information to be Published in Annual Reports of Public Companies”, public companies must disclose the cyber security management status of the last year in the annual report so that shareholders could understand what the security incidents occurred in the companies, and the cyber security management actually performance of the companies in the last year.In addition, according to Article 9-1 of the “Regulations Governing Establishment of Internal Control Systems by Public companies”, public companies shall allocate adequate chief information security officer to promote the company's cyber security policy and management.

With the above regulations, this speech not only include the importance of the annual reports must disclose cyber security management, but also take the different businesses cases to make everyone understand real situation in different corporations and then by the properly express the policy of cyber security to shareholders that will make corporations can achieve the goal of information security governance gradually.