Cyber espionage actors from China are challenging defenders globally with vastly improved capabilities. This evolving threat is particularly relevant to Taiwan where these actors are highly focused. In her presentation, Sandra Joyce will highlight multiple improvements these actors have made to achieve greater stealth and complicate attribution. Her presentation will detail the focus on 0-days in security devices, the use of IOT botnets for infrastructure, and the adoption of living-off-the-land techniques by these actors. Additionally, she will detail the information operations campaigns which have targeted Taiwanese audiences in recent years.

軟體安全漏洞都有自己的生命週期，從發現到攻擊、再到修補，然後，通常就銷聲匿跡。對於這生命週期的每一階段，企業可採取不同的措施來盡量降低自己及客戶所面臨的風險。但不幸的是，許多產業在試圖回應漏洞時，都會因其產品與製造流程上的特性而面臨一些獨特挑戰。例如，汽車本身就擁有複雜的供應鏈與眾多第三方元件，這些都必須隨時保持更新並加以強化，才能抵禦現代化攻擊。

本演講探討各種產業在處理漏洞並監控威脅情勢時，須注意的一些特殊領域。我們從趨勢科技 Zero Day Initiative 全球最大非限定廠商獨立漏洞懸賞計畫以及 Pwn2Own 駭客大賽所學到的經驗，檢視產業該如何因應這些挑戰，以及業界在哪些地方做得不錯、哪些地方則有待改善。最後，我們會提出了一些軟硬體廠商在管理漏洞生命週期時可以列入考量的建議。

這個場次中將以我的角度，一同回顧過去十年「臺灣資安大會」所見證的資安演進。在這個快速發展的時代，資安技術已從各種威脅偵測產品發展，轉向各種防禦方法論的流行。除了資安產品的發展外，資安服務也逐漸受到重視。加上近年來，隨著人工智慧自動化技術的引入，許多令人期待的變革正在席捲資安產業。讓我們一起探討未來十年資安領域可能發生的變化。

This speech will give you general overview in The Netherlands public private partnership approach in the context of growing cyber security threats, changing global politics and upcoming new rules and regulations such as the NIS2 directive on cyber resilience and the EU cyber security act for safe and cyber secure products. Giving insights from the perspective of a foundation not for profit that operates as an eco-system orchestrator where about 300+ Dutch partners form government, knowledge institutes and businesses collaborate and innovate together towards a more secure digital society. One of the showcases is about the setup and network on cyber resilience centers for the horticulture and manufacturing sectors. Moreover about the work on international knowledge bridges and business alignments, also between Taiwan and The Netherlands.

在數位轉型持續推進的時代，隨著新興科技盛行，駭客攻擊手法日新月異，企業需重新評估其資安管理策略，以零信任架構為基底，掌握其關鍵之 PDCA 導入流程，藉由三大核心精神（可視化、自動化、協同作業 ） ，從而提升企業資安治理成熟度。

本次議題 e-SOFT 將分享如何有效的深入檢視企業既有的資安環境，識別潛在風險和漏洞，進而針對性地加強資安防護措施，隨著資安管理關鍵績效指標透明化，提升組織對於資安管理落實的重視程度，持續性的檢視與改進流程，來確保資訊資產的完整性、可用性和機密性，保障業務運作的持續和穩健。

本演講將從 TESLA 最近招回的事件開始，配合影集'斷訊'的場景，描述未來如果 ADAS 被駭客誤用的時候會發生 的場景，然後介紹 ADAS 的原理與近期的發展,緊接著將介紹 ADAS 三大類型，28 種攻擊樣態，最後介紹 ADAS 的安全防護與美國的安全要求。

本演講主要對象為對自駕技術有興趣的大眾與自駕技術研發人員，藉由揭露自動駕駛的場景帶出各種安全隱憂與防護之道，並引導該注意的防護要點，期能提供更加安全的自駕技術。

As the cybersecurity landscape grows more complex, the responsibilities of the Chief Information Security Officer (CISO) have evolved significantly. New CISOs face challenges such as advanced cyber threats, regulatory pressures, and technological changes while working within tight budgets. This keynote presentation discusses the effective CISO journey in three key areas: visionary leadership, strategic risk communication, and adaptive change management.

Drawing on personal experiences from leading a global cybersecurity team and interviews with global CISOs, this talk will outline practical strategies for:

1. Building and leading teams with a clear and compelling vision.

2. Articulating and negotiating cybersecurity risks with senior stakeholders to facilitate informed decision-making.

3. Embracing technological and regulatory changes as opportunities for innovation and improvement.