While financial technology (fintech) has significantly improved convenience in people’s lives, it has also given rise to various new forms of fraud. These emerging fraudulent practices have led to an increase in scam cases. In response to this, Fubon Financial Holdings announced the activation of its financial group and subsidiary anti-counterfeiting task force in April 2023. This proactive team is dedicated to combating various types of fraudulent activities.

Between June and December 2023, the task force took down a total of 223 reported cases related to counterfeiting. These cases included phishing websites, fake apps, social media platforms, and communication software. By actively addressing these incidents, Fubon aims to protect customer information and assets, contributing to a positive cycle within society.

Cyberattack governance is discussed and analyzed from incident identification and investigation viewpoints. The RGFE cybersecurity governance is presented from the fusion model of NIST CSF and ISO/IEC 27043:2015. That day-to-day business activity model has demonstrated due diligence and good corporate governance. It also can promote the evidence of court acceptance and reduce the expenses and time of an internal investigation. That will enhance the financial CISO mindset capacity of incident response trade-off from the following benefits :

1. Early detection and repair of potential risks.
2. Deploy information security protection software against potential threats.
3. Continuous monitoring of vulnerabilities and threats.
4. Quickly determine the scope of damage and respond.

Sharing how to to illustrate the common type of cyberthreats, includung DDoS、Ransomware、APT etc., by taking daily examples for the exectives. And present how to speak plain english to illustrate NIST CSF core functions, which there are "Identify"、"Protect"、"Detect"、"Response" and "Recovery".

Summary:

1. Why write a third-tier document - Standard Operating Procedure (SOP)? (We will tell you the practical benefits of an SOP)
2. What aspects should be considered when writing an SOP that meets enterprise needs? (How to use organizational requirements to think about SOP)
3. What else do you need besides SOP? (After writing SOP, what else do you need to complement it to promote this SOP and achieve consistency in business operations)
4. Sharing a practical SOP case study so you'll never be afraid to write an SOP again. (Practically demonstrate a complete SOP, unlocking your vital energy pathways)

The Red Team exercise is a highly realistic simulated cybersecurity exercise, that has been widely adopted in recent years. However, the spotlight often falls on those white-hat hackers, while the information department in the organization is usually extreamly blackened. How can Red Team exercises be effectively utilized to enhance the response capabilities of the defense team? Directly organizing a real-world cybersecurity offensive and defensive exercise is a good approach. Therefore, we have designed an internal real-world offensive and defensive exercise within the enterprise, allowing both sides to face each other in a competition-like manner to improve the response capabilities of the organization's defense team. This enables the defense team to have the opportunity and capability to keep intruders at a distance in future cybersecurity incidents.

Topic Content:

1. Benefits of Red Team Exercises
2. Differences between Cybersecurity Offensive and Defensive Exercise and Red Team Exercises
3. Explanation of how the enterprise-wide offensive and defensive exercise was designed in this case.
4. Sharing the benefits and process of organizing attack and defense exercises.