The speaker will address the information security policies established by regulatory authorities, the ongoing efforts of listed companies to promote these policies, as well as the evolving information security landscape and the key areas of focus for listed companies.

"Information Security Management and Control Guidelines for the Exchange-Listed & OTC-Listed Companies" is an information security guideline jointly announced by TWSE and OTC.

This speech will look at how to introduce the guidelines into the internal control system of listed companies from the perspective of internal control, the key points of the provisions in the guidelines, and the issues and opinions in the guidelines.

Listed companies are facing a series of cybersecurity challenges due to the continuously evolving landscape of intrusion threats. In this seminar, we will analyze the increasingly complex cybersecurity threats and challenges faced by enterprises, providing insights into potential threats. Taking a comprehensive security perspective, we will examine cybersecurity from gateways to endpoints, from networks to applications, and from the cloud to data centers. Only with a comprehensive, end-to-end security vision can we identify, detect, protect, and respond to various cybersecurity threats, eliminating cybersecurity blind spots.

Let's explore together and define a clear direction and key cybersecurity strategies for listed companies, safeguarding the security of critical corporate information.

The latest regulations introduced by the U.S. Securities and Exchange Commission (SEC) in 2023 demand heightened disclosure and management of cybersecurity risks. This underscores widespread deficiencies in how organizations handle cyber risks. Meeting the SEC's mandate to report significant risks resulting from cybersecurity incidents requires strategic action. This presentation will explore key strategies that organizations must adopt to effectively comply with these regulatory mandates. Furthermore, we will discuss an approach utilizing the FAIR Materiality Assessment Model (FAIR-MAM) to systematically evaluate and quantify cybersecurity risks, aligning with the SEC's definition of "material" events.