1. Product/Service name and self-developed ingredient description

This product is a set of electronic system processing and control operation process, which mainly assists customers to replace the current manual operation, and will complete the import, evaluation, notification, processing, tracking and management of information asset weakness scanning results and record and keep track records, which can not only grasp the weaknesses and their repair status in real time, reduce adverse effects, but also reduce the possible threats of these weaknesses to the customer's assets and even operations.

The design and development of the entire product are designed in accordance with the guidelines of the ISO-27001 specification.

With the rapid development of the Internet's open architecture, information security can no longer focus on a single point or aspect of consideration. The entire information security includes the network, server, operating system, application program, database system and human factors. considerations at various levels. Therefore, in this project, we emphasize the design of information security in the design stage, therefore, it is comprehensive throughout the entire project life cycle, and in the program development stage and the online maintenance stage, there are different plans. Therefore, in terms of programming specifications, our company refers to the "Web Application Security Reference Guide" published by the National Information Security Conference Technology Service Center and the 10 OWASP (Top 10 Most Critical Web Application Security Risks), information security requirements are incorporated into the system design when the program is written.

In addition, since the management of personal data has become an important issue, we have also planned personal data protection measures in this system.

2. Product/Service function description

Product/service functions and features:

A. This system can integrate human resources system, single sign-on and authority control system, import the organizational structure of the organization to correspond to the use roles and authority, and can automatically set up agents.

B. The system provides various input methods for weak point detection results, including batch import or manual input of weak point scan results,

C. It can integrate another set of our ISMS system（Information Asset and Risk Assessment Management System）, and simultaneously check and inventory information assets in the organization.

D. This system can be assigned to different staffs for improvement operations according to different attributes of information security weaknesses.

E. The system conducts risk assessment and analysis based on the imported weak scan results, and refers to the corresponding asset value to automatically determine the priority of improvement operations and the improvement deadline,

F. The system can be automatically processing the online approval process according to the imported organizational structure.

G. This system provides the tracking function of improving the progress of the work, and can attach relevant supporting materials to the supervisor for online approval.

H. Provide relevant case statistics management reports and battle situation dashboards, so that the management can clearly control the relevant operations and progress.

I. This system has a white list management function, which provides supporting evidence for misjudgment and cases that cannot be improved.

Solvable problems and effects:

A. Establishment of information security vulnerability records.

B. Dispatch cases of information security weaknesses.

C. Handling records of information security vulnerability cases.

D. Sign-off track of information security vulnerability cases.

E. Report and track the processing progress of case work.

F. Analysis and reference application of information security weakness cases.

G. Reduce paper consumption and storage difficulties.

3. Description of application scenarios of products/services

Application scenario description: In today's society, information security management operations have become more and more important. Faced with ever-changing information security threats, information security managers or business owners are often worried about how to effectively manage information security issues. This system is designed to reduce the burden on the information security vulnerability management work, and also reduce the organization's existing or potential information security risks.