With the acceleration of the digital transformation of the financial industry, API has become an important bridge for exchanging data and services between systems. However, this has also brought about information security risks such as data leakage and service interruption. Therefore, establishing a sound API security governance mechanism is crucial to ensuring the security and trust of the organization. In the agenda, we will share the application scenarios of APIs in financial institutions, the OWASP Top 10 common threat indicators, cybersecurity cases that have occurred at home and abroad, regulatory requirements for APIs in financial institutions, and the planning and design of related response management mechanisms. It is expected that the audience will receive specific and actionable API security protection advice, and understand how to effectively manage and govern APIs, reduce security risks, and ensure business continuity and customer trust.

From the perspective of the financial industry, cybersecurity officers should review domestic cybersecurity incidents and regulatory amendments to develop policies, procedures, and response teams capable of addressing unknown threats.

Many security teams focus on digital forensics, including disk imaging and malware analysis, while incident response prioritizes containment, eradication, and recovery. However, digital forensics is labor-intensive and may not be suitable in the initial response phase. First responders should swiftly collect key digital evidence using triage tools while ensuring system continuity for consumers.

Before making critical decisions, it is essential to assess regulatory compliance, evaluate potential damage, and consider stakeholder interests to minimize losses effectively.

Insider threats remain one of the most persistent and dangerous challenges in the financial sector, contributing to significant data breaches and financial losses. Unlike external cyberattacks, insider threats exploit legitimate access, making them difficult to detect using traditional security methods. These threats can arise from malicious insiders, negligent employees, or compromised accounts, posing severe risks to financial institutions.

This session will explore how Trellix Wise AI and Trellix NDR (Network Detection and Response) provide a proactive, AI-driven approach to insider threat detection. By leveraging behavioral analytics and machine learning, Wise AI continuously monitors user activities to detect anomalies, while NDR analyzes network traffic to uncover hidden patterns of suspicious behavior, such as unauthorized data movement or lateral access attempts. Together, these solutions deliver real-time threat visibility, risk-based alerting, and automated response capabilities to stop insider threats before they escalate.

Additionally, we will highlight Trellix’s latest innovation—Attack Path Discovery, which helps security teams map out potential insider attack pathways before they are exploited. By identifying high-risk access routes and security gaps, Attack Path Discovery enables financial institutions to strengthen defenses proactively, reducing the risk of insider-driven breaches.

Attendees will gain insights into best practices for strengthening security operations, enhancing SOC efficiency, and implementing AI-powered defenses against insider risks. Learn how Trellix’s cutting-edge technologies can help financial organisations protect their most valuable assets from internal threats, ensuring operational resilience and regulatory compliance.

When the CISO segregated the duties with the CIO, how should the scope of "information security(IS)" be defined? The disaster recovery is addressed "Availability", issues, which is one of the CIA triad, and application-level vulnerability scan is for cybersecurity, so should them all be under IS management?

After 40 or 50 IS systems are implemented, should'nt we consider the effectiveness and measurability in addition to availability and efficiency? In addition, is the total cybersecurity budget only the budget of the IS unit? 

一、本演講從資安長的治理知識(職責角色與工作重點)、必要技能(識別資安可視性和控制力)及未來關鍵能力(溝通、信任、解題、策略)等面向思考，探討具前瞻觀念的金融資安長，所需要的不斷省思、認清現況(AS-IS)、尋求創新蛻變、以及展望未來(TO-BE)。

二、講者將從產(金融資安副總)官(資安科技警官)學(大學教授)等三面向，分享實際參與資安治理、應變與鑑識的30餘年經驗，並從知識、技能與能力，探討資安轉型再成長的關鍵路徑、認清現況與展望未來等議題。輔以分析零信任的資安防護與成熟因應議題，評估金融資安實務運作現況，深入探討資安案例與第一手經驗分享，分享前瞻金融資安長的省思與蛻變的成長機會，協助聽眾了解金融業實現組織安全、便利、不中斷目標的不間斷努力，以消除資安維運不確定性及滿足金融合規治理要求。