Corporate Governance
Cybersecurity Management
In order to improve cyber security, FPG has improved the cyber security of its systems by periodically conducting the following management cycle – "Plan", "Do", "Check", and "Action" – along with monitoring, revising, and supplementing, based on the existing system.
With comprehensive and consistent implementation of cybersecurity regulations, the following goals will be achieved:
Maintain the stability and safety of the production environment
Strengthening the protection of personally identifiable information and the abilities of cyber defense
Managing cybersecurity risks effectively
Lowering the concerns of data leakage, and attacks from cybercriminals and malware
Meeting the requirements on compliance with laws, regulations, and international standards
The goals and policies of cybersecurity management
In order to protect the confidentiality, integrity, availability of data, and compliance with cybersecurity regulations, not only does the company gradually improve upon existing cybersecurity regulations, but it has also taken several cybersecurity managements measures to ensure the core business and facilities work continuously.
Cybersecurity management measure
-
01
Strengthening the cybersecurity management group: public companies, such as Formosa Plastics Corporation, Nan Ya Plastics Corporation, Formosa Chemicals & Fibre Corporation, Formosa Petrochemical Corporation, Nanya Technology Corporation, and Nan Ya Printed Circuit Board Corporation, will assign a Chief Information Security Officer and set a group specializing in cybersecurity management to reinforce its supervision process in 2022.
-
02
Receiving the ISO 27001 certification step by step executing the o plan.
-
03
Strengthening the abilities of cybersecurity defense
-
Establishing a multi-layered defense-in-depth security architecture
- Setting the firewall, intrusion detection and prevention (IDP) system, and the backup system
- Deploying anti-virus software
- Implementing the Privileged Account Management System
- Periodically conducting penetration testing, vulnerabilities scanning and patching.
- Establishing a security operation center (SOC) and security information event management (SIEM) system, and constructing the analytical abilities of cybersecurity forensics
- Joining Information Sharing and Analysis Center (ISAC) and update cybersecurity intelligence on time
-
Establishing a multi-layered defense-in-depth security architecture
-
04
Strengthening cybersecurity awareness
- Raising employees’ cybersecurity awareness through online training - 7,370 participants achieved "AEO Excellent Enterprise Employee Security Awareness" training program in 2021.
- The cybersecurity training program for stock affair workers was completed by 10 participants in 2021.
- With regard to e-mail and Social Engineering Assessment in 2021, 12.45% of employees clicked the e-mail, while 8.94% clicked on the link in the e-mail.
-
05
Strengthening data protection
- Screening and scanning e-mail
- Prohibiting personally identifiable information disclosure without permission
- Limiting the employees’ privilege of internet access
- Restricting the access to the files and documents of key departments, employees, and the use of USB storage devices
-
06
Implementing physical security and exercise
- Setting up door access controls and CCTV, with managing and recording the entrance permission of information infrastructure workers.
- Periodically conducting system backup and recovering exercises
- Power systems and fire safety systems exercises
Future Scheme
- Periodically reviewing and revising management regulations and emergency procedures
- Periodically collaborating with trustworthy third-party partners to carry out a red team assessment
- Ceaselessly expanding the scope of ISO 27001 certification
- Expanding training courses for raising cybersecurity awareness and related general education courses
- Continuously executing social engineering exercises to reduce the click-through rate of emails and links under 5%