- Corporate Governance
- IT Security Committee
Organization of the Information Security Committee
Responsibilities of the Cybersecurity Committee
Cybersecurity Committee
- Headed by the Chairman/General Manager.
- Responsible for reviewing cybersecurity policies and objectives.
- Reviews the operation status of cybersecurity and ensures adequate resources are allocated for maintaining cybersecurity.
- Participates in cybersecurity awareness and training.
- Reviews internal and external audit results.
Audit Group
- Develops internal audit plans.
- Conducts and participates in internal and external audits.
- Provides internal audit reports and recommendations.
- Assists in tracking and correcting internal and external audit issues.
- Participates in cybersecurity awareness and training.
Security Control Center
- Headed by an external hire/internal staff/IT manager.
- Responsible for developing and modifying cybersecurity policies and objectives.
- Oversees the operations of all groups to ensure continuous cybersecurity.
- Reports the status of cybersecurity operations to the Cybersecurity Committee.
- Participates in cybersecurity awareness, training, and internal and external audit activities.
- Cooperates in business continuity management and exercises.
Security Inspection Team
- Led by a cybersecurity chief and inspection staff.
- Monitors all cybersecurity-related activities.
- Responsible for the emergency reporting, coordination, and handling of cybersecurity incidents.
- Participates in cybersecurity regulation revisions and discussions.
- Drafts and revises business continuity plans.
- Participates in training and exercising the business continuity plan.
- Provides, tracks, and reports on cybersecurity executions, recommendations, improvements, incident summaries, analysis reports, and outcomes.
- Participates in internal and external audit activities.
- Participates in cybersecurity awareness and training.
Cybersecurity Team
- Comprised of department managers, IT department personnel, and application system personnel.
- Department managers are responsible for supervising and requiring departmental cybersecurity matters, including the use of legitimate software licenses.
- Promote and comply with information security policies, objectives, and regulations.
- Participate in cybersecurity promotion and training.