The information security protection forum under the digital transformation debuted. The picture shows Fang Niande, deputy general manager of Guanmao Network and information security chief.

(Photo by reporter Zhang Jiaming)

[Reporter Ou Yuxiang/Taipei Report] Fang Niande, Deputy General Manager of Information Service Provider Guanmao Network (6183) and Chief Information Security Officer, said today when he attended the "Information Security Protection Forum under Digital Transformation" hosted by "Freedom Times" and First Bank, Judging from the information security survey from 2021 to 2022, the lack of personnel information security awareness and lack of information security education and training make it difficult for enterprises to resist information security attacks. Therefore, implement personnel information security awareness and strengthen supply chain and information providers. Security is the top priority.

The trend of digital transformation continues to promote, and enterprise information systems are rapidly updated. However, from 2021 to 2023, in addition to the lack of the most basic information security awareness, information systems are outdated, commercial systems have loopholes, and third parties are used as springboards for information security attacks. Become the focus of enterprise protection.

Fang Niande pointed out that information security attacks will occur among large and small enterprises and software suppliers. For example, the Microsoft collaboration platform has also been exploited by hackers, and attacks on Taiwan government agencies have continued to increase, indicating the expansion of global information security needs.

Please read on...

Fang Niande said that when hackers target vulnerabilities in old systems, companies need to carry out internal system inventory, assess risk items, and then perform access control processing. Follow-up monitoring is also required to establish contingency preparations.

He pointed out that the "active protection" of information security is imperative, such as integrating into DevSecOps, which means integrating security into all stages of software development and delivery, whether it is open source software, third-party software, or every link of commercial software. Security maintenance is required.

Fang Niande pointed out that the supply chain has become a common channel for information security attacks. In fact, many outsourced systems have information security loopholes, which urgently need to be assessed and protected, because if the integrity of information security protection of suppliers and cooperative units is insufficient, hackers can target specific manufacturers. As a springboard, by implanting malicious programs in software and hardware, intrusion and penetration of supply chain information security system attacks.

To this end, Europe, the United States, and Japan have all implemented relevant policies, and Taiwan has also proposed the "Information Security and National Security Strategy 2.0" to strengthen the resilience of information security.

Fang Niande explained that the National Science Council proposed an information security maturity rating with reference to the US CMMC2.0 standard. The rating is based on data sensitivity and information security investment resources. The higher the sensitivity of the data that enterprises need to protect, the more complete information security protection they need to use. , and the more necessary to have different aspects of information security experts.

However, at present, the question relies on self-assessment. In the future, a specialized assessment agency will assess the information security level of information security maturity of information manufacturers to further improve information security protection.

Grasp the economic pulse point with one hand, I subscribe to the free finance Youtube channel

I'm already a friend, thanks

Welcome to [Freedom Finance]

Feel good

Liked already, thank you.

related news