持續創新改善 全員追求卓越
Continuous innovation and improvement
All employees pursue excellence
Cyber Security Risk Management Framework
The Company Cyber Security Governance Organization
LASER TEK established “Cyber Security Committee” and the Cyber Security Committee is composed of the Executive Office, Policy and Audit Unit, Education and Training Unit, and Cyber Security Technology Unit to coordinate information security management-related policy formulation, implementation, risk management, and compliance audits, with the general manager supervising information security and network security strategies. And the vice president serves as the Chief Information Security Officer (CISO), responsible for supervising the executive office to establish and maintain information security and network security strategies and procedures to protect the company's assets.
LASER TEK Cyber Security Committee Organization Structure
Information Security Policy
Purpose | To ensure the smooth operation of the company's business, prevent information or information and communication systems from unauthorized access, use, control, leakage, destruction, tampering, deletion, or other infringements, and to ensure their Confidentiality, Integrity, and Availability, this policy is formulated for all employees to follow: |
---|---|
Scope |
|
Specific Management Measures
We formulated 22 measures through four aspects of cyber security protection including data access control, network information security, education training, check and business continuity. According to attack change and trend to review and adjust for implementing comprehensive cyber security protection and protect the quality of information security in the supply chain with the highest standards.
Investment in Information and Communication Security Management Resources
To address the risks faced by enterprises in information security, such as ransomware attacks, BEC business fraud, APT advanced persistent threats, social engineering scams, remote work vulnerabilities, and business continuity issues, the company continuously trains employees to raise information security awareness, keeps up with trends in information security topics, and continuously implements relevant solutions to prevent threats from malicious attacks. The company has increased its budget for information and communication security training and solutions in recent years, with the following improvements:
Information Security Systems and Policies |
6 new information security mechanisms and systems added in 2024.
|
---|---|
Drills |
|
Training |
|
Promotion |
|
Information Security Incidents |
|
Incident Improvement |
|
Future Plans & Continuous Improvement |
|
Significant Cyber Security Incidents Notification Process
When the cyber security incident happened, employees should immediately notify the unit window, supervisor and executive office in accordance with the . The executive office will classify it according to the company's standards for convenience. Follow-up processing, and conduct damage impact assessment and draft improvement plans for cyber security incidents. If the cyber security incident is a major abnormality and the suspected leak incident should be reported to the administration department, if the leak is true, it will be handled by the legal/human resource sector according to law or company regulations . In 2024, the company has not discovered any major cyber security incidents, or may have an adverse impact on the company's business and operations, nor has it been involved in any related legal cases or regulatory investigations.