跳到主要內容
Website Disclaimer
  1. Home
  2. Website Disclaimer
  3. Information Security Management

Information Security Management

To enhance information security protection capabilities and achieve the goals of security, convenience, and uninterrupted operations, the company continuously optimizes and improves its information security measures. Currently, a Chief Information Security Officer (CISO) has been appointed to oversee and coordinate all information security-related matters. A dedicated information security unit has been established, including one information security manager and two information security personnel, who are responsible for implementing information security policies and related systems. Regular meetings are held to discuss and track various information security issues. Each year, a summary of the overall implementation of information security is presented to the board of directors for review and improvement. Additionally, an annual statement on the overall implementation of information security is jointly signed by the Chairman, CEO, Chief Audit Executive, and CISO.

As cybersecurity threats continue to evolve, the company has joined the Financial Information Sharing and Analysis Center (F-ISAC) established by the Financial Supervisory Commission to effectively address external threats, enhance information security capabilities, and strengthen incident response capabilities. The company has also established an "Information Security Advisory Group," which reports on relevant information security issues and their implementation on a monthly basis. In 2024, a total of 17 meetings were held, providing professional advice on cybersecurity governance, management frameworks, and overall implementation. This initiative aims to foster new strategic directions in cybersecurity, enhance the resilience of financial information security, and establish a comprehensive incident response system.
Additionally, to implement the information security policy, the company formed an "Information Security Management Review Committee" to promote related security operations and handle abnormal incidents. The company is also evaluating cybersecurity insurance coverage, which includes data protection, liability for system errors, and unlawful acts. This aims to minimize potential losses in the event of a cybersecurity incident.

To ensure the continuous and effective operation of information services, the company has obtained ISO 27001 certification for information security as well as ISO 22301 certification for business continuity management. Additionally, the company participates in the group's dedicated Business Continuity and Information Services Committee, which holds regular meetings to review and update business continuity management policies and ensure their implementation. These efforts aim to continuously improve and provide uninterrupted services to customers.

Information Security Management and Protection
1.Offsite Backup:

Our company is committed to providing high availability and comprehensive trading services. Disaster recovery is an important capability for business continuity, including resource reallocation, offsite backup, emergency response handling, and service recovery. In the event of unexpected incidents such as natural disasters, human errors, or malicious attacks that damage or interrupt key business operations, the disaster recovery mechanism enables a quick return to normal or acceptable service levels.

2.Promoting Cybersecurity Awareness:

Continuously establish and enhance the awareness of information security among all employees in the group, ensuring they understand the impact of information security threats on their lives and work. By doing so, we aim to minimize the risks and cultivate and enhance cybersecurity awareness.

3. Penetration Testing:

Simulating the mindset of attackers to conduct various intrusion attacks on the enterprise, penetration testing involves attempting to infiltrate the company's websites, network systems, storage devices, and other software and hardware with a hacker mentality. The goal is to identify potential vulnerabilities, verify whether the company's equipment and data can be compromised or stolen, and ensure whether their security needs further enhancement.

4.Vulnerability Assessment:

Using software to conduct vulnerability scanning to identify potential weaknesses or vulnerabilities in systems, hosts, and websites. This helps in detecting potential risks and implementing risk control and security enhancements for proactive protection.

5.Continuously cybersecurity management standards and procedures

Continuously cybersecurity management standards and procedures, regularly review the effectiveness of cybersecurity implementation, maintain international cybersecurity certifications and compliance, continuously strengthen cybersecurity protection and establish joint defense mechanisms, cultivate high-quality cybersecurity talent, and enhance professional skills.

::: Capital Securities Capital Inv. Cons. Capital Insurance Capital Asset Mgmt. Capital HK
Navigation About Governance Sustainable Fair Treatment Anti-Fraud Stakeholders Disclaimer Security Friendly Previous Futures
Futures Corporation:(02)2700-2888
B1, No. 97, Section 2, Dunhua South Road, Taipei City
Taichung Branch:(04)2319-9909
3F-6, No. 633, Sec. 2, Taiwan Blvd, Xitun Dist, Taichung City
Passed Level A Web Accessibility Testing

Dedicated service

Margin

Contract

LINE@