Risk Management

ISO27001 - Information Security Management System (ISMS) International Standard Certification Implementation

• The implementation of ISO27001 is expected to be completed this year. Through a systematic information security management framework, Zenitron will identify and assess the company's security risks and confirm various control measures to ensure overall information security.
• By implementing ISO27001, Zenitron aims to improve overall information management efficiency, reduce the occurrence of information security incidents, and minimize potential losses.

Infrastructure Security Protection

• Key service application servers and network equipment are placed in dedicated server rooms with 24-hour access control.
• Server rooms are equipped with fire protection devices and UPS safety measures. Power, temperature, humidity, dust levels, etc. are continuously monitored to ensure the security of information equipment.

Operating System and Application Security

• Enforce regular password changes that comply with password complexity requirements, and limit password reuse and incorrect login lockout policies.
• Regularly review accounts and revoke unnecessary accounts or permissions.
• Periodically update the security and patches of applications to fix known vulnerabilities.

Endpoint Security Protection

• An automatic monitoring and reporting mechanism for endpoints has been set up to analyze anomalies and handle them in real-time.
• Endpoint software has been configured with automatic interception and response functions to new threats, effectively combating fileless malware, script attacks, and browser attacks.
• SIEM (Security Information and Event Management) and Analyzer systems have been built.

Data Security

• Data storage areas have been configured with permission controls, ensuring only authorized personnel can access them.
• A comprehensive backup mechanism has been established, with full backups and incremental backups for critical internal data.
• Regular updates are made to the information security awareness section, Educate employees on how to protect data and enhance their security awareness.

Network Security

• Front-end network defense systems have been deployed, capable of detecting and blocking attacks in real time, preventing the latest viruses, and automatically identifying advanced threats through threat intelligence clouds to preemptively stop hackers.
• The SOC (Security Operations Center) monitoring service has been established, utilizing SIEM (Security Information and Event Management) to automatically collect, analyze, and statistically report on network and device usage and security information, enabling automatic responses and network defense integration.
• New firewall security protections are in place to detect and prevent malicious attacks.

• On December 24, 2024, Zenitron obtained the ISO/IEC 27001:2022 certification for "Enterprise Resource Planning System and Information Data Center Operation and Management". The certificate is valid until December 23, 2027.
• This year, internal audit training sessions of ISO27001 international information security certification was held three times, with a total of 27 participants and 54 hours.
• On September 21, 2024, a Zenitron Group system disaster recovery drill was held.
• A total of 42 information security education training sessions (online) were held this year, with 64 participants and a total of 96 hours.
• Two social engineering drills are conducted annually on an irregular basis.
• Fortinet Triangle has been fully implemented:

• Software License Management has been implemented:

• System Security Updates: Completed
• OA database server security update and upgrade: Completed
• Endpoint defense software update: Completed

The above information regarding the implementation of information security in 2024 was submitted to the Board of Directors on November 11, 2024. Owing to the effective implementation of Information Security Management, Zenitron did not experience any major network attacks or incidents in 2024, nor were there any customer data leaks or major information security breaches.