Cathay FHC Information Security Organizational Chart
Cathay FHC Information Security Governance
Cathay continues to follow Financial Supervisory Commission’s “Financial Information Security Action Plan” and take continuous steps to strengthen its defense against cybersecurity threats, thereby ensuring the security, convenience, and continuity of financial services rendered. Cathay FHC and its subsidiaries each have an independent information security unit and supervising officer responsible for planning, monitoring, and implementing information security management. The implementation status of information security in the previous year is reported to the Board of Directors annually. The Information Security Committee, a cross-functional committee, is responsible for formulating information security policies and promoting management systems at the group level. To further facilitate effective cross-functional communication and consistent information security management across Cathay FHC and its subsidiaries, the cross-functional Information Security Communication Committee was established to carry out information security controls and quality enhancement.
Board Member
Matthew Miau is one of the independent directors of Cathay FHC. He had a bachelor's degree in Electrical Engineering from the University of California at Berkeley and an MBA from Santa Clara University. He is currently the chairman of Lien Hwa Industrial Holdings Corp. Westcon-Comstor of the group's North American Synnex Corp. is a leader in information security and network collaboration. He was a former Laureate of Industrial Technology Research Institute (ITRI) and was pioneer in Taiwan's computer information industry. He has IT-related experience, information security and is good at IT channel layout, global production, corporate logistics, joint ventures and strategic alliances, venture capital, and other fields of management capabilities.
Strengthening Cyber Resilience
|
Measures
|
Action Plans
|
Formulated Information Security Policies
|
Cathay FHC and its subsidiaries have established information security policies separately, which are subject to approval by their respective board of directors, and also examine the confidentiality, integrity , availability, and compliance of information assets through annual inspections.
|
Established a 24/7 Security Operation Center
|
To stay on top of cybersecurity risks, Cathay FHC established the Security Operation Center (SOC) in 2020. The SOC monitors cybersecurity status, enables immediate action against emerging cybersecurity threats, and conducts associative analysis of cyber-security equipment, network equipment, and operating system logs to alert and identify cybersecurity incidences, abnormal connections, etc. It also enables tracking and response mechanisms to enforce measures to control and manage cybersecurity risks.
|
Information Security Incident Response (IR)
|
Integrated resources of Cathay Financial Group and assembled cross-functional " Cybersecurity Emergency Response Team" to assist with IR(Incident Response) and monitor cybersecurity incidences in Cathay FHC and its subsidiaries through incident reporting and emergency response procedures.
lConducted tabletop exercises to familiarize employees with IR processes regarding different scenarios and ensure immediate response in the event of cybersecurity incidences. Leveraged IR experiences from third-party experts, advisors, and IR teams to provide applicable, suggestions and IR support.
|
Introduced ISO 27001: 2013
Information Security Management (ISM) System
|
As of the end of 2022, coverage of ISO 27001:2013 reached 99.5% of the group. This will complete the information security governance framework and management system, and reinforce cybersecurity incident warning, reporting, and response procedures to provide customers with safe financial services.In 2022, Cathay FHC introduced the ISO 27001: 2013 framework and will seek to verify the framework in 2023
Major subsidiaries of Cathay FHC have all received ISO 27001: 2003 certification and continue to hold valid certificates. Expiration dates for the subsidiaries’ certificates are as follow:
Cathay United Bank (CUB)
|
2020/11/26 ~ 2023/11/25
|
Cathay Life
|
2019/02/27 ~ 2022/02/26; 2022/02/27 ~ 2025/02/26
|
Cathay Century
Insurance
|
2020/01/16 ~ 2023/01/15;
2023/01/16-2025/10/31
|
|
|
Cathay Securities
|
(2022/04/11 ~ 2025/04/10)
|
Cathay Futures
|
2022/04/01 ~ 2025/03/31
|
Cathay Securities Investment Trust
|
2022/03/28 ~ 2025/03/27
|
Cathay SITE
|
2022/07/19 ~ 2025/07/18
|
|