ZeroTech

Cyber Security

Cyber Security System Construction

In order to achieve cyber security and user privacy data protection system construction, we conduct security protection from nine aspects:

Security Agreement

Enhancing the security awareness of internal and external personnel of the organization and ensuring the implementation of cyber security measures.
  • The key security posts employees to sign security agreement
  • The key security posts employees to learn and understand the security protocol
  • Regularly review suppliers and sign security agreements

Security Assurance System

The construction of security organization and security system is the cornerstone of the company’s cyber security construction.

Continuously identify risks

Security risk assessment

Regularly audit the implementation of security procedures

Key Parts Cyber Security

Ensure the integrity, confidentiality, availability and source reliability of key parts cyber security.

  • Define cyber security key parts

  • Identify the sources of the cyber security key parts

  • Access control of the storage area of cyber security key parts

  • Format the storage device before use

  • Regular inventory and virus killing

  • Physically destroy the scrapped cyber security key parts

Software Security

Software burning and testing

Software programs

  • Specified tool
  • Download at designated place
  • Virus killing

Segregated from office area

  • Software loading
  • Testing network

Key area management

  • Software burning area roduction server storage area
  • Access Control
  • Regular inspections, inspections, and maintenance

IT system for production and delivery

  • User permission settings
  • Password policy management

Security Monitoring

  • Software burning and testing computer installation monitoring software
  • Monitor the use of all data transmission ports

Antivirus

  • Install antivirus software
  • Regular virus killing
  • Update and upgrade regularly

Personal Privacy Protection

The data privacy protection throughout the entire life cycle (collection, transmission, storage, use and destruction), to ensure personal privacy data is not compromised.

Privacy data protection life cycle

Collection security

Transmission security

Storage security

Security to use

Destruction security

  • Clear purpose principle
  • Least enough principle
  • Public notification principle
  • Principle of Honest Performance

Protection principle

  • Principle of individual consent
  • Quality Assurance Principle
  • Ensure security principle
  • Principle of clarification of responsibilities

Logistics Security

Supply chain management

  • Product safety protection management.
  • Management of infrastructure related to product safety protection.

Security control of logistics services

  • Compliance with local laws and regulations.
  • Compliance with local standards.
  • Meet customer safety requirements.

Violation management

  • Using cyber security key parts from unclear sources.
  • Tampering packing lists/customs declaration documents.
  • Directly replacing delivery materials or packing unspecified materials.
  • Putting in dangerous goods.

Forward and Reverse Material Maintenance Security

The construction of security organization and security system is the cornerstone of the company’s cyber security construction.
  • Follow the safety design principles
  • Analyze the attack surface
  • Threat modeling
  • Confirm the authenticity of the reverse-returned materials
  • Ensure the source of reused materials
  • Progress test on confirmed original materials
  • Clear data before using qualified products
  • Clear the data in the storage medium during reverse maintenance
  • Reload the software and test the qualified products before reuse
  • Log all maintenance and replacement parts in the IT network security system
  • Establish barcode relationship

Emergency Response

Security emergency response organization

Leading Group of Emergency Response

  • IPC
  • DVR
  • NVR
  • APP
  • CLOUD

ZeroTech Security Response Center

  • Supplier
  • Service provider
  • Branch
  • IT Department

Intelligence Gathering Group of Emergency Response

Attack Event

Information Disclosure

Security Event

Supplier Warning

OSS Warning

Traceability

Establish a backtracking management policy create clear records in product design, production, installation, testing, warehousing, transportation so that any possible product security problem can be clearly located and backtracked.
  • Design
  • Transportation
  • Testing
  • Production
  • Installation
  • Warehousing

Personnel Management

Personnel management is a very important item in the cyber security system. It conducts a comprehensive management of personnel through the three stages of employees before they start, when they are on the job, and after they leave the job.

Key cyber security positions

Entry ago

  • Personnel background investigation and filing.
  • Prohibition of recruitment of persons with criminal.

On-the-job

  • Security awareness training
  • Security regulations training
  • Security skills training, and so on.

Leave

  • Taking back critical information
  • Terminate the corresponding access rights
  • Sign the necessary confidentiality commitment