New |III SEAL team became the first domestic FTC approved third party information security detection unit and is currently assisting cell phone and internet equipment manufacturing firms to meet the necessary security requirements.
Impact |III has tested more than 40 internet security equipment and found more than 700 information security loopholes. This has saved related firms at least NTD 97 million for revision cost.
Key |Standardize detection process, complete the detection technology, develop automatic information security detection tools, acquire international information security verification as well as lab verification.
Evidence |The total amount of signed contracts has grown six-fold. III has developed a blue ocean market in the information security industry. The latest technologies and functions of the Internet equipment are improving and the integration between the appliances and the cloud is transforming into various application modes. Given the circumstances, the methods that hackers use are evolving so that previously unseen information security problems are gradually emerging. Recent cases are as follows: 4.5 million Brazilian internet appliances were under attack; serious security loopholes existed in Samsung processors; hackers control the printers by malicious document induced printings; Industrial control system (ICS) easily lose control to attackers; web cameras were exposed to high assailing risk. In other words, the Internet brings about convenience but puts individuals’ privacy in great danger.
Since information security loopholes are found consecutively, the importance and seriousness of information security are gathering worldwide attention. For the reason, Federal Trade Commission, FTC, started to require companies to undergo third party information security evaluation. Further, international telecom operators demanded internet communication equipment providers offer third party information security verification as well. One after another, the US, EU and Mainland China require related products have information security reports or verifications from telecommunication operators. Information security evaluation and detection apparently have become a global issue.
FTC Verified III’s Capability to Provide World-Class Information Security Services 
III’s R&D and service teams have the advantages of providing standardized detection process, highly effective information security detection technology, self-developed automatic information security detection tools, and 10 different kinds of hacker related international information security verifications. In 2013, III won the approval of FTC to become the first unit qualified to provide third party information security verification. III is now one of the international organizations capable of conducting information security detection at the world-class level.
III Assists Internet Companies Improve Product Quality and Enter Global Market In recent years, hackers and information security researchers and developers have discovered that many internet products contain security vulnerabilities. To improve the security and stability of the internet products of Taiwan, one of the most important internet product manufacturing countries, III not only initiatively assists domestic enterprises build information security awareness but also provides internet security inspection services. By discovering information security problems in the early stage, III helps the firms in this field prevent difficult situations from happening. Furthermore, III also manages to provide related technical or managerial support for companies trying to meet the requirements demanded by international clients or government organizations so that these firms could be more competitive in the global market.
Since June, 2012, SEAL, the information security team of III, has started to offer information security detection services to discover loopholes or weak points of the internet systems or software within certain organizations by simulating the attack methods of hackers. According to the results of the simulations, SEAL was able to provide suggestions to revise the vulnerabilities and lower the chance of encountering hacker attacks. Until now, the team has assisted domestic enterprises conducting more than 40 information security product detections. On average, the team found at least 20 security problems on each tested product. In order to prevent the same problem from happening, team members of SEAL collaborate with developers of the organizations to discover the possible hazards from the beginning so that tenacious problems would not string along. Through the process, engineers, product managers, and department managers could build internet security concept all together.
In addition to discovering potential information security problems of current products by its detection technologies, III also assist enterprises inspect and verify information system from a managerial perspective. Through the process of information security audit, internet equipment providers in Taiwan can systematically strengthen their information security awareness and capability from the inside and fully control the production process to achieve the necessary information security quality.
In the future, III will consistently send specialists abroad to accept information security training and to attend associated seminars in the hope to acquire the latest information security knowledge as well as to increase the capability of the staffs in the field. By enhancing the capability in the information security field, III expects to keep up the pace with international organizations, facilitates domestic firms to improve product quality and stability, and soundly supports local internet security equipment providers to enter the global market.
Future Vision
Information security has gone under the spotlight on a global stage.
III facilitates domestic firms to build information security concept from the inside to increase product security and quality. Further, III provides insight to develop government and industry regulations of information security inspections to improve the quality of internet products so that the products in the industry can be more competitive in the global market.