68 Annual Report (三) 推動證券商提升資安防護: 參考金融業運用 AI 指引，修訂證券商資通安全檢查機制等規範，鼓勵證券 商善用新科技，同時加強風險控管。另規劃於 2025 年度資安總體檢，納 入新型網路服務弱點掃描工具，以強化防禦機制，另推動證券商逐步導入 零信任架構，以提升資安防護能力。為提升證券商資安人員技術能力，規 劃邀請證券商參與資安攻防訓練場域，結合專為資安技術訓練設計之 AI 小 助教(Chatbot)，協助資安從業人員有效提升防護與應變能力。另開辦 ISO 42001 人工智慧稽核員課程，全面提升資安人員查核技能。 (3) Promote securities firms’ information security upgrading Referring to the guidelines for the use of AI in the financial industry, the information security inspection mechanism regulations for securities dealers will be amended to encourage securities firms to harness new technologies and strengthen risk control. The 2025 comprehensive cyber security assessment will adopt web vulnerability scanning to strengthen defenses. Securities firms are encouraged to gradually introduce a zero-trust architecture to enhance cybersecurity protection capabilities. To enhance the technical capabilities and responsiveness of securities firms’ information security personnel, the TWSE will invite securities firms to participate in information security attack and defense training, combined with an AI assistant (Chatbot) designed specifically for information security technical training. We will also conduct courses on ISO 42001 AI management system, to comprehensively upgrade the skills of information security personnel.