In November 2011, the Financial Supervisory Commission revised the " Regulations Governing Information to be Published in Annual Reports of Public Companies ", requiring all listed companies and publicly issued companies to disclose the operational overview of the information security management in their annual reports, including: information security risk management structure, information security policies, information security specific management plans, and resources invested in information security management, etc.. If there is a major information security incident, the losses suffered, possible impacts and countermeasures should also be explained. This year (111) is the first implementation of this requirement, and the content disclosed by each company can be viewed in the annual report. In this sharing, I will analyze the information related security actions disclosed by major listed companies, and discuss the direction and principles of disclosure from the information security practice, how to let investors and the public understand the efforts of each company to bet on information security, And strike a balance with over-disclosure of astute information.