Information Security, Cybersecurity and System Availability
GGC has established a policy for information technology security to be used as a guideline for the development of information security management systems.
This policy outlines a process of controlling the security of information technology systems according to standard ISO 27001: Information Security Management and Control Objectives for Information and Related Technologies (COBIT). This covers the procedures regarding the use of information (Procedure) in order to manage operations for information and cyber securities, as well as to prevent and reduce risks and potential impacts.
Information Security and Cyber Security Process and Infrastructure
GGC has established an information security management system and asset security practices according to international standards and in compliance with cybersecurity practices. GGC also conducts annual inspections and reviews of the information and cyber infrastructure systems by external agencies. The past year’s review found that the process and infrastructure of GGC’s information and cyber systems meet international standards and do not have any defects.
In addition, the company conducts a vulnerability assessment (VA) on the computer system and the business continuity plan at least twice a year. In 2020, GGC had a Cyber Incident Response Tabletop Exercise to test the security system by simulating an external cyberattack to hack into the company's information system.
In addition, GGC inspects for internal and external computer system vulnerabilities every 6 months in order to prepare a plan for protection and remediation from threats. GGC’s vulnerability severity levels are categorized into three levels: High Severity, Medium Severity and Low Severity.