Cybersecurity Governance and Targets
Target
- No cases of cybersecurity breach or trail in cyberattack after the provisions of cybersecurity training.
- Reduce time to detect cyber incidents to the lowest possible*
*Remarks: The average time in the industry is 16 days. (Source: FireEye Mandiant: M-Trends Report 2022)
Risks and Opportunities
In the present, increase in dependence on technology may result in risk of cyber threats that affect our production processes and our entire operating platforms that rely on Internet connections. Particularly during the COVID-19 pandemic, where our ways of work have been relying more on digital technology, could lead to the increase of cyber threat such as theft of critical information or critical information technology system interruptions would affect our reliability, credibility, and reputation.
In this regard, GC implements an information security management system that is aligned with the IT security policies, while also developing our employee capacity at all levels to be aware of and capable of applying proper mitigation measure on cybersecurity threat.
Management Approach GRI 3-3 (2021)
Cybersecurity Governance
To prevent ambiguity in our work direction and create transparency at policy management and operation levels, GC has implemented an information security management system and asset security practices in accordance with cyber-related international standard ISO/IEC 27001:2022, ISO/IEC 27701:2019, and National Institute of Standards and Technology (NIST) framework. GC’s information security and cybersecurity governance consists of policies, reference standards, manual, operation procedure, and software, covering all five areas of operations, namely Identify, Protect, Detect, Respond and Recover.
Information Security/Cybersecurity Management Guideline and Process according to NIST Cybersecurity Framework
The management hierarchy can be divided into three levels, comprising (1) Governance Level, (2) Management Level and (3) Operation Level. GC has established a cybersecurity-related department to enhance efficiency in information security and cybersecurity management.
Role | Relevant Committee/Department | |
---|---|---|
Governance level |
|
|
Management Level |
|
|
Operation Level |
|
|
Moreover, GC has appointed Senior Vice President – Transformation Excellence to serve as Chief Information Security Officer (CISO), which having role and responsibility as follows: