GC has issued cybersecurity policies and measures based on ISO 27001. We have also created employee awareness to reinforce the security and stability of our information and cybersecurity management system and prevent any action in violation of the Cyber-Related Computer Crime Act.
In 2021, GC extended the scope of application for ISO 27001 Information Security Management System Certification to include cloud storage and internet gateway and information system containing personal data relating to the recruitment process of new employees. The three principal elements which have been incorporated into the extended scope of application for ISO 27001 are:
|Priority||Extension of Scope of Application for ISO 27001 Information Security Management System Certification|
|1||Cloud Infrastructure as a Service|
|2||Cyber Zone / Internet Zone Network|
|3||Application Supporting Recruitment Process|
Additionally, GC has made preparations and reduced risks from cybersecurity threats and thefts by establishing and monitoring Key Risk Indicators (KRI) in all three dimensions, which are people, business, and technology.
Key Risk Indicator: KRI 2021
|Target Group||Action||Key Risk Indicator (KRI)||Target (%)||2021 Outcome (%)|
|People||Conduct phishing test||Phishing report rate (Quarterly)||>= 20 %||48.84 %|
|Employees who passed Phishing Test (Quarterly)||>= 95 %||95.68 %|
|Business||Perform vulnerability assessment to improve information system security||Vulnerability Fixed||100 %||100 %|
|Technology||Update and improve protection system against cyber breaches and cyber-attacks to heighten data security||Update Firmware and Signature on Firewall||100 %||100 %|
Furthermore, GC has educated employees on how to use information technology safely while utilizing infographics and e-learning to raise awareness of cybersecurity risks, enabling employees to apply such knowledge to their professional and daily lives.
Educating Employees on the Safe Utilization of Information Technology
|Form Communication||Detail||Content Sample|
|Infographics||Use infographics to convey news and information via e-mail to create employee awareness, and use Microsoft Form to evaluate their knowledge and understanding||
|E-Learning||Create an online knowledge center that is accessible to employees with a focus on creating awareness and understanding of fundamental cybersecurity issues as well as comprehensive information on cybersecurity threats||
- Outcome – Average test score on cybersecurity knowledge = 87.6%