Sustainability
Governance
Information Protection
KyungSung MT implements and operates an information security management system (ISMS) based on the PDCA (Plan-Do-Check-Act) model to minimize information protection risks.
Security Management System
step 01
Establishment and maintenance of security policies
- Development of security strategies
- Security maturity assessment
- Employee security awareness training
- Training for designated security officers
step 02
Security Audits
- Website
- Data center
- Personal data
step 03
Security system management
- PC Security Software
- Firewalls
- Malware Defense Systems (MDS)
- Identity Authentication Solutions
step 04
Physical Security
- Asset Movement Control
- Facility Access Management
- USB Device Restriction Policy
step 05
Incident Response
- Data Breach Response
- Malware Containment
- Digital Forensics
Personnel (Organization) / Workplace / Endpoint Device / Network / Server / Application
Information Security Management System (PDCA Model)
Plan
- Establishing and managing information security policies
- Establishing guidelines and standards for information protection
- Developing information security strategies
- Establishing annual information security plans, including employee training and audit schedules
Do
- Operation and Management of Security Policies
- Implementation of information security policies in accordance with established security standards
- Employee Security Awareness Training
- Execution of Information Security Improvement Initiatives
Check
- Security inspections (personal data, infrastructure, vulnerability diagnosis, penetration testing)
- Employee Security Awareness Training(e.g., mock phishing simulations)
- Security Maturity Assessment (security maturity measurement)
Act
- Development of Improvement Plans
- Next-Year Improvements / Definition of Key Initiatives
- Establishment and Revision of Information Security Guidelines and Standards
Key Activities and Achievements
-
- Protection of National Industrial Secrets
-
- We rigorously safeguard national defense-related technologies by strictly complying with special regulations and submitting annual technology protection reports. These efforts are carried out alongside the protection of customer-related information.
-
- Prevention of Internal Information Leakage
-
- We have implemented PC security configurations, document encryption, and intelligent threat detection systems to prevent internal data leaks. Access to internal servers and databases is strictly controlled, allowing only pre-authorized users and devices./li>
-
- Enhanced Personal Data Protection
-
- Under the leadership of our Chief Privacy Officer (CPO), we conduct regular inspections of personal data handling and enforce strict preventive measures against leakage, tampering, theft, loss, or damage.
-
- Strengthening Information Protection Capabilities
-
- We offer both online and offline security training to new employees and personnel handling sensitive data. In addition, we regularly train and oversee external staff and partner companies to ensure full compliance with security protocols.
External Certifications
Information Security Certifications
| NAC | Certification Types and Levels |
|---|---|
| Information Security (Physical and System-level Protection) | ISMSP |
| Cloud Service Information Security | ISMSP |
| Firewall (Unified Threat Management, UTM) | Common Criteria (CC) Certification |
| Antivirus Software Certification (e.g., V3) | ISMSP |
| Integrated Data Loss Prevention (DLP) and Audit System | ISMSP |
| Document Rights Management (DRM) System | Common Criteria (CC) Certification |
| Enterprise Content Management (ECM) System | Grade 1 |