Best Technology, Better Future

Social

Information Security

Information Security System

  • LX Semicon established company-wide security policies and guidelines that integrate asset management, personnel security, physical security, and information technology security

    Designated a Chief Information Security Officer (CISO) to strengthen information security management

    Strive to strengthen and improve information security management through the operation of the Information Security Council under the CEO

  • We are committed to protecting information by complying with privacy laws, creating a privacy policy, etc.

    Designated a Chief Privacy Officer (CPO) to manage privacy risks and prevent breaches

Company-wide Information Security Organization

informationsecurity_png informationsecurity_png

Information Security Strategy

Information Security and Privacy Policy
Information Security System Certificate(ISO 27001)
  • To strengthen corporate responsibility for information security, obtain ISO 27001 and establish ISMS(Information Security Management System) and information security policy

    Manage the company’s information security policy, and establish and operate information policies and 11 guidelines to respond to security incidents and protect the company’s assets

Information Security System Certificate(ISO 27001)
Information Security Guidelines
  • 1.

    Operation of Information Security Organization

  • 2.

    Information Asset Management

  • 3.

    Personnel Security

  • 4.

    Security Response

  • 5.

    Legal Compliance & Security Management by Business Characteristic

  • 6.

    Security Audit

  • 7.

    Physical Security

  • 8.

    PC & Mobile Security

  • 9.

    IT Security

  • 10.

    National Core Technology Security Management

  • 11.

    Supplier Project Security

Raising Security Awareness of Employees
  • Information security education, public relations, and training are regularly conducted to strengthen security awareness of all executives and employees

    Implement a company-wide information security education and training and conduct target-specific training sessions for new employees, employees planning to retain, suppliers, personnel handling national core technologies and personal information, etc.

    Increase information security awareness through in-house intranet to all employees

    Send Security Newsletter every month and share domestic and international cyber-attack cases security-related recent trends

    Conduct a company-wide mock cyber security drills*

    Mock Cyber Security Drills: Send virtual phishing emails, check whether emails are opened, links are accessed, and personal information is entered, and share the results

informationsecurity_letter

<Security Letter>

Information Security Activities

Network Securities
  • 24/7 control of the internet gateway for intrusion prevention and surveillance

    In the event of an external intrusion, organize CERT(Computer Emergency Response Team) and in accordance with company regulations and respond in cooperation with external organizations and government agencies

    Operate a Demilitarized Zone (DMZ) to protect critical data

    Operate firewalls to protect and monitor traffic in DMZs, work/design networks, etc.

    Firewalls allow only trusted traffic to communicate on the network (blocking everything else)

    Wireless Intrusion Prevention System (WIPS) network connections management. Allow only pre-authorized devices to connect to the wireless network (block unauthorized devices from connecting)

Network Segmentation
  • Operation of segregated network from general business network through ‘network segmentation’ to protect its semiconductor design technology

    Required to get separate approval to move data from segregated networks to the general business network. Prevent semiconductor design information from leaking out of the network through network segmentation

    Completed employee’s PC virtualization with VDI(Virtual Desktop Interface), separating work network from local PCs

    Provide a secure and safe VDI environment even for employees accessing the network from outside the company, such as when they are offsite, traveling, or working from home

Physical Security
  • Operation of an access control system (Allow pre-authorized personnel to enter)

    Enforce security checks with x-rays and metal detectors to prevent unauthorized laptops and storage media from being taken out of the company

  • Introduction of security paper solution (from 2023)

    Allow only security paper for internal printing and operate a security paper gate sensor (EAS) to prevent unauthorized documents from being taken out of the company

  • Integration management of an access control system - MDM (Mobile Device Management)

    Restrict certain features of personal smart devices (such as taking photos) for internal security management

    Activate MDM when employees enter the company building and automatically turn it off when they leave

  • PC Security

    Install anti-viral applications and data loss prevention security solutions (DLP*) on all employees’ business PCs to protect information and prevent security breaches

    Allow only PCs with security solutions to access the internal network (operating NAC**) and restrict access of PCs with security vulnerabilities

    * DLP : Data Loss Prevention

    * NAC : Network Access Control