Best Technology, Better Future
LX Semicon established company-wide security policies and guidelines that integrate asset management, personnel security, physical security, and information technology security
Designated a Chief Information Security Officer (CISO) to strengthen information security management
Strive to strengthen and improve information security management through the operation of the Information Security Council under the CEO
We are committed to protecting information by complying with privacy laws, creating a privacy policy, etc.
Designated a Chief Privacy Officer (CPO) to manage privacy risks and prevent breaches
Company-wide Information Security Organization
To strengthen corporate responsibility for information security, obtain ISO 27001 and establish ISMS(Information Security Management System) and information security policy
Manage the company’s information security policy, and establish and operate information policies and 11 guidelines to respond to security incidents and protect the company’s assets
1.
Operation of Information Security Organization
2.
Information Asset Management
3.
Personnel Security
4.
Security Response
5.
Legal Compliance & Security Management by Business Characteristic
6.
Security Audit
7.
Physical Security
8.
PC & Mobile Security
9.
IT Security
10.
National Core Technology Security Management
11.
Supplier Project Security
Information security education, public relations, and training are regularly conducted to strengthen security awareness of all executives and employees
Implement a company-wide information security education and training and conduct target-specific training sessions for new employees, employees planning to retain, suppliers, personnel handling national core technologies and personal information, etc.
Increase information security awareness through in-house intranet to all employees
Send Security Newsletter every month and share domestic and international cyber-attack cases security-related recent trends
Conduct a company-wide mock cyber security drills*
※
Mock Cyber Security Drills: Send virtual phishing emails, check whether emails are opened, links are accessed, and personal information is entered, and share the results
<Security Letter>
24/7 control of the internet gateway for intrusion prevention and surveillance
In the event of an external intrusion, organize CERT(Computer Emergency Response Team) and in accordance with company regulations and respond in cooperation with external organizations and government agencies
Operate a Demilitarized Zone (DMZ) to protect critical data
Operate firewalls to protect and monitor traffic in DMZs, work/design networks, etc.
Firewalls allow only trusted traffic to communicate on the network (blocking everything else)
Wireless Intrusion Prevention System (WIPS) network connections management. Allow only pre-authorized devices to connect to the wireless network (block unauthorized devices from connecting)
Operation of segregated network from general business network through ‘network segmentation’ to protect its semiconductor design technology
Required to get separate approval to move data from segregated networks to the general business network. Prevent semiconductor design information from leaking out of the network through network segmentation
Completed employee’s PC virtualization with VDI(Virtual Desktop Interface), separating work network from local PCs
Provide a secure and safe VDI environment even for employees accessing the network from outside the company, such as when they are offsite, traveling, or working from home
Operation of an access control system (Allow pre-authorized personnel to enter)
Enforce security checks with x-rays and metal detectors to prevent unauthorized laptops and storage media from being taken out of the company
Introduction of security paper solution (from 2023)
Allow only security paper for internal printing and operate a security paper gate sensor (EAS) to prevent unauthorized documents from being taken out of the company
Integration management of an access control system - MDM (Mobile Device Management)
Restrict certain features of personal smart devices (such as taking photos) for internal security management
Activate MDM when employees enter the company building and automatically turn it off when they leave
PC Security
Install anti-viral applications and data loss prevention security solutions (DLP*) on all employees’ business PCs to protect information and prevent security breaches
Allow only PCs with security solutions to access the internal network (operating NAC**) and restrict access of PCs with security vulnerabilities
* DLP : Data Loss Prevention
* NAC : Network Access Control
This website prohibits unauthorized collection of posted email addresses using email collection programs or other technical devices. Violation of this may be punished by the [Act on Promotion of Information and Communication Network Utilization and Information Protection], etc.
Illegal Response CenterPlease carefully read the terms regarding collection, use, and provision of personal information below and decide whether you agree on them.
[Purposes of collection and use of personal information] The company uses collected personal information for the following purpose: Collected personal information is not used for any other purposes than those stated below. If there is any change to the purposes, it will be notified of via the website. Membership for system use, one-on-one answer to an inquiry
[Personal information items to be collected] Name, e-mail, mobile phone no., company name
[Period of personal information use and retainment] For 3 years from the completion of handling the inquiry
[Disadvantages upon disagreement on the collection and use of personal information] A user may disagree on any of the terms and conditions and on the collection of personal information. In this case, the use of service may be limited.