Exclusive Networks // Sustainability Report 2022

Ethics, fair practices, compliance and security Information system protection

on a 24/7 basis and can initiate legal investigations if necessary.

 protect against cyberattacks;  upgrade the infrastructure to make it more secure and resilient to new potential threats. Governance The CISO writes and regularly updates the policies, processes and procedures related to the cyber defence of the Exclusive Networks Group. Examples are the General Security Policy, the Security Incident Management Plan or the Usage Policy. All these policies have been communicated individually to each employee via the Group’s e-learning platform and are available on the Group’s Intranet.

The Cyber Defence Council The mission of the Exclusive Networks Group’s Cyber Defence Council is to strengthen the skills, cooperation and information sharing of cyber defence with the countries in which the Group is present. It is made up of the Group’s main IT managers as well as delegates from each countries, and meets very regularly. In cooperation with vendors, partners, other Group departments and subsidiaries, it is the body that enables the Group to:  deploy cybersecurity tools, incident response services and assessment to protect the Group’s networks from cyber threats; Deployment of security tools: protecting the company’s activities from cyber attacks Over the past 18 months, the following security tools have been deployed in a centralised, standardised and automated process: 1. Asset management: life cycles, asset and software inventory; 2. Security Information and Event Management and User and Entity Behavioural Analysis, using artificial intelligence; 3. Email security; 4. Managed Endpoint Detection & Response, using artificial intelligence and behavioural analysis; 5. Vulnerability management; 6. Endpoint and patch management; 7. Identity and Access Management, using artificial intelligence and behavioural analysis; 8. Cloud Access Security Broker and Secure Access Service Edge using artificial intelligence and behavioural analysis; 6.4

Information system protection

9. Security Orchestration Automation and Response (SOAR); 10. Threat Intelligence: a Malware Information Sharing Platform (MISP) instance that enables the identification, analysis and sharing of cyber threat intelligence with other organisations. Most of the selected vendors and solutions come from the portfolio of the Group’s cybersecurity products and solutions, and are recognised as “Magic Quadrant leaders” by Gartner, the renowned technology evaluation firm. One of the tools used to evaluate the security of the information system is the Cyber Exposure Score, and the Group has set itself the objective of achieving a score of less than or equal to “Low” on this index by 2025. [GRI 3-3-c] Reporting Regular reporting is carried out and sent to the Group Chief Information Officer and the Cyber Defence Committee. It is based on a security incident management plan, which determines a classification, processes and associated procedures.

64

Exclusive Networks

Sustainability Report 2022

#WeAreExclusive

Made with FlippingBook. PDF to flipbook with ease