Information Security


    arrow right icon arrow right icon
  • Social
  • arrow right icon
  • Information Security

LX Semicon has set up Information Security Management System (ISMS) in accordance with global standards, implementing information security policies to tighten its corporate responsibility in the sector. On the foundation of company-wide security regulations and guidelines, we have applied 9 guidelines to securely safeguard our corporate assets and address information security policies and security incidents.

Information Security Guidelines
  • Chapter 1

    Operation of Information Security Organization

  • Chapter 4

    Security Response

  • Chapter 7

    Physical Security

  • Chapter 2

    Asset Management

  • Chapter 5

    Legal Compliance & Security Management by Business Characteristics

  • Chapter 8

    PC & Mobile Security

  • Chapter 3

    Personnel Security

  • Chapter 6

    Security Audit

  • Chapter 9

    IT Security

Information Security System

We comply with the Personal Information Protection Act and have established the ‘Privacy Policy’ to specify the information protection obligations of business associates and business managers. To implement this, we appoint a CPO who supervises personal information processing, proactively responds to risks and infringement issues related to personal information processing, and conducts oversight and training for personal information handlers. In light of the increasing corporate responsibilities and response due to the diversification of IT products and services and changes in the global market environment, we set up the company-wide security regulations and guidelines that integrate asset management, manpower security, security incident response, physical security, and information technology security to enhance the security management system. Company- wide, we appoint a CISO to define responsibility for information security, and operate an Information Security Council under the CEO to continuously improve information protection and address related issues.

Company-wide Security Organization
security chart image
Response to Risks and Opportunities

There has been a rise in cyber-attacks by international hacking groups and the distribution of hacking emails that exploit social issues, advanced persistent threats (APT), and electronic financial fraud. Additionally, attacks aimed at stealing confidential corporate information are increasing due to intensifying global market competition. To address these risks, we are committed to ensuring that our systems and corporate confidentiality are protected. We will accomplish this by strengthening the management of key data and personal information for all stakeholders through ongoing innovation efforts, providing reliability.


We have tightened personal information protection management by adhering to the Personal Information Protection Act and establishing the personal information processing policy. Furthermore, based on the global-level information security management system (ISMS), we are contributing to the attainment of ESG management goals by preventing the potential of internal and external information security risks.


We obtained ISO 27001 (information security management system) in 2022 to enhance the information security system and manage risks. Through this, we will improve the information management of the organization and our stakeholders, aiming for continuous risk management.

Network Security

We monitor the internet gateway 24/7 to prevent and track external intrusion through the Internet network. When an external intrusion occurs, it is promptly notified to the person in charge through a smartphone text message, and others. Then, the Computer Emergency Response Team (CERT) is established to address the intrusion in accordance with the company’s internal procedures. Once established, the CERT collaborates with external analysts and government agencies to counter attacks and implement relevant measures to minimize damage. Furthermore, we operate the Demilitarized Zone (DMZ), which is situated between the internal and external network sections, to protect important data. Furthermore, we protect major networks such as DMZ and work / design networks through firewall operation, and simultaneously monitor traffic continuously. The firewall permits only trusted traffic to communicate on the network and blocks network communication for untrusted traffic. On top of that, we have built and operated Wireless Intrusion Prevention System (WIPS) to allow wireless network connection only for authorized devices. It permits only the use of wireless devices for work while blocking unauthorized wireless devices, such as personal smart devices, from connecting to the network.

Network Segmentation for Security of Critical Data

Network segmentation is a technology that divides networks into multiple segments to create a completely isolated environment. We operate our core competency, an isolated network from general tasks for semiconductor design. To transfer data from a segmented network to a general work network, authorization is required according to separate procedures, which prevents breaches of design-related information security. A virtualization process is carried out through the Virtual Desktop Interface (VDI) on the employees’ PCs. Upon completion, the general work network and the network with internet access are segmented. As a result, any inflow of malicious code from the outside and security breaches of confidential information are prevented, and security management is enhanced in response to threats and risks. We also provide a secure and safe VDI environment even when those who access the network from outside the company telecommute.

Physical Security

We grant access only for pre-authorized personnel by operating an access control system. Anyone who has accessed the premises is required to pass through an X-ray scan with their belongings as they do in airports and undergo security screening through a metal detector upon when exiting to prevent taking out storage media such as laptops and USB drives. We also install the Mobile Device Management (MDM) application on all employees’ smart devices to prevent information leakage through taking photos. The MDM works in conjunction with the access management system for automatic application of in-house security policies when entering the office, restricting certain functions of smart devices, such as cameras. However, when leaving the office, outside security policies are automatically applied, enabling all functions of smart devices to be used again. Based on such security measures, we are fundamentally preventing potential security violations that may occur at any time through personal devices, Bring Your Own Device (BYOD) usage.

PC Security

Security solutions including anti-virus applications are installed on all employees’ business PCs to prevent security breaches and protect personal data. Network Access Control (NAC) is in operation to ensure that only PCs with required security solutions have access to the company network, and PCs with security vulnerabilities are restricted.

Raising Security Awareness of Employees

We conduct information security training, promotions and campaigns on a regular basis to enhance employees’ awareness in security. Training sessions are organized for all employees including new recruits every year, and in the event of a security breach that becomes a social issue, case analysis and precautions are shared among employees through the internal message board. Also, monthly security newsletters are sent to deliver the latest news on various hacking and security incidents around the world as part of our efforts to enhance security awareness. Most of hacking and cyber security threats that have recently become a social issue are committed using social engineering techniques. This technique uses intrusions that bypass normal security protocols by exploiting people’s trust through human interaction. Recently, there has been an increase in the number of incidents involving e-mails containing web addresses for information leakage purposes or malicious files. We regularly organize simulated training for employees in response to security threats using the social engineering techniques. In the training, simulated e-mail messages with well-known web portals and impersonations of government agencies are sent to employees to verify their access to mail contents and phishing sites, as well as disclosure of personal information in order to enhance security awareness.

Security Management of National Key Technologies

LX Semicon was recognized by the Ministry of Trade, Industry and Energy as a company possessing OLED DDI design technology for driving display panels in the national core technology semiconductor field in March of 2023. To safeguard the sensitive information of national core technology, departments and personnel involved in handling related technologies undergo security training and are classified accordingly. We also diligently participate in the annual fact-finding surveys of institutions possessing national core technology conducted by the government.

Information Security Training and Investment
Category Unit 2020 2021 2022
Information security training Total training hours Hours 3,240 3,723 1,241
No. of participants Persons 1,080 1,241 1,241
Investment in the information security sector Training hours per capita (responsible personnel) Hours 1,862 1,862 414
Ratio of investment in information security % 0 5.2 8.1
Information Security Accidents
Category Unit 2020 2021 2022
Violations in regard to information No. of damages involving personal information Cases 0 0 0
Penalty KRW 0 0 0