LX Semicon

There has been a rise in cyber-attacks by international hacking groups and the distribution of hacking emails that exploit social issues, advanced persistent threats (APT), and electronic financial fraud. Additionally, attacks aimed at stealing confidential corporate information are increasing due to intensifying global market competition. To address these risks, we are committed to ensuring that our systems and corporate confidentiality are protected. We will accomplish this by strengthening the management of key data and personal information for all stakeholders through ongoing innovation efforts, providing reliability.

We have tightened personal information protection management by adhering to the Personal Information Protection Act and establishing the personal information processing policy. Furthermore, based on the global-level information security management system (ISMS), we are contributing to the attainment of ESG management goals by preventing the potential of internal and external information security risks.

We obtained ISO 27001 (information security management system) in 2022 to enhance the information security system and manage risks. Through this, we will improve the information management of the organization and our stakeholders, aiming for continuous risk management.

We monitor the internet gateway 24/7 to prevent and track external intrusion through the Internet network. When an external intrusion occurs, it is promptly notified to the person in charge through a smartphone text message, and others. Then, the Computer Emergency Response Team (CERT) is established to address the intrusion in accordance with the company’s internal procedures. Once established, the CERT collaborates with external analysts and government agencies to counter attacks and implement relevant measures to minimize damage. Furthermore, we operate the Demilitarized Zone (DMZ), which is situated between the internal and external network sections, to protect important data. Furthermore, we protect major networks such as DMZ and work / design networks through firewall operation, and simultaneously monitor traffic continuously. The firewall permits only trusted traffic to communicate on the network and blocks network communication for untrusted traffic. On top of that, we have built and operated Wireless Intrusion Prevention System (WIPS) to allow wireless network connection only for authorized devices. It permits only the use of wireless devices for work while blocking unauthorized wireless devices, such as personal smart devices, from connecting to the network.

Network segmentation is a technology that divides networks into multiple segments to create a completely isolated environment. We operate our core competency, an isolated network from general tasks for semiconductor design. To transfer data from a segmented network to a general work network, authorization is required according to separate procedures, which prevents breaches of design-related information security. A virtualization process is carried out through the Virtual Desktop Interface (VDI) on the employees’ PCs. Upon completion, the general work network and the network with internet access are segmented. As a result, any inflow of malicious code from the outside and security breaches of confidential information are prevented, and security management is enhanced in response to threats and risks. We also provide a secure and safe VDI environment even when those who access the network from outside the company telecommute.

We grant access only for pre-authorized personnel by operating an access control system. Anyone who has accessed the premises is required to pass through an X-ray scan with their belongings as they do in airports and undergo security screening through a metal detector upon when exiting to prevent taking out storage media such as laptops and USB drives. We also install the Mobile Device Management (MDM) application on all employees’ smart devices to prevent information leakage through taking photos. The MDM works in conjunction with the access management system for automatic application of in-house security policies when entering the office, restricting certain functions of smart devices, such as cameras. However, when leaving the office, outside security policies are automatically applied, enabling all functions of smart devices to be used again. Based on such security measures, we are fundamentally preventing potential security violations that may occur at any time through personal devices, Bring Your Own Device (BYOD) usage.

Security solutions including anti-virus applications are installed on all employees’ business PCs to prevent security breaches and protect personal data. Network Access Control (NAC) is in operation to ensure that only PCs with required security solutions have access to the company network, and PCs with security vulnerabilities are restricted.

We conduct information security training, promotions and campaigns on a regular basis to enhance employees’ awareness in security. Training sessions are organized for all employees including new recruits every year, and in the event of a security breach that becomes a social issue, case analysis and precautions are shared among employees through the internal message board. Also, monthly security newsletters are sent to deliver the latest news on various hacking and security incidents around the world as part of our efforts to enhance security awareness. Most of hacking and cyber security threats that have recently become a social issue are committed using social engineering techniques. This technique uses intrusions that bypass normal security protocols by exploiting people’s trust through human interaction. Recently, there has been an increase in the number of incidents involving e-mails containing web addresses for information leakage purposes or malicious files. We regularly organize simulated training for employees in response to security threats using the social engineering techniques. In the training, simulated e-mail messages with well-known web portals and impersonations of government agencies are sent to employees to verify their access to mail contents and phishing sites, as well as disclosure of personal information in order to enhance security awareness.

LX Semicon was recognized by the Ministry of Trade, Industry and Energy as a company possessing OLED DDI design technology for driving display panels in the national core technology semiconductor field in March of 2023. To safeguard the sensitive information of national core technology, departments and personnel involved in handling related technologies undergo security training and are classified accordingly. We also diligently participate in the annual fact-finding surveys of institutions possessing national core technology conducted by the government.