Information Security
Protection of Core Technologies
Steel Value Chain Information Security
-
Support for Comprehensive Security and Operational System Assessments
-
Inspection of Security System Operations and Penetration Testing Support
-
Support for Improving Security Management Capabilities and Fostering Security Experts
Prevention and Response to Cyber Security Incidents
POSCO conducts security risk assessments at each stage from system design to operation. Utilizing internal security specialists and external professional agencies, POSCO regularly performs penetration testing and other system penetration tests on main websites and business systems to identify and improve vulnerabilities.
-
Detection
- Detect threats using the integrated security control system and collected internal and external information
-
Analysis
- Assess whether it is an attack and determine the extent of the damage
- Take preliminary action if necessary
-
Dissemination
- Notify specific departments and the entire company, and request follow-up actions based on the analysis results
-
Response
- Prevent the spread of the incident and take follow-up measures
- Analyze the cause and integrate findings into future policy improvements
-
Normal
General security threat situation with no impact on internal and external systems -
Attention
Increased potential for internal threats due to external security issues -
Caution
Situation that partially affects specific services and operations but can be resolved with appropriate actions -
Alert
Situation that affects specific services and operations, with actions being delayed -
Severe
Situation that severely affects critical services and operations, with persistent risks present
Strengthening Employees’ Information Security Awareness
To enhance employees’ security awareness, POSCO periodically conducts information security campaigns, training, and inspection activities, encouraging employees to internalize security in their daily work. All employees are required to complete mandatory information security e-learning courses annually.
New employees, newly appointed executives and managers, and personnel involved with national core technologies receive role-specific differentiated information security training.
Additionally, POSCO operates an Information Security Reporting Center, enabling employees to report signs of hacking incidents, information leaks, and security vulnerabilities, as well as propose ideas for enhancing security. In 2023, a total of 30 reports were received and processed. Employees who contribute to information security activities, such as making security reports, receive appropriate rewards, while those found to have committed security violations face disciplinary action according to company regulations.