Genian, a cybersecurity specialist company, announced on June 27 that it will voluntarily implement information security disclosures in order to proactively respond to the heightened importance of cybersecurity, which has been underscored by the proliferation of artificial intelligence (AI) and the acceleration of digital transformation.
The 'Information Security Disclosure System' is a framework that allows companies to voluntarily or mandatorily disclose their information security investment status, dedicated personnel, security certifications, and other relevant information, thereby transparently communicating their security level to external stakeholders.
Genian is not a company required by law to make such disclosures. However, the company has decided to do so voluntarily, driven by a sense of responsibility and leadership as a security specialist. Genian aims to contribute to national cyber security while also enhancing transparency within the security industry.
Through this voluntary disclosure, Genian has transparently released information regarding its systematic investments in information security and the composition of its professional workforce. The company has invested approximately 13% of its total IT budget into information security, and dedicated information security personnel account for 12% of its total workforce.
Genian is also advancing its security framework by conducting a variety of information security activities. These include establishing an internal management plan for personal information, enacting or revising 11 types of internal security regulations and guidelines, and conducting incident response drills based on hacking email scenarios provided by the Korea Internet & Security Agency (KISA), all of which contribute to the enhancement of the company's enterprise-wide security response system.
In particular, Genian operates a Bug Bounty program targeting its own products to identify vulnerabilities based on real-world threats, thereby continuously improving the quality and reliability of its security products. The company is also systematically strengthening its incident prevention capabilities through internal audits and job training covering all aspects of information security, as well as monthly secure coding and vulnerability assessment activities.
As a result of these efforts, Genian has received official recognition for its information security capabilities both domestically and internationally, obtaining various relevant certifications. These include ISO/IEC 27001:2013 (International Standard for Information Security Management Systems), CSAP (Public Cloud Security Certification), and CC Certification (Common Criteria, product name: Genian ZTNA V6.0 SP1).
Lee Dongbum, CEO of Genian, stated, "From the development stage, Genian establishes information security strategies and policies, and is committed to fostering a security culture and enhancing response capabilities. Through voluntary disclosure, Genian will increase transparency and trust in security, and with continuous investment, contribute to national cyber security."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
