With effective controls, our SecOps division has been able to prevent major cybersecurity attacks on our systems. No incidents were recorded in 2021. Cybersecurity breaches and incidents Indicators 2020 2021 Total number of information security breaches or other cybersecurity incidents 1 0 Total number of data breaches 1 0 Total number of customers and employees affected by company's data breach 1 0 Total value of fines/penalties paid in relation to information security breaches or other cybersecurity incidents (RM) 0 0 (iii) Information Security Testing The main focus of Information Security Testing is to give assurance of the adequacy of security controls by coordinating security reviews through vulnerability assessment and penetration testing (VAPT) of the Group’s IT infrastructure, network and web applications. The VAPT approach allows us to have a more detailed view of the threats facing our applications. Below are some of the tools used by our team to find exploitable flaws and measure the severity of each finding. Tool Description Ad hoc VAPT VAPT represents two types of security testing which have different strengths and are often combined to achieve a more complete vulnerability analysis Annual Vulnerability Assessment Annual assessments to identify vulnerabilities in the Group’s IT infrastructure, network and web applications Source Code Review Review of the software source code or API to find bugs and vulnerabilities Technical Specification Document (TSD) Review Review of documentation to ensure that technical specifications meet information security requirements, including the architecture, process flow, information security design and technologies used Bug Bounty Programme A platform for external security researchers to report vulnerabilities Security Advisory Notification to relevant teams for zero-day vulnerabilities, updates and software patches from software vendors Our penetration testers are responsible for identifying vulnerabilities within the organisation’s computing environment and for writing consumable VAPT reports. These reports are sent to the respective system or application owner for remediation. The team is also responsible for tracking the remediation progress and providing security consultation on the use of technology in meeting information security requirements. S U S T A I N A B I L I T Y S T A T E M E N T A N N U A L R E P O R T 2 0 2 1 1 1 7
RkJQdWJsaXNoZXIy ODU0MjU5