Digital Transformation Digitalization is one of the key success factors enabling IRPC to capitalize on new business opportunities by applying Machine Learning (ML), Artificial Intelligence (AI) and new technologies in its business operations. IRPC's Digital Framework focuses on 2 principal areas: 1. Cyber Security aims at strengthening defense against cyber attacks to ensure that the company can operate safely 2. Data Analytics to develop and improve the efficiency of data analysis and decision-making by employees at all levels in order to generate more revenue for the company Implementation Approach 1. Cyber Security IRPC implements Cyber security based on ISO 27001 standard for cybersecurity management systems in combination with the NIST Cyber Security Framework, which consists of 5 core functions: 1. Identify: Promote better understanding within the enterprise to manage cyber security risks that threaten systems, assets, data, and capabilities 2. Protect: Develop and implement appropriate safeguards to ensure delivery of critical infrastructure services 3. Detect: Develop and implement appropriate activities to identify cyber security incidents 4. Respond: Develop and implement appropriate activities to tackle cyber security incidents detected 5. Recover: Develop and implement appropriate activities to maintain a contingency plan to ensure flexibility and recoverability of any capability or service compromised by a cyber security incident Cyber Security based on the NIST Cyber Security Framework Cyber Security: Technical Roadmap Target: Zero Cyber Attack IDENTIFY PROTECT RESPOND RECOVER • Assessment Inventory, data, system • Policies, procedures and processes • Risk Assessment • Risk Management • ISO 27001 • Access control • Awareness • Information and data protection • Maintenance • Next-gen Firewall • Mail Gateway • Anti Malware • Compliant Management • Patch Management • Phishing Simulation Test • Advanced Threat Protection • 2FA • Network Access Control (NAC) [Y23-24] • Database Activity Monitoring (DAM) [Y23-24] • Cloud App Security Broker [Y23-24] • PDPA (data class, mapping, data subject access request [Y23-24] • Secure Access Service Edge (SASE) [Y23-24] • Anomaly detect • Continuous monitoring • Detecting process • Log Management • SIEM (Security Analytics, Packet Decoder) • SOC Tier1 • Data Risk Analytics • Data Loss Prevention (DLP) [Y22] • Response planning • Communication • Analysis • Mitigation • Security Improvement • SOC Tier 2 • Incident Response Management • BCP/BCM • Endpoint Detection and Response • VA scan • Penetration test • Security Orchestration Automation & Response (SOAR) [Y24-25] • Recovery plan Backup Improvement • Backup Solution • DR Site DETECT NIST Cybersecurity Framework (National Institute of Standards and Technology) Security Roadmap I Benchmarking (Security Maturity Assessment) • Completed • Processing • Plan 121 Business-Driven Sustainability IRPC PUBLIC COMPANY LIMITED
RkJQdWJsaXNoZXIy ODg4NTI=