KT said on the 7th it will begin a sweeping security overhaul led by its newly organized Information Security Office, pushing a high-intensity security innovation to revamp the companywide information security framework.
The move focuses on redesigning the overall structure, scope, and operational level of security around the integrated Information Security Office that consolidates dispersed security functions, and on building an executable security framework that enables constant prevention and preemptive response. KT said it plans to strengthen a trust foundation that customers can tangibly feel.
First, the company will continue to advance its customer protection and inconvenience-mitigation framework centered on the previously launched "Customer Protection 365 TF." The Information Security Office will quickly review and respond to concerns related to the protection of customers' personal information in connection with the Customer Protection 365 TF and plans to substantially raise the customer protection level across technology, organization, and processes.
The company also executed an organizational restructuring into a Chief Information Security Officer (CISO) and Chief Privacy Officer (CPO) system and plans to build integrated governance centered on the Information Security Office to drive a substantive improvement in security levels. Through this, it established a unified execution framework spanning organization, personnel, and budget, and shifted to a structure in which companywide security risks are directly managed at the top management level. The company added that it is operating a companywide council to integrally manage security risks across IT, networks, and all service areas, and has overhauled the entire incident response process to secure a swift and consistent response framework.
KT will also expand and enhance a security architecture based on the Zero Trust principle in stages, shifting from a traditional post-incident response approach to a framework centered on "constant prevention and preemptive response." It will apply a model that continuously verifies all access without distinguishing inside from outside across companywide systems and, in response to advances in AI technology, plans to expand a security management framework using AI, including simulated hacking by AI agents.
It will also advance the integrated security monitoring framework to strengthen real-time monitoring capabilities that detect and block threats in advance. It will boost security control over tangible and intangible asset, including in-home devices, outdoor base stations, and software, and will further enhance procedures to verify security vulnerabilities from the supply stage of various equipment.
KT said it will also strengthen external expertise and objectivity by forming an external advisory committee and building a security ecosystem linked with the security industry and academia, and will reestablish its security framework from a more fundamental perspective, moving away from an internal-centric view.
KT will also completely reorganize its personal information protection framework. It will refine its internal management system under the CPO and strengthen board reporting to further raise its compliance level. It will also preemptively apply personal information protection measures tailored to the AI environment and enhance capabilities to protect customer data through a constant monitoring framework.
In addition, it plans to continuously review its security and personal information protection framework through an advisory committee composed of external experts to secure objectivity and credibility. KT said that through this innovation it will move beyond technology-centric responses to establish an "executable security framework" that combines organization, personnel, and culture, and will deliver security changes and a restoration of trust that customers can truly feel.
Executive Vice President Lee Sang-woon, head of KT's Information Security Office (CISO), said, "We will rebuild security from the basics and pursue a fundamental transformation through a Zero Trust-based framework of constant prevention and preemptive response," adding, "Centered on the Information Security Office, we will establish a trust foundation that safely protects customers' daily lives and data and build a security framework that can reliably support our leap to an AX platform corporations."