Long-term Climate Strategy and Financial Performance slide image

Long-term Climate Strategy and Financial Performance

INDUSTRY, INNOVATION AND INFRASTRUCTURE SUSTAINABLE CITIES 11 AND COMMUNITIES A Cyber security Cyber Security Framework Cyber Security Structure and Governance The Policy, adopted in 2017, addresses the principles and operational processes that support a global strategy of cyber risk analysis, prevention and management. Such Framework is fully applicable to the complexity of regular Information Technology (IT), industrial Operational Technology (OT) and Internet of Things (IoT) environments. From the organizational point of view, Enel Group has set up, since September 2016, within the Global Digital Solutions Function, a "Cyber Security" unit, committed to guarantee governance, direction and control of cyber security topics. The Head of Cyber Security unit, which is also the Enel Group CISO, directly reports to the Head of Global Digital Solutions function (CIO). Furthermore, the Cyber Security Committee, chaired by the Group's CEO and made up of his/her front lines, addresses/approves the cyber security strategy and periodically checks the progress of its implementation. Cyber Emergency Readiness Team CERT 1. Enel disposes of its own CERT, whose mission is to protect the Group's constituency, i.e., all employees and assets (instrumental to Enel's business that could be compromised by cyber threats), promoting a proactive approach based on "incident readiness" rather than "incident response". Incident Response, Threat Intelligence and Information Sharing are the processes the unit operates with, also exchanging information within a network of accredited international partners. enel Cyber Security Framework 2022 planned 2022E1 2025 Cyber exercises involving industrial plants/site(#) Information security verification activities (#) Knowledge sharing events (#) 12 54 64 800 1,400 1,400 15 19 15 People cyber empowerment journey The journey drives Enel people to be the first line of cyber defense and is powered by an Awareness Development. Program and an Anti-Phishing Program that leverage on different communication channels and diffusion tools. The 2022 data includes ad-hoc initiatives supporting the execution of simulated phishing campaigns (6 campaigns in 2022). 138
View entire presentation