Sentosa Cove

Safe. Secure. Protected.

Some of these competencies include: • A comprehensive security policy structure based on ISO standards and structure • Security awareness and development training for all staff • Active threat and patch management, vulnerability, and penetration testing • Intrusion detection systems and active security log monitoring through SOC • Security system management • Business continuity and disaster planning • Government and regulatory compliance reviews, Internal and external audits • Geography based managers for security queries and concerns

• IT risk management • Vendor risk management • System monitoring and security maintenance

• Incident management • Media management • Physical security control • Change management • Backup and log management • Identity and access management competencies including separation of duties, least privilege, RBAC, etc. • Encryption and data protection techniques

Although this is not an exhaustive list of core security control and values, this represents the maturity that C&W have in regard to cyber security. A full list of security controls and governance can be provided upon request.

CYBER SECURITY ACCREDITATIONS

Additionally, we are on track to receive accreditation for the Cyber Trust Mark and ISO/IEC 27000 by the end of 2024. The primary objective of the Cyber Trust Mark is to recognize organizations that actively address cybersecurity risks and maintain an adequate level of cybersecurity. This mark also provides a pathway for organizations to adopt international information security standards, such as ISO/IEC 27001:2013, which C&W is currently working towards.

54

54