Long-term Climate Strategy and Financial Performance
INDUSTRY, INNOVATION
AND INFRASTRUCTURE
SUSTAINABLE CITIES
11 AND COMMUNITIES
A
Cyber security
Cyber Security
Framework
Cyber Security
Structure and
Governance
The Policy, adopted in 2017, addresses the principles and operational processes that support a
global strategy of cyber risk analysis, prevention and management. Such Framework is fully
applicable to the complexity of regular Information Technology (IT), industrial Operational Technology
(OT) and Internet of Things (IoT) environments.
From the organizational point of view, Enel Group has set up,
since September 2016, within the Global Digital Solutions
Function, a "Cyber Security" unit, committed to guarantee
governance, direction and control of cyber security topics.
The Head of Cyber Security unit, which is also the Enel Group
CISO, directly reports to the Head of Global Digital Solutions function (CIO).
Furthermore, the Cyber Security Committee, chaired by the Group's CEO
and made up of his/her front lines, addresses/approves the cyber security
strategy and periodically checks the progress of its implementation.
Cyber Emergency
Readiness Team
CERT
1.
Enel disposes of its own CERT, whose mission is to protect the
Group's constituency, i.e., all employees and assets
(instrumental to Enel's business that could be compromised by
cyber threats), promoting a proactive approach based on
"incident readiness" rather than "incident response". Incident Response, Threat
Intelligence and Information Sharing are the processes the unit operates with,
also exchanging information within a network of accredited international partners.
enel
Cyber Security
Framework
2022
planned
2022E1
2025
Cyber exercises involving
industrial plants/site(#)
Information security
verification activities (#)
Knowledge sharing
events (#)
12
54
64
800
1,400 1,400
15
19
15
People cyber
empowerment
journey
The journey drives Enel
people to be the first line of
cyber defense and is
powered by an Awareness
Development.
Program and an Anti-Phishing Program that leverage on
different communication channels and diffusion tools.
The 2022 data includes ad-hoc initiatives supporting the execution of simulated phishing campaigns (6 campaigns in 2022).
138View entire presentation