The Value Created in 2023 Throughout the year, we continued our focus on maintaining data privacy and security. We implemented several enhancements in these areas, which contribute to building a strong foundation for informed decision-making. Focus Area What We Did 1. Strengthening Our Operating Model We have continuously monitored developments in the regulatory landscape and industry best practices. This allows us to consistently improve and ensure that the Bank’s operating model that supports preservation of data privacy and security, is robust and resilient. 2. Ensuring Data Quality Management One key element to ensuring that data can be used effectively to facilitate informed decision-making is the quality of the data itself. We have continued to actively monitor and track data as part of our ongoing initiative to identify and ensure that data is fit for purpose. 3. Sharpening Our Risk Lens We introduced new key risk indicators to improve the tracking and monitoring mechanisms for emerging and potential risks surrounding technology. This allows the Bank to take proactive measures to manage risks within our risk appetite and thresholds as well as ensuring that underlying technology and our surrounding processes are adequately operated to support data protection. 4. Prioritising Capacity Building on Data Privacy and Cybersecurity All employees were required to complete mandatory e-learnings on information security and data protection. Security campaigns and classroom awareness sessions are regularly run to improve employees’ understanding of the importance of data privacy and cybersecurity. Mandatory training sessions on data protection awareness were conducted during project kick-offs to ensure that employees and third parties understand the risks associated with data privacy and cybersecurity. 5. Fostering Data Privacy and Security Culture To ensure that a strong culture surrounding data privacy and security permeates all layers of the Bank, training and awareness initiatives on best practices for security and data protection such as data loss prevention were conducted throughout the year for employees through various channels. Regular phishing sessions and simulation exercises were also conducted to enhance employees’ understanding of data privacy and cybersecurity. We actively collaborated and participated in active information sharing within the industry to stay informed on latest industry developments and emerging threats. 6. Reinforcing Our Security Controls During the year, we continue to improve our security controls testing initiative to detect cyber threats and vulnerabilities to protect the Bank and our data through our defence-in depth strategy. This includes red teaming campaigns, regular vulnerability assessments and penetration testing, compromise assessments, outsourcing due diligence reviews, technology risk assessments, and data loss prevention enhancement. These measures aim to ensure that our systems and processes are robust and secure against potential cyberattacks and data leakage. 7. Enhancing Data Leakage Protection We are continuously refining the rulesets used by our enterprise data leakage protection tools and improving the monitoring processes. This ensures that our practices in relation to data security and protection are robust and resilient. These measures further reinforce our commitment to safeguarding stakeholder’s sensitive information. 8. Aligning with Regulatory Compliance We updated our Group Data Governance Framework to incorporate the latest regulatory requirements from BNM and the Personal Data Protection Act (PDPA). This ensures our internal data handling procedures are aligned with these external regulations, strengthening our overall data security posture. 160 Bank Islam Malaysia Berhad ◆ Integrated Annual Report 2023 Governance
RkJQdWJsaXNoZXIy NDgzMzc=