Case Study: ERM Deployment @ KTF

1. Case Study: ERM Deployment @ KTF Hyung Yong Kim IT Security Manager at KTF

2. Contents • About KTF • Background • Procurement • Deployment • Expectation and Consideration

3. Vision & Strategic Theme Management Philosophy History 1. About KTF Creating a new future lifestyle, The world best ICET Company, KTF 2008.05 WCDMA Market Leader in Korea (6M Subscribers) Create a far-reaching partnership with customers through the concept of a “Personal Life Hub” to be the world’s top ICET corporation 2007.11 Winner of the “Grand Prix of Korean Customer Satisfaction Award 2007.10 First Korean Mobile Telecom to receive ISO 27001 Certification 2007.03 Launched a nationwide HSDPA service (First in the World) Lead market through innovation 2005.12 Strategic partnership with NTT DoCoMo for business collaboration and capital cooperation Creation of a new future lifestyle 2004.08 Partnered with VIBO Telecom in Taiwan Strive to become a global corporation 2003.06 MOU with Microsoft, HP and Intel on joint development and global marketing of mobile internet product 2002.05 Broadcasted live games of World Cup soccer tournament via cell phone 2001.05 Introduction of commercialized CDMA 2000 1x service Ethic management 6 Sigma Good Time management Design management 2000.04 Guinness World Records (the most subscribers in the shortest time) 1997.01 Founded as Korea Telecom Freetel

4. 2. Background Complying with regulatory compliance and Prevent loss of digital asset Regulatory Compliance Compliance by law • Access control system • Data encryption • New policy to empower security infrastructure GOOD BAD Security Level @ KTF • Access control system • Managing application systems • Insufficiency of information security process • lack of document control Leakage of confidencial information • Lack of awareness in information security • No procedure to verifying security policy • Continuous Information Leakage • - New product promotion strategy • - Competitive analysis • - Customer information Deployment of Enterprise Rights Management Solution

5. 3. Procurement Requires Balance between Security and Usability Establish security policy • Full support from the management • Process for PC ERM, Server ERM, Ad-hoc ERM Set-up Task Force Team (TFT) Lineup • All department with security policy department • communicating w/ partners department Role • Security policy and process • Application integration Support Employees for Changes • Public relation • Use intranet and special bulletin board for security • Education program • On-line video clip and user manual • Support program • On-site support, Remote support • Q&A, Bulletin board, E-mail support

6. ERM System Architecture Usage log User/Group Information Active Directory Secure E-mail Server Sync Engine ERM Server KMS Intranet Server ERM encryption info & usage log Secure E-mail add exceptional case ERM file ERM info ERM for PC ERM for App system ERM for E-mail User PC ERM agent Permission info Attachment file in KMS Attachment file in Intranet ERM Policy file Usage log E-mail ERM Encrypter Permission info 4. Deployment Challenges & Requirements • No performance issue due to deployment • File encryption, and application systems integration • Different access privileges depending on users or groups • Full auditing of all ERM files • Quick deployment and user and admin friendly GUI No exception • All KTF Employees • Call center, Contact center, Outsourced Partner • & Management Companies

7. Print watermark Sample 4. Deployment: ERM for Print Print ERM insert print watermark anyone with the exception of permission. 2006.01 2006.08 2006.08 2007.03 Print Watermark ERM for PC ERM for Application Systems ERM for E-mail Document Class Info Department / Time User ID

8. 4. Deployment: ERM for PC Automatic encryption take place when user save documents based on document class, user’s department, etc. 2006.01 2006.08 2006.08 2007.03 Print Watermark ERM for PC ERM for Application Systems ERM for E-mail Enforcing ERM encryption when saved MS Office, PDF, HWP, GUL Selecting document class Permission Setting

9. 4. Deployment: ERM for Application Systems When documents are downloaded (or uploaded), encryption take place based on KMS (or other application systems) ACL permission. 2006.01 2006.08 2006.08 2007.03 Print Watermark ERM for PC ERM for Application Systems ERM for E-mail Knowledge Management KMS ACL Permission No access to documents (ERM agent, User authentication, Connection to permission server, Dedicated IP/PCID, etc.) Intended/Unintended Data Loss

10. 4. Deployment: ERM for E-mail Integrated with internal E-mail system allowing sender to encrypt files at any time 2006.01 2006.08 2006.08 2007.03 Print Watermark ERM for PC ERM for Application Systems ERM for E-mail Secure E-mail • Easy and simple permission setting • Only allowing intended recipient to access encrypted file Secure E-mail

11. 5. Expectation and Consideration Expectation Usability • User doesn’t worry about what file to be encrypted and who to see • Even protect against data loss from malicious code • Protect again intended/unintended data loss Security • Win public confidence on personal information security • Protect against loss of data from authorized user/group using automatic encryption (enforced) Integration Consideration • Customizing GUI • Integrating w/ Application Systems (KMS, Purchase system, POS system, e-mail system, etc.) • User authentication (SSO) User view • PC performance concern • PC monitoring without approval