Information management Governance • The Board has constituted the Cyber Additionally, we have also been attested Cyber skill management 7. Bringing in automation to eliminate the security Risk Sub-Committee under the on SSAE 18 SOC 1 and SOC 2 by an repeated and monotonous tasks being Risk Management Committee. The Sub- independent audit firm. During the year, at Infosys done by the analyst and enable them ESG REPORT 2022-23 Committee consists of three independent our focus on our cyber security personnel’s to perform investigation and cognitive directors. The objective of the Sub- training, reskilling and building a security With the increasing demand for cyber security activities . ESG is an opportunity committee is to assess cyber security related culture of collective onus, encouraging jobs and skilled workforce, Infosys has taken 8. Invested in Cyber Range platform for the risks and the preparedness of the Company shift-left, enabling developer community several measures over the past year to counter security force to get hands-on security to mitigate and react to such risks. with dedicated courses, resource-kits went the cyber security talent crisis as well as in training based on real-world attacks ENVIRONMENT • A high-level working group, the Information ahead as planned, together with our overall reskilling, retaining and diversifying our simulation. Security Council (ISC), has been established. initiatives on improving cyber security security workforce in areas, such as application SOCIAL The ISC is responsible for governing and processes, technologies and posture. security / secure development lifecycle, etc. Awards and recognition overseeing the Information Security Our regular stakeholder interactions Management System (ISMS) at Infosys. The ensured that we have timely sponsorship Some of the initiatives are: • CISO of the Year - 4th CISO Conclave and GOVERNANCE ISC is the governing body on information from the senior management and all key 1. Partnership with Purdue University for Awards, 2022 – Vishal Salvi. security at Infosys which focuses on stakeholders. upskilling and reskilling the fundamentals • DSCI Excellence Award for Security Leader Performance on governance goals establishing, directing, and monitoring and advanced Cyber security . Corporate governance of the information security governance Cyber resilience at Infosys of the Year, 2022 – Lakshmi Narayanan framework. The ISC consists of senior 2. Conducting bootcamp every year with Kaliyaperumal. Data privacy representatives from various departments Cyber resilience is a strong focus at Infosys. focused technical, process, and behavioral • Infosys won DSCI Excellence Award for Best Information management and business units at Infosys chaired by the We have extensively concentrated on training training sessions. Week-long event Security Practices in IT-ITeS / BPM Sector, co-delivery heads. our employees with the latest cyber attacks organized for the ISGians in collaboration 2022. • At Infosys, while our employees operated scenarios through various exercises, including with various external and internal trainers • AWS Security Competency Partner enabling efficiently as a hybrid workforce, we tabletop, simulation of a real-world attacks in a and speakers, who are all SMEs in their own Infosys to offer its customers deep technical continued to remain vigilant on the containerized platform. fields. Engaging sessions were organized expertise with security in AWS and evolving cyber security threat landscape. The ISG conducted a simulated exercise, which with the help of ETA and HR. delivering security-focused solutions for In our endeavor to maintain a robust cyber enabled employees to train in a real world-like 3. Behavioral training sessions conducted for specific workloads and use cases. security posture, the team has remained cyber attack simulated within the platform. ISGians basis competency mapping. • EMEA International Partner of the Year 2022 abreast of emerging cyber security events We have also conducted regular table-top 4. ISG MasterClass launched to promote by Zscaler for jointly securing customer’s globally, so as to achieve higher compliance exercises across all job levels including our key learning and exchange of knowledge / digital transformation via Zero Trust and its continued sustenance. We continue stakeholders which evaluate the organization's thought leadership ideas. Security. to be certified against the ISMS Standard cyber crisis processes, tools, preparedness and ISO 27001:2013. proficiency in responding to cyber attacks from 5. Virtual trainings and content through both strategic and technical perspectives. This ISF portal, digital platforms for trainings, helped the team to revisit the process, incident certifications, and reskilling. response plans, escalation point of contact, etc. 6. Enabled developer community on SSDLC framework and SecDevOps, integration of security testing with CI / CD pipeline. Infosys | ESG REPORT 2022-23 External Document © 2023 Infosys Limited 64
Infosys ESG report 2022-23 Page 63 Page 65