Annual And Corporate Responsibility Report 2017

Principles of Good Cyber Security at Atresmedia 1 Improving surveillance of networks and systems. 2 Having centralised management tools and registries. Monitoring and correlating events (network traffic, remote users, administrator passwords). 3 Designing and complying with the Corporate Security Policy. 4 Ensuring secure configurations of all corporate network components. 5 Using trustworthy and certified products, equipment and services, as well as accredited networks and systems for sensitive or classified information. 6 Providing an agile and flexible means of exchanging information on threats and cyber incidents. 7 Ensuring the management’s commitment to cyber security by having the team accept the risks and support the policies. 8 Training and raising awareness of cyber security across all levels of the corporation. 9 Complying with the law and applicable standards and pursuing best practices. 10 Being resilient: ensuring that systems remain online even when under attack. Atresmedia follows a Reference Model that ensures that the purposes of Cybersecurity services are achieved. The model has four main functions that reflect the natural stages of the risk emergence process: • Governance: managing cybersecurity through risk management, policy design, awareness-raising, etc. • Protection: protecting information, managing access and identities, protecting IT applications and infrastructure (network security, systems security, etc). • Vigilance: managing threats and running security analyses. • Resilience: managing incidents. Based on this model, Atresmedia has built its Cybersecurity Strategy, which follows four principles: • Efficient management: the aim is to maximise available resources and protect assets in a proportionate way. • Vigilance: the goal is to anticipate threats and adapt to new digital models. • Gives Value: the system is usable for employees, reliable for shareholders and fit-for-purpose for customers. • Resilience: the system provides prompt and flexible responses that are proportionate to the threat. 6. GOVERNANCE AND DECISION-MAKING PROCESSES  | 101 | ATRESMEDIA  |  ANNUAL AND CORPORATE RESPONSIBILITY REPORT 2017