资讯管理事宜
To avoid the occurrence of serious information management-related incidents that impact the Group’s ability to improve and sustain business, SEKISUI CHEMICAL Group is putting in place a system and operational structure that ensures the confidentiality, 完整性, and availability of its information system while at the same time working to increase employees’ literacy on information security through e-learning programs and incident response training.
网络安全政策
加强整个娱乐大发澳门赌博平台的网络安全措施, 十大赌博娱乐平台制定了整个集团的网络安全政策* 并向内部和外部披露了细节.
有关详情,请参阅 娱乐大发澳门赌博平台的网络安全政策.
With the aim of preventing damage to the Group’s corporate value resulting from a serious incident, we identified zero cyber security incidents as a KPI under the current Medium-term Management Plan. In an effort to achieve this KPI, we have continued to promote information management activities. 由于这些努力,网络安全事件的数量为零. 主要实施措施的效果如下.
| 主要实施措施 | 管理指标 | 当前中期管理计划最终财政年度(2022财年)目标 | 2022财年业绩 |
|---|---|---|---|
| 发生网络安全事件时的快速反应(日本) | 事件发生后的恢复时间 | 持续监测以设定基线 | 继续监测 |
| CSIRT的海外部署 | 制定和推行海外部署计划 | 制定详细计划并开始部署 | 开始监督和运营北美的三家公司* |
- 北美有三家公司:SEKISUI America CORPORATION, SEKISUI VOLTEK, 有限责任公司, SEKISUI诊断, 有限责任公司
由行政人员领导的网络管理系统
为了提供一个网络安全响应系统,十大赌博娱乐平台建立了CSIRT*1,向由总统担任主席的可持续发展委员会报告.
Chaired by Futoshi Kamiwaki Representative Director and Senior Managing Executive Officer, 他担任首席信息安全官(CISO), the Cyber Security Subcommittee is a policy-making body that deliberates on Group-wide cyber security measures and significant security incidents. The Cyber Security Promotion Committee advances measures based on subcommittee decisions. 十大赌博娱乐平台还成立了网络安全中心作为工作单位.
与SOC合作*2, the Cyber Security Center monitors the security of networks and devices 24 hours a day, 一年365天, 并力求及早发现事故并从事故中恢复过来. 在每个企业至少派驻一名网络系统管理员, 十大赌博娱乐平台建立了一个全面的集团网络管理系统. 即使在组织变化或网络系统管理员重新分配的情况下, the Company is constantly aware of the presence or absence of the cyber system administrators at each of its business sites through its registry management system. 同时使十大赌博娱乐平台在日本的业务更加复杂, 下一步,十大赌博娱乐平台将推动CSIRT在集团海外公司的发展.
- 电脑保安事故应变小组, 或CSIRT, 这个头衔是授予接受报告的专门小组吗, conduct surveys and enact response measures related to computer security incidents at companies and other organizations.
- 安全运营中心, 或SOC, is a specialized entity devoted to monitoring and analyzing threats to information systems. 它的作用是尽快发现威胁, 并在支持CSIRT的响应和恢复工作方面发挥作用.
- 09-57
总体管理体系示意图
从制度和人的两个方面防范信息泄露和风险的措施
公司采取措施, 从制度和人的两个方面, to maintain the security of customer (including personal) and internal (including confidential) information. 对抗外部威胁, the Company has positioned its SOC as its primary entity to consistently identify new threats, 例如新报告的病毒感染病例或有针对性的电子邮件攻击, while SEKISUI CHEMICAL’s CSIRT swiftly takes action to implement appropriate countermeasures. 十大赌博娱乐平台也在努力防止信息泄露, 例如, 以电子学习课程和审计为基础的员工教育.
CSIRT operations involve the holding of regular Cyber Security Subcommittee/Promotion Committee meetings, reporting the assessments of risk countermeasures at Subcommittee meetings and the content of risk countermeasure activities at Promotion Committee meetings. 除了, we conduct annual training for Subcommittee members on management decision-making in the event of a cyber security incident.
主要的制度相关措施
-
(1)将重要信息存储在数据中心服务器上,加强数据中心的防御
-
(2)Establish firewalls to completely separate internal networks from external and control networks
-
(3)Install cloud firewalls that are effective even for direct Internet connections (including remote environments)
-
(4)在所有服务器和pc上安装下一代病毒防护软件.
-
(5)Monitoring of the aforementioned three points 2-4 by SOC, 24 hours a day, 一年365天
-
(6)安装电子邮件过滤器和网页过滤器, 确保员工电子邮件和互联网的安全使用
-
(7)升级身份验证基础设施,既方便又安全
与人有关的主要措施
-
(1)按重要程度进行全面的信息管理
-
(2)对退休员工和新入职员工严格执行保密义务
-
(3)对所有员工进行定期的电子学习
Augment implementation of e-learning sessions for important technology development workers -
(4)Conduct desk training f或CSIRT members (encompassing such areas as the confirmation of communication flows and the questioning of management decisions)
系统分散等减轻自然灾害风险的措施.
So that business operations can be continued even in the event that backbone systems are damaged in a natural disaster, we have established backbone systems within data centers that have measures in place to deal mainly with earthquake resistance and seismic isolation.
除了, 通过将数据中心分散到多个位置, we have established a system that will not cause work to be disrupted even if a particular data center becomes unavailable. 通过采取步骤完全复制关键任务系统, the Company is working to shorten the lead-time needed up to the completion of repairs and recovery of business operations.
保护个人信息
SEKISUI CHEMICAL Group handles the personal information of its customers based on its 隐私政策, 在公司网站上有哪些信息. The Company complies with legal regulations and norms regarding personal information and, by voluntarily putting in place rules and systems based on internal confidential information management regulations, 努力适当地保护这些信息.
十大赌博娱乐平台还制定了Web服务器建设和管理指南, 并努力保护相关公司和每个工作场所管理的服务器.
同时, we ensure thorough management by limiting access rights and other management authority according to the importance of the information handled.
此外, we are strengthening governance over the handling of personal (customer) information by raising employee awareness and providing training, 特别是在每年举行的合规加强月期间.
防止技术信息泄露
In 2019, a then-employee leaked technical information about the HPP Company’s conductive fine particles to an external third party. After this incident was discovered, information management and employee training were enhanced. 为了防止复发, 十大赌博娱乐平台不仅采取措施,透过资讯科技防止资料外泄, but also implement a wide array of measures such as introducing risk management activities in departments that handle confidential technical information, 对工程师进行道德教育和培训, 对员工进行全面的保密义务教育.
至于这些预防复发措施的总体进展情况, we monitor information leak risks while consolidating the activities of both the Cyber Security Subcommittee and Compliance Subcommittee.