Information Security
Basic Concept
As information technology continues to advance, an ever-increasing flow of digital data is handled through networks inside and outside the company.
Under these conditions, a company which safeguards the three elements of information security (integrity, confidentiality, and accessibility) and maintains them in normal conditions not only preserves customer trust but also contributes to the stability and confidence of the broader society.
This is why in 2020, the Tsubaki Group formulated the Electronic Information Security Policy to protect all of the information assets we handle from a range of threats. Based on this global policy, in addition to technical measures, the entire Group is working on organizational measures such as employee education and risk assessment, implementing systematic countermeasures, conducting periodic audits of information security, and vulnerability checks by third-party institutions. We will continue to strengthen our information security measures, including cyber security measures.
Electronic Information Security System Chart
Promotion System
The company launched the IT Committee in 1997, and expanded the committee system to include the domestic Group in 2002. Since 2014, we have been holding an annual Global IT Summit. We have also set up IT supervisory leaders that oversee the information systems in overseas regions. To address the cyber risks that are becoming increasingly serious each year, we are working to strengthen our information security governance globally.
Information security measures for cyber attacks focus on how can we prevent cyber attacks, how quickly can we become aware of cyber attacks, and how quickly can we restore business activities after an attack. The key is the speed with which we can restore business activities in the unfortunate event of a cyber incident. For this reason, we have set up a Cyber Security Countermeasures System*2 headed by top management to quickly launch a countermeasures team of experts led by the Information System Department based on the IT-BCP (Business Continuity Plan)*1.
*1 IT-BCP: A plan that is one part of the Business Continuity Plan and is focused on IT systems
*2 Cyber Security Countermeasures System: Organizational system for responding to cyber attacks and incidents
Cyber Security Countermeasures System
Principal Initiatives
The Tsubaki Group is promoting specific initiatives for technical threats such as cyber attacks, physical threats such as disasters and destructive acts, and human threats including internal fraud and violations of rules, etc.
| Technical measures | 1. Monitor networks during normal operation, and introduce mechanisms to detect, intercept, and provide notification of incidents of unauthorized access and hacking. 2. Make cloud services visible, and introduce a system (CASB) for monitoring their use. 3. Expand EDR + SOC services globally in order to quickly identify and respond to incidents. |
|---|---|
| Physical measures | 1. Strengthen management with room entry/exit records and monitoring cameras in areas where important information devices are installed. 2. Install servers and systems in locations with superior seismic resistance and fire prevention performance. 3. Carry out complete infrastructure management of servers and systems where important information is stored. |
| Human security measures | 1. Implement information security and cyber security education (hold regular e-learning sessions twice a year). 2. Clearly identify the security rules that must be observed and communicate them to all employees. 3. Implement training on targeted email threats (implement irregularly, several times a year). |
