资讯管理事宜

基本概念

避免发生与信息管理有关的严重事件,影响集团改善和维持业务的能力, 娱乐大发澳门赌博平台正在建立一个确保机密性的系统和操作结构, 完整性, 以及信息系统的可用性,同时通过电子学习计划和事件响应培训,努力提高员工对信息安全的认识.

网络安全政策

To strengthen cyber security measures throughout SEKISUI CHEMICAL Group as a whole, we formulated the Group-wide 网络安全政策* and disclosed details both internally and externally.

目标

旨在防止因严重事件而损害集团的企业价值, 十大赌博娱乐平台将零网络安全事件确定为当前中期管理计划的关键绩效指标. 为了实现这个KPI,十大赌博娱乐平台一直在推动信息管理活动. Thanks to these endeavors, the number of cyber security incidents was zero. The results of major implementation measures are as follows.

主要实施措施 管理指标 Current Medium-term Management Plan Final Fiscal Year (FY2022) 目标 2022财年业绩
Rapid response in the event of a cyber security incident (Japan) Recovery time following incidence occurrence Ongoing monitoring to set a baseline 继续监测
CSIRT的海外部署 Formulation and rollout of overseas deployment plans Formulation of detailed plans and start of deployment Commenced monitoring and operation of three companies in North America*
  • Three companies in North America: SEKISUI AMERICA CORPORATION, SEKISUI VOLTEK, 有限责任公司, SEKISUI诊断, 有限责任公司
系统

Cyber Management 系统 Headed by an Executive Officer

To provide a cyber security response system, we established a CSIRT*1, which reports to the Sustainability Committee chaired by the president.
由Futoshi Kamiwaki担任主席,代表董事兼高级管理执行官, who serves as the Chief Information Security Officer (CISO), 网络安全小组委员会是一个决策机构,负责审议集团范围内的网络安全措施和重大安全事件. 网络安全促进委员会以小组委员会的决定为基础推进对策. We have also set up a Cyber Security Center as a working unit.
与SOC合作*2, 网络安全中心24小时监控网络和设备的安全, 一年365天, and strives for the early detection of and recovery from incidents. Having posted at least one cyber system administrator on site at each business, we have established a comprehensive Group-wide cyber management system. Even in the case of organizational changes or cyber system administrator reassignments, 公司通过其注册管理系统不断了解其每个业务站点的网络系统管理员是否存在. Together with making our operations in Japan more sophisticated, going forward we will advance the development of CSIRT at Group companies overseas.

  • Computer Security Incident Response Team, 或CSIRT, is the title given to specialized teams that receive reports, 就公司及其他机构的电脑保安事故进行调查,并制定应变措施.
  • 安全运营中心, 或SOC, 是否有专门的机构负责监控和分析信息系统面临的威胁. It works to detect threats as soon as possible, and plays a role in supporting the CSIRT with its response and recovery efforts.
  • 09-57

Diagram of Overall Management 系统

重大举措

Measures Taken Against Information Leaks and Risks from Both 系统 and Human Aspects

公司采取措施, from both system and human aspects, 维护客户(包括个人)和内部(包括机密)信息的安全. 对抗外部威胁, 公司将其SOC定位为持续识别新威胁的主要实体, such as newly reported cases of viral infections or targeted e-mail attacks, 而SEKISUI化学的CSIRT则迅速采取行动,实施适当的对策. We are also working to prevent information leaks before they occur by, 例如, employee education based on e-learning courses and by conducting audits.
CSIRT的运作包括定期举行网络安全小组委员会/推广委员会会议, 在小组委员会会议上报告风险对策的评估,并在促进委员会会议上报告风险对策活动的内容. 除了, 十大赌博娱乐平台每年就发生网络安全事件时的管理决策对小组委员会成员进行培训.

主要的制度相关措施

  • (1)
    Store important information on data center servers and fortify data centers
  • (2)
    建立防火墙,将内部网络与外部网络完全隔离,并控制网络
  • (3)
    安装即使对直接Internet连接(包括远程环境)也有效的云防火墙
  • (4)
    Install next-generation virus protection, on all servers and PCs.
  • (5)
    上述三点2-4由SOC监测,一天24小时,一年365天
  • (6)
    Install e-mail filters and web filters, ensure the safe and secure utilization of employee e-mails and the Internet
  • (7)
    Upgrade authentication infrastructure for both convenience and security

与人有关的主要措施

  • (1)
    Thorough information management by degree of importance
  • (2)
    Thorough enforcement of duty of confidentiality for retiring employees and new hires
  • (3)
    Conduct regular e-learning programs for all employees
    加强对重要技术开发人员的电子学习课程的实施
  • (4)
    为CSIRT成员进行桌面培训(包括确认通信流程和质疑管理决策等领域)

Measures to Mitigate Risk from Natural Disasters by the Dispersal of 系统s, etc.

这样即使主干系统在自然灾害中受损,业务运营也能继续进行, 十大赌博娱乐平台在数据中心内建立了骨干系统,这些系统有适当的措施,主要处理抗震和抗震隔离.
除了, by dispersing data centers across multiple locations, 十大赌博娱乐平台已经建立了一个系统,即使某个特定的数据中心无法使用,也不会导致工作中断. By taking steps to completely duplicate mission-critical systems, 公司正在努力缩短完成维修和恢复业务运营所需的交货时间.

保护个人信息

娱乐大发澳门赌博平台根据其隐私政策处理其客户的个人信息, which is available on the Company’s website. 本公司遵守有关个人信息的法律法规和规范, 自愿建立基于内部保密信息管理制度的规章制度, strives to appropriately protect such information.
We have also formulated Guidelines for Web Server Construction and Management, and endeavor to protect servers managed at relevant companies and each work site.
同时, 根据所处理信息的重要性,十大赌博娱乐平台通过限制访问权限和其他管理权限来确保彻底的管理.
此外, 十大赌博娱乐平台正在通过提高员工意识和提供培训来加强对个人(客户)信息处理的管理, especially during the Compliance Reinforcement Month held annually.

Preventing Leakage of Technical Information

In 2019, 一名当时的员工将HPP公司导电细颗粒的技术信息泄露给了外部第三方. 事件发现后,加强了信息管理和员工培训. 为了防止复发, we not only take measures to prevent data leakage through IT technology, 同时也要实施一系列广泛的措施,例如在处理机密技术信息的部门引入风险管理活动, providing moral education and training for engineers, and thoroughly educating employees on confidentiality obligations upon hiring.
As for the overall progress of these recurrence prevention measures, 十大赌博娱乐平台监控信息泄露风险,同时整合网络安全小组委员会和合规小组委员会的活动.