
Information Security Management
Basic Approach and Policy
Basic Approach to Information Security
Taking the increase in information risk factors in recent years into consideration, the Nabtesco Group is continuously working group-wide on the establishment of systems and the promotion of related initiatives to brace for not only traditional risks but also emerging risks such as cyberattacks.
System
Information Security Management System
To address a recent increase in cyber security risks and enhance the information security level of the entire group, the Nabtesco Group has established the Information Security Committee, created a basic information security policy, enhanced the level of security measures, and promptly addressed serious security incidents. This committee consists of a chairperson and committee members appointed by the CEO, reports its activities periodically to the CEO, and if directed, reports to the Board of Directors. The Nabtesco Group also has Chief Information Administrators and Chief Supervisors assigned to facilities, and the Information System Department plans information security measures, provides advice, instruction and cooperation during implementation, verifies the adequacy of information security, and provides support such as correction instructions across the Nabtesco Group as a department dedicated to information security.
Organization chart of the Information Security Committee
Members of the Information Security Committee
Chairperson | Representative Director Senior Managing Executive Officer in charge of information systems |
---|---|
Committee members |
|
Chairperson of the Information Security Committee: Atsushi Habe
Representative Director and Senior Managing Executive Officer
(Brief profile related to information systems)
Mr. Atsushi Habe developed his career in the Precision Equipment and Aerospace Companies, among other business units, and fulfilled the duties of an information management administrator while concurrently holding the position of the General Manager of Planning Department and General Manager of the Sales Promotion Department at the plants of these business units. He led the Precision Equipment as President from 2019 to 2020. Officers in charge of information systems, present post. Member of Risk Management Committee, present post.
Measures
Establishment of Management Rules and Regulations
Through the Nabtesco Group’s intranet, we share rules and regulations established regarding information management and security, such as the Basic Rules on Information Management, Information Security Management Standards and Information Security Incident Response Standard.
Response to Information Security Incidents
We have standards in place to take action in the event of information security incidents, and following these standards, the computer security incident response team (CSIRT) stands by to address them. The CSIRT works to prevent the spread of losses and damages attributable to these incidents, the quick restoration of operations and other matters.
We conduct incident response verification at least twice a year, once to simulate an actual incident according to the procedure manual, and after the simulation, we verify the response measures and reflect them in the procedure manual. Another time, during annual disaster drills attended by all employees, we evaluate the response status from the perspective of IT security and reflect it in the procedure manual.
Education on Information Security
We provide all employees with education on information security every year as an awareness-raising measure. Moreover, we mandate new employees and mid-career hires to receive training on information security upon joining the company. The content of training materials is revised every year to reflect recent trends in information security.
In the training on information security provided to employees in FY2023, we focused on providing cautions on the use of social media and raising awareness around the security risks posed by email attachments. Also, as a countermeasure against fraudulent business emails, we conducted an email drill for all employees and disseminated the results of the drill to encourage caution.