Cybersecurity Management Guidelines Ver 1.1

Recommendations

Info

3.3. Develop proactive measures to prevent cyber-attacks. (6) Secure resource (budget, manpower etc.) to execute cybersecurity measures Has a budget to implement cybersecurity measures been secured? And have directions been given to develop human resource and to provide proper treatment for them? Scenario in case of no action for security *Without any proper budget, it would be difficult to perform cybersecurity measures and obtain necessary manpower within an organization and also to entrust it with a reliable vendor. *Without satisfactory treatment or improvement for personnel, it is impossible to retain talented human resource within an organization. Example of recommended actions *Give directions to specify cost needed to prepare identified proactive measures for cybersecurity. *Provide continuous training on security by securing budget for trainings for not only personnel in charge of security but other employees. *Obtain approval for budget after evaluating at a management meeting about whether or not expenditure is worth implementing measures. *Consider using professional vendors in the event that it is hard to find human resource for cybersecurity within an organization. *Give HR department directions to develop human resource for cybersecurity and to pave the way for career path in the course of human resource development efforts, and also to review what they work for these purposes. 15
(7) Identify the scope of outsourcing for system control and ensure cybersecurity in the applicable outsourcing companies. To implement cybersecurity measures efficiently and steadily, have directions been given to appropriately divide task of IT system control based on the company's technical capabilities and degree of risk into that which the organization itself should take care of and that which outsourcing companies should handle? And assuming that outsourcing companies might be victimized by cyber-attacks when they are entrusted with work of IT system control, do you ensure that they have cybersecurity measures in place? Scenario in case of no action for security *No technical capability for IT system control within an organization might lead to insufficient system control, leaving vulnerability in the system, and eventually increasing possibility of cyber-attacks resulted from such vulnerability, *In the case that outsourcing company's cybersecurity measures pose risk to the business, and ever if the outsourcing company implements security measures, the outsourcing company would be exposed by risk. Example of recommended actions *Review if the company can fulfill each security measure item on its own, taking note of its technical capability. *Conclude agreements to confirm security levels of outsourcing companies to ensure they have adequate cybersecurity measures, and audit them based on the agreements. *In case of entrusting outsourcing companies with important assets such as personal information or technical intelligence, conduct periodical verification of whether or not the entrusted assets are indeed secured, taking into account the business situation of outsourcing companies. 16
Page 1 and 2: Cybersecurity Management Guidelines
Page 3 and 4: Appendix C In relation to Internati
Page 5 and 6: 3. "10 Important Items" which the m
Page 7 and 8: awareness is lagging in Japan, thou
Page 9 and 10: 1.2. Structure and use of the Guide
Page 11 and 12: (3) Companies need to communicate a
Page 13 and 14: 3.1. Display leadership and build a
Page 15 and 16: 3.2. Determine the framework for a
Page 17 and 18: (4) Publish cybersecurity measures
Page 19: (5) Make sure as to how group compa
Page 23 and 24: 3.4. Prepare in case of cyber-attac
Page 25 and 26: Appendix A Check sheet of cybersecu
Page 27 and 28: □ Information sharing is conducte
Page 29 and 30: Individual Technical measures Risk
Page 31 and 32: (5) Make sure as to how group compa
Page 33 and 34: information sharing activities, and
Page 35 and 36: Appendix C In relation to Internati
Page 37 and 38: (8) Stakeholder Persons or organiza
Page 39: (17) Log It is a record to contain

Cybersecurity Management Guidelines Ver 1.1

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?