Information Security (Cybersecurity)

Basic Policies on Information Security

The KOBELCO Group considers information security risks as one of its significant management risks, and has established a basic policy on information security and is working on information security measures to ensure that we can take an appropriate Groupwide response.

Basic Policy on Information Security

  • Building an information security system
  • Establishing an information security framework based on the PDCA cycle
  • Formulating rules and regulations and standards for information security
  • Implementing thorough information security measures

Information Security Promotion System

Our Group pays the utmost attention to the confidentiality of information, and has established a management system and taken appropriate security measures to prevent unauthorized access and information leaks due to cyberattacks and other incidents. The information security promotion structure, centered on the Information Security Subcommittee, KOBELCO CSIRT/K-SOC, and the respective roles are as follows.

Information Security Promotion System

Information Security Subcommittee

The Information Security Subcommittee, chaired by the CISO (director/executive officer), determines the Group basic policies and key measures on information security.

KOBELCO CSIRT1 / K-SOC2

The KOBELCO CSIRT is a cooperative effort between IT divisions, legal divisions, and affiliated companies dealing with information systems to prevent cyberattacks and the spread of damage in the event of an information security incident. To this end, it updates or abolishes security regulations and standards, plans and implements information security education and training for directors, executive officers, and employees, and responds to incidents and other events.

  • 1 Computer Security Incident Response Team

    2 KOBELCO Security Operation Center

Information Security Activity Targets

With the goal of achieving zero serious security incidents*, the KOBELCO Group aims to raise the level of security through the PDCA cycle that includes such elements as implementing risk management, determining countermeasures, and auditing results of security activities.

  • * An information security incident that has a significant impact on businesses or society, such as the stopping of a factory line due to cyberattacks and the leakage of important confidential information

Information Security Activity Targets

Information Security Initiatives

Security Tools Integration and Monitoring

Braced for cyberattacks, we have integrated security tools for central management of information security throughout the KOBELCO Group including domestic and overseas Group companies. This allows us to carry out log monitoring 24 hours a day, 365 days a year, detect malware infection, suspicious behavior, and signs of incidents in the early stage, and take prompt steps from initial response to containment.

Information Security Initiatives

Information Security Education and Training

We are working to improve employee awareness and understanding of information security and the ability to respond to threats by regularly conducting information security education through e-learning and targeted email training for directors, executive officers and employees of the Group.

Information Security Audits

We are working to raise the level of information security management throughout the Group by conducting annual internal audits to check the status of compliance with the KOBELCO Group Information Security Standards through annual internal audits and making improvements.

Page top