This year’s report details Toshiba’s three key measures for realizing cyber resilience: Governance that clarifies decision-making and command systems; Security Operations that monitor, detect, respond, restore and defend; and Human Resources Development that trains the people needed to develop and operate security systems.
In Governance, security governance of the entire Group is driven by the Toshiba Group CISO Meeting*, which ensures major Group companies collaborate horizontally across organizational boundaries. Toshiba Group has established mechanisms and rules for identifying and evaluating privacy risks that can be applied prior to the launch of businesses that use personal data.
Security Operations minimizes the impact of security risks on corporate activities by actively promoting the automation of prediction and detection, response and recovery, and the use of intelligence on cyber-threats.
In Human Resources Development, Toshiba promotes security qualification systems within the Group that certify security-related knowledge and technical capabilities for people working in different areas and roles. In order to assess the maturity of CSIRT (Computer Security Incident Response Team) and PSIRT (Product Incident Response Team) and improve cyber security management in individual companies, Toshiba requires Group companies to carry out self-assessments that visualize gaps between current conditions and goals, and indicate measures that need to be taken.
In conjunction with the publication of the Cyber Security Report, Toshiba has renewed its cyber security website, to ensure that details of Group initiatives are reported in a timely manner.
Toshiba Group will continue to fulfill its responsibilities in this crucial area, and ensure that stakeholders understand its thinking, strategies, and specific measures to enhance security, by issuing regular website updates, and the annual cyber security report.
* An internal meeting in which CISO (chief information security officer) of major Group companies participates to plan and evaluate measures concerning the establishment, promotion, assessment, and improvement of the system for cyber security risk management for the entire Toshiba Group.
■Toshiba Group Cyber Security Report 2021 is available here:
■Toshiba Group’s Cyber Security Website