This year’s report details Toshiba’s three key measures for realizing cyber resilience: Governance that clarifies decision-making and command systems; Security Operations that monitor, detect, respond, restore and defend; and Human Resources Development that trains the people needed to develop and operate security systems.
In Governance, Toshiba Group is promoting consistent security measures, thereby facilitating early detection of and response to cyber security incidents. As part of surveys of the systems and networks shared with partner companies, Toshiba Group regularly performs security assessments to determine whether all the security measures stipulated in its in-house regulations are in place. In addition, some Toshiba Group companies are using techniques to quantify and visualize cyber security risk in the assessment and selection of partner companies.
In Security Operations, Toshiba Group is implementing an initiative to minimize the impact of security risks on corporate activities by promoting the automation of prediction and detection, response and recovery, and the use of cyber threat intelligence(*1).
In Human Resources Development, Toshiba Group promotes e-learning programs that ensure that security personnel learn the importance of supply chain security according to their defined roles. In addition to training programs designed to develop specialists and highly skilled personnel capable of handling security vulnerabilities and incidents, Toshiba Group is enhancing its product security educational programs for managers responsible for improving security quality during product development. Furthermore, Toshiba Group offers training programs designed to promote the use of the acquired knowledge and skills in daily work, as well as a security contest for employees that aims to introduce, spread, and strengthen security practices.
As a data service provider, Toshiba Group is promoting an initiative for privacy governance. Public demand for privacy protection is growing as the utilization of personal data expands. Prior to the launch of a business that uses personal data, Toshiba Group has established a system and rules for identifying and evaluating privacy risks. Minimizing privacy risks is crucial for using personal data for business purposes. Toshiba Group is educating its employees on privacy protection in order to raise their awareness.
Toshiba Group will continue to fulfill its responsibilities in this crucial area, and ensure that stakeholders understand its thinking, strategies, and specific measures to enhance security, by issuing regular website updates, and the annual cyber security report.
*1 Information concerning the trends in security threats and attacks that is intended to help with decision-making regarding security
■Toshiba Group Cyber Security Report 2022 is available here:
■Toshiba Group’s Cyber Security Website