 |
 |
 |
|||||||
|
NTT Communications was one of the first companies to start work on a management framework for customers and other information. We realized that we could apply our own stringent security measures to improve security for our customers. In September 2002, we moved to protect our customers' privacy with the announcement of the NTT Communications Security Declaration and Information Protection Policy.
NTT Communications Security Declaration
Our most important mission, in addition to protecting information that is vital to our customers and providing services they know are safe, is contributing to an enhancement of our customers' security system.
We regard security as our top priority in providing services to our customers, and we pledge to work with them to achieve an optimum security system.
We will do our utmost to ensure security in all phases of the value chain from technology and service development to establishment and operation.
Furthermore, as Internet Professionals, each one of us will raise our capabilities to respond to security-related issues.
Three Resolutions
- We regard security as our top priority in providing services to our customers, and we will do our utmost to enhance their security.
- As an IT partner entrusted with our customers' vital information, we will work with them at all times to ensure their security.
- Business partners and contract employees are also important supporting members of NTT Communications. We will therefore collectively strive to ensure our own security.
Information Protection Policy
Our most important mission, in addition to protecting information that is vital to our customers and providing services they know are safe, is contributing to an enhancement of our customers' security system.
We regard security as our top priority in providing services to our customers, and we pledge to work with them to achieve an optimum security system.
We will do our utmost to ensure security in all phases of the value chain from technology and service development to establishment and operation.
Furthermore, as Internet Professionals, each one of us will raise our capabilities to respond to security-related issues.
- Appropriate procedures shall be followed in the creation, accumulation, usage, and provision of information.
- Measures shall be taken to prevent unauthorized access to and loss, damage, modification, or leakage of information.
- All laws and regulations governing the handling of information shall be strictly observed.
- Rules pertaining to the handling of information shall be properly organized and constantly reviewed.
- NTT Communications shall ensure that all relevant personnel shall adhere to the document regulations pertaining to the handling of information.
People are both threats to and operators of security systems. Security measures that rely solely on technology are therefore inadequate. That is why we are strengthening our security through the trinity of people, process, and technology.
Under the direction of a Chief Security Officer (CSO) appointed by the President (CEO), a number of deliberative bodies have been established. The Security Management Office serves as an executive office for security matters, developing policy and management plans and deciding how to respond when incidents arise. In addition, the relevant key professional staff members can be assembled at short notice to respond to particular concerns.
Persons responsible for promoting security in each division attend training once a year. We foster specialist staff through practical training in the application of ISO 27001, the international standard for security management, and in responding to incidents. For regular employees, contract employees, and employees of outsourced companies, we enhance security awareness by providing posters, videos, handbooks, guidebooks, and other materials.
As for information security management systems (ISMS), with four divisions newly certified, 13 divisions by five scopes are certified in NTT Communications, and seven Group companies have also obtained certification as of March 2006. In addition, all divisions of NTT Communications have already obtained the Privacy Mark, while in fiscal 2005, four Group companies were able to obtain it.
In order to protect our customers' personal information, besides implementing security management measures, the NTT Communications Group complies strictly with the relevant guidelines of the Ministry of Internal Affairs and Communications.
Risk is especially high in the management of electronic customer data. For such data, NTT Communications restricts access rights to the minimum persons necessary and carefully controls its use, granting permission to use the data only upon careful examination by the Security Management Office. We also turn our expertise in these examination processes to creating “information life-cycle management systems,” eliminating the risk of leaks that arises from failure to destroy all traces of the information left behind on circuits by copying processes.
To prevent computers being taken outside the Company offices without authorization, we have built a detection system using electronic tags. We also maintain stringent controls on the outsourcing of handling of customer information. In such cases, we require such contractors to handle that information according to the same strict security standards that NTT Communications applies, and we conduct regular audits of those operations.
Internet crimes such as unauthorized access through computer viruses and phishing scams are continuing to increase each year. For the NTT Communications Group, preventing these crimes is our highest priority, and we are making every effort to implement countermeasures. It is no exaggeration to say that the Internet is an environment where users are at risk every day. Therefore, to enable more people to enjoy the Internet safely and with reassurance, we provide free virus checking for outgoing e-mail and information about security measures presented via easy-to-understand web pages, among other similar services. These measures are taken from the viewpoint of society as a whole, going beyond a purely business perspective.
■Network Security Monitoring and Operation Framework
■Security Operations Center
There are all sorts of threats to network security, ranging from outside hacking attempts to viruses and worms, harmful software, denial-of-service attacks, and vast quantities of spam mail. To address these threats, using the monitoring capabilities acquired from being a leading telecommunications carrier, the NTT Communications Group carries out monitoring and other related operations 24 hours a day, 365 days a year.
Our Security Operations Center conducts various operations that are essential to providing security services for corporate networks. As a provider of outsourced security operations offering a wide range of monitoring services from office IT to private networks and servers, we safeguard our customers·corporate information systems by providing support for the infrastructure that enables our customers to carry on their business smoothly and without interruption.
In addition, at the IP Network Service Center, the division responsible for operation of Open Computer Network (OCN) facilities, every effort is being made to develop technical solutions to the various security issues encountered on the Internet. These efforts aim to address all issues of concern to users across the Internet, in cooperation with other ISPs.
■Information Security Guide and OCN Security Portal Information Sites for Corporations
■OCN Security Portal http://www.security.ocn.ne.jp/ (Japanese only)
■Information Security Guide http://sec.ntt.com/ (Japanese only)
On the Information Security Guide website provided for a largely corporate audience, NTT Communications presents a wide range of security information. The key aspects and vocabulary of information security are covered for company employees who want to familiarize themselves with the issues, while the site addresses the latest trends in security and risk handling for security administrators. In addition, under the theme of business continuity, the site includes an explanation of the Business Continuity Plan (BCP) with a checklist. A specialist explains the main points required for creating a BCP, and there is other abundant content helpful for addressing business continuity.
Furthermore, on the OCN Security Portal, we provide the latest updates on Internet security for corporate customers as well as information on risks and countermeasures in an easy-to-understand manner. In particular, animation contents that allow users to experience simulated virus infection and phishing scams, and to try a simulation of OCN security services enable them to easily understand the nature of the danger involved and countermeasures to take. In addition, we provide a free security investigation service to clients that have installed the OCN corporate package.
■ OCN Anshin Web Information Site for Individuals and Security-Related Services
■OCN Anshin Web http://www.ocn.ne.jp/info/anshin/ (Japanese only)
The OCN Anshin Web security site for individual users is primarily for those who have just started using the Internet and for intermediate users. Using actual examples, it explains the necessity of taking security measures and the trouble caused by Internet crime. The site offers a straightforward introduction to the points to be careful of and the specific steps required to protect your computer from unauthorized access and viruses. The links to websites about Internet security and related laws and regulations are also useful.
Computer viruses are a serious problem and nobody wants to be responsible for spreading them unawares. But it can be very difficult to take the right security measures yourself. For the five million OCN customers, NTT Communications provides a free virus check for outgoing e-mail and an online scanning service. In addition, we offer broadband users a free personal firewall service, among other services, in order to provide our users with safe and secure Internet access.