Continuous Strengthening of Corporate Governance
Our mission is to always be trusted
The responsibilities that NTT Communications are expected to fulfill have been broadening and deepening amid the move toward borderless economies and spread of ICT in society.
As a corporate group responsible for ICT infrastructure, NTT Communications will continue to strengthen its business foundation based on trust while strictly complying with laws and regulations.
Fulfilling our responsibilities as a global ICT company
We will build an efficient, fair and robust management foundation.
As we continue to provide ICT services embedded in social infrastructure throughout the world, elements of our management foundation must be able to operate as an efficient and nimble business organization with an open corporate culture and risk management systems able to seamlessly address rare events, such as accidents and natural disasters, at any time. At the NTT Communications Group, we take a thorough, Group-wide approach to ensuring compliance and efficient governance in order to continue contributing to the development of a sustainable society.
In recent years in particular, we have been working diligently to prevent and thwart cybercrime, which has become a serious social problem.
A society built on coexistence and mutual trust between stakeholders and companies
> A society where corporate actions are completely in line with laws, regulations and ethics
> A society that benefits from corporate activities and daily dialog with stakeholders
Enhancements Progressing, Efforts in Web Vulnerability Diagnosis
Crimes That Threaten Social and Economic Activities
In public services, business, and online shops every day, people around the world are using networks such as the Internet as infrastructure. In doing so, there are many instances in which Web pages, such as those of companies and government offices, are being accessed via Web applications such as browsers. Looking for deficiencies in systems, such as applications and OS, with malicious intent or criminal acts involving unlawful operations when accessing in this way are “crimes that exploit the Web’s vulnerabilities.” As a result, breaches, including site falsification, the leakage of confidential information and the theft of property, have occurred and caused serious harm to society.
This is a matter of creating a society in which all people can enjoy the convenience of advanced infrastructure with peace of mind. This is an activity that can contribute not only to our CSR priority activities but also to Goal 11 of the UN SDGs, “make cities sustainable.”
Multifaceted, Fine-Tuned. Thorough Web Vulnerability Diagnosis
Generally, Web page systems are constructed by a combination of the OS/middleware provided by the development vendor and Web applications we have developed ourselves. For the former, we have built our own Information Security Management Platform (ISMP), put in place a system for sharing with system administrators, in real time, any database compilation of system information and vulnerability information, and have been responding promptly in line with information from vendors and the security expert community. The latter also receives the current situation of diversifying Web applications, and we have been promoting further enhancement efforts since 2015.
Specifically, we have expanded the vulnerability diagnosis, which we had previously undertaken at our own development stage, to the post-development operational stage. We have set up a specialized team and conduct periodic diagnoses on all the Web pages related to operations. For any vulnerabilities that we have discovered, we promptly take countermeasures and thoroughly implement a mechanism to unify the diagnostic results (charts). By doing this, we are building an accurate PDCA system that is being reflected in detail in current and future software developments.
To Continue to Provide Value for Society and
Customers, Peace of Mind and Trust
For services provided to customers, a Web application of some kind, including booking and inquiry forms, is always involved. If there were any vulnerability in these, and important customer information were to be stolen, we would lose trust. For us not to reach that kind of situation, we carefully diagnose our in-house systems on a daily basis and, if we find a vulnerability, we promptly control the situation until rectification.
The vulnerabilities have become more sophisticated and complex with every passing year, and the acquisition of new knowledge and human resource development are indispensable in dealing with them.
We are actively engaging in human resources development so that we can also be active as a developer that possesses a deep understanding of security.
Cyber Security, Information Security
Senior Manager Hironori Otani