Information Security Report 2010 - Nec
Information Security Report 2010 - Nec
Information Security Report 2010 - Nec
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NEC’s Initiatives to Build a Secure IT-Driven Society<br />
<strong>Information</strong> <strong>Security</strong> Governance<br />
Under the “One NEC” concept, the NEC Group is promoting information security<br />
together with Group management while strengthening governance to maintain<br />
and enhance the level of information security across the entire Group.<br />
Approach to <strong>Information</strong> <strong>Security</strong> Governance<br />
At the NEC Group, management systems have been built<br />
at the individual business-unit or each group company.<br />
And each organization is required to maintain and<br />
enhance its information security based on a PDCA cycle.<br />
We believe it is important that each of these<br />
activities be implemented efficiently and effectively as<br />
“One NEC” while ensuring effective governance to<br />
enhance security levels across the Group. Specifically,<br />
NEC defines goals of information security levels in the<br />
Group and provides all organizations with the direction<br />
■ <strong>Information</strong> <strong>Security</strong> Governance<br />
of principles on effective measures across<br />
the Group and on the allocation of business<br />
<strong>Information</strong> <strong>Security</strong> Governance<br />
resources to achieve the goals. We also<br />
monitor and evaluate the status of information<br />
security including all incidents in the<br />
Direct Monitor Evaluate <strong>Report</strong><br />
Group. Then we provide the organization with<br />
a guidance as necessary and make improvements<br />
from results of the evaluation.<br />
Plan<br />
Do<br />
Check<br />
Act<br />
NEC discloses the information on these<br />
(Establish systems) (Initiate and (Inspect and review) (Maintain and<br />
implement policies)<br />
enhance systems) activities through our Annual CSR <strong>Report</strong> and<br />
this <strong>Information</strong> <strong>Security</strong> <strong>Report</strong> to fulfill our<br />
Management Systems Within Each Organization<br />
accountability to stakeholders.<br />
Overall <strong>Information</strong> <strong>Security</strong> System Integrated with Group Management<br />
The <strong>Information</strong> <strong>Security</strong> Strategy Committee, chaired by a managers, with primary responsibility for information security<br />
in their divisions including at group companies under<br />
senior executive vice president, promotes the NEC<br />
Group’s <strong>Information</strong> <strong>Security</strong> Governance. It has three their jurisdiction. They designate management promotion<br />
promotion committees for domestic and overseas subsidiaries<br />
and suppliers. These committees are responsible for dissemination of rules within their organizations, and are<br />
staff from among their managerial ranks, ensure thorough<br />
explaining various measures, sharing information about responsible for the implementation and execution of security<br />
measures. They review the status of execution and do<br />
incidents, and informing directions. The business division<br />
heads in each organization act as information security necessary improvement. The NEC division with overall<br />
responsibility for information security also works<br />
■ <strong>Information</strong> <strong>Security</strong> Promotion Structure closely with related head office staff divisions to<br />
President<br />
move the concrete development of each measure<br />
forward.<br />
<strong>Information</strong> <strong>Security</strong> Strategy<br />
Business<br />
Committee<br />
Strategy<br />
(Chaired by senior executive<br />
In fiscal <strong>2010</strong>, we established the NEC<br />
Committee<br />
establishes group policies, etc.)<br />
Group Management Policy, which is designed<br />
<strong>Information</strong> <strong>Security</strong> Promotion<br />
Division to achieve a global standard management foundation.<br />
And the Group moved ahead to stan-<br />
Committee<br />
Responsible for<br />
(Plans promotions, ensures implementation,<br />
makes requests, etc.)<br />
<strong>Information</strong><br />
Domestic Overseas Promotion <strong>Security</strong> and<br />
Corporate<br />
Promotion Promotion Among Suppliers<br />
dardize rules regarding the performance of<br />
Head Office Staff<br />
Auditing<br />
Bureau<br />
Divisions business and to unify systems, business processes,<br />
and infrastructure.<br />
NEC Business Divisions<br />
Group Companies<br />
(domestic and overseas)<br />
Internal Audits<br />
<strong>Information</strong> <strong>Security</strong> Manager and Promotion Manager<br />
(Responsible for implementing measures, inspecting status,<br />
making improvements, etc, within each organization)<br />
NEC CORPORATION<br />
<strong>Information</strong> <strong>Security</strong> <strong>Report</strong> <strong>2010</strong> 03