JAPANESE

Information Security

Information Security Information Security

Message from the CISO

Tadashi Iida Chief Information Security Officer SoftBank Corp. Tadashi Iida Chief Information Security Officer SoftBank Corp.

The COVID-19 pandemic has further accelerated digitalization and necessitated the push towards making everything online, causing major changes to our daily lives and corporate activities.

The keys to accelerating this change have been cutting-edge technologies such as 5G, AI, IoT, cloud computing, and big data. In particular, the promotion of digitalization through digital transformation (DX) helping to achieve labor-saving automation which coupled with the rapid evolution of AI has encouraged us to shift to a more creative and high-value-added work style. Meanwhile, control and data analysis using IoT sensors have made it possible to grasp minute changes and use them to make upfront investments and avoid risks by predicting the future.

Guided by our management philosophy of “Information Revolution — Happiness for everyone” we are actively investing and developing these fields in order to solve social issues, achieve SDGs, improve our customers' productivity, and provide more convenient and novel experiences.

The foundation for achieving this is advanced Information and Communications Technology (ICT), cutting-edge communications infrastructure, and information security. In recent years, security risks have become more diverse and sophisticated. Particularly from international hacker groups which have been more persistent in committing internal fraud and cyber attacks targeting remote work environments.

Our company is constantly monitoring and researching these threat trends, while proactively adopting cutting-edge technology to create an advanced security environment. Operationally we are further enhancing our 24/7/365 security monitoring and real-time response system, while educationally we are conducting training to instill a high level of security awareness in all employees. In terms of systems we are continually keeping our security policies and rules up to date.

By continuously evolving our information security and supporting the digital transformation brought about by DX, our customers will be able to use our services with peace of mind.

Tadashi Iida
Chief Information Security Officer
SoftBank Corp.

Policy

We have formulated and continue to adhere to our Information Security Policy and Privacy Policy so that we can keep the trust of our customers and the wider community by implementing sweeping and advanced solutions to counter the risk of information leaks. We aim to maintain information security by appropriately handling our information assets and protecting them from a variety of threats.

Information Security Policy

Privacy

Information security
governance

SoftBank has put information security management governance in place to make sure we adhere to all laws and regulations regarding information security, safeguard our information assets, and defend against cyberattacks. SoftBank has formulated its Information Security Policy to be followed by the employees and established the position of Chief Information Security Officer (CISO). We established the Information Security Committee (ISC) chaired by the CISO, and the SoftBank Computer Security Incident Response Team (SoftBank CSIRT). They both review policies to adapt to changes in the security environment and technological innovation, and share information helpful for planning how to address information security and cybersecurity.

When an information security breach causes a system failure, the head of the system operation and CISO coordinate to assess the situation, evaluate responses, and restore the system. Additionally, in the event of more serious circumstances, we establish an emergency response taskforce headed by the CEO to address the issue, and, in accordance with legal and regulatory requirements, will promptly report to the Ministry of Internal Affairs and Communications and other appropriate authorities.

Information security governance Information security governance

Information Security
Committee

The Information Security Committee (ISC), chaired by the CISO, is composed of each division's person in charge of information security. It is a cross-functional organization seeking to promote and manage various initiatives for information security. In order to ensure the effective execution of initiatives, we formed the Information Security Committee Office to help plan and coordinate efforts.

The roles of ISC include, but are not limited to:

  • Sharing information helpful to information security
  • Sharing Group-wide initiatives and plans related to information security
  • Assessing the latest status of information security across the Group and enabling improvements
  • Promoting information security training
  • Coordinating information security initiatives across departments

SoftBank CSIRT

The SoftBank CSIRT was organized to prevent security incidents and minimize damage by quickly responding to any incident that might occur. Overseen by the CISO, the team consists of members from the Security Department and others appointed by the head of each department. The CSIRT Office works with the Information Security Committee Office and related organizations, both inside and outside the company, to support the team.

In order to prevent security incidents, SoftBank CSIRT addresses system vulnerabilities (information collection and analysis, requests to respond, review of response status), formulates security rules, provides security training, and sends warnings for potential security issues. In the case of any incident occurring, the team sets up an incident response flow along with carrying out incident response training.

Security governance
of affiliate companies

SoftBank's affiliate companies (subsidiaries and affiliates) have risk management governance structures in place, mitigating risks and preventing information security incidents and cyberattacks. They also assess and analyze security risks in order to understand and implement controls to reduce the risk.

The SBKK Group Security Committee, headed by the CISO, comprises members in charge of information security management at affiliate companies, where they share information on threats and solutions regarding information security. The Committee also conducts security training and coordinates responses when incidents occur. Additionally, the SoftBank Affiliate Company Security Guidelines stipulate matters to be observed and the governance structure necessary for each Group company to manage security appropriately.

Security measures

To protect our various information assets, including customer information, we have a security governance structure in place which provides security checks and advice when services are developed and launched internally. We also conduct security tests prior to their release and during operations. Furthermore, we run a Security Operation Center (SOC) which monitors services and equipment, establish regulations, collaborate internally and with other organizations, review our solutions and consider new ideas by referring to the Cybersecurity Framework (CSF) of the US National Institute of Standards and Technology (NIST) and the CIS Controls of the US Center for Internet Security (CIS).

Protecting Customer Information Protecting Customer Information

Protecting Customer
Information

We take measures to protect our customers from information leaks and cyberattacks so they can use our services with peace of mind.

Learn more

Collaboration to Protect Cybersecurity Collaboration to Protect Cybersecurity

Collaboration to Protect
Cybersecurity

As an operator of telecommunication infrastructure vital to society and as a company providing innovative services by integrating telecommunications with cutting-edge technologies, we work with various external organizations to help improve security across society. SoftBank CSIRT represents us when we collaborate with external organizations.

Learn more

Continuous Security Enhancement Continuous Security Enhancement

Continuous Security
Enhancement

In response to the spread of digital devices and increasingly sophisticated cyberattacks, we strive to continuously strengthen security by adopting new technologies and methods, improve the security mindset of our employees through education, and train specialists in the field of security.

Learn more