What is the Cybersecurity Assessment and Roadmap Formulation Service?
Based on an understanding of the customer’s thoughts and feelings, and on our sense of mission, we perform all necessary tasks from risk assessment to roadmap formulation in order to protect the customer’s present and future from cybersecurity risks. We also provide services for control system environments, an area which has been attracting attention in recent years.
- Analyze the status of customer measures based on internal policies, products used, and the operational status of those policies/products
- Conduct an investigation to determine what security risks are present
Present the direction of measures
- Analyze cyber threats surrounding the industry and propose optimal security measures for customers
- Create a roadmap for implementing security measures, while considering the degree of priority according to the customer's environment
The service will solve problems such as the following.
- I want specialists to devise cybersecurity tailored to my company.
- I want to constantly implement the latest cybersecurity.
- I don’t understand what kind of threat is posed by a cyber threat.
- I would like you to review my company’s current environment.
[Example of risk assessment]
|Item no.||Check item||Check item details||Confirmation results|
|１||Region where the data center is located (country, state, etc.)||You can only select domestic locations, including for backup.||
Data centers are scattered throughout Europe, the Americas, and Asia.
You can select the data storage location, but cannot select a domestic location.
|２||Governing law and court of jurisdiction in the event of a dispute||
Confirm the governing law and court of jurisdiction in the event of a dispute.
(Ministry of Economy, Trade and Industry Guidelines “15.1.1 Identification of Applicable Laws”)
Disputes shall be resolved in compliance with XXXX state law.
Service provision contract
Governing law. Legal proceedings may be taken only in courts located in the state of XX in accordance with the laws of the state of XX (excluding the provisions of conflict of laws) for any claims arising out of or related to this contract or this service. Both parties agree to in personam jurisdiction of these courts.
User management of encryption key
It is possible to implement a function that encrypts data on a cloud service and enables management of the encryption key by the user, not the cloud operator.
(Ministry of Economy, Trade and Industry Guidelines “12.3.2 Key Management”)
|It does not provide a function for data encryption on the user side.|
Authentication method for administrator web interface
(Multi-factor authentication, password management)
An expiration date is set for the password.
Multi-factor authentication is being used.
An expiration date is not set for the password.
*Using two-factor authentication function will minimize the possibility of unauthorized login.
|５||Feasibility of conducting audits||Capable of accepting audit requests from cloud users.||The description related to acceptance of audit requests from cloud users cannot be confirmed from public information.|
|No.||Measures||Year 1||Year 2||Year 3|
Updating of business system regulations, etc.
Creation of new related regulations
|Revision of rules||Revision of rules|
Asset inventory and classification
|Risk analysis||Risk analysis|
|3||Risk assessment of cloud service||
Cloud service required items
Creation of guidelines
|Cloud evaluation||Cloud vulnerability diagnosis||Cloud evaluation|
|4||Expanded scope of vulnerability diagnosis||Platform diagnosis||Web application platform diagnosis||Web application/platform diagnosis||Web application/platform diagnosis|
|5||Strengthened incident response capability (technical)||Endpoint detection/defense effect||Advisory service|
|Strengthening of server detection/defense||Setting of definitions for log analysis||Setting of definitions for log analysis|
|6||Strengthened incident response capability (personnel)||Security education||
Targeted email training
Security education Incident training
Security education Incident training