ATEAM

About Us

Businesses

News

Investor Relations

Sustainability

Contact Us

日本語 icon-arrow-right

About Us

About Us Top Page arrow-small

Corporate Philosophy arrow-small

Message from the President arrow-small

Executive Team arrow-small

Company Overview / Locations arrow-small

History arrow-small

Businesses

Businesses Top Page arrow-small

Entertainment arrow-small

Media Solutions arrow-small

D2C arrow-small

News

News Top Page arrow-small

Corporate News arrow-small

News for Investors arrow-small

Service News arrow-small

Investor Relations

Investor Relations Top Page arrow-small

Corporate Strategy arrow-small

IR Materials arrow-small

Financial Highlights arrow-small

Stock and Dividends arrow-small

News for Investors arrow-small

Sustainability

Sustainability Top Page arrow-small

Stakeholder Engagement arrow-small

SDGs arrow-small

Human Resources Development arrow-small

Personnel Development arrow-small

Diversity arrow-small

Health And Safety arrow-small

Training And Support arrow-small

Donations arrow-small

Contributions To The Industry arrow-small

Other Initiatives arrow-small

採用情報

RECRUIT

採用情報トップ blank

採用ニュース blank

トップメッセージ blank

インタビュー blank

数字で見るエイチーム blank

オフィスツアー blank

新卒採用 blank

中途採用 blank

インターン blank

home

Sustainability

Stakeholder Engagement

SDGs

Human Resources Development

Personnel Development

Diversity

Health And Safety

Training And Support

Donations

Contributions To The Industry

Other Initiatives

Basic Policy for Information Security Basic Policy for Information Security

Basic Policy for Information Security

INFORMATION SECURITY

Policies on Information Security

Positioning and Concept of Information Security

We consider the continuity of our business and the building and strengthening of the trust with our stakeholders and society as our most important issues, and have positioned information security measures to be the cornerstone of our management.

In recent years, cyberattacks have become more sophisticated, leading to a rise in security risks for businesses. In order to respond to these risks, we conduct risk assessments in line with our security policy. We have adopted the concept of “Zero Trust Security”*2 in place of the conventional “Perimeter Defense”*1 and are working to strengthen our security system with multilayered defenses.

Even in the unlikely event of a security incident, we will continue to improve our security measures so that we can continue our business and maintain the trust we’ve built with society and stakeholders.

  • Perimeter Defense focuses on preventing threats entering from the outside by setting up a clear “boundary” between internal and external networks and installing devices such as firewalls on that line.
  • Zero Trust Security is a security concept that verifies all access requests. Unlike traditional Perimeter Defenses, Zero Trust treats the internal network as potentially vulnerable. We do not automatically trust any internal or external communications; instead, we ensure security by authenticating and authorizing every request for access.

Specific Measures

Zero Trust Security Initiatives

Based on the concept of Zero Trust Security, we protect information assets everywhere they exist, be it internal networks, cloud services, or employee devices. Specifically, access by employees and others is strictly controlled to ensure that only authorized users have access to appropriate information. We have also introduced the latest security technologies and are taking measures to prevent unauthorized access and information leakage.

Countermeasures Against External Cyber Attacks

We have built a robust security system with multilayered defense against increasingly sophisticated external cyber attacks:

EDR (Endpoint Detection and Response)
 Detect and analyze suspicious behavior at endpoints in real time to enable rapid response.
EASM (External Attack Surface Management)
 Continuously monitor systems and services published on the Internet to identify and manage potential vulnerabilities.
Vulnerability Management
 Reduce the risk of attacks by regularly diagnosing vulnerabilities in systems and software, then taking appropriate action.

In addition to these measures, by collecting and analyzing information on the latest cyber attacks, we realize preventive measures such as blocking suspicious communications and restricting the use of software that may be abused in such attacks.

Education

Training for Employees and Supervisors

We educate new graduates and mid-career recruits in the fundamentals of information security and in-house rules during their training. In addition, our managers and supervisors are trained in security risk management plus incident response, and are effectively able to instruct their subordinates. Through this kind of training, we help employees understand their responsibilities and roles as managers and supervisors. We also equip all employees with up-to-date security knowledge through e-learning so they are able to learn about the latest threat information and security measures, which includes simulations such as targeted attack email training.

Development of Human Resources Related to Information Security

We routinely focus on training security personnel to ensure effective security measures. We also promote the development of specialized knowledge and skills by encouraging participation in external security seminars and meetings held by the Nippon CSIRT Association (NCA).*1 In addition, through participation in the “NISC/NCA Joint All-Sector Joint Exercise,”*3 we continue to improve our ability to respond to practical security incidents.

  • NCA is an organization that aims for cooperation among CSIRT*2 in Japan and contributes to the resolution of issues related to CSIRT.
  • CSIRT (Computer Security Incident Response Team) is a team that responds to computer security accidents and incidents. We have established Ateam-CSIRT, which is a member of the NCA, as an in-house security monitoring and response team.
  • NISC/NCA Joint All-Sector Joint Exercises are conducted jointly by the NISC (National center of Incident readiness and Strategy for Cybersecurity) and NCA on the assumption of large-scale cyber attacks.

Security Incident Response

Security Incident Response Flow

In order to appropriately respond to security incidents (information security accidents and events), we have built a system centered on the specialized team Ateam-CSIRT*1 and have developed a response flow. By taking technical measures through security tools and monitoring networks, we strive to prevent security incidents before they occur. When a serious security incident occurs, the Ateam-CSIRT reports the incident to the Board of Directors and, if necessary, cooperates with the Board of Directors, the Ateam-SOC*2, and external organizations to respond using specialized knowledge and technology. By utilizing our past security incident response experience and continuously improving our response flow and system, we are building a more robust security system to protect important information assets.

  • Ateam-CSIRT is in charge of overseeing the entire Ateam Group and consists of the legal and public relations departments, as well as Ateam-SOC, to ensure a unified and consistent response in the event of a security incident. In the event of such an incident, they collaborate with directors, the corporate division, affected Group companies, and external organizations, as appropriate, to minimize damage and facilitate rapid recovery.
  • Ateam-SOC consists of security administrators with specialized security knowledge who monitor, detect, and provide technical responses to security incidents.
 
 
Organization Chart