线上德州扑克

Approach to Information Security

The progress of digitization has brought new opportunities for creating value, but this progress also amplifies the risks that businesses face, including information leaks and operational disruptions caused by increasingly sophisticated cyberattacks that impede business continuity. To minimize these risks, risk management related to information security has become one of the most crucial challenges for companies. Against this backdrop, 线上德州扑克 recognizes cybersecurity measures as a crucial management challenge that addresses both value creation and risk management, and is engaged actively in information security initiatives. In our response, we are implementing measures in accordance with security standards common to the Hitachi Group.

Information Security Policy

线上德州扑克 created an information security policy to protect information assets, including information entrusted to us by our customers, the systems that store that information, and more. We established various rules and implementation systems based on this policy, and we address the challenges of information security management on an active basis.

1. Formulating administrative rules for information security and ensuring their continual improvement
2. Protection and ongoing management of information assets
3. Legal and regulatory compliance
4. Education and training
5. Preventing incidents and taking action when they occur
6. Ensuring business processes are optimized within the corporate group

Framework for Information Security

The Chief Digital Officer (CDO) has overall responsibility and authority for implementing and operating information security and personal information protection, and oversees information security for all 线上德州扑克 products, services, and internal facilities. Headed by the CDO, the Information Security Committee determines all policies and measures for information security and personal information protection. These policies and measures are announced to all Business Units (BUs) and Group companies through channels such as the Information Security Promotion Council. This framework is also implemented at Group companies to promote information security across the group through mutual cooperation.

Information Security Management

线上德州扑克 established a framework for information security management based on the ISO/IEC 27001 international standard. In addition, we enhance information security by reviewing our rules and regulations in accordance with the United States government standard SP800-171. Our standards are communicated globally, and we also actively make use of shared security services and related information security support provided by regional headquarters in the Americas, Europe, ASEAN countries, and China.

线上德州扑克 engages in a number of IT-related measures such as device encryption, ID management and access control via authentication infrastructure, e-mail and website filtering, etc. to prevent information leaks. In response to the recent proliferation of targeted e-mails and other cyberattacks, we not only participate in an initiative to share information between the private sector and the government, but also strengthen various IT measures that include defense-in-depth strategy. To prevent leaks from procurement partners, we review their information security measures based on Hitachi’s own standards before allowing them to access to confidential information.

线上德州扑克 holds annual e-learning programs on information security and personal information protection for all executive officers and employees. The participation rate in 线上德州扑克 in FY2023 was 100% (excluding those who could not attend due to personal leave, etc.). Besides, 线上德州扑克 offers a variety of programs depending on the target and aims, such as those for new employees, new managers, and lectures for information system administrators. 线上德州扑克 also implements simulation training to educate employees about phishing attacks and other cyberattacks. Employees receive deceptive e-mails as phishing simulations to heighten their awareness of security through direct experience. 线上德州扑克 actively implements training on information security and personal information protection.

线上德州扑克 implements information security and privacy protection initiatives based on the PDCA cycle of the information security management systems stipulated by Hitachi. We conduct regular audits and inspections to monitor and evaluate whether management and measures for information security and data protection are implemented properly in each department. 线上德州扑克 requires Group companies outside Japan to use a common global self-check approach to ensure groupwide inspections. All departments perform self-directed personal information protection and information security operation checks annually. Further, we also participate in Hitachi's security risk reduction activities through regular on-site assessments of the status of information security measures. A team of in-house security specialists is responsible for identifying any deviations arising from self-checks.

Cyber-Security Initiatives

To address the risks posed by the increasing diversification of cyber-attack methods, origins, and impacts, 线上德州扑克 is expanding the scope of our security risk management. Traditionally, we focused risk management on response measures for internal IT environments. To reduce business risks going forward, we will include the development and verification environments used to create products and services, production and manufacturing environments, and the supply chain and product/service development process.

线上德州扑克 established standards for internal IT environment-related vulnerability response measures and network security. We require regular status assessments of these measures and the performance of corrective actions. As a companywide measure, we launched an initiative to monitor vulnerability mitigation for each device and follow up with users/administrators to expand the application of such measures. In the development/test and production/manufacturing environments, we established standards and guidelines for infrastructure construction and operations to ensure security compliance in each environment, and we pursue measures based on these guidelines within the 线上德州扑克 Group. We also share information security requirement standards established by Hitachi with our procurement partners, working cooperatively to enhance security. We established management guidelines to address and maintain the security of products and services, and we follow measures based on these guidelines within the 线上德州扑克 Group.

线上德州扑克 utilizes the Hitachi Security Operation Center (SOC), which monitors security on an around-the-clock basis to ensure global-scale cyberattacks are detected and response measures initiated immediately. The Incident Response Team (IRT) collects and develops threat information and manages our response to any security incidents. Cyber-attack methods are becoming more sophisticated every year, with an increasing number slipping past detection systems. More often, these attacks tend to go undetected for long periods, resulting in increased damage. In this context, 线上德州扑克 strengthens cyber surveillance through Endpoint Detection and Response (EDR)^*1 to monitor device behavior and perform authentication protection. We continue to improve and strengthen our cyber monitoring environment using the latest technology.

Data Protection Initiatives

As digital technology continues to advance, the global trend toward leveraging data only accelerates. This situation has led to heightened interest in the protection of personal information and cross-border data exchange. In such an environment, 线上德州扑克 places significant importance on personal information protection initiatives to ensure the secure management of personal information received from customers and personal information involved in business operations. As a member of the global community, 线上德州扑克 is committed to protecting personal information in accordance with our vision for personal information protection, which is to provide safety and trustworthiness, and to value individual rights.

线上德州扑克 established the Personal Information Protection Policy which is announced to all executive officers and employees, and is also publicly available. 线上德州扑克 created a personal information protection management system based on this policy. This system ensures the protection of personal information by such means as appropriate management of personal information, educational programs for all employees, and periodic audits. We do not share personal information with third parties without data subject’s prior consent. Even in cases where prior consent is obtained, 线上德州扑克 requires the third party to whom the data is provided to comply with 线上德州扑克’s Personal Information Protection Policy. 线上德州扑克 also strives to safeguard personal information globally based on each company’s personal information protection policy, and we ensure that these companies comply with all applicable laws and regulations in each country and region, as well as to the expectations of society at large.

With the increasing risk of privacy violations, lawmakers are actively seeking to create and modify relevant laws and legislation in countries and regions around the world. 线上德州扑克 ensures thorough global compliance with legal frameworks, continues to monitor related legal frameworks and social trends, and implements appropriate measures. In Japan, 线上德州扑克 complies with the Amended Act on the Protection of Personal Information, and in the event that a leak may result in a situation that would harm the rights and interests of individuals, 线上德州扑克 promptly reports said leak to the Personal Information Protection Commission and notifies the affected individuals. 线上德州扑克 also formulated a groupwide internal code of conduct concerning the protection of privacy, which takes into consideration international legal frameworks such as the European General Data Protection Regulation (GDPR). This code of conduct became effective as of April 2022.

Third-Party Evaluations and Certifications

线上德州扑克 encourages the acquisition of third-party evaluations and certifications for information security management. Our solution centers have obtained certification from the ISMS Accreditation Center (ISMS-AC) in accordance with the ISO/IEC 27001 Information Security Management System international standard.

Related Links