This is the top of the page.
Displaying present location in the site.
  1. Home
  2. Products & Solutions
  3. Cyber Security Solutions
  4. NEC Cyber Security Journal
  5. Remarkable trends
Main content starts here.

Remarkable trends in cyber security

Corporate challenges identified by the Cyber Security Management Guidelines

Overview of the Guidelines

In December 2015 the Ministry of Economy, Trade and Industry (METI) and the Information-technology Promotion Agency (IPA) issued the "Cyber Security Management Guidelines." These guidelines position cyber security as an important management task, and identify three cyber security principles that top management must adopt and 10 important items that must be executed with a top-down approach. The guidelines target people in top management.
The 10 important items can be divided into four categories: demonstration of leadership by top management and constructing systems for cyber security; determining a framework for cyber security risk management; measures to prevent attacks based on risk management; and preparations for cyber attacks. It goes without saying that while the management guidelines call for measures to prevent cyber attacks on the companies themselves, they also advise top management to implement business-wide measures that include the supply chain (business partners), and devise measures to respond to security incidents such as malware infestations and internal information leaks.

Overview of simple risk assessment

NEC has released a simple diagnostic tool on its website called "Simple Risk Assessment Based on Cyber Security Management Guidelines" (hereafter referred to as the Simple Diagnosis) that can be used to determine the status of the security measures implemented by customers.

Demonstration of leadership by top management and constructing systems for cyber security
Q1 Does your company have an information security policy (*1), and has it been published within the organization under the auspices of top management?
Q2 Has the information security policy been made public under the name of the president so as to advertise your security policy?
Q3 Does the information security policy include measures against cyber attack threats?
Q4 Is there someone in top management, such as a CISO (*2), who is primarily responsible for security activities?
Q5 Has a security risk management framework (*3) been constructed to respond to cyber attacks?
  • (*1)A policy that clarifies the principles and direction of information security within the company or organization as conceived by top management.
  • (*2)Chief Information Security Officer. The executive director who is in charge of information security within a company.
  • (*3)A framework through which the current information security situation and risks can be grasped, and through which the necessary measures can be implemented.

Excerpt of questions

The Simple Diagnosis consists of twenty yes or no questions in four categories that are based on the 10 important items in the Cyber Security Management Guidelines. The answers are checked against the Guidelines to determine the security measure status of the company. There are six possible results: "The four categories are generally covered"; four types of "Notes concerning the most problematic category"; and "Problems in all four categories." Customers can receive advice on security measures according to their results.
People who have taken the Simple Diagnosis can download an overview of the Management Guidelines and a manual of case studies on the measures that NEC has implemented based on these Guidelines.

Excerpt from diagnosis results and advice

"Your procedures for implementing measures to respond to a cyber attack and your practical training for such a case may be insufficient."
"Under your current conditions, if a cyber attack were to occur you would not be able to promptly determine the cause or scope of the damage, so that the damage may spread. Once the damage spreads, it will take longer than necessary to recover, which will increase the severity of the damage."


Top of this page