Information Security

Information Security Information Security

Message from CISO

Tadashi Iida Chief Information Security Officer SoftBank Corp. Tadashi Iida Chief Information Security Officer SoftBank Corp.

SoftBank is keen to drive digital transformation (DX) under our corporate philosophy: Information Revolution — Happiness for Everyone.

With our lives and business activities being digitally transformed, and due to the recent COVID-19 pandemic, more and more tasks are being completed online. Keys to accelerating this trend are cutting-edge technologies like 5G, AI, IoT, RPA, cloud computing, and big data. SoftBank is actively investing in and developing these fields so that we can help contribute to achieving the SDGs, solve pressing social issues, improve customer productivity, and provide more convenient and new online experiences for all.

Labor-saving and automation through AI and RPA have prompted a shift to more creative and value-added work. Small changes can be detected by control through IoT sensors and data analysis, making it possible to proactively invest and avoid risks by making future predictions.

The foundation for accomplishing this is built on advanced information communication technology, the latest telecommunications infrastructure, and information security. In recent years, security risks have become more diversified and advanced, with increasingly sophisticated cyber attacks, persistent attacks by international hacker groups, attacks specifically targeted at remote working, and insider threats.

SoftBank continues to watch and study these threat trends, while proactively adopting cutting-edge technologies, establishing an advanced security environment, and enhancing 24-hour/365-day security monitoring and quick response capabilities.
We provide training to all of our employees to ensure they are highly aware of information security.
We renew our security policies and rules to stay in step with the times.

SoftBank will continue to offer services that all of our customers can feel comfortable using, by making sure we have the most advanced information security systems in place to support changes brought by DX.

Tadashi Iida
Chief Information Security Officer
SoftBank Corp.

Policy

We have formulated and continue to adhere to our Information Security Policy and Privacy Policy so that we can keep the trust of our customers and the wider community by implementing sweeping and advanced solutions to counter the risk of information leaks. We aim to maintain information security by appropriately handling our information assets and protecting them from a variety of threats.

Information security
governance

SoftBank has put information security management governance in place to make sure we adhere to all laws and regulations regarding information security, safeguard our information assets, and defend against cyberattacks. SoftBank has formulated its Information Security Policy to be followed by the employees and established the position of Chief Information Security Officer (CISO). We established the Information Security Committee (ISC) chaired by CISO, and the SoftBank Computer Security Incident Response Team (SoftBank CSIRT). They both review policies to adapt to changes in the security environment and technological innovation, and share information helpful for planning how to address information security and cybersecurity.

When an information security breach causes a system failure, the head of the system operation and CISO coordinate to assess the situation, evaluate responses, and restore the system. Additionally, in the event of more serious circumstances, we establish an emergency response taskforce headed by the CEO to address the issue, and, in accordance with legal and regulatory requirements, will promptly report to the Ministry of Internal Affairs and Communications and other appropriate authorities.

Information security governance Information security governance

Information Security
Committee

The Information Security Committee (ISC), chaired by CISO, is composed of each division’s person in charge of information security. It is a cross-functional organization seeking to promote and manage various initiatives for information security. In order to ensure the effective execution of initiatives, we formed the Information Security Committee Office to help plan and coordinate efforts.

The roles of ISC include, but are not limited to,

  • Sharing information helpful to information security
  • Sharing Group-wide initiatives and plans related to information security
  • Assessing the latest status of information security across the Group and enabling improvements
  • Promoting information security training
  • Coordinating information security initiatives across departments

SoftBank CSIRT

SoftBank CSIRT was organized to prevent security incidents and minimize damage by quickly responding to security incidents. SoftBank CSIRT deals with security incidents related to the services we provide. Overseen by CISO, the team consists of members from the Security Department and others appointed by the head of each department. The CSIRT Office works with the Information Security Committee Office and related organizations, both inside and outside the company, to support the team.

In order to prevent security incidents, SoftBank CSIRT addresses system vulnerabilities (information collection and analysis, requests to respond, review of response status), formulates security rules, provides security training, and sends warnings for potential security issues. In the case of any incident occurring, the team sets up an incident response flow along with carrying out incident response training.

Security governance
of affiliate companies

SoftBank’s affiliate companies (subsidiaries and affiliates) have risk management governance structures in place, mitigating risks and preventing information security incidents and cyberattacks. They also assess and analyze security risks to address them with actions.

The SBKK Group Security Committee, headed by CISO, comprises members in charge of information security management at affiliate companies, where they share information on threats and solutions regarding information security. The Committee also executes security training and drills, and coordinates responses when incidents occur. Additionally, SoftBank Affiliate Company Security Guidelines stipulate matters to be observed and the governance structure necessary for Group companies to manage security appropriately.

Security measures

To protect our various information assets, including customer information, we have a security governance structure in place, providing security checks and advice when services are developed and launched internally. We also conduct security tests prior to their release and during operations. Furthermore, we run Security Operation Center (SOC) monitoring services and equipment, establish regulations, collaborate internally and with other organizations, review our solutions and consider new ideas by referring to the Cybersecurity Framework (CSF) of the US National Institute of Standards and Technology (NIST) and the CIS Controls of the US Center for Internet Security (CIS).

Protecting customer information Protecting customer information

Protecting customer
information

We take measures to protect our customers from information leaks and cyberattacks so that they can use our services with peace of mind.

Learn more

Collaboration to protect cybersecurity Collaboration to protect cybersecurity

Collaboration to protect
cybersecurity

As an operator of telecommunication infrastructure vital to society and as a company providing innovative services by integrating telecommunications with cutting-edge technologies, we work with various external organizations to help improve security across society. SoftBank CSIRT represents us when we collaborate with external organizations.

Learn more

Continuous security enhancement Continuous security enhancement

Continuous security
enhancement

In response to the spread of digital devices and increasingly sophisticated cyberattacks, we strive to continuously strengthen security by adopting new technologies and methods, improve the security mindset of our employees through education, and train specialists in the field of security.

Learn more