Basic Approach to Information Security
mixi Group’s mission is to create spaces and opportunities for hearts and minds to connect through our business activities. To this end, we recognize that it is our social responsibility to handle information appropriately and securely. While ensuring that information is not leaked (confidentiality), not tampered with (Integrity), and is always available (availability), we are striving to maintain and improve information security for the normal maintenance of information assets.
Based on this approach, we have established a “Basic Policy on Information Security” to ensure that our executives and employees, as well as those of our partner companies, are aware of the importance of information security, as well as to implement safe and appropriate information security measures. In addition, we have established various rules and guidelines, such as the “Information Security Management Regulations”, which stipulate rules for the proper and effective use of information assets, including how to appropriately acquire, manage, and dispose of information.
Information Security Management System
mixi Group has established an information security management system to respond to the constant change in security risks in a holistic and speedy manner. The Risk Management Committee, the Personal Information Protection Management System (PMS1) Department, and the Information Security Division all work in coordination, are headed by directors, and share major risks and incidents with the Board of Directors.
• The Risk Management Committee identifies, evaluates, and proposes responses to cross-organizational risks and summarizes risk information for the Group.
• The PMS Department operates the Personal Information Protection Management System.
• The Information Security Department works to prevent information security incidents from occurring during times of normal activity and operates the “mixirt” incident response team. As an internal CSIRT2, “mixirt” has established a system for the early detection of incidents and rapid and accurate emergency responses. As a member of the Nippon CSIRT Association, we share various incident response and vulnerability information with other member companies to help them strengthen information security measures.
Companies affiliated with mixi and mixi Group are working to enhance information security management for the entire Group through cooperation with mixi.
Note 1: PMS – Personal information protection Management Systems
Note 2: CSIRT – Computer Security Incident Response Team
Initiatives to Provide Safe and Reliable Services
In order to deliver safe and secure services to our users, mixi Group strives to prevent information security incidents by conducting vulnerability assessments for our applications and monitoring infrastructure settings.
Education and Training
To improve each employee’s awareness of information security, we conduct training on information security through e-learning for all directors, permanent employees, contract employees, temporary employees, and part-time employees of our company and our group companies at the time they join the company and once a year. We also conduct training for newly-graduated engineers. Through various exercises, they learn about information security incident cases related to development, the latest trends in vulnerabilities and hacking, the significance of these incidents, and the proper countermeasures. In addition, we provide incident handling training for CSIRT members and new graduates to strengthen their judgment and response skills in preparation for cyber attacks.
Security Initiatives Incorporating a Zero Trust Concept
As a new way of working in the midst of a pandemic, we have introduced what we call a “Marble Work Style”, which is a fusion of remote and office work. The mainstream of conventional security measures has been “perimeter protection”, which allows access only with proper authentication from internal networks with physical restrictions. However, the increase in remote work and changes in information security trends require a shift to a new information security model. mixi Group is working to develop an information security infrastructure based on the “Zero Trust” concept, which prevents threats through stricter authentication and verification when accessing information assets and systems that need to be protected, regardless of network or location.
Personal Information Protection Initiatives
mixi Group considers the management of personal information to be an important part of its business operations as a means to prevent not only external leakage of personal information, but also the inappropriate use and falsification of such information. To this end, we strictly manage our businesses’ workflows and follow regulations related to the handling of personal information, and are proactively working to protect personal information and abide by related laws and company guidelines with initiatives including thorough in-house training for all Group employees.
In addition, the servers that store personal information are strictly managed in a data center with 24-hour security equipment, and access to this personal information is strictly managed, being limited to certain employees.