Cyber Security Measures
The Monex Group recognizes that it is necessary to take greater measures than in the past to address increasingly serious cyber threats in light of diversifying business segment within the group.
Conducting business globally, the Group is striving to enhance comprehensive cyber security measures by referring to supervisory guidance established by the Japanese Financial Services Agency for financial instruments business operators and the US National Institute of Science and Technology (NIST) 800 series of publications in order to protect customers’ information and customers’ assets from increasingly serious cyber security threats and enable customers to securely conduct transactions.
Cyber Security System
We are creating a global system for responding to events and reducing damage arising due to cyberattacks throughout the entire Monex Group. Centered on the Monex Group CSIRT (Computer Security Incident Response Team) established within the Monex Group, CSIRTs have also been established in Monex Securities and Monex Group companies. Through cooperation between the Monex Group CSIRT and the CSIRTs in group companies, we are strengthening governance and CSIRTs in each company perform the functions for protecting the operations, information assets and systems of as we promote cyber security measures along the four axes of organizational operation, system response, human response and external collaboration.
Information Security System
We are continuously striving to strengthen day-to-day information security measures by utilizing intelligence from external specialist institutions and monitoring cyber security. In addition, we are performing analysis and taking steps to minimize damage and quickly recover from damage. CSIRTs play a central role in the acquisition of information on dangerous threats and the analysis of causes, the minimization of damage and responses for rapid recovery in the event of an “emergency” when a cyberattack is detected.
We implement measures in multiple stages (multi-layer defense) such as implementing multiple mechanisms for detecting and defending against unauthorized access and malicious programs such as computer viruses. In addition, these measures are reviewed as appropriate to address the occurrence of new threats.
We are endeavoring to improve information security literacy by constantly implementing training and drills for all employees based on the Monex Group Information Security Basic Policy.
The Monex Group is building a system for collecting and sharing information on vulnerabilities and threats, etc. through communication with Financials ISAC, Japan CSIRT Council and information institutions in Japan and abroad.