1106-0365_ パナソニック　情報セキュリティガイドブック　第 5版　オモテ　

Information Security Guidebook

Information Security Guidebook

Information Security GuidebookInformation Security Guidebook

- Learning the Basics: Essential Knowledge in the Information Society ‒

Learning the Basics: Essential Knowledge in the Information SocietyInformation Security Guidebook

Information Security Guidebook

SAMPL

E

Information Security GuidebookInformation Security Guidebook

- Learning the Basics: Essential Knowledge in the Information Society ‒

SAMPL

E

contents 1

INDEX

−INDEX−

Chapter 1 The Importance of Information Security

1-1 The information society is full of convenient features. …………………………… 2

1-2 The information society has many dangers. ……………………………………… 3

1-3 Infection with computer viruses. …………………………………………………… 4

1-4 Spyware may be hiding in your computer. ……………………………………… 5

1-5 Your computer is being targeted by unauthorized access from around the world.　 … 6

1-6 Your own inappropriate behavior has the risk of causing damage.　 …………… 7

1-7 Have you ever heard of “Social engineering”?　 ………………………………… 8

1-8 Information security is essential to living safely in the information society.　 ……… 9

1-9 Report straight away when you discover an information security problem. …… 10

1-10 Make clear and accurate reports of incidents. …………………………………… 11

Reference Laws related to information security. ……………………………………………… 12

Chapter 2 What to Watch Out for When Using a Computer

2-1-1　Use an appropriate password. …………………………………………………… 14

2-1-2　Never tell your password to other people.　 ……………………………………… 15

2-1-3　Manage your password properly.　 ……………………………………………… 16

2-1-4　Never share IDs when logging in.　 ……………………………………………… 17

2-1-5　Never use other people’s passwords. …………………………………………… 18

2-1-6　Never use the password saving functions on web browsers. …………………… 19

2-2-1　Install anti-virus software and regularly update pattern files. …………………… 20

2-2-2　Apply software security patches. ………………………………………………… 21

2-2-3　Always carry out a virus check before exchanging files with people outside the company. … 22

2-3-1　Never use file-sharing software.　 ………………………………………………… 23

2-3-2　Never use a personal USB flash drive (electronic recording device).　 …………… 24

2-3-3　Always encrypt confidential information saved onto a USB flash drive (electronic recording device). … 25

SAMPL

E

contents 2

INDEX

2-3-4　Never view websites that are not related to work.　 ……………………………… 26

2-3-5　Do not make improper postings on message boards. …………………………… 27

2-3-6　Never install software on a company computer without permission. …………… 28

2-3-7　Never use a privately-owned computer for work.　……………………………… 29

2-3-8　Never connect to an unauthorized network without permission.　 ……………… 30

2-4-1　Implement information leak prevention measures when taking a company computer outside the office.　 … 31

2-4-2　When taking a computer outside the office, always keep it near you and take it wherever you go.　 … 32

Chapter 3 What to Watch Out for When Using E-mail

3-1-1　Never send or receive personal e-mails. ………………………………………… 34

3-1-2　Never automatically forward company e-mails outside the company. ………… 35

3-1-3　Never send confidential information by e-mail.　………………………………… 36

3-1-4　Always use e-mail properly. ……………………………………………………… 37

3-1-5　Be careful of mistakes when sending e-mails. …………………………………… 38

3-2-1　Watch out for e-mail scams. ……………………………………………………… 39

3-2-2　Never open an e-mail with a suspicious subject or suspicious attached file.　 …… 40

3-2-3　Never open HTML e-mail unnecessarily. ………………………………………… 41

3-2-4　Never use the preview function of e-mail software.　 ……………………………… 42

Chapter 4 Everyday Habits that Help to Secure Information Security

4-1-1　Never fax the company’s confidential information without permission. ………… 44

4-1-2　Always collect printed material from photocopiers or printers immediately. …… 45

4-1-3　Always tidy up your desk before leaving for home. ……………………………… 46

4-1-4　Implement measures to ensure your computer is not tampered with when leaving your desk or when you leave the company. … 47

4-1-5　Always be careful when acquiring confidential information from outside the company. … 48

4-1-6　Enter confidentiality agreements when receiving confidential information from outside the company. … 49

4-1-7　Always manage trade secrets carefully to avoid leaks.　 ………………………… 50

4-2-1　Never use the reverse side of a page containing confidential information. …… 51

4-2-2　Always dispose of paper or recording media containing confidential information in the correct way. … 52

4-2-3　When disposing of a computer, always completely delete the hard disc. ……… 53

SAMPL

E

contents 3

INDEX

4-3-1　When a meeting is finished, always wipe the whiteboard clean before leaving the room.　 … 54

4-3-2　Deal with visitors to the company in the correct way. …………………………… 55

4-3-3　Always follow company entry and departure rules and room access management. … 56

4-4-1　Be careful not to let confidential information leak outside the company without your knowledge.　 … 57

4-4-2　Never work at an Internet cafe. …………………………………………………… 58

4-4-3　Be careful to avoid the loss or theft of bags containing confidential information. … 59

Chapter 5 Measures to Protect Personal Information

5-1　　Why do we need measures to protect personal information?　 ………………… 62

5-2　　What kind of information is personal information?　 …………………………… 63

5-3　　Always use personal information with a careful attitude.　 ……………………… 64

5-4　　Handle personal information correctly, with an awareness of its life cycle. …… 65

5-5　　Always get the customer’s permission when acquiring personal information.　 … 66

5-6　　Always acquire personal information in the correct way. ……………………… 67

5-7　　Only ever use personal information within the scope of the agreed aims of use.　 … 68

5-8　　Never provide personal information to third parties without permission. ……… 69

5-9　　Implement measures to store personal information safely. ……………………… 70

5-10　 Always ensure that personal information is accurate and up-to-date. ………… 71

5-11　 Always handle inquiries about personal information in the correct way. ……… 72

Reference Also protect your own personal information. …………………………………… 73

Appendix

Checklist　 …………………………………………………………………………………… 76

Legal Reference　 …………………………………………………………………………… 79SAMPL

E

Chapter 1

The Importance of Information SecurityEveryday life is becoming more and more convenient thanks to the information society. We have also been able to improve the efficiency of work at our companies and realize the development of new business. However, the information society also has a dangerous “dark side” in addition to the convenient “bright side.” Information security has become increasingly important as we seek to utilize information technology safely without suffering damage from the

“dark side.”

Chapter 1

1

SAMPL

E

Chapter

Chapter 1　The Importance of Information Security

4

Infection with computer viruses.1-3

Computer viruses are programs created deliberately with the intention of preventing the proper functioning of a computer. They are called viruses because of their similarity to biological viruses when they infect and spreading damage to other computers.

We’re going to spread infection!

I’m going to damage your data!

I can’t do my work!

The following damage can occur when infection by a computer virus occurs.

● Software gets damaged, and the computer fails to boot up.● Data can be damaged or tampered with.● Information contained in the computer can be leaked to the Internet without your

permission.● The computer can send huge numbers of e-mails without your knowledge,

hindering network communication.

Cases have occurred when people have been unable to work for several days as a result of infection with a computer virus.

ADDITIONAL INFORMATION

SAMPL

E

1Chapter 2

Chapter 2

What to Watch Out forWhen Using a Computer

Using computers is now indispensable to work, whether drafting documents, communicating via e-mail or collecting information from the Internet. However, careless handling of computers can lead to information leaks, inflict damage or encourage improper use. In other words, there is a risk that the careless behavior of one individual can cause damage to an entire company. Each and every individual who uses a computer needs to work hard to establish information security for his or her computer.

13

SAMPL

E

Chapter

Chapter 2　What to Watch Out for When Using a Computer

23

2-3-1 Never use file-sharing software.

There has been a succession of incidents in which company data was leaked after infection with a virus from file sharing software.Under no circumstances should you carry out work on a computer that uses file sharing software.

● The threat from file sharing softwareThere is a risk of file sharing software containing bugs. Viruses exist that target these bugs and if the file sharing software becomes infected with one of these viruses, other users are able to browse files that they shouldn’t be able to. In other words, there is a risk of unintended leaks of information.

● Types of file sharing softwareThese include Winny, Share, WinMX and BitTorrent.* It is particularly important to be careful when using a shared computer at home because of the possibility of another family member installing file sharing software.

Virus infectionVirus infection

Secret

Secret

Secret

Secret

I’m in a rush to finish this job, so I’ll use my home computer.

I can see you!

Computer with file sharing software installed on it

ADDITIONAL INFORMATION

SAMPL

E

1Chapter 3

Chapter 3

What to Watch Out for When Using E-mail

There are two types of mistakes behind information leaks when using e-mails– a lack of understanding of the technical mechanisms behind e-mails and mistakes that stem from carelessness.In order to use e-mail with peace of mind it is essential to have a correct understanding of the threats faced when using e-mails and how to respond to them.Never think “I'll be OK.” It is always necessary to act correctly to prevent damage from an information security incident.

33

SAMPL

E

Chapter

Chapter 3　What to Watch Out for When Using E-mail

38

3-1-5

Making mistakes when sending e-mails has the risk of causing information leaks. Before sending an e-mail, always check that the e-mail addresses have been typed in correctly.

Take care not to make the following mistakes when sending e-mails.

● Incorrect entry of e-mail addressesAn error occurs with an e-mail if even one letter of an address is wrong. In some cases, an e-mail may be delivered to a different person to the intended recipient, creating a risk of information leaks.

● Leaking e-mail addresses when sending an e-mail to multiple addressesE-mail is useful in that a single e-mail can be sent to multiple recipients. However, when doing this if you enter the e-mail addresses into the CC field the recipients will be told the e-mail addresses of the other recipients, creating the possibility of personal information leaks. In order to avoid this, you can enter the e-mail addresses in the BCC field.

* [CC] is an abbreviation for “carbon copy,” and is used to mean a “copy” of an e-mail. CC addresses are

notified to all recipients.

[BCC] is an abbreviation for “blind carbon copy,” and this allows you to designate addressed that are

not notified to the other recipients. In the event of third parties who do not know each other’s e-mail

addresses, always enter addresses in the BCC field.

I’ve checked the e-mail addresses.I’ve also entered them in the BCC field so that when I send the e-mail to multiple addresses the recipients won’t see each other’s e-mail addresses. You always need to check for mistakes before sending.

Be careful of mistakes when sending e-mails.

ADDITIONAL INFORMATION

SAMPL

E

1Chapter 4

Chapter 4

Everyday Habits that Help to Secure Information Security

We handle important information even in our daily work. Our everyday behavior has the potential to create problems with information security. Understanding the habits we need in our daily work to secure information security is essential to avoiding information security incidents.The attitude and behavior of each and every individual is what protects information security. We need to implement information security measures on a daily basis in order to protect the trust of people around us and important information.

43

SAMPL

E

Chapter 4　Everyday Habits that Help to Secure Information Security

Chapter

46

Always tidy up your desk before leaving for home.

We are surrounded by many forms of confidential information. Always tidy up properly before leaving the company for home.

When leaving the company at the end of the day, always tidy up around your desk to avoid information leaks.

● Storing confidential information under lock and keyNever leave confidential information lying on a desk when you leave the company. Always leave after placing all confidential information under lock and key in a designated location, such as a cabinet or locker. Implementing strict storage without leaving items on the desk to protect from the risk of loss or theft of confidential documents or laptop computers is referred to as a “clear desk.”

● Clients’ informationCarry out proper management of clients’ information, such as customer information, data received when taking on a job and business cards, etc.

● Employee informationA variety of information can be found on your desk in relation to you personally and to other employees. Try to watch over this information carefully and implement thorough information management.

Come on! Let's go get some drinks!

Wait a moment! I’ll just put these files away.

4-1-3

ADDITIONAL INFORMATION

SAMPL

E

1Chapter 5

61

Chapter 5

Measures to Protect Personal InformationPersonal information is important information received from customers or employees. You are surrounded by a large amount of personal information. Improper handling of personal information constitutes a violation of the Act on the Protection of Personal Information. What’s worse, when personal information is leaked through loss or theft, it can develop into a major problem and lead to a loss of trust. To handle personal information properly requires a full understanding of what is needed and for this understanding to be put into practice.

SAMPL

E

Chapter 5　Measures to Protect Personal Information

Chapter

63

5-2What kind of information is personal information?

Personal information is any information about a specific living individual that can be used to identify that individual. Even if that information cannot be used in isolation to identify a specific individual, information will still be considered personal information if it can be easily compared with other information to allow identification of a specific individual.

Information related to groups, such as corporations, and businesses, is not deemed to be personal information. However, information related to individuals, such as names of employees, etc., is deemed to be personal information.

Moreover, information from personal appraisals, such as evaluations, and information published in telephone directories or online, is deemed to be personal information.

The information deemed to be personal information covers an extremely broad range. It includes information with a risk of having a negative effect upon an individual’s reputation if discovered by others (sensitive personal information), such as a history of medical illness or a personal ideology, as well as credit records such as credit card numbers. There is a need to be extremely careful when handling personal information.

* In addition to employed personnel, “employees” can include directors and temporary staff, etc.

General customer information

Employee information

Information received for the purposes of carrying out contracted business

Business partner information

● User registration information● Information from promotions or

questionnaires● Purchase histories, etc.

● Employee register● Information on employees’

families, etc.

● Personal information received for the purposes of typing work

● Data received for the purposes of transferring personal information to a new system, etc.

● Information contained on business cards

● Lists for providing midyear gifts or Christmas & New Year cards etc.

● Name ● Date of birth● Home address● Home telephone number● Mobile phone number● E-mail address● Photographs or images that allow

identification of your face● Fingerprints or palm prints.

Personal information = information that can be used to identify a specific individual

ADDITIONAL INFORMATION

SAMPL

E