Basic Concept
\nThe Kansai Airports Group (the \u201cGroup\u201d) handles a variety of information to operate airports that provide customers with a safe and comfortable experience. However, there is an increasing risk that this important information may be compromised due to threats such as unauthorized access to networks, natural disasters, and human error.
\nIn light of these circumstances, the Group has established an information security policy aimed at protecting critical information assets from various threats. By implementing the necessary information security measures for the company\u2019s information assets, the Group strives to ensure the safety of its management, gain the trust of society, and enhance customer satisfaction.<\/p>\n
Information Security Basic Policy<\/p>\n
Handling of Information Assets
\nWe will define the method for managing information assets, designate the responsible person for managing them, and handle them appropriately.
\nImplementation of Information Security Measures
\nTo protect information assets from threats, we implement security measures through personnel, physical, and technical measures.
\nRaising Awareness of Information Security
\nWe will conduct regular training on information security for our employees and other personnel. In addition, employees and other personnel will endeavor to raise their own awareness of information security.
\nCompliance with Laws, Regulations, and the Information Security Policy
\nEmployees and other personnel will comply with laws and guidelines related to information security, laws and regulations established by foreign countries, other related agreements, and the information security policy.
\nResponse to Information Security Incidents
\nIn the event of an information security incident, we will promptly take the necessary actions, analyze the causes and other relevant factors, and implement measures to prevent recurrence.
\nEvaluation and Review of the Information Security Policy
\nWe will regularly evaluate and review the information security policy to ensure its effectiveness, taking into account changes in the environment surrounding information security and the status of compliance with the policy.
\nPromotion Framework
\nSupervision by the Chief Executive Officers (CEOs)
\nInformation security within the Group is supervised by the CEOs, who act as the ultimate authority.<\/p>\n
Establishment of the Group Information Security Committee
\nWe have established a Group Information Security Committee to strengthen the organization-wide information security framework. The committee is chaired by the CEOs, with heads of various business units, including the audit department, participating as members. It deliberates on and approves information security-related policies and measures from a cross-organizational perspective.<\/p>\n
Assignment of an Information Security Officer in Each Department and Group Company
\nWe will assign an information security officer to each department and group company to promote security measures at the operational level.<\/p>\n
Establishment of Specialized Organizations for Incident Response
\nWe have established the \u201cInformation Security Secretariat\u201d as a team to oversee and promote information security and the \u201cKAP-CSIRT\u201d as a team specializing in cybersecurity to smoothly prevent information security incidents.<\/p>\n
Specific Initiatives
\nHolding of Group Information Security Committee Meetings
\nThe committee meets regularly to discuss and approve strategies to promote security measures across the Group and measures to prevent recurrence of information security incidents, aiming for continuous improvement and the establishment of a robust security framework.<\/p>\n
Handling of Information
\nWe have established guidelines for the handling of information to ensure its proper management. Based on these guidelines, employees are responsible for appropriately classifying information and thoroughly managing and operating it according to each classification.<\/p>\n
Cybersecurity
\nThe Group\u2019s cybersecurity efforts are primarily led by the KAP-CSIRT in the IT Division.<\/p>\n
Major Initiatives<\/p>\n
Vulnerability Management<\/p>\n
As part of our risk management efforts, we collect, evaluate, and analyze information on various threats and vulnerabilities to effectively address even high-risk events for the Group and mitigate them within an acceptable range. We also conduct regular assessments of the Group\u2019s infrastructure and systems to identify any vulnerabilities.
\nImplementation, Monitoring, and Improvement of the Defense Infrastructure<\/p>\n
We monitor the Group\u2019s infrastructure and systems for any suspicious activities, verify the effectiveness of measures, identify operational issues, and work on improvements.
\nInformation Sharing Within and Outside the Organization
\nWe strengthen cooperation and collaboration with regulatory authorities, external stakeholders, and the Group\u2019s related parties to promote coordination and knowledge sharing during emergencies.<\/p>\n
Incident Response
\nThe Group places strong emphasis on preventing information security incidents during normal operations. In the unlikely event that an incident does occur, we will respond promptly and appropriately in accordance with our incident response guidelines. Furthermore, under the Group\u2019s crisis management framework, we will work to minimize damage and limit the scope of the impact.<\/p>\n
Raising Employee Awareness
\nThe Group regularly conducts phishing email training for all employees, e-learning programs to help employees learn appropriate responses according to their respective positions, and cybersecurity drills based on specific cyberattack cases.<\/p>\n
Major Initiatives<\/p>\n
In recent years, cyberattack techniques, such as ransomware, phishing attacks, and DDoS attacks, have become increasingly sophisticated and complex. To prepare against such threats, the Group regularly conducts practical cybersecurity drills. These drills simulate realistic cyberattack scenarios and verify whether appropriate measures can be taken, such as properly assessing the situation, sharing information, activating a crisis management framework, and restoring operations related to airport management. Going forward, we will continue to conduct training and drills based on a variety of scenarios to prepare for all types of information security risks and to raise the awareness of all employees and strengthen their response capabilities.<\/p>\n
Future Initiatives
\nAiming to Establish a More Robust Security Framework
\nThe Kansai Airports Group places the enhancement of information security at the core of its corporate activities and considers the provision of safe and secure services to customers and stakeholders who use the airports as its top priority and responsibility. As cyberattacks become more sophisticated and complex and information security risks increase, the Group is committed not only to implementing technical measures but also to raising the security awareness of every employee, thereby reinforcing the organization-wide security framework. We will continue our efforts to strengthen our framework so that we can flexibly and swiftly address any and all threats and risks through our information security initiatives.<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Basic Concept The Kansai Airports Group (the \u201cGroup\u201d) handles a variety of information to operate airports that provide customers with a safe and comfortable experience. However, there is an increasing risk that this important information may be compromised due to threats such as unauthorized access to networks, natural disasters, and human error. In light of […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":426,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"page-sustainability-governance-security.php","meta":{"_acf_changed":false,"_locale":"en_US","_original_post":"https:\/\/prd-kansai-airports.lasfactory.com\/?page_id=417","footnotes":""},"class_list":["post-424","page","type-page","status-publish","hentry","en-US"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kansai-airports.co.jp\/wp-json\/wp\/v2\/pages\/424","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kansai-airports.co.jp\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.kansai-airports.co.jp\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.kansai-airports.co.jp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kansai-airports.co.jp\/wp-json\/wp\/v2\/comments?post=424"}],"version-history":[{"count":5,"href":"https:\/\/www.kansai-airports.co.jp\/wp-json\/wp\/v2\/pages\/424\/revisions"}],"predecessor-version":[{"id":5229,"href":"https:\/\/www.kansai-airports.co.jp\/wp-json\/wp\/v2\/pages\/424\/revisions\/5229"}],"up":[{"embeddable":true,"href":"https:\/\/www.kansai-airports.co.jp\/wp-json\/wp\/v2\/pages\/426"}],"wp:attachment":[{"href":"https:\/\/www.kansai-airports.co.jp\/wp-json\/wp\/v2\/media?parent=424"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}