flow of isms endeavors based on the pdca cycle raise staff awareness ① confirmation of work flow...
TRANSCRIPT
![Page 1: Flow of ISMS endeavors based on the PDCA cycle Raise staff awareness ① Confirmation of work flow in relation to the transfer of media Create a work flow](https://reader036.vdocuments.net/reader036/viewer/2022083009/5697bfc51a28abf838ca6948/html5/thumbnails/1.jpg)
Flow of ISMS endeavors
based on the PDCA cycle
Raise staff awareness
① Confirmation of work flow in relation to the transfer of mediaCreate a work flow for each activity based on media transfer surveys and ensure wide knowledge of actions in accordance with that flow.
⑥ Continued implementation of patrols of actual office buildingsImplemented year-round (spot checks)
③ Confirmation of standard of information security measures implemented by outside organizationsComprehensive explanation to organization in question, individual confirmation and instruction for rectification
② Ensuring knowledge of precautions for removing USB memory sticks and other external media from the premisesEnsure wide knowledge that external use is, in principle, prohibited, and of precautions when external use is unavoidable
④ Confirmation of implementation of information security measures by sub-contractors in consignment contractsConfirmation by check list for sub-contractors with large contract values
⑤ Improvement of security incident responsesIn the unlikely event of an incident, formulation of improvement measures following investigation of the cause and readjustment of work flow.
En
ha
nce
me
nt
of
Ind
ivid
ua
l R
es
po
ns
es
to S
ec
uri
ty
En
ha
nce
me
nt
of
Ind
ivid
ua
l R
es
po
ns
es
to S
ec
uri
tyC
rea
tio
n a
nd
E
mp
lac
eme
nt
of
Sec
uri
ty S
yst
em
Cre
ati
on
an
d
Em
pla
cem
en
t o
f S
ecu
rity
Sy
ste
m
《 Aims for FY2008 》
② Obtaining of certification by all 56 elementary, junior high and special needs schools
① Maintenance of certification by all internal departments
⑤ Internal auditor trainingFor: Internal auditors (section managers)Regarding internal auditing procedures
Information Security MeasuresInformation Security Measures
⑥ Ensuring examples of information security incidents and prevention measures are widely known (distribution by e-mail)Year-round as required For: all staff
① Training of new staff(by HR Development Group)For: newly employed staffImportance of security, Ichikawa City’s ISMS initiatives, etc.
② Practical administrative work training(by HR Development Section)For: staff who applied for training
③ Training by external instructorsFor: Information security managers (section managers)
④ Risk assessment trainingFor: Information security managers and information security promotersRegarding assessment procedures for level of risk of information assets outflow
Maintenance by all departments of ISMS certification and obtaining of ISMS certification by all schools
Implement truly effective security measures
Secure management of information held by the CityGain the trust
of residents
Breakdown of schools: elementary – 39; junior high – 16; special needs – 1
In order to build a solid information security system, all departments within the organization have received information security management system (ISMS) certification under international standard ISO27001, and we are currently preparing for certification of all municipal elementary, junior high and schools for special needs children. ISMS raises information security through continuous improvement based on the PDCA cycle. In 2008, in addition to enhancing training to encourage even greater awareness among staff, a variety of security measures will be implemented to actually promote effectiveness in the work of each department for more effective information security measures.
3
2
Secure and assured continuation of business by the City
ObjectivesPrevention of information leakage from internal sources due to staff actions, or due to unauthorized access from the outside.
Consistent secure operation of the information system with no effect on residents’ lives
1
Plan Do Check Act• formulation of
basic policy• formulation of
training plan
• implement policy prescribed in the plan
• implement security measures prescribed in the ISMS standard
• internal audit• deliberation by
security committee• actual examination
by certifying body
FY2006: Obtained by all internal departments
• implement improvement measures based on inspection results《 2008
Projects 》
Since FY2007: Maintenance of certification by all departments
• First regional public body to obtain ISMS certification
• Although there are currently 13 regional public bodies across Japan that are certified, Ichikawa City is the only one in which all departments have gained certification.
Materials – 3
FY2007: Obtained by 20 schools
FY2008: Obtaining of certification by remaining 36 schools