IT Security

Handbook 1st edition

Index
1. We are all familiar with IT security-related
accidents
2. Do not use PCs for private purposes!
3. Removing critical information* is
dangerous!
4. Be careful when storing critical
information*

5. When a security-related accident occurs

6. A virus* is destructive!
7. Use PCs appropriately!
8. Check test
9. Glossary (refer to this for terms with an asterisk)
1. IT security-related accidents close to daily work
The chart below is created by data from an organization called the Japan
Network Security Association. You can see that about 80% of the leaks of
personal information is caused by user error (stolen, lost, misplaced, or
erroneous operation). Some incidents of stolen or lost data have been
reported to Bridgestone and affiliates. Our goal is total prevention of IT
security-related accidents, so each employee needs to understand the
meaning of IT security and observe the rules. Your best efforts are
required.

Leaks of personal information

Summary
Be aware
Implement that 80% of
measures to information
prevent leaks leaks is
when caused by
handling user error—
critical so always
information. be careful.

✔
Be careful and prevent data from being stolen, lost, or misplaced.
Implement measures to prevent leaks when handling critical information*.
Monitor critical information* when handling to prevent data from being stolen
or lost. 1
2. Do not use PCs for private purposes!

I am browsing my
What are you
friend’s website.
doing with the
PC?

I understand. I’m
Private use of a sorry. I will never
company PC is do it again.
prohibited. IT Network
Department logs the
history of PC
operations.

Summary

Do not use Your PC

PCs for operations
private are
purposes! logged!

✔
Do not use PCs for private purposes!
Be aware that operation of the PC is logged.

2
3. Removing critical information is dangerous!

I have to go on a Wait! Removing data that

business trip contains critical company
tomorrow. Shall information* is prohibited in order
I bring the PC to prevent data from being lost or
home? stolen. The impact of information
leaks on the company is
immeasurable. If it is unavoidable,
you need to obtain approval from
your section head and take
special care in an appropriate way.

Devices that can be brought out

USB memory CD/DVD Laptop PC

•Use the data protection Use the data protection Encrypt the hard disk.*
• function. function of ZIP*.
Summary

If it is Use the
Do not unavoidabl allowed
take out e, obtain device
critical approval only
informa- from your when
tion!* section transpor-
head! ting.

✔
Do not remove critical information* from company premises.
If it is unavoidable, obtain approval from your section head!
Use the allowed device only and take special care with portable data.
3
4. Be careful when storing critical information*

There was a case where a burglar

Where should I store that
entered through a broken window
critical information* to and stole PCs, even though the
prevent it from being stolen. entrance to the company was
locked. Actually, information on
PCs are traded at high prices. Be
aware of the value of information
and implement appropriate
measures when storing data.

Store a laptop PC containing critical information* in a locked cabinet or drawer, or

securing it with a chain. Or secure it somewhere and lock it to prevent it from being
stolen. Store CDs and USB memory sticks* in a locked cabinet or drawer as well.

Summary
Store a Be aware
Store CDs laptop PC that
and USB carefully, informa-
memory for tion has
sticks* in example, value
a locked securing worth
cabinet. it with a stealing.
chain.

✔
Store CDs and USB memory sticks* containing critical information* in a locked cabinet.
Store a laptop PC carefully, for example, securing it with a chain.
Be aware that information has value worth stealing and selling, so handle it with care.
4
5. When a security-related accident occurs

Critical
information
Infec
ted b len
yav ked or sto
a
irus*
r ma tion le
Info

Immediately report it to the security

administrator* for instructions.

Summary

When a security-
related accident
Follow the
occurs, instructions
immediately from the
report it to the security
security administrator*.
administrator*!

✔
When a security-related accident occurs, immediately report it to the security administrator*!

Follow the instructions from the security administrator*.

5
6. A virus* is destructive!

The PC isn’t working right

after opening that suspicious
e-mail. Is it broken?

It may be infected by a
computer virus*. Immediately
pull out the network* cable
(LAN cable) and turn off the PC.
Then, report it to the security
administrator!

The virus infected all

the PCs in
succession! The
production process
was halted! It caused
serious problems!

The infection occurred because you failed to

install anti-virus* software. The software
detects and eliminates viruses*.

Summary
Report the
Do not infection to
open Install
the
suspicious anti-
security
e-mail! virus*
administra-
software!
tor*.

✔
Do not open suspicious e-mail.
Anti-virus* software is installed on the PC you use.
Report the infection to the security administrator*.
6
7. Use PCs appropriately!

I want to I want to
install* this connect my
easy-to-use personal PC to
software. the company
network
because I am
familiar with it.

Do not install* software on the company PC

without permission. You may be legally punished
due to license or copyright issues. Or, some
software may cause malfunction or even
breakdown of the PC. If it is necessary for your
business, seek the opinion and approval of your
section head. It is very dangerous to connect your
private PC to the company network*. If it is
infected by a virus*, all PCs connected to the
network may be infected immediately.

Summary
Do not Do not
install connect any
software on PC other
the than
company company-
PC without owned ones
permission. to the
company
network*.

✔
Do not install software on the company PC without permission.
Do not connect any PC other than company-owned ones to the company network*.

7
8. Check test

(1). Which is correct about storing critical information*?

1. Store a laptop PC in a locked cabinet or drawer. Or secure it with a chain to
prevent it from being stolen.
2. No special measures are required because a laptop PC is protected by a
login password.
3. No special measures are because the entrance to the building or the office
is locked.
4. Always take the information home because as it is more dangerous to leave
it at the company.
(2). Which devices/measures are recommended if removing critical
information*from company premises is unavoidable? Choose more than
one.
1. USB memory* with data protection function
2. CD/DVD (with ZIP encryption*)
3. Laptop PC with encrypted hard disk*
4. No special measures

(3). Choose all the responses below that you should not do.
1. Browsing my friend’s website from the company PC
2. Opening suspicious e-mail
3. Installing* software without permission
4. Connecting your PC to the company network

(4). What should you do if any security-related accident should occur?

1. Manage it by yourself and avoid causing trouble to others.
2. Leave it as it is for a while, as it may not be an accident.
3. Repeat the same operation on other PCs because it may be a simple
mistake.
4. Immediately report it to a security administrator* and seek instructions.

(5). Choose all effective anti-virus* measures.

1. Install* anti-virus* software
2. Avoid opening suspicious e-mail and visiting suspicious websites.
3. Update the version of the anti-virus* software.
4. Avoid opening suspicious attached files even from an address you know.

Answer: 1)1, 2)1, 2 and 3, 3) all, 4)4, and 5)all

8
9. Glossary

IT-related terms used in the IT Security

Handbook are explained here. Check the
meaning of the terms marked with asterisks in
the text.

1) Critical information
Technical, production or personal information that should be
protected. It is defined by each department/factory.
2) Computer virus/virus
A malicious program that may spread to other computers and
may disrupt the display on the screen, display meaningless
words, or destroy files stored in a disk.
3) USB memory stick
A portable data storage device that is inserted into the USB
port on a PC. Due to its compactness, it is often lost and
information leaks become a problem.
4) Zip
A special file compression algorithm with a unique password
for protecting files.
5) Hard disk
The typical storage units used to store data on a PC. An
external hard disk drive is available nowadays.
6) Security administrator
A person appointed in each region to be responsible for IT
security.
7) Network
A mechanism to connect multiple PCs, send/receive e-mail,
and share data. The Internet can be said to be a worldwide
network.
8) Install
Copying software specifically designed for PCs onto a PC.

9
Inquiry about IT security:

Person responsible for security:

Address:
Phone number:
Fax number:

Your Dept.: Name:

* Keep this handbook within easy reach.