Information Security Training

2014
KVH Ltd. Co.
Systems & Technology Division
Internal Systems Department
Security Group
Confidential

Information Security Management System

ISMS

Information Security Management System

ISMS
is
that part of the overall management system, based on a business
risk approach, to establish, implement, operate, monitor, review ,
maintain and improve information security.
ISO27001 is an international standard of ISMS.
All KVH facilities in Japan is certified with ISO 27001.

Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

Information Security
Environment

Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

Threats surrounding our information assets

Virus

Tapping
/Sniffing

KVH Information Asset

Wrong mail
transmission

Information
Leakage

Customer
Revenue
Information Call Records Information

Information
Theft

Intrusion

Information system/PC/Infrastructure
Unauthorized
Access

Theft

Information
Destruction

Loss

Hacking
DDoS attack

Disaster
Power Disruption Cracking
Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

Impact of Information Security Incident

Loss of customers trust leading to service

cancellations.
Loss of reputation due to Media exposure or specific
instruction by Ministry of Internal Affairs.
Loss of time & management effort to respond and
take preventive measures, which will divert attention
from main business and affect motivation.

Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

Outline of KVH ISMS

Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

Information Security Policy

The Information Security Policy is designed to ensure that information assets are
protected from all types of security threats and that highly reliable services are
available. ISMS is established and will be enforced. Continuous efforts will be made
to improve the system.
1. Appropriate information security measures will be taken on information assets that
need to be protected.
2.Training on information security is conducted to ensure that all employees understand
the importance of information security.
3.Information assets are handled appropriately and continuous efforts are made to
improve ISMS.
4.Compliance with regulations, laws, customer contracts and internal rules are enforced.
5.Under the leadership of Senior Management, all people in KVH will work as a team to
comply with this policy.

Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

ISMS Document Hierarchies

ISMS Manual (Information Security Policy)

Adopted written declaration

Policy

Standard

Information Security Standard

ISMS Operating Procedure

Procedure
Implementing Procedures (each BU)

Record

Record

http://insidekvh/index.php?option=com_content&view=category&layout=blog&id=101&Itemid=185&lang=en

Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

ISMS Organization

Top Management

Representative of
Internal ISMS Audit

Management
Representative of
Information Security

ISMS Committee

Division head - A

Division head - B

Division head - n

Employee - A

Employee - B

Employee - n

Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

KVH Security Basic Rules 1

1. Wear Your ID Card

ID cards should be worn and visible.

(Announced by Corporate
Service

2. Protection of Attached Data

3. Use SharePoint

Protect external e-mail attachments

containing confidential information
with password settings or encryption.
[KVH Information System Usage
Policy ]

Do not attach files to internal e-mail.

Use Sharepoint for internal e-mail
transmission.
[KVH Information System Usage Policy ]

4. Clean Desk

5. Check Common Areas

6. Protect Mobile Phone

Do not leave documents on your

desk after leaving the office.
(Clear Desk Policy)

Do not leave documents lying

around when using printer, copy
or fax machines.
(Clear Office Equipment Policy

Company mobile phones or

personal mobile phones used for
business shall be protected by
automatic-locking.

Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

10

KVH Security Basic Rules 2

7. Secure Important Information

9. Do not connect unauthorized

equipment

8. Protect Client PCs

KVH
LAN

Store important information in

locked cabinets.
(Information Security Standard)

10. Check e-mail/facsimile

before sending

Check and be sure that the address or

facsimile number and content is
correct before sending.
Check and be sure that the facsimile
has been delivered correctly.

Lock PC before leaving your desk.

Power off client PCs before leaving
the office.
(Clear Screen Policy)

11. Prohibition of use of non

standard software

Do not connect personal PCs or

Department PCs to the KVH LAN!
Do not connect USB and other
external media to client PCs!
[KVH Information System Usage Policy ]

12. Prohibition of Storing Data

Externally

Etc
Users shall not install and/or use
any software other than approved
software. [KVH Information System
Usage Policy]

Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

11

System documents shall not be

stored in any public network.
[KVH Information System Usage
Policy ]

KVH categories and handling of information assets

For further information please refer to Category & handling of Information Assets
Category

Public

Confidential

Highly Confidential

Definition

External/internal information with

no disclosure limits
Items assumed disclosed or
submitted externally

Information shared
internally/externally amongst special
related parties only
Items that cannot be disclosed,
presented or leaked externally except
for special related parties.

Information shared amongst

management or special relation
parties only.
Items that contain the most critical
information regarding management.

Example

External web site, press releases,

brochures and similar information

Internal regulations, procedures,

organizational chart, seating chart, etc.
Proposals, quotations, applications,
contracts, customer information, etc.

Financial information, board

meeting materials, personnel
information, sales strategy, critical
management information, etc.

Labeling

No restriction

Stipulate Confidential on it

Stipulate Highly Confidential

on it

Saving

No restriction

Sharepoint or network drives

Sharepoint or network drives

Assign access right for
authorized people
Assign password

Assign access right for authorized

people
Storing

No restriction

Store in secured lockable area

Disposal

In case of no need for storing, the

information shall be disposed

In case of no need for storing, the information shall be disposed by the

paper shredder or Confidential Document Collection Locker.

Template http://insidekvh/index.php?option=com_content&view=article&id=982&Itemid=389
Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

12

Handling of paper based media including confidential data

Any paper containing confidential information shall not be taken
out of the office. If confidential information has to be taken out,
then the supervisor's approval shall be obtained in advance.
Confidential information is taken out, the employee shall go
back to the office to keep the information in a secure place,
before going home. If the employee cannot go back to the office
due to unavoidable reason, the supervisor's approval shall be
obtained.

Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

13

Response to Information security incident

1. Please report to your manager, security group immediately when Information Security incident occurs.
(contact: sirt@KVHasia.com, In case of mobile lost, lostmobile@KVHasia.com In case of ID card lost,
lostcard@KVHasia.com )
2. Representative of Information Security Management shall provide directions for incident measure promptly.
3. Reporter have to describe the security incident report in the specified format and submit it to manager,
Manager signs and submits it to Security Group
4. Representative of Information Security Management shall propose preventive measures

Security Group: sirt@KVHasia.com

Management Representative of Information Security

1.Report

2. provide
directions for
incident measure

3.Submit
incident report

Manager

Reporter
Copyright 201 by KVH Co., LTD All Rights Reserved. -Confidential -

14

4.Instruct
preventive measures