Security
From before, the LY Corporation Group has made utmost efforts against information security threats in accordance with its information security policy of: protecting its users from information leaks (confidentiality), providing round-the-clock service (availability), and securely protecting the service contents from destruction or fabrication (integrity).
CISO Message
At LY Corporation, our highest priority is safeguarding our customers' trust and safety. As privacy and security become ever more paramount, it is also essential that we prepare ourselves against cybersecurity attacks and other threats.
Along with growing our business, we are committed to fulfilling our responsibility of offering services that form a crucial part of social infrastructure and serve a great many customers.
Hideyuki Nakahara, CISO
Joined Yahoo Japan Corporation in 2003. Served as Vice President of Front-end Development Division, R&D Management Group, Vice President of Smart Device Development Division, Smart Device Strategy Office, and other posts. Appointed Corporate Officer, President of System Management Group in April 2014.
Appointed Executive Corporate Officer, Executive VPoE, Head of Service Infrastructure Group, LY Corporation in October 2023. Appointed CISO in January 2024.
Cybersecurity Policy
From before, the LY Corporation Group has made utmost efforts against information security threats in accordance with its information security policy of: protecting its users from information leaks (confidentiality), providing round-the-clock service (availability), and securely protecting the service contents from destruction or fabrication (integrity).
In addition to these ongoing efforts, the LY Corporation Group, with a view to detecting and countering increasingly sophisticated cyberattacks, works to build information systems and provide services in compliance with the cybersecurity framework of U.S. National Institute of Standards and Technology (NIST).
LY Corporation (the "Company") has put together and declared these views as LY Corporation Group's Cybersecurity Policy.
Based on these basic approaches, the Company has established internal regulations to clarify employee compliance requirements for handling information and conducts regular training. The internal regulations define prohibited actions and penalties. In addition, network monitoring and appropriate technical safety management measures are implemented to prevent unauthorized information leaks. Furthermore, employees are required to submit a pledge to understand the importance of personal information and to protect it appropriately. Through these measures, the Company aims for each employee to maintain a high level of information security awareness and ensure the protection of its customers' information.
Related link
Information Security Management System
LY Corporation establishes a supervisory organization of security to formulate rules and to provide necessary guidance and cooperation to the Group companies. The organization is chaired by the CISO who is appointed by the President and Representative Director and to whom authorities are transferred .
• CISO: Chief Information Security Officer
Security initiatives in the whole Group
As part of the vertical governance over the Group's security, LY Corporation regularly monitors the status of security initiatives implemented at each Group company, based on the NIST cybersecurity framework, and continuously makes improvements in accordance with the results of the monitoring.
At the request of each Group company, LY Corporation also provides proactive support to improve the security level of the entire Group, including support for conducting vulnerability assessments and incident response training, as well as support for the introduction of security educational materials, security assessment services, incident response support services, and a variety of security solutions.