Security

From before, the LY Corporation Group has made utmost efforts against information security threats in accordance with its information security policy of: protecting its users from information leaks (confidentiality), providing round-the-clock service (availability), and securely protecting the service contents from destruction or fabrication (integrity).

CISO Message

Hideyuki Nakahara, CISO

At LY Corporation, our highest priority is safeguarding our customers' trust and safety. As privacy and security become ever more paramount, it is also essential that we prepare ourselves against cybersecurity attacks and other threats.
Along with growing our business, we are committed to fulfilling our responsibility of offering services that form a crucial part of social infrastructure and serve a great many customers.

Hideyuki Nakahara, CISO
Joined Yahoo Japan Corporation in 2003. Served as Vice President of Front-end Development Division, R&D Management Group, Vice President of Smart Device Development Division, Smart Device Strategy Office, and other posts. Appointed Corporate Officer, President of System Management Group in April 2014.
Appointed Executive Corporate Officer, Executive VPoE, Head of Service Infrastructure Group, LY Corporation in October 2023. Appointed CISO in January 2024.

Cybersecurity Policy

From before, the LY Corporation Group has made utmost efforts against information security threats in accordance with its information security policy of: protecting its users from information leaks (confidentiality), providing round-the-clock service (availability), and securely protecting the service contents from destruction or fabrication (integrity).
In addition to these ongoing efforts, the LY Corporation Group, with a view to detecting and countering increasingly sophisticated cyberattacks, works to build information systems and provide services in compliance with the cybersecurity framework of U.S. National Institute of Standards and Technology (NIST).
LY Corporation (the "Company") has put together and declared these views as LY Corporation Group's Cybersecurity Policy.
Based on these basic approaches, the Company has established internal regulations to clarify employee compliance requirements for handling information and conducts regular training. The internal regulations define prohibited actions and penalties. In addition, network monitoring and appropriate technical safety management measures are implemented to prevent unauthorized information leaks. Furthermore, employees are required to submit a pledge to understand the importance of personal information and to protect it appropriately. Through these measures, the Company aims for each employee to maintain a high level of information security awareness and ensure the protection of its customers' information.

Related link

Security Governance Framework

LY Corporation has established a security supervisory organization under the Board of Directors, headed by the CISO appointed and delegated authority by the President and Representative Director (CEO).
This body sets rules and provides guidance and support to Group companies. To ensure security governance, we have also established a Security Governance Committee that reports directly to the CEO. In addition, the Group CISO Board, comprising our CISO and CISOs from key Group companies relevant to our business, strengthens governance across the Group.

This diagram illustrates the security governance framework. At the top is the Board of Directors, which is responsible for decision-making and oversight. Directly below is the President and Representative Director, who oversees the entire company as the executive body. Reporting to the President is the Security Governance Committee, chaired by the President and comprising executive officers involved in security, such as the CISO and CTO. This committee reports to the Management Committee and coordinates policies with the Group CISO Board. The Group CISO Board is composed of CISOs from major group companies and is responsible for policy sharing and coordination. At the center of the organizational structure are the CISO and the Security Supervisory Organization, which report to the Security Governance Committee and oversee and support group companies. At the lower levels are group companies, subsidiaries, affiliates, and their respective CISOs, who respond to incident reports and inquiries from employees. Each company has a “CISO or equivalent head of the security division” and a CSIRT, which work together to ensure a comprehensive security structure through reporting, management, and guidance.

• CISO: Chief Information Security Officer
• CSIRT: Computer Security Incident Response Team

Security initiatives in the whole Group

As part of the vertical governance over the Group's security, LY Corporation regularly monitors the status of security initiatives implemented at each Group company, based on the NIST cybersecurity framework, and continuously makes improvements in accordance with the results of the monitoring.

At the request of each Group company, LY Corporation also provides proactive support to improve the security level of the entire Group, including support for conducting vulnerability assessments and incident response training, as well as support for the introduction of security educational materials, security assessment services, incident response support services, and a variety of security solutions.

Page top