Supply Chain Security AssessmentSupply Chain Security Assessment

Cyber-attacks are becoming more complex every year, and the losses continue to escalate. In particular, "the damage caused by cyber-attacks targeting supply chains is becoming more and more serious.

A supply chain attack is a method of launching a cyber attack against a large company via group companies, suppliers, and contractors in the supply chain. For large companies, this is a very difficult attack because even if they have taken all possible security measures, they are still exposed to the threat.

Specifically, the following are supply chain attacks

• Cyber-attacks targeting confidential data entrusted to client companies
• Leakage of data by employees of group companies
• Phishing to steal e-mail addresses and disguise themselves as suppliers to obtain confidential information
• Abuse of the system by outsourced system maintenance

To prevent these cyber attacks before they happen, we work with you to reduce your own supply chain security risks by offering our supply chain security assessment services.

Cyber Security Risk Survey for Suppliers

We prepare cyber security checklists based on cyber security management guidelines, security actions, and international standards, and send, collect, tabulate, and analyze them for suppliers. We also customize the cyber security checklists for each client to achieve the most appropriate supply chain security survey for your company. (We can also combine vulnerability assessments and penetration testing upon client request.)

Cyber security risk assessment and corrective action development for suppliers

Score the evaluated suppliers and propose corrective actions for the findings. For suppliers with low scores, we work together to develop corrective actions and propose them to the suppliers. For suppliers with ISO27001 or ISO27017 certification, scoring is also performed to visualize the current security level of the supplier by conducting a quantitative evaluation, rather than selecting one of two options: with or without certification.

Investigation and evaluation of in-house related servers outside of system operation and management

We investigate server information related to your company based on the domain information registered by your company. We gather unmanaged server information by investigating web servers that are open to the public on the Internet even though they are not managed or intended to be managed by the company.