Cyberneura

Security Management Measures

Cyberneura K.K. (hereinafter referred to as “the Company”) implements the following security management measures to protect information assets in accordance with our Information Security Policy.

1. Organizational Security Management Measures

  • An information security officer has been appointed and a management framework has been established.
  • Rules regarding the handling of information assets are shared among officers and adhered to. Documented regulations will be developed as the organization grows.
  • In the event of an information security incident, it is promptly shared among officers and addressed.

2. Personnel Security Management Measures

  • Currently, the Company consists solely of officers, with no employees on staff. All officers possess sufficient knowledge and practical experience in information security.
  • When hiring employees in the future, we will conduct thorough evaluations of information security competency and execute non-disclosure agreements upon joining.
  • When working with external collaborators, we execute non-disclosure agreements and share only the minimum necessary information.

3. Physical Security Management Measures

  • The Company’s information assets are primarily managed on cloud services (AWS, Cloudflare, GitHub, etc.), and the physical security of data centers conforms to the management standards of the respective service providers.
  • Business equipment installed at the home office is protected by restricting third-party entry through building locks.
  • Business terminals are secured with password or biometric authentication locks, and screen locks are activated when unattended.
  • When disposing of information equipment and electronic media, data is rendered unrecoverable through the use of data erasure software or physical destruction of storage devices.

4. Technical Security Management Measures

Access Control

  • Access to information systems is limited to the minimum necessary permissions based on the duties of each person.
  • Multi-factor authentication has been implemented to prevent unauthorized access.

Communication Encryption

  • External communications are protected using encryption technologies such as TLS.
  • Stored data is also encrypted as necessary.

Unauthorized Access Prevention

  • Firewalls, intrusion detection systems, and other measures are in place to prevent unauthorized external access.
  • Software vulnerabilities are identified in a timely manner, and security patches are applied promptly.

Log Management

  • Usage of information systems is recorded and regularly monitored and analyzed.
  • Efforts are made to detect unauthorized access and abnormal operations.

5. Awareness of External Environment

  • When outsourcing the handling of personal data to external service providers, we verify the implementation status of security management measures at the outsourcing partner and conduct appropriate oversight.
  • When using cloud services, we evaluate the security measures of the service provider before use.

6. Security in Software Development

  • In software development, we select technologies and implement solutions with consideration for known vulnerability patterns (OWASP Top 10, etc.).
  • We conduct security reviews and static analysis of code using AI tools.
  • Error monitoring services have been deployed for continuous log analysis and anomaly detection in production environments.
  • Source code version control and access control are appropriately managed.

Established: 2026-04-06