HIRT (Hitachi Incident Response Team) was established in 1998 as an in-house project, and was organized to act as CSIRT (Computer Security Incident Response Team) for the Hitachi group in October 2004.
To promote better vulnerability handling (support activity to eliminate security vulnerabilities) and better incident responsiveness (support activity to avoid and recover from the latest security violations and related incidents), HIRT is the CSIRT point of contact (PoC) that coordinates the Hitachi group and liaisons with external entities, in line with "Information Security Early Warning Partnership Guidelines".
Also, in January 2005, HIRT joined FIRST, the international CSIRT forum.
Four Hitachi Group IRT Organizations that Support Security Vulnerability and Incident Response Activities
HIRT is the organization responsible for the efficient provision of security vulnerability information and incident response information to all divisions in the Hitachi group, and supports the promotion of measures to defend the group from external and internal vulnerabilities and incidents.
- HIRT [Responsible department: HIRT/CC]
- The point of contact for external IRT organizations, such as FIRST, JPCERT/CC, CERT/CC. Also coordinates with SI vendors, product vendors, and internal users of IRT organizations.
- SI vendor IRT [Responsible department: SI/Service division]
- Promotes the IRT activity for customer system. This organization tries to ensure the security of customer system from published vulnerability information and incident outbreak.
- Product vendor IRT [Responsible department: Product development division]
- Promotes IRT activities for customer systems. This organization is responsible for protecting customer systems from published vulnerabilities and the latest security violations and related incidents.
- Internal user IRT [Responsible department: Internal infrastructure management section]
- Promotes security countermeasures for internal systems to prevent Hitachi group sites from becoming the source of security violations that could affect the functioning of the Internet.