Huawei 2015 Annual Report Download - page 47

Download and view the complete annual report

Please find page 47 of the 2015 Huawei annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 145

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145

45
We have built an IT platform for security awareness
education and training that targets all employees
and regularly provided basic and business domain-
specific cyber security awareness education and
training. The security awareness of all employees
has improved. In addition, training courses, learning
materials, and skill frameworks have been created in
the R&D domain and can be used during the day-to-
day work of the majority of R&D employees. In 2015,
over 46,000 employees received R&D cyber security
training.
We have built sophisticated code compilation,
configuration management, tool management,
and traceability platforms in the R&D domain to
automate security activities. Our R&D engineering
capabilities have improved, and vulnerability tracing
and automatic virus scanning capabilities have
attained an industry-leading level.
Our independent verification approaches, such
as the models adopted at the UK-based Cyber
Security Evaluation Centre, Huawei's Internal Cyber
Security Lab, and third-party security verification
models we have advocated at EWA and CC, have
been recognized by numerous governments and
carrier customers. Cyber security baselines have
been implemented as a quality threshold. The
density of issues regarding security has showed
steady improvements over the past several years and
continued to be a core focus of our R&D efforts. The
number of security issues identified during external
testing has also been reduced significantly, and CC,
PCI, and customer certification have been successful
for a range of Huawei products.
We have continued to improve the compliance levels
and delivery quality of our cyber security activities
throughout service delivery. We have effectively
reduced privacy risks by using mature processes and
platforms to process customer data stored on spare
parts. In addition, we have enhanced our managed
services and Global Network Operation Centers
(GNOCs) and validated all tools currently in use to
improve field delivery quality and ensure security in
all delivery activities.
We have controlled our supply system from
start to finish to ensure end-to-end security. We
have improved suppliers' delivery quality and
compliance with security agreements and urged
them to promptly provide solutions and patches
for vulnerabilities in third-party software. In doing
so, we have put in place a comprehensive security
mechanism for managing suppliers.
We have established a mature system for tracing
supply chain components and enhanced security
management through version control, reverse
logistics management, and traceability to ensure that
virtually every process and component is traceable.
For software incorporated into configuration
management, the affected products and customers
can be identified automatically within one hour
of a vulnerability's disclosure. We have also built
basic software integrity protection capabilities into
our end-to-end processes through the inspection
of materials from suppliers, digital signatures in
product versions, integrity protection for gold
images, and cloud-based software management in
manufacturing and GTS.
Networks are shifting toward fully-connected services,
NFV/SDN-based architecture, and Internetized
operations. The emergence of smart lifestyles under
all scenarios will bring about more challenges for
user privacy protection and cyber security. A Better
Connected World presents all of human society with
exciting opportunities and daunting challenges. We
will continue to position cyber security and user privacy
assurance as a core corporate strategy. We will establish
our cyber security and user privacy protection methods
and practices by leveraging our ICT knowledge and
expertise in cloud, pipe, and devices, end-to-end
security approaches, and supporting ICT platforms.
By relying on such knowledge and expertise, we will
continue to support customers, governments, and key
stakeholders so that they can understand the role ICT
will play over the coming years, and benefit from our
knowledge on security and privacy. We hope that our
key concepts of teamwork, openness, and transparency
will create more value for our customers so that they
can better prepare themselves for future challenges and
future benefits.