HII recognizes the importance of protecting HII proprietary data and other sensitive data. It is with this understanding that we are driven to ensure that data in our custody is always protected by having an information security program that is rigorous, effective and compliant. HII is committed to protecting the confidentiality and integrity of our sensitive information and those entrusted to us by our customers.
Data Privacy and Security
Data privacy and data security are at the core of our Information Security program, which is why HII employs strong policies and procedures to govern and support data privacy and security. The information held in our custody is used solely for valid business purposes and is protected in accordance with the stringent applicable global privacy standards. HII handles many different sensitive data classifications which require comprehensive data governance. These data classifications include personal, health, financial and government sensitive information and require custodians to be compliant with regulatory protections. Our data privacy program is designed to meet, and in some cases exceed, privacy global regulatory requirements.
Similarly, our data security program protects sensitive information from theft, alteration, compromise and destruction by internal and external threats. HII understands that external actors are laser focused on stealing company proprietary information, personal information and other sensitive information which have been entrusted to us by our customers and partners. To mitigate these external threats, we have implemented robust procedures and effective technologies to protect sensitive data, wherever it resides. We also know that potential insiders pose just as significant a risk to data confidentiality and integrity as external actors, and as such we have a well-documented and exercised insider threat detection program.
Our information security program takes a strategic approach to protecting our company from ever increasing cyber threats. Here at HII we leverage the right mix of cybersecurity technology, people and robust processes to meet and mitigate the cyber threats we face. As part of our cyber strategic framework we focus on:
- Identifying risks and threats to our critical data and assets
- Developing and implementing comprehensive protective capabilities to block known cyber attacks
- Detecting and mitigating cyber-attacks that break through our defenses
- Quickly recovering from cyber-attacks when they occur
HII also leverages its internal cybersecurity professional expertise when partnering with its suppliers to ensure protection of HII proprietary information and other sensitive data. HII Information security program professionals engage HII suppliers who handle HII sensitive data, but places particular emphasis on critical and key suppliers who are critical to HII’s mission success.
HII performs continuous monitoring of its information security program by performing internal and external cybersecurity audits, penetration tests as well as certified regulatory compliance assessments. Cybersecurity penetration tests are performed annually and are designed to emulate some of the most menacing threats our industry faces and test our cybersecurity threat detection and response capabilities. We also perform annual cybersecurity tabletop exercises enterprise wide to test both the strategic actions and tactical processes to see where we can improve our response and recovery during a cybersecurity breach. HII also has a security awareness training program that is administered to employees throughout the year. The focus of the security awareness training program is to educate HII employees on cyber threats and sound cybersecurity hygiene when working with HII systems and data. Through continuous cybersecurity training, employees are trained to recognize potential cyber threats, engage in safe practices when accessing HII IT systems and data, and know where to report suspicious activity when observed.
Huntington Ingalls Industries continues to recognize the importance of data privacy and security as we continue to execute our business mission. We continue to be proactive and progressive in our approach to data privacy and security and this is reflected in our overall information security program. Our policies and procedures are foundational to our information program and ensure appropriate data governance and protection of our sensitive information.