How to adapt ICT to your growth strategy
Please consult us with your concerns

Cyber Security Services

Cyber security consulting is one of DBC's core strengths. Threats facing businesses grow more sophisticated and diverse every year: business shutdowns caused by ransomware, data theft through targeted attacks, and information leaks by malicious insiders. In personal data breach incidents, even major Japanese corporations and central government agencies are often found to lack sufficient security knowledge and preparedness.

Building on the database engineering and system infrastructure expertise we have cultivated since our founding, we provide end-to-end support from proactive defense to post-incident investigation and recovery. Solutions for government agencies and large enterprises are also available.

Vulnerability Assessment & Penetration Testing

We identify vulnerabilities in web applications, networks, server infrastructure, and cloud environments (configuration review for AWS/Azure/Google Cloud) from an attacker's perspective. Going beyond automated scanning, our specialist engineers perform manual testing to uncover business logic flaws that tools cannot detect. Results are delivered as a report with severity ratings and remediation priorities, and we support you through the remediation planning process.

Security Monitoring Program Design & Operations Support

We design and build a security monitoring program tailored to the scale and threat profile of your systems: multilayered defenses combining firewalls, intrusion detection and prevention systems (IDS/IPS), and SIEM-based log aggregation, selection and onboarding of an external SOC service where 24/7 monitoring is required, and tuning of detection rules.

After deployment, we provide ongoing support to keep the program effective: advanced analysis and triage of detected alerts, and escalation handling when an incident is confirmed.

Incident Response

"Suspicious traffic has been detected." "We suspect a data breach." When a security incident occurs, the speed and accuracy of the initial response determine the scale of the damage. We provide consistent support through every stage of an emergency: identifying the scope of impact, containment, recovery, and assistance with reporting to regulators and stakeholders.

Ransomware Response

In a ransomware incident that halts business operations, the quality of the initial response largely determines the recovery time and the scale of the loss. We provide the technical support needed in an emergency: identifying and containing the infection, designing the recovery of encrypted systems, and monitoring leak sites against double extortion, where attackers threaten to publish stolen data.

We begin with the initial response - containment, damage assessment, and recovery planning - and then provide staged quotes for recovery support and full investigation according to the scale of the damage. When a full account of the damage is required, we combine this service with our digital forensics investigation.

Digital Forensics

Our forensic investigation service scientifically reconstructs what happened after an incident. We preserve and analyze traces left on servers, PCs, and network devices (logs and on-disk data) in a manner that maintains their evidentiary integrity, identifying the intrusion path, the scope of damage, and whether data was exfiltrated.

We also investigate insider incidents such as data exfiltration and tampering. Preserving the integrity of evidence depends entirely on the initial response: when litigation or labor disputes are anticipated, stop using the devices in question and consult us as early as possible.

Litigation & Investigation Committee Support

We serve as technical experts responsible for preserving and analyzing digital evidence on behalf of independent (third-party) investigation committees and internal investigation committees established in response to data breaches, accounting fraud, labor issues, and similar matters. The credibility of a committee's findings rests on the objectivity and completeness of its evidence, and handling digital evidence properly requires specialized expertise.

We can work in coordination with your law firm. We recommend consulting us at the stage when a committee or legal proceedings are still under consideration.

Threat Intelligence

We continuously analyze the latest threat information and attack techniques to protect your systems more effectively. We also monitor the dark web for leaked information related to your company name, domains, and credentials. Regular threat intelligence reports strengthen the security awareness and decision-making of both executives and IT departments.

Security Program & Training

Technology alone does not complete your security posture. We support the organizational side as well: security policy development, CSIRT (incident response team) establishment, phishing simulation exercises, and security awareness training for employees. As breaches via business partners and subcontractors continue to increase, we also assess security across your entire supply chain, including security audits of subcontractors and the development of procurement requirements.

Certification & Regulatory Compliance Support

We provide end-to-end support for obtaining and renewing ISMS (ISO/IEC 27001) certification and Privacy Mark, from gap assessment through policy development, internal audit, and certification review. We also support PCI DSS compliance for businesses that handle credit card data.

For regulatory compliance with Japan's Act on the Protection of Personal Information, GDPR, and similar regulations, we help implement the safeguards the law requires: data inventory, cross-border transfer arrangements, and breach response procedures.

CISO Support & Security Advisory

The absence of a dedicated security officer (CISO), or a CISO holding concurrent roles, is a challenge common to many Japanese companies. A consultant with decades of experience across engineering, consulting, and corporate management engages on an ongoing advisory basis (starting from two days per month), supporting security investment decisions from a management perspective, prioritization of initiatives, and decision-making during incidents. We also serve as a virtual CISO, taking on the CISO role itself. We continuously review your security program as the threat landscape evolves, always proposing state-of-the-art countermeasures against emerging threats.

Pricing Guide

Service Fee (excl. tax)
Vulnerability Assessment (web application / network / cloud) from JPY 1,500,000
Penetration Testing from JPY 3,000,000
Security Monitoring Program Design & Operations Support from JPY 800,000 / month
Incident Response from JPY 2,500,000
Ransomware Initial Response (containment / damage assessment / recovery planning) from JPY 3,000,000
Digital Forensics from JPY 1,500,000
Threat Intelligence from JPY 300,000 / month
Litigation & Investigation Committee Support individual quote
Security Program & Training individual quote
Certification & Regulatory Compliance Support (ISMS / Privacy Mark / PCI DSS) individual quote
CISO Support & Security Advisory (from two days per month) from JPY 1,000,000 / month

The amounts above are indicative minimum fees. We provide individual quotes based on scope, scale, and urgency.

Contact Us

We welcome inquiries even at the "we don't know where to start" stage, and we also respond to urgent consultations during active incidents. Please reach out via our contact form.