...i A

Size: px

Start display at page:

Download "...i A"

つかさだいほうじ
5 years ago
Views:

2 ...i A i

3 BIT ISO/IEC ii

4 IT ISO ISO ISO ISO IT iii

5 A 1

6 xdsl Web

7 2. 3 3

8 ( )

9 ( ) % % 10 12% 68% % % ( ) 5

10 2.1.3 BtoB BtoB ECOMNTT 13 ( ) BtoC BtoB , BtoC ECOMNTT 13 ( ) 6

11 W32/SQLSlammer Sapphire 2.6 IPA/ISEC (IPA/ISEC) IPA/ISEC JPCERT/CC 7

12 2.7 IPA/ISEC (IPA/ISEC) CATV ADSL ( )

16 3.1 OS 3.2 Web IP ADSL 12

17 ( ) VPN(Virtual Private Network) (1)

18 (2) IDSIntrusion Detection System 14

19 3.5 SI System Integrator

20 (3) VPN(Virtual Private Network) 3 VPN VPN VPN 3.7 VPN ADSL 3.8 VPN (4) IC PKIPublic Key Infrastructure 16

21 3.9 IC 15% GPKIGovernment Public Key Infrastructure 3.10 (5) 2 RSA DES 17

22 Web Web (1) 18

23 (2) VPN 3.15 ISP(Internet Service Provider) 4 19

24 3.16 (3) ISO/IEC BS7799ISMS Information Security Management System

25 (1) DoS Denial of Service attack 3.19 (2) 2 SI OEM 21

26 (3) 10% 15% 70%

27 VPNVirtual Private Network

28 , , ,836 6, % (2)(5) 1 BS7799 ISMS ISO/IEC % (4) 24

29 % (2)(3) / 6 30% xdslftthcatv ,700 ADSLISP (1)IT N-+I Network Guide (2) (3) (4) ,000 10,000 8,000 6,000 4,000 2,

30 (5) (1) VPN , ,261 90% 72% 7 e-japan 26

31 e-japan 23 8 (2) IDSIntrusion Detection System ISMS ASPApplication Service Provider 27

32 ISMS VPN Web (3) VPN 8 VPN ISPInternet Service Provider VPN xdsl IP-VPN VPN VPN VPN 28

33 VPN ADSL VPN (4) IC PKI PKI GPKI PKI ISMS GPKI 1 IC 29

34 1 PKI PKI (5) OS 2 e-japan ISMS OS 30

35 4.1.2 (1) ,700 SISystem Integration e-japan (2) 31

36 VPNADSL (3)

37 ISMS ISMS (1) 7% SI 33

38 (2) IT ,778 2, ,352 2,

39 (3) OS 35

40 IT IT 2% 4 CSIFBI % 1 64% VPN administration authorizationauthentication 3 e 1 36

41 25,000 20,000 15,000 10, ,

42 4.2.1 CSI 90% 93% IDS IDS , VPN PKI LAN IC VPN ,100 VPN IDS

43 ,

44 % 51.09% 48.91% 66.31% VPN 40

45 IT 1US ,000 25,000 20,000 15,000 10,000 5, , ,400 5,640 1, ,938 30,000 25,000 20,000 15,000 10,000 5, ,400 3,836 6, ,040 10, ,

46 IT 1.96 IT IT IT % 40.0% 30.0% 20.0% 17.1% % 10.0% 0.0% WITSADigital Planet

47 % 27% 25% 58% 29% 60% 79% 89% 90% 90% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% CSIComputer Security Issue & Trend Vol. VIII, No.1 Spring

48 (1) a) Windows Windows 44

49 Macintosh b) WindowsUNIX OS Macintosh (2) ISP 26% 45

50 (3) VPN ISP VPN VPN (4) PKI 70%

51 PKI 2 OS PKI e-japan (5) IC LAN GPKI 47

52 5.1.2 (1) (2) ISP (3) 48

53 SI ISMS (1) (2) (3) 49

54 IT IT IT ISMS

55 (1) (2) (3) 6.2 (1) IT ITSSIT 51

56 (2) 6.3 (1) ISMS (2) IT ISMS ISMS 100 ISO BS7799 ISMS IT (3) e-japan ISMS (4) IT 52

57 Web 53

58 B IT 54

59 IT IT IT IT 1.2 IT IT ISO ISMS Web

60 NITE CCCommon Criteria IPA 2 56

61 TCSECTrusted Computer System Evaluation Criteria TCSEC DC1C2B1B2B3A EC ITSECInformation Technology Security Evaluation CriteriaITSEC CC 1996 CCCommon Criteria ISO ISO/IEC

62 TCSECITSECISO/IEC TCSEC ITSEC CCISO/IEC (IPA/ISEC)IT CC CC MRA MRA 5 CCEAL1EAL4 5 58

63 ISO/IEC ISO/IEC ISO/IEC ISO/IEC CC Introduction and general model 2Security functional requirements 3Security assurance requirements ISO/IEC Protection ProfilePPSecurity TargetSTST PP 2 3 ST PP ST PP PP ST ST PP 2 59

64 3 10 PP ST ISO/IEC JIS X 5070 JIS ISO/IEC

65 2.3 TOE Target of Evaluation PP ISO/IEC NITE 1-4 NITE NITE NITE TOE PP ST 61

66 TOE PP PPProtection Profile TOE 2 STSecurity Target NITE PP TOE ST ST ST TOE TOE ST TOE 2 ST 3 NITE IPA IT 62

67 (1) PPSTTOE (2) IT IT PPSTTOE IT IT IT IT IT 63

68 2.5.4 (1) A IC Protection ProfilePP PP2 2 1PPST B IC Security TargetST ~ C 64

69 Security TargetST Protection Profile PP Target of Evaluation TOE IC Security TargetSTProtection ProfilePP Target of EvaluationTOE 10 NITE 1 1 2, E Target of EvaluationTOE 1 2 3ISO/IEC

70 (2) IT N= N= % 28% N=35 IT 33% 33% N=275 IT N=275 10% N=144 N=275 50% 50% 50% A B C D E PPTOE PPTOE ST 66

71 2.7 A.B.C. BE ABC. ACDE (1) PP ST ST PPSTTOE ST 2 3 (2) PP ST PPSTTOE NITEST PP TOE ISO9000 ISMS 67

72 2.6.2 (1) 2 ST 7 NITE 12 ST (2) (3) (4) EAL EAL3 2 EAL4 IT EAL (1) ISO/IEC ISO/IEC

73 PP ST PPST PP ST PP ST (1) ST 2 3 TOE (2) PP ST PP ST IC ST (1) ST ISO/IEC PP TOE ST ST ST ISO/IEC ST ISO/IEC (2) Linux Sendmail 69

74 ISO/IEC ST 2.8 A B C D E ST 70

75 3. IT ISO ISO ISO ISO9000 ISO 71

76 3.2.2 ISO ISO/IEC ISO e (1) 2 (2) 72

77 (3) ISMS PR (1) (2) EAL4 (3) 73

78 3.3.4 ISO9000 1/

79 NITE 20 ECSEC JEITA NITE 1 JEITA ECSEC ECSEC IT N=275 IT N=80 N=275 IT N=275 10% N= IT 3 75

80 10% 7 10% ST ~2 4.4 ISO ISO9000 ISO

81 , ISO ISO14000 ISO , ISO9000 ISO9000 ISO IT 2 1 A 1 B 77

82 4.5.1 (1) A NITE ECSEC (2) B VPNIC PKI VPNIC PKI VPN9 IC 8 19 PKI 7 5 1/3 78

83 A B A B ISO

Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 1

Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 1 ISO/IEC 15408 ISO/IEC 15408 Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved.