...i A

Similar documents
Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 1

Copyright(C) 2002 Information-technology Promotion Agency, Japan All rights reserved. 1

2006/6/ /9/1 2007/11/9 () 2011/4/ ( ()) ii

CIA+

Copyright

情報セキュリティの現状と課題

untitled

橡セキュリティポリシー雛形策定に関する調査報告書

内閣官房情報セキュリティセンター(NISC)

untitled

untitled

IW2001-B2 1 Internet Week 2001 ( ) Copyright 2001 All Rights Reserved, by Seiji Kumagai IW2001-B2 2 CodeRed Copyright 2001 All Rights

V ERP Standard Edition 1 ST ST TOE TOE TOE TOE TOE TOE // TOE

1. 2

ST作成の手引

untitled


Information Security Management System ISO/IEC 27001:2005 ISMS A Copyright JIPDEC ISMS,

目次! ISO/IEC の意義! ISO/IEC の運用! 欧米の対応と製品評価状況! ISO/IEC の内容! 日本の取り組み 2

IW2002-B5 1 Internet Week ( ) 9:30 12:30 ( ) Copyright 2002 All Rights Reserved, by Seiji Kumagai ADSL FTTH 24 IP LAN


Microsoft Word - 保守運用ガイドライン_080122CSAJ修正.doc

国際連携-2.doc

Information Security Management System ISMS Copyright JIPDEC ISMS,

今企業が取るべきセキュリティ対策とは策

はじめに


1 基本的考え方


16

1 OS OS OS Macintosh

ECに関わる法的問題検討報告書

幹部会、幹部懇談会の話題

2

untitled

2004 SYN/ACK SYN Flood G01P014-6

untitled

AirMac ネットワーク for Windows

2003/07/ /08/ /09/ /09/ /09/ /10/ /11/ /11/ ASE ASE



5005-toku3.indd

AirMac ネットワーク構成の手引き

Testing XML Performance

untitled


目  次 (案)

資料9 表紙.doc


平成17年度 マスターセンター補助事業

11夏特集号初校.indd

橡最終報告書.PDF

2

untitled

01.表紙.PDF

untitled

Linux Activities for Promoting Desktop Linux Utilization Jun Iio Research Center for Information Technology, Mitsubish

untitled

,255 7, ,355 4,452 3,420 3,736 8,206 4, , ,992 6, ,646 4,

IT 製品のセキュリティ認証の新たな枠組みの動向と展望

モバイルプリペイド決済の実現モデルの調査研究

IT IT IT


実教の教科書_H24+

untitled

ITIT BPRM&A ABLM&A 2...

平成14年度 電子商取引に関する市場規模・実態調査

BBTower

WEB

5 ISMS 5 4 PC PC USB PDA 2

集中講義 インターネットテクノロジー 第5回

つるい27-5月号PDF.indd

kiri_17.pdf

AGENDA

証明書検証サーバ

スライド 1

untitled

untitled

PowerPoint Presentation

II III I ~ 2 ~

中堅中小企業向け秘密保持マニュアル


PR映画-1


- 2 -


1 (1) (2)

インターネット利用ソリューション

橡jisq1500.PDF

2 3


統合運用管理ソフトウェア FUJITSU Software Systemwalker 総合カタログ

Web Web Web Web Web, i

7,, i


平成15年度先進的情報技術活用モデルシステムの開発

1. 増大する脅威 2


ネットワーク監視による不正アクセス発見手法

JIS Z 9001:1998JIS Z 9002:1998 ISO/IEC 17025ISO/IEC Guide 25

Transcription:

...i A 1....2 1.1...2 1.2...2 1.3...2 2....3 2.1...4 2.1.1...4 2.1.2...4 2.1.3...6 2.1.4...7 2.1.5...7 2.1.6...8 2.2...8 2.2.1...8 2.2.2...9 2.3...10 3.... 11 3.1...12 3.2...12 3.2.1...13 3.2.2...18 3.2.3...20 4....23 4.1...24 4.1.1...26 4.1.2...31 4.1.3...33 4.2...36 4.2.1...38 i

4.2.2...38 4.2.3...39 4.3...40 4.3.1...40 4.3.2...41 4.3.3...43 5....44 5.1...44 5.1.1...44 5.1.2...48 5.1.3...49 5.2...50 6....51 6.1...51 6.2...51 6.3...52 BIT 1....55 1.1...55 1.2...55 1.3...55 2....56 2.1...57 2.1.1...57 2.2...58 2.3 ISO/IEC 15408...59 2.4...61 2.5...63 2.5.1...63 2.5.2...63 2.5.3...63 2.5.4...64 2.6...66 ii

2.6.1...67 2.6.2...68 2.6.3...68 2.6.4...69 2.6.5...69 2.7...70 3. IT...71 3.1...71 3.2 ISO ISO9000...71 3.2.1...71 3.2.2...72 3.3...72 3.3.1...72 3.3.2...72 3.3.3...73 3.3.4...74 3.3.5...74 4....75 4.1...75 4.2...75 4.2.1...75 4.2.2...76 4.3...76 4.3.1...76 4.4...76 4.4.1 ISO9000...76 4.4.2 ISO14000...77 4.5 IT...77 4.5.1...78 4.5.2...79 iii

A 1

1. 1.1 2001 3 xdsl 1.2 1.3 36 Web 115 233 2

2. 3 3

2.1 2.1.1 2002 5 7 2.1 2002 (2002 8 29 ) 2.1.2 4

2.2 2001 (2002 8 29 ) 1997 6%2001 61% 10 12% 68% 5 300 1997 68% 2001 100% 2.3 2001 (2002 8 29 ) 5

2.1.3 BtoB 1998 8 2001 34 4 2.4 BtoB ECOMNTT 13 (2002 2 18 ) BtoC BtoB 1998 645 2001 14,840 23 2.5 BtoC ECOMNTT 13 (2002 2 18 ) 6

2.1.4 2002 1998 4 10 2003 1 W32/SQLSlammer Sapphire 2.6 IPA/ISEC (IPA/ISEC) 2.1.5 IPA/ISEC 1997 25 2002 619 25 JPCERT/CC http://www.jpcert.or.jp/stat/reports.html 7

2.7 IPA/ISEC (IPA/ISEC) 2.1.6 1 2000 CATV 60 2001 ADSL 2002 800 2 12 2.8 14 12 (2003 1 31 ) 2.2 2.2.1 2001 8

2002 5 10 2.2.2 9

2.3 2.9 3 2.9 10

3. 3.1 3.1 11

3.1 OS 3.2 Web IP ADSL 12

3.2 20022003 (2002 12 16 ) 3.2.1 VPN(Virtual Private Network) (1) 952 2000 12 28 13

3.3 3.4 (2) IDSIntrusion Detection System 14

3.5 SI System Integrator 3 3.6 15

(3) VPN(Virtual Private Network) 3 VPN VPN VPN 3.7 VPN ADSL 3.8 VPN (4) IC PKIPublic Key Infrastructure 16

3.9 IC 15% GPKIGovernment Public Key Infrastructure 3.10 (5) 2 RSA DES 17

Web Web 3.11 1 5 3.12 3.2.2 (1) 18

3.13 3.14 (2) VPN 3.15 ISP(Internet Service Provider) 4 19

3.16 (3) ISO/IEC 15408 BS7799ISMS Information Security Management System 3.17 3.18 3.2.3 20

(1) DoS Denial of Service attack 3.19 (2) 2 SI OEM 21

3.20 3.21 (3) 10% 15% 70% 3.22 22

4. 11 11. 1 2 3VPNVirtual Private Network 4 5. 1 2 3. 1 2 3 23

4.1 2001 990 1,856 108 2,953 5 2006 3,836 6,135 346 1 318 15% (2)(5) 1 BS7799 ISMS ISO/IEC 15408 2002 3 57.2% (4) 24

2002 12 781 16.6% (2)(3) 1 10 50 510 / 6 30% xdslftthcatv 2000 10 4,700 ADSLISP (1)IT N-+I Network Guide 2003 2 (2)2003 1 31 (3)2001 10 (4) 2002 3 4.1 12,000 10,000 8,000 6,000 4,000 2,000 0 2001 2002 2003 2004 2005 2006 25

(5)2002 2002 7 30 4.1.1 (1) 2001 241 VPN 2 2001 2000 11,109 2001 24,261 90% 72% 7 e-japan 26

e-japan 23 8 (2) IDSIntrusion Detection System 2001 80 23 ISMS ASPApplication Service Provider 27

ISMS VPN Web (3) VPN 8 VPN ISPInternet Service Provider VPN xdsl IP-VPN VPN VPN VPN 28

VPN ADSL VPN (4) IC PKI PKI GPKI PKI ISMS GPKI 1 IC 29

1 PKI PKI (5) OS 2 e-japan ISMS OS 30

4.1.2 (1) 2001 1,700 SISystem Integration e-japan (2) 31

111 10 VPNADSL (3) 2001 45 32

ISMS ISMS 4.1.3 (1) 7% SI 33

(2) IT 2001 2001 23,778 2,111 2002 34,352 2,788 2 34

(3) OS 35

4.2 2001 45 47 92 5 2006 120 92 212 2001 9 IT IT 2% 4 CSIFBI 2001 85% 1 64% 2003 2004 2005 2004 2006 VPN administration authorizationauthentication 3 e 1 36

25,000 20,000 15,000 10,000 4.2 5,000 0 2001 2002 2003 2004 2005 2006 37

4.2.1 CSI 90% 93% IDS IDS 2000 11 6,000 2005 29 VPN PKI LAN IC 4.2.2 VPN 2007 9 3,100 VPN IDS 2001 38

1 2001 9 2003 4.2.3 2,000 100 2005 25 1 39

4.3 4.3.1 2001 4.3 33.69% 51.09% 48.91% 66.31% VPN 40

4.3.2 2001 2006 IT 1US 120 4.4 30,000 25,000 20,000 15,000 10,000 5,000 0 2001 3.76 11,040 5.46 2.89 5,400 5,640 1,948 990 2,938 30,000 25,000 20,000 15,000 10,000 5,000 2006 3.75 14,400 3,836 6,421 1.72 11,040 10,258 2.48 25,440 0 41

2001 3.76 2006 2.48 IT 1.96 IT IT 3.28 4.5 IT 2001 50.0% 40.0% 30.0% 20.0% 17.1% 1.96 33.6% 10.0% 0.0% WITSADigital Planet20022002.02 42

4.3.3 4.6 21% 27% 25% 58% 29% 60% 79% 89% 90% 90% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% CSIComputer Security Issue & Trend Vol. VIII, No.1 Spring2002 43

5. 5.1 5.1.1 (1) a) Windows Windows 44

Macintosh b) WindowsUNIX OS Macintosh (2) ISP 26% 45

(3) VPN ISP VPN VPN (4) PKI 70% 2001 46

PKI 2 OS PKI e-japan (5) IC LAN GPKI 47

5.1.2 (1) (2) ISP (3) 48

SI ISMS 5.1.3 (1) (2) (3) 49

IT IT IT ISMS 5.2 50

6. 6.1 (1) 5 3.5 (2) (3) 6.2 (1) IT ITSSIT 51

(2) 6.3 (1) ISMS (2) IT ISMS ISMS 100 ISO BS7799 ISMS IT (3) e-japan ISMS (4) IT 52

Web 53

B IT 54

1. 1.1 2001 2 IT IT IT IT 1.2 IT IT 5 1.3 21 ISO ISMS Web 275 55

2. 2001 4 NITE 1998 10 CCCommon Criteria IPA 2 56

2.1 2.1.1 1985 TCSECTrusted Computer System Evaluation Criteria TCSEC DC1C2B1B2B3A1 7 1991 EC ITSECInformation Technology Security Evaluation CriteriaITSEC 8 7 1993 6 CC 1996 CCCommon Criteria 1.0 1996 ISO 1999 6 ISO/IEC 15408 2.1 57

TCSECITSECISO/IEC 15408 2.2 2.2 2002 11 TCSEC ITSEC CCISO/IEC 15408 1990 20 1 21 91 4 0 4 92 6 1 7 93 5 7 12 94 19 25 44 95 11 17 28 96 4 18 22 97 7 28 1 36 98 5 32 3 40 99 2 41 14 57 2000 3 31 31 65 01 0 34 26 60 02 0 17 44 61 0 9 68 77 86 261 187 534 (IPA/ISEC)IT 2002 12 2.2 1998 10 CC CC MRA MRA 5 CCEAL1EAL4 5 58

2001 2.3 ISO/IEC 15408 ISO/IEC 15408 ISO/IEC 15408 ISO/IEC 15408 CC 2.0 1999 6 3 1Introduction and general model 2Security functional requirements 3Security assurance requirements ISO/IEC 15408 1 Protection ProfilePPSecurity TargetSTST PP 2 3 ST PP ST PP PP ST ST PP 2 59

3 10 PP ST ISO/IEC 15408 2000 7 JIS X 5070 JIS ISO/IEC 15408 2.3 60

2.3 TOE Target of Evaluation PP 2.3 2.4 ISO/IEC 15408 NITE 1-4 NITE NITE NITE TOE PP ST 61

TOE PP PPProtection Profile TOE 2 STSecurity Target 7 2003 2 NITE PP TOE ST ST ST TOE TOE ST TOE 2 ST 3 NITE 2003 2 2.4 IPA IT 62

2.5 2.5.1 2 2.5.2 2.5.3 (1) PPSTTOE (2) IT IT PPSTTOE IT IT IT IT IT 63

2.5.4 (1) A IC Protection ProfilePP PP2 2 1PPST 2 3 4 B IC Security TargetST 4 2 15~20 5 2 300 1 2 3 4 5 C 64

Security TargetST Protection Profile PP Target of Evaluation TOE 1 2 3 IC Security TargetSTProtection ProfilePP Target of EvaluationTOE 10 NITE 1 1 2,500 3 1 1 2 3 E Target of EvaluationTOE 1 2 3ISO/IEC 15408 65

(2) 2.5 1 IT 28 30 29 N=275 20 23 21 N=80 27 66% 28% N=35 IT 33% 33% 33 275 27 35 29 N=275 IT 50 62 52 N=275 10% 72 73 73 N=144 N=275 50% 50% 50% 2.6 2.6 2.6 A B C D E PPTOE PPTOE ST 66

2.7 A.B.C. BE ABC. ACDE. 2.6.1 (1) PP ST ST PPSTTOE ST 2 3 (2) PP ST PPSTTOE NITEST PP TOE ISO9000 ISMS 67

2.6.2 (1) 2 ST 7 NITE 12 ST (2) (3) (4) EAL4 2003 2 EAL3 2 EAL4 IT EAL4 2.6.3 (1) ISO/IEC 15408 ISO/IEC 15408 68

PP ST PPST PP ST PP ST 2.6.4 (1) ST 2 3 TOE (2) PP ST PP ST IC ST 1 300 2.6.5 (1) ST ISO/IEC 15408 PP TOE ST ST ST ISO/IEC 15408 ST ISO/IEC 15408 (2) Linux Sendmail 69

ISO/IEC 15408 2.7 2.8 ST 2.8 A B C D E ST 70

3. IT 3.1 1 1 3.2 ISO ISO9000 3.2.1 ISO9000 3.1 3.1 ISO9000 ISO 71

3.2.2 ISO 3.3 3.3.1 ISO/IEC 15408 ISO e 3.3.2 (1) 2 (2) 72

(3) ISMS PR 3.3.3 (1) (2) EAL4 (3) 73

3.3.4 ISO9000 1/2 3.3.5 74

4. 4.1 NITE 20 ECSEC JEITA 3 10 1 1 NITE 1 JEITA ECSEC ECSEC 4.2 4.2.1 4.1 2 IT N=275 IT N=80 N=275 IT N=275 10% N=144 28 30 29 20 23 21 27 35 29 50 62 52 72 73 73 3 IT 3 75

10% 7 10% 4.2.2 ST 4.3 4.3.1 1 1~2 4.4 ISO 4.4.1 ISO9000 ISO9000 1990 76

1994 1998 4 826 6,627 1.7 1992 1 200 1992 1994 3 4 ISO9000 4.4.2 ISO14000 ISO14001 1996 1996 2000 4 106 4,019 2.5 ISO9000 ISO9000 ISO14001 4.5 IT 2 1 A 1 B 77

4.5.1 (1) A NITE 20 20 3 ECSEC 2 4 2 (2) B VPNIC PKI VPNIC PKI VPN9 IC 8 19 PKI 7 5 1/3 78

1 1 1.5 4.5.2 4.2 A 2002 2003 2004 2005 2006 5 7 8 16 32 68 5 17 32 48 70 172 B 1 3 6 9 13 33 9 8 1 3 6 8 12 30 7 1 2 4 7 10 25 0 6 12 19 28 65 19 5 2 3 4 5 7 10 A 3 2004 2005 B 2003 2006 22 172 8 1.7 ISO9000 1994 1998 2005 79

2024 © docsplayer.net プライバシー | 利用規約 | フィードバック