untitled

NPO JNSA 3,500() 2003122 ISBN4-8443-1858-6 Copyright (c) 2003-2004 NPO Page 2

個人情報の社会状況 DMがよく届く 不正アクセス ウイルス 内部からの漏洩 電話勧誘が多い 外部 (インターネット) からの漏洩 サービス利用 名簿業者など 個人情報の提供 事業者 個人情報の売買 漏洩 情報主体 (本人) 何から行なえば良いか どの程度の対策が妥当か 個人情報保護法に従えばＯＫか Copyright (c) 2003-2004 NPO日本ﾈｯﾄﾜｰｸｾｷｭﾘﾃｨ協会 Page 3

ACCS ACCS Copyright (c) 2003-2004 NPO Page 4

http://www5.cao.go.jp/seik atsu/kojin/index.html http://www.meti.go.jp/poli cy/it_policy/privacy/privac y.htm Copyright (c) 2003-2004 NPO Page 5

Copyright (c) 2003-2004 NPO Page 6

Copyright (c) 2003-2004 NPO Page 7

(:) 5,000 Copyright (c) 2003-2004 NPO Page 8 () ( ( ) 5,000 )

Copyright (c) 2003-2004 NPO Page 9

Copyright (c) 2003-2004 NPO Page 10

2003/12 2003/12 Copyright (c) 2003-2004 NPO Page 11

Copyright (c) 2003-2004 NPO Page 12

Copyright (c) 2003-2004 NPO Page 13

Copyright (c) 2003-2004 NPO Page 14

JIS Q 15001 JIS X 5080 Q 15001 X 5080 Copyright (c) 2003-2004 NPO Page 15

Copyright (c) 2003-2004 NPO Page 16

1. 2. 3. 3.1 4. 4.1 4.2 4.3 5. 5.1 5.2 6. 6.1 6.2 6.3 7. 7.1 7.2 7.3 8. 8.1 8.2 8.3 8.4 8.5 8.6 8.7 9. 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 10. 10.1 10.2 10.3 10.4 10.5 11. 11.1 12 12.1 12.2 12.3 Copyright (c) 2003-2004 NPO Page 17

JIS Q 15001 Copyright (c) 2003-2004 NPO Page 18

() Copyright (c) 2003-2004 NPO Page 19

Yes / No Copyright (c) 2003-2004 NPO Page 20

Copyright (c) 2003-2004 NPO Page 21

() () () M&A Copyright (c) 2003-2004 NPO Page 22

(JNSA/)() Copyright (c) 2003-2004 NPO Page 23

Copyright (c) 2003-2004 NPO Page 24

16 152 151 Copyright (c) 2003-2004 NPO Page 25

() DM ADR Copyright (c) 2003-2004 NPO Page 26

(()) http://www.meti.go.jp/kohosys/press/0004141/0/030613denshishotorihiki.pdf (111214) Copyright (c) 2003-2004 NPO Page 27

Copyright (c) 2003-2004 NPO Page 28

(FAXWeb) Copyright (c) 2003-2004 NPO Page 29

Copyright (c) 2003-2004 NPO Page 30

() () BCP()CP()DR() BCP : Business Continuous Plan CP : Contingency Plan DR : Disaster Recovery Plan Copyright (c) 2003-2004 NPO Page 31

(2602:) Copyright (c) 2003-2004 NPO Page 32

() input Action input Action input Action Check Plan Check Plan Check Plan Do output Do output Do output input input Action input Action input Action Check Do Plan Check Plan Check Plan output Do output Do output output Copyright (c) 2003-2004 NPO Page 33

Copyright (c) 2003-2004 NPO Page 34

() (Information Security Management System) Copyright (c) 2003-2004 NPO Page 35

() 1. 2. () WebCookie 3. WebWeb Web 4. 5. 6. : privacy@xxxxx.co.jp Copyright (c) 2003-2004 NPO Page 36

OHSAS 18001 ( ) ISO 14000s () JIS Z 9920 () () JRMS ( ) ISO/IEC 17799 JIS X 5080 (ISMS) * ISO 9000s () JIR TR X 0021 (CMM) JIS Q 15001 () ECS2000 () JIS TR X 0036 (GMITS) JIS Q 2001 () ISO 10006 ( ) Copyright (c) 2003-2004 NPO * ISMS: Information Security Management System Page 37

() JIPDEC(JRMS) ISBN 4-89078-012-2 9,500 () (Availability) () Need to KnowNeed to Use Copyright (c) 2003-2004 NPO Page 38

PC FD PC Copyright (c) 2003-2004 NPO Page 39

() () Web http://www.ipa.go.jp/security/awareness/administrator/secure-web/index.html http://www.ipa.go.jp/security/awareness/vendor/programming/index.html Web40 http://java-house.jp/~takagi/paper/idg-jwd2003-takagi-dist.pdf Web http://java-house.jp/~takagi/paper/jnsa-nsf-2003-takagi-dist.pdf (ASPiDC) (OS/AP LAN(WEPMACESS-ID) ) http://www.ipa.go.jp/security/awareness/administrator/remote/index.html Copyright (c) 2003-2004 NPO Page 40

ID() () () (update) ( ) () () SLA (Service Level Agreement) Copyright (c) 2003-2004 NPO Page 41

() () () (RFC 3227) (Plan Do Check Action) (EMS)(QMS)(OHSMS) (PM) Copyright (c) 2003-2004 NPO Page 42

Copyright (c) 2003-2004 NPO Page 43

CSR(:Corporate Social Responsibility) () (JIS Q 15001) (JIS X 5080) () Plan-Do-Check-Action Copyright (c) 2003-2004 NPO Page 44

() IT Copyright (c) 2003-2004 NPO Page 45

Copyright (c) 2003-2004 NPO Page 46 () a b c d e f g h idc Web e- ISO ActiveDirectory a,c b,f c d e g,h

Copyright (c) 2003-2004 NPO Page 47 () a c a b c IDS UPS OS PKI b

Copyright (c) 2003-2004 NPO Page 48