NPO JNSA 3,500() 2003122 ISBN4-8443-1858-6 Copyright (c) 2003-2004 NPO Page 2
個人情報の社会状況 DMがよく届く 不正アクセス ウイルス 内部からの漏洩 電話勧誘が多い 外部 (インターネット) からの漏洩 サービス利用 名簿業者など 個人情報の提供 事業者 個人情報の売買 漏洩 情報主体 (本人) 何から行なえば良いか どの程度の対策が妥当か 個人情報保護法に従えばOKか Copyright (c) 2003-2004 NPO日本ネットワークセキュリティ協会 Page 3
ACCS ACCS Copyright (c) 2003-2004 NPO Page 4
http://www5.cao.go.jp/seik atsu/kojin/index.html http://www.meti.go.jp/poli cy/it_policy/privacy/privac y.htm Copyright (c) 2003-2004 NPO Page 5
Copyright (c) 2003-2004 NPO Page 6
Copyright (c) 2003-2004 NPO Page 7
(:) 5,000 Copyright (c) 2003-2004 NPO Page 8 () ( ( ) 5,000 )
Copyright (c) 2003-2004 NPO Page 9
Copyright (c) 2003-2004 NPO Page 10
2003/12 2003/12 Copyright (c) 2003-2004 NPO Page 11
Copyright (c) 2003-2004 NPO Page 12
Copyright (c) 2003-2004 NPO Page 13
Copyright (c) 2003-2004 NPO Page 14
JIS Q 15001 JIS X 5080 Q 15001 X 5080 Copyright (c) 2003-2004 NPO Page 15
Copyright (c) 2003-2004 NPO Page 16
1. 2. 3. 3.1 4. 4.1 4.2 4.3 5. 5.1 5.2 6. 6.1 6.2 6.3 7. 7.1 7.2 7.3 8. 8.1 8.2 8.3 8.4 8.5 8.6 8.7 9. 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 10. 10.1 10.2 10.3 10.4 10.5 11. 11.1 12 12.1 12.2 12.3 Copyright (c) 2003-2004 NPO Page 17
JIS Q 15001 Copyright (c) 2003-2004 NPO Page 18
() Copyright (c) 2003-2004 NPO Page 19
Yes / No Copyright (c) 2003-2004 NPO Page 20
Copyright (c) 2003-2004 NPO Page 21
() () () M&A Copyright (c) 2003-2004 NPO Page 22
(JNSA/)() Copyright (c) 2003-2004 NPO Page 23
Copyright (c) 2003-2004 NPO Page 24
16 152 151 Copyright (c) 2003-2004 NPO Page 25
() DM ADR Copyright (c) 2003-2004 NPO Page 26
(()) http://www.meti.go.jp/kohosys/press/0004141/0/030613denshishotorihiki.pdf (111214) Copyright (c) 2003-2004 NPO Page 27
Copyright (c) 2003-2004 NPO Page 28
(FAXWeb) Copyright (c) 2003-2004 NPO Page 29
Copyright (c) 2003-2004 NPO Page 30
() () BCP()CP()DR() BCP : Business Continuous Plan CP : Contingency Plan DR : Disaster Recovery Plan Copyright (c) 2003-2004 NPO Page 31
(2602:) Copyright (c) 2003-2004 NPO Page 32
() input Action input Action input Action Check Plan Check Plan Check Plan Do output Do output Do output input input Action input Action input Action Check Do Plan Check Plan Check Plan output Do output Do output output Copyright (c) 2003-2004 NPO Page 33
Copyright (c) 2003-2004 NPO Page 34
() (Information Security Management System) Copyright (c) 2003-2004 NPO Page 35
() 1. 2. () WebCookie 3. WebWeb Web 4. 5. 6. : privacy@xxxxx.co.jp Copyright (c) 2003-2004 NPO Page 36
OHSAS 18001 ( ) ISO 14000s () JIS Z 9920 () () JRMS ( ) ISO/IEC 17799 JIS X 5080 (ISMS) * ISO 9000s () JIR TR X 0021 (CMM) JIS Q 15001 () ECS2000 () JIS TR X 0036 (GMITS) JIS Q 2001 () ISO 10006 ( ) Copyright (c) 2003-2004 NPO * ISMS: Information Security Management System Page 37
() JIPDEC(JRMS) ISBN 4-89078-012-2 9,500 () (Availability) () Need to KnowNeed to Use Copyright (c) 2003-2004 NPO Page 38
PC FD PC Copyright (c) 2003-2004 NPO Page 39
() () Web http://www.ipa.go.jp/security/awareness/administrator/secure-web/index.html http://www.ipa.go.jp/security/awareness/vendor/programming/index.html Web40 http://java-house.jp/~takagi/paper/idg-jwd2003-takagi-dist.pdf Web http://java-house.jp/~takagi/paper/jnsa-nsf-2003-takagi-dist.pdf (ASPiDC) (OS/AP LAN(WEPMACESS-ID) ) http://www.ipa.go.jp/security/awareness/administrator/remote/index.html Copyright (c) 2003-2004 NPO Page 40
ID() () () (update) ( ) () () SLA (Service Level Agreement) Copyright (c) 2003-2004 NPO Page 41
() () () (RFC 3227) (Plan Do Check Action) (EMS)(QMS)(OHSMS) (PM) Copyright (c) 2003-2004 NPO Page 42
Copyright (c) 2003-2004 NPO Page 43
CSR(:Corporate Social Responsibility) () (JIS Q 15001) (JIS X 5080) () Plan-Do-Check-Action Copyright (c) 2003-2004 NPO Page 44
() IT Copyright (c) 2003-2004 NPO Page 45
Copyright (c) 2003-2004 NPO Page 46 () a b c d e f g h idc Web e- ISO ActiveDirectory a,c b,f c d e g,h
Copyright (c) 2003-2004 NPO Page 47 () a c a b c IDS UPS OS PKI b
Copyright (c) 2003-2004 NPO Page 48