ECOM 200511 e ECOM
CIA+
Integrity Confidentiality Availability
Phishing fishing http://www.nikkeibp.co.jp/ http://www.nikeibp.co.jp/
DoSDenial of Service
DoS
IT IT ROI
1/2
2/2 DMZ
IT TESEC( Common CTCPEC Criteria ITSEC ISO/IEC15408 (CC) IT BS7799 ISO/IEC13335TR ISO/IEC17799 Code of practice for information security management JIS X5080 ISMS)
CC) IT CC:ISO/IEC15408 IT IT
CC) CC:ISO/IEC15408 PP : Protection Profile ST Security T EAL Evaluation Assurance Le el PP ST ST EAL)
CC) CC Audit Communication Cryptgraphic Support User Data Protection Identification and Authentication Security Management Privacy Protection of the TOE Security Functions Resource Utilization TOE Access Trusted Path/Channels
CC) ST) ST Life Cycle Configuration Management Development Test Vulnerability Assessment Guidance Document Delivery and operation Maintenance Paradigm)
CC) CC PP ST
CC) CC EAL EAL1 EAL EAL EAL EAL EAL EAL EAL ST
ISMS) ISMS:ISO/IEC17799 Code of Practice BSI) Code of practice) 1995 2000 ISO/IEC17799) 2001 JIS 200511 ISO/IEC27001
ISMS) ISMS : JIS X 5080 (ISO/IEC2001 17799Part2 )
ISMS Controls) ISO
CC ISMS ECOM CC ISO/IEC15408) ISMS(JISX5080:ISO/IEC17799) ECOM
( )
(1/4) (1/2) ( ) r c 3 ( p
(2/4) (2/2)
(3/4)
(4/4) # # 1 5
DoS
ISMS
5 30 117
(1/5)
(2/5)
(3/5)
(4/5)
(5/5)
1/2 w2 R w1 r1 1 w11 w12 w13 r1 r2 2 w21 w22 w23 r2 r1j r2j w1 i wi1 ri wi2 wi3 ri rij
2/2 Rs =wdirdi 1 Rs Pdi i di=1 Rdi i Rdi =wdi cjrdi 2 Rdi i Pdi cj i j i di=1 Rdi cj i j
5
2 1
( )
,
ISMS ISMS EC EC NIST NIST
URL E-mail (ECOM) http://www.ecom.jp ( IST)shigematsu@nist.co.jp IST 154-0004 4-1-1 F TEL 03-3487-3641 FAX 03-3487-9475