JP2003173258A - Software development support method and system for realizing this method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a software development support system capable of unitarily seizing a development cost of software while taking a security measure when developing the software. <P>SOLUTION: This software development support method is characterized by having an action type input stage for urging action type input to a user by presenting an action type input image screen, a processing pattern acquiring stage for acquiring a processing pattern composed of a plurality of elements on the basis of an action type imparted from the user, a risk value calculating stage for calculating a risk value on the basis of the acquired processing pattern, and a risk diagnosing result presenting stage for presenting a risk diagnosing result image screen on the basis of the calculated risk value to the user. <P>COPYRIGHT: (C)2003,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a software development supporting method and a system for realizing the same, and in particular,
The present invention relates to a security countermeasure support technology and a function point calculation technology for a development target system.

[0002]

2. Description of the Related Art Information systems have become indispensable in business activities of companies. Information systems have become large-scaled and complicated along with the sophistication of business activities, and it is required to improve the efficiency, productivity and quality of software development, which is the core of the information systems. Therefore, as one of the development methods for improving the efficiency of software development, a development method using a prototype has been proposed. This is to create a prototype (prototype) at the early stage of development, check the user's required specifications, or draw out the required specifications in order to minimize the development risk when developing the system. It is a method of doing. In such a development method, it is important for the user to understand the screen transitions and input images, so create a screen transition definition document that defines the screen transitions at the initial stage of development, and prototype the screen transitions. Start by reviewing by.

In developing software, it is very important to determine the development cost. Development costs are closely related to software size and effort. For these estimates, the LOC (Lines
of Code) method was used, but with the recent changes in the software development environment, a scale called "Function Point Method" (hereinafter referred to as "FP method") that measures the scale of software by counting the functions of the software. Is attracting attention.

[0004]

In the conventional software development method using the prototype, the screen transition and the input image can be grasped concretely from the initial stage of development, but it is desired to realize the information system originally. It lacked an approach from the perspective of what the functions were.

In addition, the openness, networking, and decentralization of information systems are rapidly advancing, and their security measures have become an important issue. In particular, security measures are becoming more important as society's interest in the Internet increases. For this reason, in the software development stage, activities such as finding vulnerabilities by taking security measure reviews and taking measures against them are carried out, but a lot of man-hours are required for such activities. Met.

As described above, security measures for information systems are becoming more important. On the other hand,
The more the security measures are taken into consideration, the more the software development cost is increased, and these cannot be easily grasped by the same scale.

Therefore, it is an object of the present invention to provide a software development support system capable of integrally grasping the software development cost while taking security measures during software development.

Another object of the present invention is to provide a software development support system capable of estimating a software development cost while recommending to a user a function originally desired to be realized in software development.

[0009]

A software development support method according to the present invention for solving the above-mentioned problems includes an action type input step of presenting an action type input screen and urging the user to input an action type. Based on the action type given from, a processing pattern acquisition step of acquiring a processing pattern composed of a plurality of elements, a risk value calculation step of calculating a risk value based on the acquired processing pattern, and the calculated And a risk diagnosis result presentation step of presenting a risk diagnosis result screen based on the risk value to the user.

Here, the processing pattern acquisition step includes a step of presenting a processing pattern input screen based on the acquired processing pattern and urging the user to edit the content of the predetermined processing pattern. There is.

Further, the risk value calculating step is characterized in that risk values corresponding to the respective acquired processing patterns are calculated, and a risk total value is calculated from the calculated risk values.

Further, the risk value calculating step is characterized in that the processing type is discriminated based on a predetermined element constituting the processing pattern, and the risk value is calculated based on the discriminating processing type.

Further, the software development support method according to the present invention provides a plurality of action type input screens by presenting an action type input screen and prompting the user to input an action type. A processing pattern acquisition step of acquiring a processing pattern composed of elements, a function number calculation step of acquiring a function type based on the acquired processing pattern, and calculating a function number for the acquired function type; A system characteristic value acquiring step of acquiring a system characteristic value based on an action type given by a user, and a function point calculating step of calculating a function point based on the calculated number of functions and the acquired system characteristic value. , Characterized by having a a function points presenting step of presenting the function points the calculated user.

Here, in the function number calculating step, the function number corresponding to each of the acquired processing patterns is calculated, and a total value of the calculated function numbers is calculated. In the function point calculating step, The feature point is that the function point is calculated based on the calculated total number of functions and the acquired system characteristic value.

The invention of the above method can be understood as an invention of an apparatus (system), and is also realized as an invention of a program or a recording medium recording the program.

In this specification, the term "means" does not simply mean physical means, but also includes the case where the functions of the means are realized by software. Further, the function of one means may be realized by two or more physical means, or the functions of two or more means may be realized by one physical means.

[0017]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Next, embodiments of the present invention will be described with reference to the drawings. [First Embodiment] FIG. 1 is a block diagram for explaining the overall configuration of a system according to the present embodiment. As shown in the figure, this system is typically realized as a client / server system using a WWW system on the Internet. The client system typically corresponds to a personal computer, and a Web client program (browser)
Has been implemented.

The server system 1 includes a Web server program 11, page data 12, a CGI program 13, and various databases 14. The server system 1 accepts a request message according to HTTP from the user's client system, and sends back a response corresponding to the message to the client system. For example, the Web server program 11 uses U
In response to a request for page data 12 designated by the RL, the client computer 3 of that user
The page data 12 is provided to the. The Web server program 11 is typically implemented in the server system 1 as a daemon program called httpd.

The page data 12 is document data forming a screen to be provided to the user, and is, for example, HT.
It is designed using a page description language such as ML. One page data 12 is usually configured to include a URL indicating a reference to another resource (page data, image data, etc.). The page data 12 may be prepared in advance as static data, or may be dynamically generated by the CGI program 13 or the like.

The CGI program 13 is a program executed when the Web server program 11 receives a specific message by HTTP. The CGI program 13 is typically written in a programming language such as Perl or C ++. In this embodiment, CG
As the I program 13, as will be described later, at least a processing pattern screen generation program and a risk calculation program are prepared. The term "CGI program" is used to the extent that it means a program that is executed in response to a request from a client system, and is not used to exclude, for example, an application service program. .

The database 14 includes seven types of databases, that is, a processing pattern DB 14a and a fixed risk D.
B14b, risk DB14c, risk unit price DB14d,
Function type DB 14e, number of functions D
B14f and system characteristic DB14g. These may be physically configured independently of each other, or may be logically configured in one database. The data structure of each of these databases will be described later.

FIG. 2 is a block diagram for explaining the functional configuration of the server system according to this embodiment. The Web server unit 21 corresponds to the Web server program 11 described above and performs processing in response to a request from the client system. The processing pattern input screen generation unit 22 and the risk calculation unit 23 correspond to the above CGI program 13 and are activated by the Web server unit 22. In addition, the function point calculation unit 24
It is a program module called by the CGI program 13.

In response to the first request from the client system, the Web server unit 21 transmits the page data of the screen (action type input screen) for inputting the action type of the system to be constructed to the client system. The action type means a typical service pattern constructed in the Internet world. For example, a site that develops services for members needs a "member registration type" as a screen and system for registering member information. A strict definition is not required for this action type classification method, as long as it can be classified into units that can be commonly recognized by those involved in the development project. This is because this action type is only used as a key for specifying the template of the processing pattern displayed on the processing pattern input screen described later. In addition to the action type, "Static HTML
"Type", "Content search type", "Authentication type", "Material request type", "Pay-as-you-go material request type", "Batch mail transmission type", "Bulletin board type", "One-to-one inquiry type", ""One-to-one inquiry type", "Data download type", "Data upload type", "Questionnaire (quiz) present", etc. are assumed.

The processing pattern input screen generator 22 refers to the processing pattern DB 14a according to the contents input to the action type input screen, and dynamically generates and outputs page data of the processing pattern input screen. The risk calculation unit 23 determines the risk DB 14b and the fixed risk DB 1 according to the contents input on the processing pattern input screen.
4c and risk unit price DB 14d, referring to the individual risk of the system to be constructed,
The page data of the risk diagnosis result screen for presenting this to the user as the diagnosis result is dynamically generated and output.
The risk calculating unit 23 also activates the function point calculating unit 24 to calculate the individual risk, and acquires the function points calculated by the function point calculating unit 24. The function point calculation unit 24 follows the function type DB 14 according to the parameters delivered from the risk calculation unit 23.
e, function number DB 14f and system characteristic D
The function point is calculated with reference to B14g.

As described above, the Web server unit 21
For the first request from the client system,
Send the page data of the action type input screen for the system to be built to the client system. FIG. 3 is a diagram showing an example of the action type input screen. The user inputs information such as an action type on this action type input screen and sends it. In the figure, the "pay-as-you-go bill type request type" is selected as the action type. As described above, the action type is a systematic classification of the purpose and use of the system to be constructed according to the subjectivity of the people involved in the development project. The user preferably executes the execution program units (physically 1
Call the action type input screen for each program and enter the action type.

FIG. 4 is a flow chart for explaining the processing of the processing pattern input screen generation section 22 according to this embodiment. As shown in the figure, the processing pattern input screen generation unit 22 interprets the query statement (CGI parameter) included in the HTTP request input by the user and transmitted from the client system, and acquires the action type (STEP401. ). Next, the processing pattern input screen generation unit 22 searches the processing pattern DB 14a using the acquired action type as a key, and acquires the processing pattern corresponding to the action type (STEP 402).

FIG. 5 shows a processing pattern D according to this embodiment.
It is a figure which shows an example of the data structure of B14a. As shown in the figure, the processing pattern DB 14a defines a processing pattern for each action type. The processing pattern is composed of an element group in which processing for an action (business) is divided into predetermined categories. In this example,
As the components of the processing pattern, "who", "for what purpose", "in which route", "in what state", "what",
Items such as "how many", "to whom", "what state (to whom)", "how" and "how" are defined. Specific processing contents corresponding to each element are defined in each element. For example, for the element “who”, a value such as a system (“SYSTEM”) or an open user (“OPEN”) is defined in advance, and any one of them is set as the value of the element of the processing pattern.

Returning to FIG. 4, the processing pattern input screen generation unit 22 outputs the data of the header portion of the processing pattern input screen (STEP 403) and then initializes the value for each element for each of all the acquired processing patterns. Output the data of the input part set as a value (STEP4
04). After outputting the data of the input parts for all the acquired process patterns, the process pattern input screen generation unit 22 outputs the data of the footer part of the process pattern input screen (STEP 405), and ends the process. The processing pattern input screen generated by the processing pattern input screen generation unit 22 is the Web server program 2
1 to be sent to the client system and presented on the browser.

6 and 7 show examples of the processing pattern input screen according to this embodiment. Note that the processing pattern input screens shown in these figures are composed of one page data, but for the sake of explanation, they show the states displayed in the browser window by the scroll display function of the browser window. .

FIG. 8 shows the risk calculating unit 2 according to this embodiment.
6 is a flowchart for explaining the process of No. 3. The risk calculation unit 23 acquires a processing pattern from the query statement included in the HTTP request input by the user and transmitted from the client system, and performs the following processing for each of all the elements included in each of all the processing patterns. (Loop 1 and loop 2). For example, in the case of the action type “INFO_ORDER”, there are three processing patterns, so loop 1 is looped three times.

The risk calculating unit 23 refers to the risk DB 14c to acquire the risk of each element of the processing pattern to be processed (STEP 801), and determines the processing type (STEP 802 to 804). In this example, four processing types “INSERT”, “READ”, “UPDATE” and “DELETE” are prepared. here,
“INSERT” is a processing pattern for newly adding data, and “READ” is a processing pattern for reading out predetermined data from the already stored data and only transmitting / receiving data. In addition, "UPDATE" is a processing pattern for updating the predetermined data among the already stored data, and "DELETE" is a processing pattern for logically deleting the predetermined data among the already stored data. Is. After determining the processing type of the element, the risk calculating unit 23 performs risk calculation processing corresponding to the determined processing type (STEPs 805 to 808). The details of the risk calculation process corresponding to each of these process types will be described later. After performing the above processing for all the processing patterns, the risk calculating unit 23 calculates the total value of the risk values for each processing pattern (STEP809). And
The risk calculating unit 23 is the function point calculating unit 2
4 is called to calculate the function point (STEP 810).

FIG. 9 shows the risk DB 14 according to this embodiment.
It is a figure which shows an example of the data structure of c. As shown in the figure, the risk DB 14c is further classified by "element name" and "incidental condition (purpose / information state, etc.)" for each element type, and "impersonation risk", "confidentiality risk" and "confidential risk" for each. "Falsification risk" is set in the range of 0 to 1. For example, for the element type “USER”, “0.8” is given to each risk value when the element name is “OPEN” and the incidental condition is “HACKING”.

FIG. 10 shows the INS shown in STEP 805.
It is a flow chart for explaining risk calculation processing at the time of ERT. First, the risk calculation unit 23 calculates the total number of acquired data Dt (STEP 1001). The total number of data acquisitions Dt is the total number of data acquisitions within the service implementation period after the system to be constructed starts operating. The total data acquisition number Dt is calculated, for example, by the following formula.

Dt = action frequency × service implementation period × number of processing cases per action For example, the service (action) that acquires one data at a time has an average of 10 per day.
When the service is executed 00 times and the service is continued for one year, the total number of acquired data Dt is Dt = 1000 × 365 × 1 = 365000.

Next, the risk calculation unit 23 determines the fixed risk D.
Obtain a fixed risk by referring to B14b (STEP
1002). Fixed risk is the damage that would be incurred should a risk occur. The fixed risk is, for example, fixed cost damage that does not depend on the total number of data acquisitions, such as damage investigation cost, correction cost, and lawyer cost. FIG. 11 is a diagram showing an example of the data structure of the fixed risk DB 14b according to this embodiment. The fixed risk DB 14b has “category” and “action”.
"Maximum risk (MAX_RISK)", "Medium risk (MID_
RISK) ”,“ minimum risk (MIN_RISK) ”,“ maximum critical number (MAX) ”and“ intermediate critical number (MID) ”are set. In this embodiment, as the fixed risk, three numerical values are taken in stages according to the total number of data acquisitions. Among the three stepwise numerical values, the ones with the greatest damage are called “maximum risk (MAX_RISK)”, “medium risk (MID_RISK)”, and “minimum risk (MIN_RISK)”. In addition, the total number of data acquisitions that transition from "minimum risk (MIN_RISK)" to "medium risk (MID_RISK)" is called the "intermediate critical number (MID)" and is called "medium risk (MID_RISK)".
The total number of data acquisitions that transition from “K)” to “maximum risk (MAX_RISK)” is called “maximum critical number (MAX)”. If the value of the total data acquisition number Dt obtained earlier is equal to or greater than the maximum critical value, the risk calculation unit 23 determines that
Set the value of maximum risk to the value of fixed risk, if the value of total data acquisition number is smaller than the value of maximum critical number,
If the value of total data acquisition count is equal to or greater than the value of the intermediate critical count, set the value of the fixed risk to the value of the intermediate critical count. If none of these conditions apply,
The risk calculation unit 23 sets the value of the fixed risk to the value of the minimum risk.

After acquiring the fixed risk as described above, the risk calculating unit 23 refers to the risk unit price DB 14d to respectively acquire the information risk unit price for the information pattern (STEP 1003). As the information risk unit price, here, a confidential risk unit price and a tampering risk unit price are prepared. The acquisition processing of these information risk unit prices will be described in detail with reference to FIG.

FIG. 12 is a diagram showing an example of the data structure of the risk unit price DB 14d. The risk unit price DB 14d is
An information risk unit price is given for each information pattern.
For example, in the figure, when the "information pattern" and "EMAIL" are alone, the "confidential risk unit price" is 70 and the "tampering risk unit price" is 20. The second line "EMAI
In “L” and “EMAIL, KJNAME” on the third line, “EMAI
Although it includes L ”, it is treated as another information pattern. In FIG.
Calculates the risk value Ri at the time of INSERT based on the acquired information risk unit price (STEP 1004). IN
The risk value Ri at SERT is calculated, for example, by the following formula.

Ri = fixed risk × (user confidentiality vulnerability +
Route confidentiality vulnerability + Destination storage confidentiality vulnerability + Route alteration vulnerability) + Total number of data acquisition × (Information confidentiality risk unit price × (User confidentiality vulnerability + Route confidentiality vulnerability + Destination storage confidentiality vulnerability) + ( Information tampering risk unit price x route tampering vulnerability)) In this formula, basically, those related to each other are products, and those independent are summed. Here, the meaning of each term is as follows.

User confidentiality vulnerability = who. Purpose. Impersonation risk × Who. Purpose. Confidential risk route Confidential vulnerability = route. Information state. Impersonation risk
× Path. Information state. Confidentiality risk Destination storage confidentiality Vulnerability = Who. Information state. Impersonation risk × Who. Information state. Confidentiality risk + means.
Impersonation risk × means. Confidential risk path. Tamper Vulnerability = Path. Information state. Impersonation risk x path. Information state. Tampering risk Here, the symbol “.” Indicates that there are a plurality of keys for specifying a certain value. For example, in the case of "who. Purpose. Impersonation risk", it means that "impersonation risk" can be specified only after "who" is specified and "purpose" is specified.

In accordance with the above formula, the risk calculating unit 23
After calculating the risk value, performs the risk countermeasure presentation screen creation process and returns to the main process (STEP100
5).

FIG. 13 is a flow chart for explaining the information risk unit price acquisition processing shown in STEP 1003. As shown in the figure, the risk calculation unit 23 searches the risk unit price DB 14d based on the information list designated for each processing pattern in the "what" column of the screen shown in FIG. 6 (STEP 1301). , Whether or not there is a processing pattern that completely matches the information list (STE
P1302). As a result, when determining that there is a matching processing pattern, the risk calculating unit 23 acquires the confidential risk unit price value and the tampering risk unit price value of the risk unit price DB 14d (STEP 1303), and ends the process. On the other hand, when determining that there is no matching processing pattern, the risk calculating unit 23 performs the following processing.

That is, the risk calculation unit 23 searches the risk unit price DB 14d and extracts the information pattern including the information list (STEP 1304). As a result, when it is determined that such an information pattern exists (YES in STEP 1305), the risk calculation unit 23
After the extracted records are sorted in ascending order (smallest order) using the number of elements of the information pattern as a sort key, the value of confidentiality risk is further sorted in descending order (highest order) (STEP).
1306). Next, the risk calculation unit 23 acquires the first record among the sorted records (STEP13
07), the value of the confidentiality risk is multiplied by the number of information list elements / the number of information pattern elements to obtain the result as the confidentiality risk unit price (STEP 1308). Similarly, the risk calculation unit 23 multiplies the value of the tampering risk by the number of information list elements / the number of information pattern elements to obtain the result as the tampering risk unit price (STEP 1309).

On the other hand, when it is judged that there is no information pattern completely including the information list, the risk calculating section 23
Gives up each risk value by the information pattern, adds the risk values of the individual information in the information list, and finally sets the risk value of the entire information list. Specifically, after the confidentiality risk value and the tampering risk value of the information list are initialized to 0 (STEP 1310), the following processing is performed for all the elements of the information list. That is, the risk calculation unit 23 searches the risk unit price DB 14d, and if the information exists, adds the value of the confidential risk unit price of the information to the confidential risk of the information list, and similarly tamper with the information list. The value of the tampering risk unit price of the information is added to the risk (STEP 1311).

FIG. 14 shows the REA shown in STEP 806.
It is a flow chart for explaining risk calculation processing at the time of D. As shown in the figure, first, the risk calculation unit 23
Calculates the total number of data acquisitions (STEP1401),
Get information risk unit price. (STEP 1402). These are the same as those described in the risk calculation process at the time of INSERT described above. Next, the risk calculator 2
3 calculates the risk value Rr at the time of READ based on the acquired information risk unit price (STEP1403). REA
The risk value Rr at the time of D is calculated by the following formula, for example.

Rr = total data acquisition number × (information confidentiality risk unit price × (user confidentiality vulnerability + route confidentiality vulnerability) + (information tampering risk unit price × route tampering vulnerability)) The risk calculation unit 23 calculates the risk value. Once calculated, the risk countermeasure presentation screen is created and the process returns to the main process (S
TEP 1404).

FIG. 15 shows the UPD shown in STEP 806.
It is a flow chart for explaining risk calculation processing at the time of ATE. The flow of risk calculation processing at UPDATE is basically the same as the flow of processing at READ described above, but since the concrete content of the risk value calculation processing (STEP 1503) is different, this will be described below. To do.

That is, the risk value Ru during UPDATE
Is, for example, Ru = total number of acquired data × (information confidentiality risk unit price × (user confidentiality vulnerability + route confidentiality vulnerability) + (information tampering risk unit price × (user tampering vulnerability + route tampering vulnerability + partner) Storage tampering vulnerability)))).

FIG. 16 shows the DEL shown in STEP806.
It is a flow chart for explaining risk calculation processing at the time of ETE. The flow of risk calculation processing at the time of DELETE is also basically the same as the flow of the processing at the time of READ described above, but the risk value calculation processing (STEP 1603)
Since the specific contents of the above are different, this will be described below.

That is, the risk value Rd at the time of DELETE
Is, for example, Rd = total number of acquired data × (unit price of information tampering risk ×
(User tampering vulnerability + route tampering vulnerability + partner storage tampering vulnerability)).

FIG. 17 is a flow chart for explaining the risk countermeasure presentation process according to this embodiment. After calculating the risk value corresponding to each processing type, the risk calculating unit 23 performs a process for displaying a message based on the risk value. That is, as shown in FIG.
The risk calculation unit 23 checks whether the product of the information confidentiality risk unit price and the route confidentiality vulnerability is larger than 0, and the state of the information when passing the route is plain text (STEP 170.
1) If this is the case, data for the presentation screen is created so that the message "encrypt information when passing through the route" is presented (STEP 1702). Next, the risk calculation processing 23 checks whether or not the partner storage is a "file" or a "database" (ST
EP1703), and if so, it is further checked whether or not the information confidentiality risk unit price x the partner storage confidentiality vulnerability is greater than 0 and the state of the information when the partner storage is stored is plaintext (STEP1704). . When the risk calculation processing 23 determines that these conditions are satisfied, the data of the presentation screen is created so that the message of “encrypt the information stored in the other party storage” is presented (STEP 1705). ). Then, the risk calculation unit 23 checks whether or not the number of pieces of information to be handled is two or more (STEP 1706), and if it judges that it is, a message "reduce the number of pieces of information to be handled" is presented. As described above, the data of the presentation screen is created (STEP 1707).

Next, the function point calculation processing shown in STEP 810 of FIG. 8 will be described. FIG.
6 is a flowchart for explaining a function point calculation process according to the present embodiment. The function point calculation unit 24 performs the following process (ST) for all the processing patterns delivered from the risk calculation unit 23.
EP 1801 and 1802). That is, the function point calculation unit 24 refers to the function type DB 14e and acquires the function type of each processing pattern (STEP 1801). FIG. 19 shows
It is a figure which shows an example of the data structure of function type DB which concerns on this embodiment. As shown in the figure, the function type DB stores the type (corresponding to “what”) of the processing pattern and the function type in association with each other. The function type is "ILF
(Internal logic file), “EIF (external interface file)”, “EI (external input)”, “EO (external output)” and “EQ (external inquiry)” are prepared. Acquires the function type of the processing pattern, and calculates the number of functions (STEP 1802).

FIG. 20 is a flow chart for explaining the calculation processing of the number of functions shown in STEP 1802. The function point calculator 24 is shown in FIG.
The number of functions is calculated from the number of elements of the data to be processed and the number of processing cases (the number of records) by referring to the function number table as shown in 1 (STEP 2001). Here, the number of data elements is the number of elements of the data set designated by "what" in the processing pattern input screen, and the number of records is "RECORD" in the processing pattern input screen.
It is a numerical value designated by "number" (FIG. 8). For example, in the case of the internal logical file ILF, the number of data elements is 25,
If the number of records is 3, 10 will be obtained as the number of function points.

Next, the function point calculation unit 24
22 refers to the number-of-functions DB 14f shown in FIG. 22 and checks whether the elements defined here are used in the processing pattern (STEP200
2) If it is determined that the function is being used, the number of functions associated with the element is added to the number of functions previously obtained (STEP 2003).

Returning to FIG. 18, the function point calculation unit 24, which has calculated the number of function points for all of the transmitted processing patterns, calculates the total value of the calculated number of functions (STEP 1803). Next, the function point calculating unit 24 refers to the system characteristic DB 14g and acquires the system characteristic (ST.
EP1804).

FIG. 23 is a diagram showing an example of the data structure of the system characteristic DB 14g according to this embodiment. As shown in the figure, the system characteristic DB 14g has a "category".
Each record is further classified by "action type". Each record has 14
Various types of system characteristics are defined, a value is given with a maximum of 5 points for each, and the total value is obtained. The value given here indicates that the higher the value, the stronger the characteristic. The total value is the sum of the values of the system characteristics.

When the function point calculation unit 24 acquires the value of the system characteristic, the function point calculation unit 24 calculates the function point (STEP 1805). The function point is given by the following formula.

Function point = total number of functions × (0.65+ (0.01 × system characteristic value)) After calculating the function point, the function point calculating unit 24 outputs the data of the risk presentation screen (STEP 1806).

24, 25 and 26 are views showing an example of the risk presentation screen according to the present embodiment. Although the risk presentation screen shown in these figures is composed of one page data, for the sake of explanation, the risk presentation screen is shown in the browser window by the scroll display function of the browser window. In this way, the user can receive the support for the security measure by inputting the action type.

[Second Embodiment] In the above embodiment, the risk value is calculated in consideration of respective probabilities with respect to two viewpoints of fixed risk and information risk according to the total number of acquired data. In the present embodiment, the risk value is calculated by considering the probability of the total loss amount including the loss amount (corporate risk) incurred as a company and the loss amount (in-situ risk) incurred on site. Specifically, each risk calculation process by the risk calculation unit shown in FIG. 8 is newly defined.

FIG. 27 shows an INSERT according to this embodiment.
It is a flow chart for explaining risk calculation processing at time.

As shown in the figure, the risk calculating section 23
First, referring to the risk DB 14c, the vulnerability (probability) is calculated (STEP 2701). The vulnerability is calculated by the following formula, for example.

Vulnerability = (user confidentiality vulnerability + means confidentiality vulnerability + route confidentiality vulnerability) x Probability of infringing action occurrence + destination storage confidentiality vulnerability + route alteration vulnerability x 1 alteration Probability of occurrence of action) Here, each “confidential vulnerability” is specified by a combination of elements (keys) such as “who” and “purpose”, as described above. Next, the risk calculation unit 23 calculates the corporate risk by referring to the risk unit price DB 14d and the corporate risk DB as shown in FIG. 28 (STEP 2701). Corporate risk is, for example, the amount of damage due to public relations expenses, settlement charges, court costs, reduction of sales, etc. in the event of an accident, and is mainly due to the high or low confidentiality of information or security damage (eg leakage) information. Is due to several factors.
The corporate risk is calculated, for example, by the following formula.

Corporate risk = Damage amount due to information confidentiality and number of cases × Information confidentiality risk unit price / Information confidentiality risk unit price maximum value × Vulnerability The confidentiality level of the information shown in FIG. 28 is a combination of one or more information. Is set in advance. FIG. 29 is an example of the information confidentiality reference table. In this example, the information confidentiality reference table is configured as a part of the corporate risk DB. As shown in the figure, the information confidentiality reference table is given a confidentiality risk unit price and a confidentiality level for a combination of information. A combination of information is composed of one or more elements, for example, "e
-A combination of elements such as "mail", "name", "address", "telephone", etc., as appropriate.The confidential risk unit price is the unit price of risk for the combination of information, and is typically The more private information is included, the higher the unit price tends to be. The confidential level is set to two levels (high / low) in this example.

After calculating the corporate risk, the risk calculating section 23 then calculates the on-site risk (STEP).
2703). The site risk is, for example, cause investigation cost, restoration cost, or the like. On-site risk is used here as a generic term for three risks: infrastructure risk, common function risk, and scene risk. Here, “infrastructure” means hardware, network, operating system, database, Web server, MTA,
An organization that manages DNS, etc. The "common function" is an organization that develops functions that can be grouped together in individual applications, and corresponds to, for example, an authentication system, a mass mail sending tool, an advertisement distribution system, a personal information management system, etc. . The "scene" refers to a main organization that provides Web services, and mainly develops individual applications.

Specifically, each of these risks is calculated, for example, by the following formula.

Infrastructure risk = Infrastructure support cost x (vulnerability + partner storage tampering vulnerability) Common function risk = Common function support cost x (vulnerability + partner storage tampering vulnerability) Scene risk = scene side support cost x ( Vulnerability + Counterpart storage tampering vulnerability) However, as a rule of thumb, the scene side cost is assumed to be 40% of the function point unadjusted value of the symmetric program.

After calculating the corporate risk and the on-site risk, the risk calculating unit 23 calculates a risk value by summing them (STEP 2704), performs a risk countermeasure presentation screen creating process, and returns to the main process (S).
TEP2705).

The above is the description of the risk calculation process at the time of INSERT, but the flow of the process of the risk calculation process at the time of READ, UPDATE and DELETE other than that is basically the same as that at the time of INSERT. Since the specific contents of the risk value calculation process are different, this will be described below.

That is, in the risk calculation process at the time of READ, the vulnerability, the corporate risk and the on-site risk are
For example, it is calculated by the following formula.

Vulnerability = (User confidentiality vulnerability + Means confidentiality vulnerability + Route confidentiality vulnerability) x Probability of infringing confidential action + route falsification vulnerability x Probability of falsifying individual action) Corporate risk = Damage amount due to information confidentiality and number of cases x Information confidentiality risk unit price / Information confidentiality risk unit price maximum value x
Vulnerability Infrastructure risk = Infrastructure response cost x Vulnerability common function risk = Common function response cost x Vulnerability Scene risk = Scene side response cost x Vulnerability In the risk calculation process at UPDATE, the vulnerabilities are It is calculated by a formula.

Vulnerability = (User tampering vulnerability + Means tampering vulnerability) × Probability of tampering with each case + Route confidentiality vulnerability × 1 case Probability of breaching confidentiality + Route vulnerability × 1 case (Probability of occurrence of act of tampering with each other) Since corporate risk and on-site risk are the same as the risk calculation process at the time of READ, description thereof will be omitted.

In the risk calculation process at the time of DELETE, the vulnerability is calculated by the following formula, for example.

Vulnerability = (user tampering vulnerability + means tampering vulnerability) × Probability of occurrence of alteration by 1 case + route alteration vulnerability × Probability of occurrence of alteration by 1 case) Similarly, corporate risk, site risk Is READ
It is the same as the risk calculation process at time.

As described above, according to the present embodiment, the risk value is calculated in consideration of the probability with respect to the total damage amount including the damage amount suffered as a company (corporate risk) and the damage amount suffered on site (site risk). By doing so, it becomes possible to uniformly and efficiently perform risk diagnosis instead of paying attention to security measures of individual information.

The above-described embodiments are examples for explaining the present invention, and the present invention is not intended to be limited to these embodiments. The present invention can be implemented in various forms without departing from the gist thereof. In the above embodiment, the operation of the function realizing means has been described sequentially, but the operation is not particularly limited to this. Therefore, as long as there is no contradiction in the operation, the order of processing may be changed or the operations may be performed in parallel.

[0076]

According to the present invention, it is possible to centrally grasp the software development cost while taking security measures during software development.

Further, according to the present invention, it is possible to estimate the software development cost while recommending the function to be originally realized to the user in software development.

[Brief description of drawings]

FIG. 1 is a block diagram illustrating an overall configuration of a system according to an exemplary embodiment of the present invention.

FIG. 2 is a block diagram illustrating a functional configuration of a server system according to an embodiment of the present invention.

FIG. 3 is a diagram showing an example of an action type input screen according to an embodiment of the present invention.

FIG. 4 is a flowchart for explaining processing of a processing pattern input screen generation unit according to the embodiment of the present invention.

FIG. 5 is a processing pattern DB 1 according to an embodiment of the present invention.
It is a figure which shows an example of the data structure of 4a.

FIG. 6 shows an example of a processing pattern input screen according to an embodiment of the present invention.

FIG. 7 shows an example of a processing pattern input screen according to an embodiment of the present invention.

FIG. 8 is a flowchart for explaining a process of a risk calculation unit 23 according to this embodiment.

FIG. 9 is a diagram showing an example of a data structure of a risk DB 14c according to the present embodiment.

FIG. 10 is a flowchart for explaining a risk calculation process at the time of INSERT in FIG.

FIG. 11 is a diagram showing an example of a data structure of a fixed risk DB 14b according to the present embodiment.

FIG. 12 is a diagram showing an example of a data structure of a risk unit price DB 14d.

FIG. 13 is a flowchart for explaining an information risk unit price acquisition process.

FIG. 14 is a flowchart for explaining a risk calculation process at the time of READ in FIG.

FIG. 15 is a flowchart for explaining a risk calculation process at the time of UPDATE in FIG.

16 is a flowchart for explaining a risk calculation process at the time of DELETE in FIG.

FIG. 17 is a flowchart illustrating a risk countermeasure presentation process according to an embodiment of the present invention.

FIG. 18 is a flowchart illustrating a function point calculation process according to an embodiment of the present invention.

FIG. 19 is a diagram showing an example of a data structure of a function type DB according to the embodiment of the present invention.

FIG. 20 is a flowchart for explaining a process of calculating the number of functions in FIG.

FIG. 21 is a diagram showing an example of a function number table according to an embodiment of the present invention.

FIG. 22 is a diagram showing an example of a data structure of a function number DB according to the embodiment of the present invention.

FIG. 23 is a system characteristic DB according to one embodiment of the present invention.
It is a figure which shows an example of the data structure of.

FIG. 24 is a diagram showing an example of a risk presentation screen according to an embodiment of the present invention.

FIG. 25 is a diagram showing an example of a risk presentation screen according to an embodiment of the present invention.

FIG. 26 is a diagram showing an example of a risk presentation screen according to an embodiment of the present invention.

FIG. 27 is a flowchart illustrating a risk calculation process at the time of INSERT according to an embodiment of the present invention.

FIG. 28 is a diagram showing an example of a data structure of a corporate risk DB according to the embodiment of the present invention.

FIG. 29 is a diagram showing an example of an information confidentiality reference table according to an embodiment of the present invention.

[Explanation of symbols]

1 ... Server system 2 ... Client system 11 ... Web server program 12 ... Web page 13 ... CGI Program 14 ... Database 15 ... Browser 21 ... Web server unit 22 ... Processing pattern input screen generation unit 23 ... Risk Calculation Department 24 ... Function point calculator

Claims (11)

[Claims] 1. An action type input screen is presented to prompt a user to input an action type, and a processing pattern composed of a plurality of elements is acquired based on the action type given by the user. A processing pattern acquisition step, a risk value calculation step of calculating a risk value based on the acquired processing pattern, and a risk diagnosis result presentation step of presenting a risk diagnosis result screen based on the calculated risk value to the user, A software development support method characterized by having. 2. The processing pattern acquisition step includes the step of presenting a processing pattern input screen based on the acquired processing pattern and urging the user to edit the content of the predetermined processing pattern. Claim 1
Described software development support method. 3. The risk value calculating step calculates a risk value corresponding to each of the acquired processing patterns, and calculates a total risk value from the calculated risk values. Alternatively, the software development support method described in 2. 4. The risk value calculating step determines a processing type based on a predetermined element forming the processing pattern, and calculates a risk value based on the determined processing type. The software development support method according to items 1 to 3. 5. The risk value calculating step calculates a risk value based on a confidentiality level given to information targeted for security and the number of security damages for the information. Alternatively, the software development support method described in 4. 6. An action type input screen is presented to prompt a user to enter an action type, and a processing pattern composed of a plurality of elements is acquired based on the action type given by the user. A processing pattern obtaining step, a function number obtaining step of obtaining a function type based on the obtained processing pattern, and calculating a function number for the obtained function type; and an action type given by the user. A system characteristic value acquisition step of acquiring a system characteristic value; a function point calculation step of calculating a function point based on the calculated number of functions and the acquired system characteristic value; and a calculated function point. Software development support method, characterized in that it has a function point presentation stage to be presented to the The, the. 7. The function number calculating step calculates a function number corresponding to each of the acquired processing patterns, and calculates a total value of the calculated function numbers. 7. The software development support method according to claim 6, wherein a function point is calculated based on the total value of the number of functions performed and the acquired system characteristic value. 8. An action type input screen is presented to acquire an action type acceptance means for accepting an action type input by a user, and a processing pattern composed of a plurality of elements based on the action type accepted by the user. A processing pattern acquisition unit, a risk value calculation unit that calculates a risk value based on the acquired processing pattern, and a risk diagnosis result presentation unit that presents a risk diagnosis result screen based on the calculated risk value to the user. A software development support system characterized in that 9. A program for causing a computer to realize a predetermined function, wherein the program presents an action type input screen so as to prompt the user to input an action type, and an action type given by the user. Based on the above, a function of acquiring a processing pattern composed of a plurality of elements, a function of calculating a risk value based on the acquired processing pattern, and a risk diagnosis result screen based on the calculated risk value to the user. A software development support program characterized by having the function to perform. 10. Presenting an action type input screen,
Based on the action type accepting means for accepting the input of the action type by the user, the processing pattern obtaining means for obtaining the processing pattern composed of a plurality of elements based on the action type accepted by the user, and the obtained processing pattern A function number calculating unit that acquires a function type and calculates the number of functions for the acquired function type; a system characteristic value acquiring unit that acquires a system characteristic value based on the action type given by the user; Function point calculating means for calculating function points based on the calculated number of functions and the acquired system characteristic value, and a function point for presenting the calculated function points to the user. Software development support system comprising: the presenting means. 11. A program for causing a computer to realize a predetermined function, wherein the program presents an action type input screen so as to prompt the user to input an action type, and an action type given by the user. A processing pattern acquisition function for acquiring a processing pattern composed of a plurality of elements, and a function number for acquiring a function type based on the acquired processing pattern and calculating the number of functions for the acquired function type. A calculation function, a system characteristic value acquisition function for acquiring a system characteristic value based on the action type given by the user, and a function point is calculated based on the calculated number of functions and the acquired system characteristic value. fan And Deployment point calculation function, software development support program characterized by having a function points presenting function for presenting to a user the function points the calculated.