JP2008171254A - Information security portal site functional system in information security management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To apply an information security management system to an information security consulting function system. <P>SOLUTION: A portal site function is built in an inventory control software of an IT product connected to a network to automate the selection of information assets, in software and hardware built in the portal site function for information security, and the function for risk analysis, risk management and risk handling is attained as an optional function of the inventory control software, without using current service. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to an information management system, and more particularly to an information security management system.

A conventional information management system includes, for example, “ISO9000 series quality management system construction method and system” disclosed in JP-A-2002-13290. This conventional system relates to a so-called ISO 9000 series quality control system, and the problem is that a service center having a mechanism for establishing an ISO 9000 series quality control system is connected to a terminal (contractor terminal) of a user company via an information communication network. The solution is to support the construction of the quality management system, and the solution is to connect the service center having the ISO 9000 series quality management system construction mechanism and the contractor terminal, which is the user company, via the information communication network. The various data related to the construction of the quality control system of the contractor is registered using the homepage of the service center. Based on the above registered data, the service center provides the optimum documents for the construction of the quality control system to the contractor terminal, and also provides guidance and advice from the external consultant terminal for quality control of the user company. It is in support of system construction.
In this conventionally known system, an information communication network is used to connect a service center having a mechanism for establishing an ISO9000 series quality management system, a terminal of a user company using the service center, and an unspecified general terminal. An ISO 9000 series quality management system construction support system for connecting and constructing the ISO 9000 series quality management system entrusted by the company, wherein the service center is connected to a terminal of a company that intends to use the service with a service center Company information registration means that prompts input of company information necessary for using the service center on the homepage and registers the entered company information, and document creation for creating documents related to the ISO9000 series quality control system at the terminal of the user company Means and said Consulting means for providing advice on the construction of the quality management system from the user company and advice on advice requests, and documents related to the ISO 9000 series quality management system created by the user company, and checking results to the user company System check means to be provided, document registration means for registering a reference document file related to the ISO 9000 series quality control system provided from the user company and the unspecified terminal, and the advice, check result or reference document file are electronic File transfer means for transferring to a user company terminal by mail transmission or file transfer, company information database for storing company information collected from the user company terminal, and ISO 9000 series quality management system being created by the user company Sentence Document creation database for storing information, consulting database for storing information advised by consulting means, quality management system check database for storing document check information related to ISO 9000 series quality management system, terminal of user company or unspecified terminal An ISO9000 series quality management system construction support system comprising: a completed document database for storing reference document information related to the ISO9000 series quality management system collected from

  The so-called conventionally known system relates to an ISO 9000 series quality management system construction support method and a system for providing a mechanism for constructing an ISO 9000 series quality management system through an information communication network. Specifically, the ISO 9000 series quality management system. A service center having a construction mechanism and a terminal of a user company that intends to use this service are connected by an information communication network such as the Internet, and a person in charge of the user company uses the ISO9000 series quality management system on the homepage of the service center. Select the documents you want to incorporate into your company while referring to the related reference document examples, create the required documents for the ISO 9000 series quality management system, provide reference information as necessary, and analyze the actual documents that were created (check) Provides the ability to provide advice and guidance based on fruit, also relates to ISO9000 quality control system adapted charging is performed according to the usage period or the like.

  Such a conventionally known system is for supporting the construction of a so-called “ISO9000 quality management system” and cannot be used in other related systems. Therefore, when the information security management system in the information management system is developed, the present invention has a problem to be solved.

  The present invention has been developed to solve the above-mentioned problems, and this function is incorporated in the inventory management software of IT products connected to the network in the software and hardware incorporated in the portal site function of information security. In an information security management system characterized by automating the selection of information assets and realizing the same functions without using this service as an optional function of inventory management software for risk analysis, risk management, and risk management Information security / portal site function system is provided, and the information asset management function in the information security portal site system enables unified asset management by centrally managing the classification master and calculating the asset value The Responding to various needs by selecting from the types, and by selecting from past history at the time of registration of evaluation values such as confidentiality, integrity, availability, etc. The information security portal site function system in the information security management system that can respond is provided, and the risk analysis function in the information security portal site system enables systematic risk analysis of registered assets. In addition, it is possible to automatically extract vulnerabilities from assets, and moreover, risk measures can be selected efficiently from the screen, and risk values are calculated for each confidentiality, integrity, availability, etc., and a strict risk assessment is performed. Information security portal system for enabling information security management system The risk analysis function in the information security portal site system automatically sets the handling method of information assets according to the selected CIA value, and each vulnerability, threat, and management before and after countermeasures are provided. The provision of information security and portal site function systems in information security management systems that enable comparison and examination of risk values for each CIA, and the management procedure manual creation function in the information security portal site system Information security portal site function system in an information security management system that prepares a document template necessary for operation and has a function of automatically inserting a company-specific proper noun into the document so that the template document is not modified In the provision of Furthermore, the application declaration creation function in the information security portal site system can automatically create an application declaration for each department based on the control measures selected in the risk analysis, and can automatically insert example sentences for provision and exclusion reasons. Information security portal site function system in the information security management system, and the ISMS document management function in the information security portal site system can change document contents and automatically manage version updates Provide information security / portal site function system in security management system, and electronic approval function in the information security portal site system allows for reliable construction operation by setting the authorizer for each workflow in the construction of ISMS And providing the information security portal site function system in the information security management system that enables the current status to be confirmed at a glance by the decision function, and further providing the information management system service in the information security portal site system. A company information registration means for registering necessary company information on the homepage of the service center and a company using the information management system for searching and utilizing the necessary information data through the information communication network with the center and the information service Information registration means for registering necessary company information, document creation means for information management system necessary for the user company, consulting means for necessary information management system from the user company, and system for providing the document check result to the user company Check means and Information security management system comprising various databases composed of a document registration means for registering a file of a reference document provided by a business company and a file transfer means for transferring a file such as the document to a terminal of the user company Provide information security and portal site functional systems.

  The present invention incorporates this function in the inventory management software of IT products connected to the network in software and hardware incorporated in the portal site function of information security, and automates the selection of information assets, as well as risk analysis, risk management, It is an information security portal site function system in an information security management system characterized in that risk response is an optional function of inventory management software and an equivalent function is realized without using this service. The information asset management function in the portal site system enables centralized management of the classification master to enable consistent asset management, and select from several types of asset value calculation methods to meet various needs. In the information security portal site functional system in the information security management system that enables selection from past history at the time of registration of evaluation values such as reliability and availability, reduces the difference by the evaluator, and enables response by the Personal Information Protection Law Yes, and the risk analysis function in the information security portal site system enables systematic risk analysis for assets registered and automatic extraction of vulnerabilities for assets, and screens for risk countermeasures It is an information security portal site function system in an information security management system that enables strict risk assessment by calculating risk values for each of confidentiality, integrity, availability, etc. Security portal site system Claims that automatically set the handling method of information assets based on the CIA value selected by the risk analysis function in Japan and enable comparison of risk values for each vulnerability, threat, control measure, and CIA before and after the countermeasure The information security portal site function system in the information security management system described in 1 above, and the management procedure manual creation function in the information security portal site system prepares a document template necessary for the operation of the ISMS and is unique to the company. It is an information security portal site functional system in an information security management system that has a function of automatically inserting proper nouns into a document and does not require modification of a template document, and also declares application of the information security in the portal site system The document creation function is This is an information security portal site functional system in an information security management system that automatically creates an application declaration for each department based on the management policy selected in the task analysis and enables automatic insertion of reasons for provision and reason for exclusion The information security portal site function system in the information security management system in which the ISMS document management function in the information security portal site system changes the document contents and enables automatic management of version updates. An information approval manager in the portal site system that makes it possible to set an authorizer for each workflow in the construction of ISMS and enable reliable construction operation, and to confirm the current status at a glance by the decision function. Information security / portal site function system in the information system, and in the information security portal site system, the information management system service center and the information service are searched for and utilized through the information communication network. A company information registration means for registering company information required for the service center homepage, a company information registration means for registering company information required for the user company, and a document of the information management system required for the user company. Preparation means, necessary information management system consulting means from the user company, system check means for providing the document check result to the user company, document registration means for registering a reference document file provided by the user company, and the document The end of the company that uses the file Since it is an information security portal site functional system in an information security management system that includes various databases composed of file transfer means for transferring to a network, it has many advantages that cannot be obtained with conventional systems: .

Advantages of introducing the system of the present invention・ Installation of software is not required for browser operation (if any user authentication function such as ID and Password is available, it can be operated from any PC)
・ Easy to download template documents with proven track records ・ No need to modify template documents with proper noun insertion function ・ Consistent asset management by multiple departments ・ Uniform quality of risk analysis results・ Risk analysis simulation function ・ Centralized information management in the database ・ Information sharing with remote sites is possible (no distance restrictions)
・ Communication function Because of the many advantages described above, a dedicated staff is not required and costs can be reduced. In addition, the construction period can be shortened and the security quality can be improved.

  Since the best mode of the present invention is an information security management system in an information management system, the basic technology is characterized by utilizing a general business model technology. Therefore, the features of the system of the present invention will be described, and a management system for implementing the system will be described.

First, the basic concept of the system of the present invention is the standard of information security management system (ISMS), and the present invention is mainly constructed by a portal site and ASP service of ISO27001Web that supports ISO27001Web. It reduces the workload during operation. The service form / usage image / risk analysis simulation function is shown in FIG. The main functions of this ASP service are information asset management for registering and managing information asset ledgers, risk analysis for information asset value, development, vulnerability assessment, risk assessment, etc., and risk for risk response and management policy selection. Management, creation of management procedure procedures that automatically create procedures based on risk management, creation of application declarations that automatically create application declarations, document management that manages version of various documents, and approval procedures It consists of electronic approval for computerization. As a result, the workload at the time of ISMS construction is as follows.
Creation of asset information ledger for workload information at the time of ISMS construction Asset list for each employee Maintenance and update of ledger Risk assessment Information asset value assessment Threat / vulnerability assessment Risk value calculation / risk response Preparation of rules / standard documents Risk Document creation according to assessment Version management Reduction of work time Quality equalization of risk analysis results Centralized management of information in the database Improved security of ISMS-related information that is not subject to distance / environmental restrictions by ASP In addition, the basic system of the present invention An application of the will be described.
(1) Support for construction of information security consulting business In the management system described above, information security management system (ISSMS Ver 2.0 / ISO27001 (JISQ27001)) information security certification acquisition, information security strategy planning, security vulnerability diagnosis, etc. This is an information security management system in an information management system that supports the construction of an information security consulting business.
(2) Support for training education and E-running business construction In the above management system, ISO27001 and privacy mark comprehensive consulting, JIPDEC certified ISO27001 (JISQ27001) auditor training, crackers training course, ISMS / privacy mark related training, etc. This is an information security management system in the information management system that supports the construction of training education / e-learning business.
(3) Information security audit support In the above management system, adherence to and improvement of information security rules, maintenance and management in response to changes in information technology and business changes, establishment of an internal audit system, and gaining trust in the corporate information management system This is a management system in an information management system that supports information security audits.
(4) Support for building disaster management business management consulting Information security in the information management system that supports the construction of disaster management business management consulting such as business continuity planning, disaster response system design, and disaster response system construction in the above management system Management system.
(5) Information management function support In the management system described above, this is an information security management system in an information management system that supports information management functions such as information management, document management, risk analysis, and risk management of ISO27001.

  Next, the best mode of the present invention will be described. The basic configuration of the present invention uses a service center of an information management system and an information service by retrieving necessary information data via an information communication network. In the information management system, the company information registration means for registering the company information necessary for the homepage of the service center, the company information registration means for registering the company information necessary for the user company, and the information management system document required for the user company Creation means, necessary information management system consulting means from the user company, system check means for providing the document check result to the user company, document registration means for registering a reference document file provided by the user company, and , Various data composed of file transfer means for transferring the file such as the document to the terminal of the user company An information security management system in an information management system characterized by having an information security management system, and obtaining a privacy mark certification of an information security management system (ISMS Ver 2.0 / ISO27001 (JISQ27001)) in the management system・ Information security strategy system ・ Information security management system in information management system that supports construction of information security consulting business such as security vulnerability diagnosis, etc. In addition, ISO27001 and privacy mark comprehensive consulting in the above management system ・ JIPDEC certified ISO27001 ( JISQ27001) Training for auditors, courses for crackers, ISMS / Privacy Mark It is an information security management system in the information management system that supports the construction of training education / e-learning business such as related training, and also in compliance with information security rules in the above management system, responding to changes in information technology and business changes Maintenance management, establishment of internal audit system, information security management system in information management system that supports information security audits such as gaining trust in corporate information management system, and business continuity plan formulation and disaster response in the management system This is an information security management system in an information management system that supports construction of disaster countermeasure business management consulting such as system design and disaster countermeasure system construction. Since it is an information security management system in an information management system that supports information management functions such as 01 information management, document management, risk analysis, risk management, etc., the basic system shimtem of the system has been widely used in the past. It consists of a terminal such as a protocol / radio chart and its software, and can be said to be related to a technology / invention of a so-called business model.

  Further, the best embodiment of the present invention will be described with reference to FIGS. First, FIG. 1 is a service form of ISO27001, FIG. 2 is a usage image of ISO27001, FIG. 3 is a configuration of ISO27001, FIG. 4 is an information asset management function, FIG. 5 is a risk analysis function, 6 is a risk management function, FIG. 7 is a control measure procedure creation function, FIG. 8 is an application declaration creation function, FIG. 9 is an ISMS document management function, and FIG. 10 is an electronic approval function. . The service form of ISO27001 is an ASP server, which is connected to a customer site. The usage image of ISO27001 is connected to the risk assessment of the approver, ISMS secretariat, operation staff, asset ledger, adjustment database, and vulnerability database, and the risk assessment is connected to the document template. The template is also connected to the ISMS document. The structure of ISO27001 is from the server side which consists of the office side which consists of the Web base interface of the client terminal and the database which has detailed management measures corresponding implementation of information asset management, risk management, document management, application declaration creation and procedure manual creation. It is configured.

  In addition, the information asset management function in the ISO27001 system enables consistent asset management by centrally managing the classification master, and can select from several types of asset value calculation methods to meet various needs. It is possible to select from past history at the time of registration of evaluation values such as completeness and availability, to reduce differences by evaluators, and to respond by the Personal Information Protection Law, and to systematize assets registered by the risk analysis function Risk analysis can be performed automatically and vulnerabilities can be automatically extracted, and risk countermeasures can be selected efficiently from the screen, and risk values are calculated for each confidentiality, integrity, and possibility. The risk analysis function enables the risk analysis function to automatically set the information asset handling method based on the CIA value selected by the risk analysis function, and before and after the countermeasure is taken. Enables comparative examination of risk values for each vulnerability, threat, control measure, CIA, etc., and the management procedure manual creation function prepares a document template necessary for ISMS operation and provides a company-specific proper noun A function that automatically inserts the document into the document eliminates the need to modify the template document, and the application declaration creation function automatically creates an application declaration for each department based on the control selected in the risk analysis. Reasons for provision / exclusion of reason Exemption example sentences can be automatically inserted, the ISMS document management function can change the document contents and automatically manage version updates, and the electronic approval function sets the authorizer for each workflow in the construction of ISMS In the information security management system configured to enable reliable construction and operation and to confirm the current status at a glance by the decision function. O27001 is a system.

  Since a specific embodiment of the present invention can be applied to a system disclosed in Japanese Patent Laid-Open No. 2002-132902, which is a conventionally known technique, the system function block of FIG. 11 and the system flowchart of FIG. I will do it.

  First, the service center 1 operated by the ISO9000 series quality management system construction support website shown in FIG. 11 includes document creation means 11, database management means 12, consulting means 13, system check means 14, document registration means 15, billing information means. 16, company information registration means 17, document creation database 21, consulting database 22, quality management system check database 23, completed version document database 24, accounting information data 25, company information database 26, and file transfer means 20. The company terminal 3, the external consultant terminal 4, and the unspecified general terminal 5 that use the service center 1 have contractor access means, external consultant access means, and unspecified general access means, respectively, such as the Internet. The service center 1 can be accessed and connected via the information communication network 6. Also, the document creation means 11 is necessary based on input instructions and data provided on the homepage etc. from the contractor terminal 3 of the company (use company) that intends to create a document relating to the ISO9000 series quality management system. This is a means for creating a document related to the ISO9000 series quality management system. The database management means 12 stores the document creation data, consulting data, quality management system check data, completed document data, billing information data, and company information collected from the user company terminal 3, the consultant terminal 4, and the unspecified general terminal 5 in the database 21. Means to store and manage in -26. Further, the consulting means 13 provides the contractor terminal 3 with items that respond to typical questions and questions stored in the consulting database, or accumulates and provides the contents of advice and guidance given by the external consultant terminal 4 It is means to do. The system check means 14 checks the document related to the quality management system created by the contractor terminal 3 in accordance with the ISO9000 series standard stored in the quality management system database 23 or the external consultant terminal 4 in accordance with the ISO9000 series standard. It is a means to check. The document registration means 15 is a means for browsing from the contractor terminal 3 and the unspecified general terminal 5 and registering a quality control document. The billing information means 16 is means for managing billing information for companies registered for use. Further, the company information registration means 17 is a means for registering company information necessary for use registration to the use company terminal 3 of the company to be used. The file transfer means 20 is means for transferring the created document or reference material file to a predetermined terminal of the user company by e-mail transmission or file transfer. Further, the document creation database 21 includes a company name ID of a user company, a type of ISO9000 series quality control document, a standard No. This is a database for storing created documents. The consulting database 22 accumulates answers to questions from the contractor terminal 3, and the database 23 that stores and accumulates results consulted by the external consultant terminal 4 is a quality management system created by the user company terminal 3. This database stores the results of checking related documents. The completed document database 24 is a database for storing documents related to the ISO 9000 series quality management system held by the contractor terminal 3 and the unspecified general terminal 5. The billing information database 25 is a database that records billing information for a user company according to the usage contents of the service center 1. Further, the company information database 26 is a database for recording information on the company using the service center 1 as described above. The contractor access 31 of the contractor terminal 3 is a means for accessing all registration and browsing means from the document creation means 11 to the company information registration means 17 of the service center 1. The consultant access means of the external consultant terminal 4 is a means for accessing the consulting means 13 and the system check means 14, and the unspecified general access means for the unspecified general terminal 5 is a means for accessing the document registration means 15. In FIG. 11, the portion where no figure number is written is an improved portion of the present invention.

  Next, FIG. 12 is a flow chart showing the flow of screen display when a contractor terminal processes a company from service registration to consulting results and quality control system check results alone. First, when the contractor terminal 3 connects to the service center 1, the service center 1 transmits an entry screen to the contractor terminal 3. The service center 1 receives instruction information for selecting a company information registration menu and transmits a company information registration screen. The company information registration screen is a screen for registering a company name, address, contractor name, e-mail address, password, and the like. The contractor terminal 3 receives and displays a company information registration screen (S-103), inputs company information on the company information registration screen, and transmits the entered company information to the service center 1. The service center 1 receives the company information, stores it in the company information database 26, and sends a registration confirmation mail to the administrator. Registration confirmation email An email for notifying the administrator of receipt of company information and registration contents. The contractor terminal 3 receives the registration confirmation mail and ends the registration of company information. When starting to use, the login screen selection instruction information is transmitted from the entry screen. Further, the service center 1 receives login menu selection instruction information and transmits a login screen. The contractor terminal 3 receives and displays the login screen (S-102), inputs the user company authentication information, and transmits it to the user company authentication information service center 1. The user company authentication information is information such as a company ID and an appraiser passport. Further, the service center 1 receives the user company authentication information, and searches the company information database 26 based on this information for authentication. Subsequently, the service center 1 transmits a menu screen to the contractor terminal 3. The contractor terminal 3 receives and displays the menu screen (S-104). Here, one of document creation, consulting service, and quality system check service is selected. The contractor selects a menu item from the menu screen and transmits instruction information. When the service center 1 receives document creation, the contractor terminal 3 receives and displays a document creation screen (S105). Next, the contractor terminal 3 creates and transmits a quality control document on the document creation screen. The service center 1 displays a created document confirmation screen for confirming the created document (S-106).

  On the other hand, when an external consultant service is requested from the contractor terminal and the service center 1 receives this consulting service, the content of the consulting request is input and transmitted to the contractor terminal 3. When the service center 1 receives information on the contents of the consulting request, the service center 1 stores the information in the consulting database 22 and transmits a consulting execution screen (S-108) indicating that there is a consulting request to the external consultant terminal. The external consultant terminal 4 receives the consulting execution screen (S-108) and transmits a solution proposal to the service center 1 in response to the consulting request. The service center 1 registers the solution proposal in the consulting database 22. The contractor terminal 3 receives a consulting result screen (S-109) in order to see a solution for consulting.

  In addition, when receiving the request for the quality system check, the service sunter 1 receives and displays the quality management system check request screen at the contractor terminal 3 (S-110). Accordingly, the contractor terminal 3 inputs the request content on the quality system check request screen and transmits it to the service center. When the service center 1 receives the information on the contents of the quality system check request, the service center 1 stores the information in the quality system check database 23 and transmits a quality management system check execution screen to the external consultant terminal 4. Further, the service center 1 transmits a quality document registration screen (S113) to the contractor if there is no problem in the quality management system check. The contractor terminal 3 receives this quality document registration screen and transmits an intention to register the quality document created by the contractor's judgment. In the service center 1, if the transmitted registration item satisfies the registration condition and can be registered, it is registered in the completed document database 24. In FIG. 12, the portion outside the frame is an improved portion of the present invention.

The schematic diagram which showed the service form of this invention system. The schematic diagram which showed the use image of this invention system. The schematic diagram which showed the structure of this invention system. The schematic diagram which showed the information asset management function of this invention system. The schematic diagram which showed the risk analysis function of this invention system. The schematic diagram which showed the risk management function of this invention system. The schematic diagram which showed the management policy corresponding | compatible procedure preparation function of this invention system. The schematic diagram which showed the application declaration preparation function of this invention system. The schematic diagram which showed the ISMS document management function of this invention system. The schematic diagram which showed the electronic approval function of this invention system. The block diagram of the conventional system relevant to this invention system. The flowchart of the conventional system relevant to this invention system.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Service center 3 Contractor terminal 4 External consultant terminal 5 Unspecified general terminal 6 Information reply network 11 Document preparation means 12 Database management means 13 Consulting means 14 System check means 15 Document registration means 16 Billing information means 17 Company information registration means 20 File transfer means 21 Document creation database 22 Consulting database 23 Quality management system check database 24 Completed document database 25 Billing information database 26 Company information database

Claims (9)

The software and hardware to be incorporated into the portal site function of information security incorporate this function in the inventory management software of IT products connected to the network to automate the selection of information assets and inventory risk analysis, risk management and risk response. An information security portal site functional system in an information security management system that realizes equivalent functions without using this service as an optional function of management software. The information asset management function in the information security portal site system according to claim 1 makes it possible to manage the classification master in a centralized manner to enable consistent asset management and to select from several types of asset value calculation methods. Claim 1 that responds to needs, further enables selection from past histories at the time of registration of evaluation values such as confidentiality, integrity, availability, etc., reduces differences by evaluators, and enables response by the Personal Information Protection Law Information security portal site functional system in the described information security management system. The risk analysis function in the information security portal site system according to claim 1 enables systematic risk analysis of registered assets and automatic extraction of vulnerabilities in assets, and risk countermeasures 2. The information security portal site function in the information security management system according to claim 1, which enables efficient selection from the screen and enables risk assessment by calculating risk values for each of confidentiality, integrity, availability, etc. system. The risk analysis function in the information security portal site system according to claim 1 automatically sets the information asset handling method according to the selected CIA value, and each vulnerability / threat / control / CIA before and after the countermeasure The information security portal site function system in the information security management system according to claim 1, wherein the risk values can be compared and examined. The management correspondence procedure manual creation function in the information security portal site system according to claim 1 has a function of preparing a document template necessary for ISMS operation and automatically inserting a company-specific proper noun into the document. 2. The information security portal site function system in the information security management system according to claim 1, wherein the template document does not need to be modified. The application declaration creation function in the information security portal site system according to claim 1 automatically creates an application declaration for each department based on the control selected in the risk analysis and automatically provides example sentences for reasons of provision and exceptions. The information security portal site function system in the information security management system according to claim 1, which enables insertion. 2. The information security portal site function system in the information security management system according to claim 1, wherein the ISMS document management function in the information security portal site system according to claim 1 enables automatic management of document update and version update. . The electronic approval function in the information security portal site system according to claim 1 enables the reliable establishment and operation by setting an approver for each workflow in ISMS construction, and the current status is confirmed at a glance by the approval function. The information security portal site function system in the information security management system according to claim 1, wherein the function is possible. 2. The information security portal site system according to claim 1, further comprising: an information management system that searches for and utilizes necessary information data through an information communication network between a service center of the information management system and an information service. The company information registration means for registering the necessary company information on the homepage of the computer, the company information registration means for registering the company information necessary for the user company, the document creation means of the information management system required for the user company and the necessary information from the user company Information management system consulting means, system check means for providing the document check result to a user company, document registration means for registering a reference document file provided by the user company, and a terminal on the company side using the document file And various database composed of file transfer means for transferring to Information security portal site function system in the information security management system according to claim 1 to 8, wherein there.