JP2010211657A - Security evaluation apparatus, method and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform multilateral, comprehensive and highly-accurate security evaluation and analysis. <P>SOLUTION: A plurality of security management countermeasures are classified into a plurality of groups by the combinations of a countermeasure part and the kind of danger. A countermeasure execution rate calculation part 227 calculates the ratio of the number of security management countermeasures needed to be executed and the number of security management countermeasures which are already executed as a countermeasure execution rate. A countermeasure fill rate calculation part 228 calculates the ratio of the total of target values and the total of result values in the case of numerically evaluating the execution contents of the respective security management countermeasures as a countermeasure fill rate. An evaluation map preparation part 229 arranges the countermeasure part on a vertical axis, arranges the kind of the danger on a horizontal axis, and prepares an evaluation map indicating the countermeasure execution rate calculated by the countermeasure execution rate calculation part 227 and the countermeasure fill rate calculated by the countermeasure fill rate calculation part 228 for each group. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a security evaluation device, a security evaluation method, and a security evaluation program. The present invention particularly relates to a security evaluation / analysis method and apparatus for an information system (computer system).

  Conventionally, with regard to security evaluation and analysis methods for information systems, even if you are not a system administrator with advanced technical knowledge based on the configuration information and security policy of the target system, you can evaluate the security of the target system, Some measures can be created (for example, see Patent Document 1).

JP 2001-101135 A

In the prior art, a security evaluation target is a “system” composed of one or more “devices”, and security evaluation items are defined depending on the target “device”. In this case, the following problem arises.
(1) Since the security evaluation targets are “device” and “system”, security evaluation items that are not subordinate to “device” and “system” cannot be defined. For example, security evaluation items such as “organization”, “person”, and “equipment” cannot be set or are difficult to set. That is, there is a problem that the security evaluation items are not comprehensive.
(2) Since the security evaluation items are defined as subordinate to “device” and “system”, the security evaluation items of the target “device” and “system” are increased as the evaluation target “device” and “system” increase. Need to be set. That is, there is a problem that the maintainability of the evaluation system is not good.

In the prior art, the security evaluation results are created for each countermeasure function group (measure type) based on the presence or absence of countermeasures, and the radar chart evaluation report is created. is there.
(1) There are various countermeasure areas such as networks, servers, terminals, data, etc., in the area where security management measures are applied (measurement points). I do not know if there is a shortage.
(2) It is not possible to measure whether or not the countermeasure function is sufficiently functioning only by checking the presence or absence of the countermeasure function. Moreover, it cannot be judged whether the countermeasure is functioning enough unless it is evaluated how the countermeasure is operated.

In the prior art, the security strength of security evaluation is classified into simple levels such as “strongest”, “strong”, and “normal”, and the evaluation level (baseline) is changed according to the classification. In this case, the following problem arises.
(1) Although it is preferable that the strength of security can be set in detail according to the business impact in the event of a security accident, the business impact of the system can be achieved with simple levels such as “strongest”, “strong”, and “normal”. It is not possible to set a detailed evaluation level according to the conditions.
(2) Confidentiality (information is not leaked, etc.), integrity (information is not tampered with, etc.), availability (information is always available, etc.), reliability (software is not broken, etc.), compliance Although it is necessary to classify the detailed evaluation level according to the security functional requirements such as (no legal violation or no contract violation), this cannot be done with the conventional technology.

  As described above, the conventional technology can be used as a security evaluation method subordinate to “equipment” and “system”. However, it covers the entire security countermeasure area and what countermeasure function is applied to which countermeasure area. It is not possible to make detailed evaluations such as whether or not In addition, since the criteria for setting the security strength evaluation level (baseline) are simple, there is a problem that the evaluation level cannot be finely adjusted.

  An object of the present invention is to enable, for example, multifaceted, comprehensive, and highly accurate security evaluation / analysis.

A security evaluation device according to one aspect of the present invention includes:
A security evaluation device that classifies a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluates security for each group of security management measures,
For each security control measure, a target flag that indicates whether or not each security control measure needs to be implemented, and a target storage unit that stores in the storage device a target value when numerically evaluating the implementation details of each security control measure,
For each security control measure, a result flag indicating whether or not each security control measure has been implemented, a result value obtained by numerical evaluation of the implementation contents of each security control measure, and a result input unit for storing in a storage device;
For each group of security control measures, refer to the target flag stored by the target storage unit and the actual result flag stored by the actual result input unit, and the number of security control measures that need to be implemented and the actual implementation A countermeasure implementation rate calculation unit that calculates a ratio with the number of security management measures being implemented by the processing device as a countermeasure implementation rate;
For each security control group, measure satisfaction rate calculation for calculating by the processing device as a measure satisfaction rate the ratio between the total of the target values stored by the target storage unit and the total of the actual values stored by the result input unit And
Each security control group includes an output unit that outputs a countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and a countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation unit to a display device. And

A security evaluation device according to another aspect of the present invention is provided.
A security evaluation device that classifies a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluates security for each group of security management measures,
For each security control measure, a target flag that indicates whether or not each security control measure needs to be implemented, and a target storage unit that stores in the storage device a target value when numerically evaluating the implementation details of each security control measure,
For each security control measure, a result flag indicating whether or not each security control measure has been implemented, a result value obtained by numerical evaluation of the implementation contents of each security control measure, and a result input unit for storing in a storage device;
For each group of security control measures, refer to the target flag stored by the target storage unit and the actual result flag stored by the actual result input unit, and the number of security control measures that need to be implemented and the actual implementation A countermeasure implementation rate calculation unit that calculates a ratio with the number of security management measures being implemented by the processing device as a countermeasure implementation rate;
For each group of security controls, the number of security controls whose target values are stored by the target storage unit and the actual values stored by the actual input unit reach the target values stored by the target storage unit. A countermeasure satisfaction rate calculation unit that calculates a ratio with the number of security management measures as a countermeasure satisfaction rate by the processing device;
Each security control group includes an output unit that outputs a countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and a countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation unit to a display device. And

  The output unit arranges one of the two types of classification items on the vertical axis and the other on the horizontal axis, and for each security control group, the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and the It is an evaluation map creation unit that creates an evaluation map that displays the measure satisfaction rate calculated by the measure satisfaction rate calculation unit and outputs it to a display device.

  The evaluation map creation unit creates an evaluation map in which the measure implementation rate calculated by the measure implementation rate calculation unit and the measure satisfaction rate calculated by the measure satisfaction rate calculation unit are color-coded according to the respective values. It is characterized by that.

  The evaluation map creation unit sets the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and the countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation unit in each of the security control groups in two stages, up and down or left and right. The evaluation map is displayed side by side.

The security evaluation device further includes:
A solution information storage unit that stores in a storage device solution information that defines a plurality of common countermeasure solutions that combine specific security controls and define the implementation of each of the security controls;
Among the plurality of common countermeasure solutions defined by the solution information stored in the solution information storage unit, a common countermeasure solution introduced in the information system is selected, and the result flag of the security control measures included in the selected common countermeasure solution And an actual result setting unit for setting the actual value based on the solution information,
The result input unit inputs a result flag and a result value of a security control measure other than the security control measure included in the common measure solution selected by the result setting unit, and the result flag and result value of the input security control measure And a result flag and a result value of the security management policy set by the result setting unit are stored in a storage device.

The security evaluation device further includes:
After the countermeasure implementation rate and the countermeasure satisfaction rate are output by the output unit, any one of a plurality of common countermeasure solutions defined by the solution information stored in the solution information storage unit is arbitrarily selected and the selected common When the actual performance flag and actual value of the security control measures included in the countermeasure solution are set based on the solution information, the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and the countermeasure satisfaction rate calculation unit are calculated. A simulation unit that outputs the measure satisfaction rate to a display device is provided.

The measure satisfaction rate calculation unit further subtracts the target value stored by the target storage unit from the actual value stored by the actual result input unit for each security control measure, and for each security control group, The processing device calculates at least one of the minimum value and the maximum value of the subtraction result as a measure satisfaction degree,
The output unit outputs the measure satisfaction degree calculated by the measure satisfaction rate calculation unit to a display device for each group of security management measures.

A security evaluation method according to one aspect of the present invention includes:
A security evaluation method for classifying a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluating security for each group of security management methods,
For each security control measure, a target flag indicating whether or not each security control measure needs to be implemented, and a target value when the contents of the implementation of each security control measure are evaluated numerically are stored in a storage device.
For each security control measure, enter a performance flag indicating whether or not each security control measure has been implemented, and a performance value obtained by numerically evaluating the implementation contents of each security control measure, and store them in a storage device.
For each group of security controls, refer to the target flag and performance flag stored in the storage device to determine the number of security controls that need to be implemented and the number of security controls that are actually implemented. The ratio is calculated by the processing equipment as the measure implementation rate,
For each security control group, the ratio of the total of the target values stored in the storage device and the total of the actual values stored in the storage device is calculated by the processing device as a measure satisfaction rate,
For each security management group, the calculated countermeasure implementation rate and countermeasure satisfaction rate are output to a display device.

A security evaluation method according to another aspect of the present invention includes:
A security evaluation method for classifying a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluating security for each group of security management methods,
For each security control measure, a target flag indicating whether or not each security control measure needs to be implemented, and a target value when the contents of the implementation of each security control measure are evaluated numerically are stored in a storage device.
For each security control measure, enter a performance flag indicating whether or not each security control measure has been implemented, and a performance value obtained by numerically evaluating the implementation contents of each security control measure, and store them in a storage device.
For each group of security controls, refer to the target flag and performance flag stored in the storage device to determine the number of security controls that need to be implemented and the number of security controls that are actually implemented. The ratio is calculated by the processing equipment as the measure implementation rate,
For each security control group, measure the ratio between the number of security controls whose target value is stored in the storage device and the number of security controls whose actual value stored in the storage device has reached the target value. Calculated by the processing device as the sufficiency rate,
For each security management group, the calculated countermeasure implementation rate and countermeasure satisfaction rate are output to a display device.

A security evaluation program according to one aspect of the present invention includes:
A security evaluation program for classifying a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluating security for each group of security management measures,
For each security control measure, a target flag indicating whether or not each security control measure needs to be implemented, and a target storage process for storing in the storage device a target value when numerically evaluating the implementation details of each security control measure,
For each security control measure, a result flag indicating whether or not each security control measure has been implemented, a result value obtained by numerically evaluating the implementation contents of each security control measure, and a result input process for storing in a storage device;
For each security control group, refer to the target flag stored by the target storage process and the result flag stored by the result input process, and the number of security controls that need to be implemented and the actual implementation Measure implementation rate calculation processing, which is calculated by the processing device as a measure implementation rate as a ratio with the number of security management measures being implemented,
For each group of security control measures, measure satisfaction rate calculation for calculating by the processing device as a measure satisfaction rate a ratio between the total of the target values stored by the target storage processing and the total of the actual values stored by the result input processing Processing,
For each security control group, cause the computer to execute an output process for outputting the countermeasure implementation rate calculated by the countermeasure implementation rate calculation process and the countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation process to a display device. It is characterized by that.

A security evaluation program according to another aspect of the present invention includes:
A security evaluation program for classifying a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluating security for each group of security management measures,
For each security control measure, a target flag indicating whether or not each security control measure needs to be implemented, and a target storage process for storing in the storage device a target value when numerically evaluating the implementation details of each security control measure,
For each security control measure, a result flag indicating whether or not each security control measure has been implemented, a result value obtained by numerically evaluating the implementation contents of each security control measure, and a result input process for storing in a storage device;
For each security control group, refer to the target flag stored by the target storage process and the result flag stored by the result input process, and the number of security controls that need to be implemented and the actual implementation Measure implementation rate calculation processing, which is calculated by the processing device as a measure implementation rate as a ratio with the number of security management measures being implemented,
For each group of security controls, the number of security controls whose target values are stored by the target storage process and the actual values stored by the actual input process reach the target values stored by the target storage process. A measure satisfaction rate calculation process in which a processing device calculates a ratio with the number of security management measures being taken as a measure satisfaction rate;
For each security control group, cause the computer to execute an output process for outputting the countermeasure implementation rate calculated by the countermeasure implementation rate calculation process and the countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation process to a display device. It is characterized by that.

According to one aspect of the present invention, in the security evaluation device,
Classify multiple security controls into multiple groups by combining two or more categories,
The countermeasure implementation rate calculation unit calculates the ratio of the number of security management measures that need to be implemented and the number of security management measures that are actually implemented as the countermeasure implementation rate for each group of security controls.
For each security control group, the measure satisfaction rate calculation unit calculates the ratio between the total of the target values and the total of the actual values as the measure satisfaction rate when the implementation details of each security control measure are evaluated numerically.
The output unit outputs, for each security control group, the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and the countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation unit,
Multi-faceted, comprehensive and highly accurate security evaluation and analysis can be performed.

1 is a block diagram showing a configuration of a security evaluation system according to Embodiment 1. FIG. 4 is a table showing a specific example of a security management DB according to the first embodiment. 4 is a table showing a specific example of an operation level DB according to the first embodiment. 7 is a table showing a specific example of a common countermeasure solution DB according to the first embodiment. 1 is a block diagram illustrating a configuration of a server device according to a first embodiment. 3 is a diagram illustrating an example of a hardware configuration of a server device and a terminal device according to Embodiment 1. FIG. 3 is a flowchart showing an operation of the security evaluation system according to the first embodiment. 4 is a table showing a specific example of a business impact DB according to the first embodiment. 4 is a table showing a specific example of a security management DB according to the first embodiment. 6 is a table showing a specific example of an operation level definition DB according to the first embodiment. 6 is a table showing a specific example of a list of security management measures according to the first embodiment. 6 is a table showing a specific example of a list of security management measures according to the first embodiment. 4 is a table showing a specific example of a color classification method for an evaluation map according to the first embodiment. It is a figure which shows the specific example of the evaluation map which concerns on Embodiment 1. FIG. 10 is a flowchart showing details of the operation of the security evaluation system according to the second embodiment. 10 is a flowchart showing details of the operation of the security evaluation system according to the second embodiment. 10 is a flowchart showing details of the operation of the security evaluation system according to the second embodiment. 10 is a flowchart showing details of the operation of the security evaluation system according to the second embodiment. FIG. 10 is a block diagram illustrating a configuration of a server device according to a fifth embodiment. 10 is a flowchart showing the operation of the security evaluation system according to the fifth embodiment.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

Embodiment 1 FIG.
FIG. 1 is a block diagram showing a configuration of a security evaluation system 100 according to the present embodiment.

  In FIG. 1, a security evaluation system 100 is a system that performs security evaluation / analysis of an information system (computer system), and is a server device 200 connected through a network 150 (hereinafter sometimes simply referred to as “server”). And a terminal device 300 (hereinafter sometimes simply referred to as “terminal”). A plurality of server apparatuses 200 and terminal apparatuses 300 may be installed, respectively, thereby improving convenience, fault tolerance, availability, efficiency, and the like.

  The server apparatus 200 is an example of a security evaluation apparatus, and classifies a plurality of security management measures, which are measures related to information system security, into a plurality of groups based on a combination of two or more types of classification items. To evaluate security. For this purpose, a business impact setting function 201, a security management policy selection function 202, a common countermeasure solution setting function 203, an implementation presence / absence / operation level setting function 204, and an evaluation map creation function 205 are implemented in the server device 200. Details of these functions will be described later. In addition, the server device 200 includes a database 210. The database 210 (DB) includes a security management policy DB 211, a business impact DB 212, an operation level DB 213, a common countermeasure solution DB 214, and an operation level definition DB 215.

  The terminal device 300 acquires the security evaluation result from the server device 200 via the network 150 and presents it to the user (information system administrator or the like). For this purpose, the terminal device 300 is provided with a business impact condition input function 301, a security control list display function 302, a common countermeasure solution input function 303, an implementation / operation level input function 304, and an evaluation map display function 305. . Details of these functions will be described later. In addition, the terminal device 300 includes an input device 351 and a display device 352. The user can use the terminal device 300 to refer to the security evaluation result, perform security analysis, consider improvement measures, and the like.

  Security management measures for information systems vary depending on the types of corresponding “threats” and their “countermeasure areas” vary, but conventionally, what countermeasures are applied to which threats, where and how much. It was very difficult to get a bird's eye view of the system as a whole. For this reason, there is a problem that it is difficult to determine the appropriateness and completeness of the security management measures being implemented, and it is difficult to know what measures should be implemented and how. On the other hand, in this embodiment, the server device 200 and the terminal device 300 make it possible to perform multifaceted, exhaustive, and highly accurate security evaluation / analysis by utilizing each of the above functions. Therefore, it is possible to easily grasp where and how many measures are taken against which threat. In addition, this makes it easy to find out what kind of countermeasures should be added and how it can be implemented because it is easy to find security weaknesses of the information system.

As described above, in this embodiment, security management measures are classified into a plurality of groups by a combination of two or more types of classification items, and stored in the security management policy DB 211. Here, as an example, it is assumed that each security management measure is classified and indexed from the following four viewpoints.
(1) Countermeasure location: An area where security management measures are applied.
(2) Threat: A threat that is handled by a security management measure.
(3) Security functional requirements: Information security functional requirements for security management measures.
(4) Countermeasure means: Countermeasure means for security management measures.

  As described above, by classifying a wide variety of security control measures by four types of classification items, clarify the attributes of each security control measure, and realize multifaceted security evaluation and analysis using attribute data Is possible. In addition, by analyzing the weaknesses of the current security countermeasure status for each attribute of the security control measures, it is possible to perform a comprehensive and accurate weakness analysis. Furthermore, since it becomes easy to find security management measures that are highly necessary to strengthen the weakest part of security, it is possible to efficiently enhance security.

  Among the above four types of classification items, (1) countermeasure location represents an area where security control measures are applied, and the entire information system is classified from several viewpoints. In the present embodiment, as an example, classification focusing on people and information security is performed. Examples of the area related to people include “user” and “administrator”. An area related to information security includes “network” and the like. In addition, it is possible to arbitrarily define a region by performing classification focusing on physical security, organization, and the like. In this way, security management measures are managed by categorizing them at the logical layer, not the physical devices that make up the information system, so that they include management measures for “people” and “organizations” other than devices. Management is possible. In addition, since management is performed by classification according to the logical layer, it is not necessary to define a new management measure even if the number of physical devices increases, and there is an effect that maintenance is facilitated.

  Here, a specific example of the security management DB 211 is shown in FIG.

  For example, in FIG. 2, the security control measure (security control number: 1) that “the authority to access confidential information such as customer information and transaction information is clarified” is implemented for customers who are users. Therefore, the corresponding countermeasure location is set to “user”.

  Further, for example, in FIG. 2, a security management policy (security management policy number: 21) that “when a firewall is set, the account usage history, resource usage status, etc. are regularly monitored” Since this is performed for a firewall that is one of the devices, the corresponding countermeasure location is set to “network”.

  For other security management measures, corresponding countermeasure points are set according to their contents. Note that the example shown in FIG. 2 is an example, and it may be arbitrarily determined which security management measure is associated with which countermeasure location.

  Among the above four types of classification items, (2) threats are classified into several threats by enumerating the threats to which the information system is exposed from different viewpoints such as intentional, accidental, and environmental viewpoints. is there. In the present embodiment, as an example, classification focusing on intentional and accidental items is performed. Intentional threats include “illegal intrusion”, “sniffing”, “privilege abuse”, “leakage”, “spoofing”, “denial”, “information falsification”, and the like. Accidental threats include “error”. In addition, it is possible to arbitrarily define threats by performing classification focusing on environmental matters.

  Here, a specific example of the security management DB 211 shown in FIG. 2 is also referred to.

  For example, in FIG. 2, the security control measure (security control number: 1) that “the authority to access confidential information such as customer information and transaction information is clarified” described above, leaks or falsifies confidential information. Since it is implemented for prevention, the corresponding threats are set to “Leak” and “Information falsification”.

  In addition, for example, in FIG. 2, a security management policy (security management policy number: 21) that “when a firewall is set, the account usage history and resource usage status are regularly monitored” is external Since it is implemented to detect unauthorized intrusion from the network and abuse of account authority, the corresponding threats are set to “illegal intrusion”, “privilege abuse”, and the like.

  For other security management measures, corresponding threats are set according to their contents. Note that the example shown in FIG. 2 is an example, and which security management measures are associated with which threats may be arbitrarily determined.

  Among the above four types of classification items, (3) security functional requirements are obtained by classifying the purpose of the security control measures into five functional requirements. Functional requirements include “confidentiality”, “integrity”, “availability”, “reliability”, and “compliance”. The functional requirement is a determinant of “baseline” as an index of the security countermeasure level described later. Thus, by classifying and organizing the security countermeasure status for each functional requirement and analyzing it, it becomes possible to prioritize measures for ensuring functional requirements that require a high security level.

  Here, a specific example of the security management DB 211 shown in FIG. 2 is also referred to.

  For example, in FIG. 2, the above-mentioned security control measure (security control number: 1) that “authorizes access to confidential information such as customer information and transaction information” maintains confidentiality and integrity. Therefore, the corresponding security functional requirements are set to “confidentiality” and “completeness”.

  Further, for example, in FIG. 2, a security management policy (security management policy number: 21) that “if a firewall is set, the account usage history and resource usage status are regularly monitored” is also classified. Therefore, the corresponding security functional requirements are set to “confidentiality” and “integrity”.

  For other security management measures, corresponding security function requirements are set according to their contents. The example shown in FIG. 2 is an example, and which security management policy is associated with which security function requirement may be arbitrarily determined.

  Among the above four types of classification items, (4) countermeasure means classifies the security control process into three means. As means, there are “prevention”, “detection”, and “coping”. In this way, by analyzing the security countermeasure status by classifying and organizing it by countermeasure means, we have implemented preventive control measures, but we have not been able to implement control measures for detection and countermeasures. Analysis can be performed.

  Here, a specific example of the security management DB 211 shown in FIG. 2 is also referred to.

  For example, in FIG. 2, the security control measure (security control number: 1) that “the authority to access confidential information such as customer information and transaction information is clarified” described above, leaks or falsifies confidential information. Since it is implemented for prevention, the corresponding countermeasure means is set to “prevention”.

  In addition, for example, in FIG. 2, a security management policy (security management policy number: 21) that “when a firewall is set, the account usage history and resource usage status are regularly monitored” is external Since it is implemented to detect unauthorized intrusion from the network or abuse of account authority, the corresponding countermeasure means is set to “detection”.

  For other security management measures, corresponding countermeasure means are set according to the contents of each. The example shown in FIG. 2 is an example, and it may be arbitrarily determined which security management policy is associated with which countermeasure means.

  In the present embodiment, for some security management measures, an operation level is defined and stored in the operation level DB 213. The operation level is an index representing the quality of operation when the operation is accompanied when implementing the security control measures. In other words, the operational level is a numerical evaluation of the implementation of each security control measure. Here, as an example, it is assumed that five operational levels from level 1 to level 5 are defined for each target security management measure. That is, the contents of implementation of each security control measure are evaluated numerically in five stages from 1 to 5.

  Here, a specific example of the operation level DB 213 is shown in FIG.

  For example, in FIG. 3, for a security management measure (security control number: 1) that “the authority to access confidential information such as customer information and transaction information is clarified”, “specification method of access authority” With respect to the above, operation levels from level 2 to level 5 are defined depending on the type of operation. Specifically, it is level 5 if it can be operated with the agreement of the two authorized persons, level 4 if it is "restricted to a minimum number of authorized persons and regularly reviewed", and "the number of authorized persons is It is defined as level 3 when “not limited but regularly reviewed”, and level 2 when “no limit on the number of authorized persons or regular review”, (this is not necessarily 5 levels) Not all operational levels have to be defined).

  Further, for example, in FIG. 3, for a security control measure (security control measure number: 21) that “when a firewall is set, an account usage history, resource usage status, etc. are regularly monitored” Regarding the “account usage history monitoring interval”, operation levels from level 1 to level 5 are defined depending on the type of operation. Specifically, level 5 for “real time”, level 4 for “within 1 hour”, level 3 for “within 6 hours”, level 2 for “within 24 hours”, “more than that” "Is defined as level 1.

  As for other security management measures, each operation level is defined. The example shown in FIG. 3 is an example, and what level of operation is defined for which security control measure may be arbitrarily determined.

  In the present embodiment, a plurality of common countermeasure solutions are defined by combining specific security management measures and defining the implementation contents of the security management measures. Solution information that defines each common countermeasure solution is stored in the common countermeasure solution DB 214. In the solution information, a solution number and a solution name are attached to each common countermeasure solution, and the common countermeasure solution DB 214 is managed by these. As will be described below, when a common countermeasure solution defined in the common countermeasure solution DB 214 is selected, the security control corresponding to the common countermeasure solution is implemented with a specific implementation content (for example, at a specific operation level). It is considered finished.

  Here, a specific example of the common countermeasure solution DB 214 is shown in FIG.

  For example, in FIG. 4, the common countermeasure solution (solution number: 4) having the solution name “XX company network monitoring service” is the security management number: 19 security management measure (“If connected to an external network, A firewall is installed to control communication ”) and security control number: 21 (if a firewall is set, the account usage history, resource usage status, etc. should be monitored regularly) ")"). Therefore, when “XX Network Monitoring Service” is selected, it is considered that the security management policy with security control number: 19 and the security management policy with security management number: 21 have been implemented. In addition, in the “XX company network monitoring service”, when the security control measure No. 21 is implemented, the operation level is level 5 (“monitor account usage history” is performed in “real time”). To be defined. Accordingly, when “XX company network monitoring service” is selected, not only the security management policy with security control number: 19 and the security management policy with security management number: 21 are considered to have been implemented, but also security It will be considered that security control number 21 is implemented at level 5. In this example, the operation level is directly determined for each of the security management measures corresponding to the common countermeasure solution. However, the implementation contents of the security management measures may be determined by expressions other than the operation level. In this case, it is determined by referring to the operation level DB 213 to which operation level the defined implementation content corresponds.

  For other common countermeasure solutions, combinations of security management measures and respective operation levels are set. The example shown in FIG. 4 is an example, and for which common countermeasure solution, which security management measures are combined and which operation level is set may be arbitrarily determined.

  FIG. 5 is a block diagram illustrating a configuration of the server device 200.

  In FIG. 5, the server device 200 includes a condition input unit 221, a target setting unit 222, a target storage unit 223, a solution information storage unit 224, a performance setting unit 225, a performance input unit 226, a countermeasure implementation rate calculation unit 227, and a countermeasure satisfaction rate. A calculation unit 228 and an evaluation map creation unit 229 (an example of an output unit) are provided. The server device 200 includes hardware such as a processing device 251, a storage device 252, an input device 253, and an output device 254. The hardware is used by each unit of the server device 200. For example, the processing device 251 is used for performing calculation, processing, reading, writing, and the like of data and information in each unit of the server device 200. The storage device 252 is used to store the data and information. The input device 253 is used to input the data and information, and the output device 254 is used to output the data and information.

  A database 210 is installed in the storage device 252. For example, the security management DB 211 shown in FIG. 2, the operation level DB 213 shown in FIG. 3, the common countermeasure solution DB 214 shown in FIG. 4, the business impact DB 212 described later, and the operation level definition DB 215 are stored in the storage device 252. Yes.

  A business impact setting function 201 is installed in the condition input unit 221. In the target setting unit 222 and the target storage unit 223, a security control measure selection function 202 is implemented. A part of the common countermeasure solution setting function 203 and the implementation / operation level setting function 204 is installed in the result setting unit 225. A part of the implementation / operation level setting function 204 is installed in the result input unit 226. An evaluation map creation function 205 is implemented in the measure implementation rate calculation unit 227, the measure satisfaction rate calculation unit 228, and the evaluation map creation unit 229. The operation of each part will be described later.

  FIG. 6 is a diagram illustrating an example of the hardware configuration of each of the server device 200 and the terminal device 300.

  In FIG. 6, a server device 200 and a terminal device 300 are computers, respectively, an LCD 901 (Liquid / Crystal / Display), a keyboard 902 (K / B), a mouse 903, an FDD 904 (Flexible Disk / Drive), and a CDD 905 (Compact). (Disc / Drive) and a printer 906 are provided. These hardware devices are connected by cables and signal lines. Instead of the LCD 901, a CRT (Cathode / Ray / Tube) or other display device may be used. Instead of the mouse 903, a touch panel, a touch pad, a trackball, a pen tablet, or other pointing devices may be used.

  Each of the server device 200 and the terminal device 300 includes a CPU 911 (Central Processing Unit) that executes a program. In the server device 200, the CPU 911 is an example of a processing device 251. The CPU 911 includes a ROM 913 (Read / Only / Memory), a RAM 914 (Random / Access / Memory), a communication board 915, an LCD 901, a keyboard 902, a mouse 903, an FDD 904, a CDD 905, a printer 906, and an HDD 920 (Hard / Disk) via a bus 912. Connected with Drive) to control these hardware devices. Instead of the HDD 920, a flash memory, an optical disk device, a memory card reader / writer, or other storage medium may be used.

  The RAM 914 is an example of a volatile memory. The ROM 913, the FDD 904, the CDD 905, and the HDD 920 are examples of nonvolatile memories. In the server device 200, these are examples of the storage device 252. The communication board 915, the keyboard 902, the mouse 903, the FDD 904, and the CDD 905 are examples of the input device 253. The communication board 915, the LCD 901, and the printer 906 are examples of the output device 254. In the terminal device 300, the communication board 915, the keyboard 902, the mouse 903, the FDD 904, and the CDD 905 are examples of the input device 351. The LCD 901 is an example of the display device 352.

  The communication board 915 is connected to a LAN (Local / Area / Network) or the like. The communication board 915 is not limited to a LAN, but is an IP-VPN (Internet, Protocol, Private, Network), a wide area LAN, an ATM (Asynchronous / Transfer / Mode) network, or a WAN (Wide / Area / Network) It does not matter if it is connected to. LAN, WAN, and the Internet are examples of the network 150.

  The HDD 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922. The program group 923 includes programs for executing functions described as “˜unit” and “˜function” in the description of the present embodiment. The program is read and executed by the CPU 911. The file group 924 includes data, information, and signal values described as “˜data”, “˜information”, “˜ID (identifier)”, “˜flag”, and “˜result” in the description of this embodiment. And variable values and parameters are included as items of “˜file”, “˜DB”, and “˜table”. “˜File”, “˜DB”, and “˜Table” are stored in a storage medium such as the RAM 914 or the HDD 920. Data, information, signal values, variable values, and parameters stored in a storage medium such as the RAM 914 and the HDD 920 are read out to the main memory and the cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. It is used for processing (operation) of the CPU 911 such as calculation, control, output, printing and display. During the processing of the CPU 911 such as extraction, search, reference, comparison, calculation, calculation, control, output, printing, and display, data, information, signal values, variable values, and parameters are temporarily stored in the main memory, cache memory, and buffer memory. Remembered.

  The arrows in the block diagrams and flowcharts used in the description of this embodiment mainly indicate input / output of data and signals. Data and signals are recorded in memory such as RAM 914, FDD904 flexible disk (FD), CDD905 compact disk (CD), HDD920 magnetic disk, optical disk, DVD (Digital Versatile Disc), or other recording media Is done. Data and signals are transmitted by a bus 912, a signal line, a cable, or other transmission media.

  In the description of the present embodiment, what is described as “to part” and “to function” may be “to circuit”, “to device”, and “to device”, and “to step” and “to device”. -"Step", "-Procedure", "-Process" may be used. That is, what is described as “˜unit” and “˜function” may be realized by firmware stored in the ROM 913. Alternatively, what is described as “to part” and “to function” may be realized only by software or only by hardware such as an element, a device, a board, and wiring. Alternatively, what is described as “˜unit” and “˜function” may be realized by a combination of software and hardware, or a combination of software, hardware and firmware. Firmware and software are stored as programs in a recording medium such as a flexible disk, a compact disk, a magnetic disk, an optical disk, and a DVD. The program is read by the CPU 911 and executed by the CPU 911. That is, the program causes the computer to function as “to part” described in the description of the present embodiment. Alternatively, the program causes a computer to execute the procedures and methods of “˜unit” and “˜function” described in the description of the present embodiment.

  FIG. 7 is a flowchart showing the operation of the security evaluation system 100 (security evaluation method according to the present embodiment, processing procedure of the security evaluation program according to the present embodiment).

  In step S <b> 101, the condition input unit 221 of the server device 200 requests the terminal device 300 to input business impact conditions via the network 150.

  Business impact refers to the degree of influence that a security accident has on a business. The business impact condition defines a condition for determining the magnitude of the business impact. The business impact varies depending on the security functional requirements of the target business. For this reason, in this embodiment, for each business impact condition, when the confidentiality, integrity, availability, reliability, and compliance of the information system are violated, a business for an information system operator or the like is conducted. The degree of impact on the business impact is defined in advance as a business impact and stored in the business impact DB 212.

  Here, a specific example of the business impact DB 212 is shown in FIG.

  For example, in FIG. 8, when the business impact condition (condition classification number: 4) of “External connection type” is “Internet connection” (condition content number: 1), confidentiality, integrity, and availability are violated. The business impacts are defined as “A” (high impact), “B” (during impact), and “B”, respectively. In addition, when the same condition is “connect via dedicated line” (condition content number: 2), the business impacts when confidentiality, integrity, and availability are violated are “B”, “B”, and “B”, respectively. Is defined. When the condition is “no external connection” (condition content number: 3), the business impacts when confidentiality, integrity, and availability are violated are “C” (small impact), “C”, It is defined as “C”.

  For other business impact conditions, the size of the business impact is defined for each security functional requirement. Note that the example shown in FIG. 8 is an example, and what kind of business impact condition and what kind of content, and what level of business impact will occur, may be arbitrarily determined for each security functional requirement.

  In step S102 (business impact condition input function 301), the terminal device 300 receives an input of business impact conditions from the user by the input device 351 in response to the request in step S101. The terminal device 300 notifies the server device 200 of the business impact condition input by the user via the network 150.

  In step S103 (business impact setting function 201), the condition input unit 221 of the server device 200 refers to the business impact DB 212, and secures the business impact according to the contents of the business impact condition notified from the terminal device 300 in step S102. Specify for each functional requirement. At this time, regarding the same security function requirement, when the magnitude of the business impact varies depending on the business impact condition, the maximum value is assumed. For example, if three business impact conditions are entered, and the corresponding business impact is “A”, “B”, or “C” when the confidentiality is violated, the confidentiality is violated The business impact of is “A”.

  As described above, the business impact DB 212 defines for each security function requirement which business impact condition and what kind of content and what level of business impact will be caused. The security management policy DB 211 defines for each security function requirement which security management policy needs to be executed when the business impact defined in the business impact DB 212 is high.

  FIG. 9 shows a specific example of the security management DB 211. A specific example of the security management DB 211 is shown in FIG. 2, but each item of the security management DB 211 shown in FIG. 9 is assumed to follow each item of the security management DB 211 shown in FIG. That is, the security management DB 211 has all the columns illustrated in FIG. 2 and the columns illustrated in FIG. 9 (for example, in one table).

  For example, in FIG. 9, the security control (security control number: 1) that “the authority to access confidential information such as customer information and transaction information is clarified” is violated by confidentiality or integrity. It is stipulated that it is necessary to implement when the business impact is “A” or “B”.

  Further, for example, in FIG. 9, a security management policy (security management policy number: 21) that “if a firewall is set, the account usage history and resource usage status are regularly monitored” is confidential. It is stipulated that it needs to be implemented only when the business impact is “A” when sexuality or integrity is compromised.

  As for other security management measures, it is determined for each security functional requirement how much business impact should be implemented. Note that the example shown in FIG. 9 is an example, and what level of business impact is required and what security control measures need to be implemented may be arbitrarily determined for each security function requirement.

  The operation level definition DB 215 defines for each security function requirement what level of business impact is defined in the business impact DB 212 and at which operation level it is necessary to implement each security management measure. In the present embodiment, the operation level corresponding to the business impact is uniformly determined for each security function requirement, but the operation level may be individually determined for each security management measure.

  Here, a specific example of the operation level definition DB 215 is shown in FIG.

  For example, in FIG. 10, among security management measures that need to be implemented when the business impact when confidentiality is violated is “A”, those that have an operational level defined are implemented at level 5. It is stipulated that there is a need. Similarly, when the business impact when confidentiality is compromised is “B”, it is stipulated that the applicable security control measures must be implemented at level 4 and when “C”, the level 2 is required. .

  As for other security function requirements, it is determined for each security function requirement what level of business impact the security control measures need to be implemented at. Note that the example shown in FIG. 10 is an example, and what level of business impact the security management measures need to be implemented at may be arbitrarily determined for each security function requirement.

  In step S104 (security management policy selection function 202), the target setting unit 222 of the server apparatus 200 refers to the security management policy DB 211 and the operation level definition DB 215, and performs security management policy and operation corresponding to the business impact specified in step S103. Identify levels for each security functional requirement. At this time, regarding the same security control measure, if the necessity of implementation differs depending on the security function requirement, it is determined that the security control measure needs to be implemented. For the same security control measures, the maximum value is assumed when the operation level differs depending on the security function requirements. In addition, when the specified security control measures are only set at a part of the five levels and the specified operation level is not set, it is closest to the level above that operation level. (For example, when only levels 2 to 4 are set, if the specified operation level is level 1, it becomes level 2). If there is no upper level (or nothing is set), the lower level is the closest (for example, if only levels 2 to 4 are set, the specified operation level is level 5) If so, it becomes level 4.)

  In the present embodiment, the security management policy and operation level specified in step S104 are referred to as a baseline. That is, the baseline defines items of security control measures to be implemented and target values of operation level values for security function requirements of confidentiality, integrity, availability, reliability, and compliance. The target storage unit 223 of the server device 200 stores the baseline specified by the target setting unit 222 in the storage device 252. That is, for each security control measure, the target storage unit 223 stores a target flag indicating whether or not each security control measure needs to be executed, and a target value when the contents of the execution of each security control measure are evaluated in the storage device 252. Remember.

  As described above, in the present embodiment, the business impact and the baseline are managed in conjunction so that the baseline can be set according to the business impact of the evaluation target business. By managing the business impact for each security functional requirement of confidentiality, integrity, availability, reliability, and compliance, set the optimal baseline for the security functional requirements of the target business and set the security countermeasure level of the target business Can be managed. The business impact of the target system is determined by the configuration of the target system and the characteristics of the business executed by the target system, such as the type of information assets held by the target system, the user type of the target system, and the connection form with the external network. Conditions for determining the business impact and the degree of impact when the five security functional requirements are infringed when the conditions are met are defined. The system administrator and the business administrator input whether these conditions are met, and the business impact is automatically determined. Therefore, the business impact is judged without any personality and objective judgment. Can do. Furthermore, since the baseline can be determined in conjunction with the business impact, it is possible to ensure the appropriateness of security measures to be implemented for the system.

  In step S105 (security management policy list display function 302), the terminal device 300 acquires the baseline list specified in step S104 from the server device 200 via the network 150, and the display device 352 uses the security management policy. A list 401a is displayed on the screen.

  FIG. 11 shows a specific example of the security management list 401a. In this example, the business impacts when confidentiality, integrity, availability, reliability, and compliance are violated in step S103 are “A”, “B”, “B”, “C”, and “B”, respectively. Shall be specified.

  For example, in FIG. 11, for a security control measure (security control number: 1) that “the authority to access confidential information such as customer information and transaction information is clarified”, “evaluation of measure implementation” “ As the “baseline”, “◯” indicating that it is necessary to implement is displayed. This is determined in the security management DB 211 of FIG. 9 that the security management policy needs to be implemented when the business impact is “A” or “B” when confidentiality or integrity is compromised. Based on what is being done. In FIG. 11, “5” indicating that the operation level needs to be level 5 is displayed as the “baseline” of “operation level evaluation” for the security management measure. This is because the operational level is defined among the security management measures that need to be implemented when the business impact when the confidentiality is violated is “A” in the operational level definition DB 215 of FIG. Is defined as needing to be implemented at level 5, and is based on the fact that there is a definition of level 5 as the operation level of the security control measure in the operation level DB 213 of FIG. 3 (operation level definition of FIG. 10). In DB 215, security management measures that need to be implemented when the business impact when integrity is violated is “B”, those that have an operational level defined, need to be implemented at level 3 However, level 5 having a larger value is applied).

  The baselines for other security controls are also displayed. The “actual result” of “evaluation of countermeasure implementation” and “evaluation of operation level” is a column input automatically or a column input by the user, as will be described later.

  In step S <b> 106, the result setting unit 225 of the server device 200 requests the terminal device 300 to input a common countermeasure solution introduced into the information system via the network 150.

  In step S107 (common countermeasure solution input function 303), the terminal device 300 receives an input of the common countermeasure solution from the user by the input device 351 in response to the request in step S106. Then, the terminal device 300 notifies the server device 200 via the network 150 of the common countermeasure solution input by the user. At this time, the solution information storage unit 224 of the server device 200 stores in advance in the common countermeasure solution DB 214 solution information that defines a plurality of common countermeasure solutions.

  In step S108 (common countermeasure solution setting function 203), the performance setting unit 225 of the server device 200 refers to the common countermeasure solution DB 214 and identifies the common countermeasure solution notified from the terminal device 300 in step S107. That is, the performance setting unit 225 selects a common countermeasure solution introduced into the information system from among a plurality of common countermeasure solutions defined by the solution information stored in the solution information storage unit 224. Subsequently, the performance setting unit 225 refers to the common countermeasure solution DB 214 and confirms which security management measures are implemented by the identified common countermeasure solution and at which operation level each security management measure is implemented.

  In step S109, the result input unit 226 of the server device 200 performs, with respect to the terminal device 300, the presence / absence of security management measures not included in the common countermeasure solution specified in step S108. Require the input of the operational level of the current security control. At this time, the result input unit 226 transmits to the terminal device 300 the security management list 401b in which the information confirmed in step S108 is automatically input to the above-described security management list 401a.

  In step S110 (execution presence / absence / operation level input function 304), the terminal device 300 displays the security control list 401b transmitted in step S109 on the screen by the display device 352. Then, in response to the request in step S109, the terminal device 300 accepts, from the security management list 401b, an input device 351 that indicates whether a security management measure has been implemented by the user and the operation level of the security management measure being implemented. . Then, the terminal device 300 notifies the server device 200 of information input from the user to the security management list 401 b via the network 150.

  Here, FIG. 12 shows a specific example of the security management list 401b. This security management list 401b corresponds to the security management list 401a of FIG. In this example, a common countermeasure solution (solution number: 4) having the solution name “XX company network monitoring service” is identified in step S108, and the common countermeasure solution DB 214 in FIG. Policy number: 19 security control measures (“If you connect to an external network, a firewall is installed to control communication”) and security control number: 21 security control measures (“Firewall is set. In this case, it is assumed that the account usage history, resource usage status, etc. are regularly monitored ”). In addition, in the “XX company network monitoring service”, when the security control measure No. 21 is implemented, the operation level is level 5 (“monitor account usage history” is performed in “real time”). It has been confirmed that

  For example, in FIG. 12, for a security control measure (security control number: 1) that “the authority to access confidential information such as customer information and transaction information is clarified”, “evaluation of measure implementation” “ As the “actual result”, “◯” indicating that the operation is being performed is input from the user. In FIG. 12, for the security management measure, “3” indicating that the operation level is level 3 is input from the user as “actual result” of “operation level evaluation”.

  Further, for example, in FIG. 12, a security management policy (security management policy number: 21) that “if a firewall is set, the account usage history, resource usage status, etc. are regularly monitored” “◎” indicating that the measure is being implemented is automatically entered as the “actual result” of “measure implementation”. In FIG. 12, “5” indicating that the operation level is level 5 is automatically input as the “actual result” of “operation level evaluation” for the security management measure. The automatic input of “◎” to “Actual” in “Evaluation of countermeasure implementation” and “5” to “Actual” (operational level) in “Evaluation of operation level” is the processing flow shown in FIG. It is input by the processing of step S108, but by displaying such a distinguishable display such as “◎”, it is set not by the user but by the selection of the common countermeasure solution , Get to know at a glance.

  The results of other security controls are also entered. For security management measures that have not been implemented, “x” is entered as the “actual result” of “evaluation of countermeasure implementation”. Further, “0” is input (automatically) as “actual result” of “operation level evaluation” of such a security management measure.

  In step S111 (execution presence / absence / operation level setting function 204), the result setting unit 225 of the server device 200 determines whether each security control measure is currently implemented based on the content confirmed in step S108, and the current The operation level is stored in the storage device 252. That is, the result setting unit 225 sets the result flag and the result value of the security management measures included in the common measure solution selected in step S108 based on the solution information. Based on the information notified from the terminal device 300 in step S110, the result input unit 226 of the server device 200 further stores in the storage device 252 whether each security control measure is currently being implemented and the current operation level. Remember. In other words, the result input unit 226 inputs, for each security control measure, a result flag indicating whether or not each security control measure has been executed, and a result value obtained by numerically evaluating the execution contents of each security control measure, and stores them in the storage device 252. Remember. At this time, the result input unit 226 inputs a result flag and a result value of a security control measure other than the security control measures included in the common measure solution selected by the result setting unit 225, and the result flag of the input security control measure And the result value, the result flag and the result value of the security management policy set by the result setting unit 225 are stored in the storage device 252.

  In step S112 (evaluation map creation function 205), first, the countermeasure execution rate calculation unit 227 of the server device 200 performs security management measures classified by combinations of two types of classification items (for example, combinations of countermeasure locations and threats). For each group, the processing device 251 calculates the number of security management measures that need to be implemented with reference to the target flag stored in the target storage unit 223 in step S104. Further, the countermeasure implementation rate calculation unit 227 refers to the result flag stored by the result input unit 226 in step S111 for each group of security management measures, and determines the number of security management measures that are actually implemented as a processing device. 251 is calculated. Then, the countermeasure implementation rate calculation unit 227 processes, as the countermeasure implementation rate, the ratio between the number of security management measures that need to be implemented and the number of security management measures that are actually implemented for each security management group. Calculated by device 251.

  Next, the measure satisfaction rate calculation unit 228 of the server device 200 calculates the total of the target values stored in the target storage unit 223 in step S104 by the processing device 251 for each security control group. Further, the measure satisfaction rate calculation unit 228 calculates the total of the actual values stored by the actual result input unit 226 in step S111 by the processing device 251 for each security control group. Then, the measure satisfaction rate calculation unit 228 calculates, for each security control group, the processing device 251 as a measure satisfaction rate as a ratio between the total of the target values and the total of the actual values.

  Finally, the evaluation map creation unit 229 of the server device 200 creates an evaluation map. This evaluation map is a two-dimensional map in which one of the above two types of classification items (for example, countermeasure location) is arranged on the vertical axis and the other (for example, threat) is arranged on the horizontal axis. This evaluation map displays the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit 227 and the countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation unit 228 for each group of security management measures. The evaluation map creation unit 229 transmits the created evaluation map to the terminal device 300 via the network 150 and causes the display device 352 to output the evaluation map. Note that instead of creating an evaluation map, the evaluation map creation unit 229 (output unit) simply measures the countermeasure implementation rate and the countermeasure satisfaction rate calculation unit calculated by the countermeasure implementation rate calculation unit 227 for each security control group. The measure satisfaction rate calculated by 228 may be notified to the terminal device 300 via the network 150 and output to the display device 352. In this case, the user can freely perform security evaluation / analysis of the information system using the terminal device 300 (for example, the user can create an evaluation map manually).

  In step S113 (evaluation map display function 305), the terminal device 300 receives the evaluation map transmitted in step S112 from the server device 200 via the network 150, and displays it on the screen by the display device 352.

  In the present embodiment, the evaluation map includes the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit 227 of the server device 200 and the countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation unit 228 of the server device 200, respectively. It is assumed that the display is color-coded according to. As a result, the user can intuitively evaluate and analyze the security of the information system.

  In this embodiment, the evaluation map is calculated by the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit 227 of the server apparatus 200 and the countermeasure satisfaction rate calculation unit 228 of the server apparatus 200 for each group of security management measures. It is assumed that the countermeasure fulfillment ratios displayed are arranged in two rows, upper and lower (or left and right). As a result, it is possible to compare the security evaluation result based on the number of security management measures implemented with the security evaluation result based on the quality of the security management measures implemented. As a result, it is not only easier to understand where there are security weaknesses in the information system, but it is better to add security control measures to be implemented in order to strengthen the security of that part, or to implement it. It is possible to easily determine whether it is better to improve the contents of the security control measures.

  Here, FIG. 13 shows a specific example of the color classification method of the evaluation map. FIG. 14 shows a specific example of the evaluation map 402 to which the color coding method of FIG. 13 is applied.

  For example, in FIG. 14, a group of security management measures in which the corresponding countermeasure location is “user” and the corresponding threat is “leakage” (the above-mentioned “authorized access authority to confidential information such as customer information and transaction information is clarified. For security control measures (security control number: 1) etc.), the countermeasure implementation rate displayed in the upper row is 75%, so the field is displayed in yellow-green Yes. Since the measure satisfaction rate displayed in the lower row is 40%, the column is displayed in orange. Comparing the two columns, the number of security controls implemented for “users” to prevent “leakage” is by no means small, but it is easy to analyze that the content needs to be improved. .

  As described above, in the present embodiment, two indexed data, that is, a countermeasure implementation rate indexed based on whether or not countermeasures are implemented, and a countermeasure satisfaction rate indexed according to the contents of countermeasure implementation. It is expressed using. By performing an evaluation using these two indicators, for example, a security control measure is implemented, but a countermeasure area where the operation method is weak can be found. Therefore, the accuracy of the security control measure weak point analysis is improved. Furthermore, since a specific operation method necessary for strengthening the countermeasure can be easily shown, a security strengthening countermeasure can be easily planned.

  In this embodiment, security management measures are expanded into a two-dimensional map of, for example, a “countermeasure point” axis and a “threat” axis, and are managed in an area subdivided into “countermeasure areas” where the two axes intersect. . Accordingly, it is possible to analyze the overall trend by comprehensively looking at the countermeasure status of the entire information system, and to perform detailed weak point analysis such as which threat countermeasure measures are weak against which threat.

  Furthermore, in this embodiment, it is possible to automatically input the answers covered by the solution just by answering the common countermeasure solution used by the target system at the time of security evaluation. It becomes possible to improve efficiency.

  The server device 200 may output a security evaluation result using a radar chart or the like together with the evaluation map. In this case, for example, a radar chart that can compare the countermeasure implementation rate or countermeasure satisfaction rate for each group of security management measures, and implementation of countermeasures for each information system regarding a certain classification item (for example, countermeasure location or threat) for a plurality of information systems It is conceivable that a radar chart or the like that can compare the rate or the measure satisfaction rate is created and output to the display device 352 of the terminal device 300 or the like.

Embodiment 2. FIG.
Below, the example of operation | movement of the security evaluation system 100 which concerns on Embodiment 1 demonstrated using FIG. 7 is demonstrated using the flowchart of FIGS. 15-18.

  The process flow shown in FIG. 15 corresponds to steps S102 to S105 in the process flow of FIG. 7 used in the description of the first embodiment.

  In FIG. 15, when the condition input unit 221 of the server device 200 requests the terminal device 300 to input business impact conditions via the network 150, the terminal device 300 displays a business impact condition input screen on the display device 352. It is displayed (step S201).

  The terminal device 300 receives an input of the business impact condition from the user by the input device 351 on the business impact condition input screen (step S202).

  When the input of all the business impact conditions is completed, the terminal device 300 captures the business impact condition input by the user from the business impact condition input screen and notifies the server device 200 via the network 150 (step S203).

  The condition input unit 221 of the server device 200 refers to the business impact DB 212 and identifies the business impact corresponding to the content of the business impact condition notified from the terminal device 300 in step S203 for each security function requirement. Then, the condition input unit 221 selects the maximum one of the identified business impacts for each security function requirement (step S204).

  The target setting unit 222 of the server device 200 refers to the security management policy DB 211 and the operation level definition DB 215, and reads the security management policy and the operation level corresponding to the business impact selected in step S204 for each security function requirement. The target storage unit 223 of the server device 200 stores the security management policy and the operation level read by the target setting unit 222 in the storage device 252 as a baseline (step S205).

  The terminal device 300 acquires the list of security management measures and operation levels read in step S205 from the server device 200 via the network 150, and displays the list on the screen as the security management measure list 401a by the display device 352. (Step S206).

  The process flow shown in FIG. 16 corresponds to steps S106 to S107 in the process flow of FIG. 7 used in the description of the first embodiment.

  In FIG. 16, the result setting unit 225 of the server device 200 reads out the common countermeasure solution from the common countermeasure solution DB 214 to select the common countermeasure solution introduced in the information system, and sends it to the terminal device 300 via the network 150. On the other hand, the read list of common countermeasure solutions is transmitted (step S301).

  The terminal device 300 receives the list of common countermeasure solutions transmitted in step S301, creates a common countermeasure solution selection screen using the list, and displays it on the display device 352 (step S302).

  The terminal apparatus 300 causes the user to select a common countermeasure solution from the common countermeasure solution selection screen using the input device 351 (step S303).

  The terminal device 300 takes in the common countermeasure solution selected by the user from the common countermeasure solution selection screen, and notifies the server device 200 via the network 150 (step S304).

  The process flow shown in FIG. 17 corresponds to steps S108 to S111 in the process flow of FIG. 7 used in the description of the first embodiment.

  In FIG. 17, the result input unit 226 of the server device 200 reads the name and definition of the operation level of each security control measure from the operation level DB 213 (step S401).

  If there is a common countermeasure solution notified from the terminal device 300 in step S304, the performance setting unit 225 of the server device 200 refers to the common countermeasure solution DB 214, and security management measures that are implemented by the notified common countermeasure solution. The operation level that can be realized is automatically set for the security management list 401a, and the security management list 401b is created (step S402).

  The result input unit 226 of the server device 200 transmits the security management policy list 401b created in step S402 to the terminal device 300 via the network 150. The terminal device 300 creates an implementation / operation level input screen using the security control list 401b transmitted from the server device 200, and displays it on the display device 352 (step S403).

  The terminal device 300 accepts, from the user, on the implementation presence / operation level input screen, whether or not the security management measures other than the security management policy and the operation level automatically set in step S402 and the operation level are input (step S404).

  When the input of the presence / absence and operation level of all security management measures is completed, the terminal device 300 captures the presence / absence and operation level of the security control measure input by the user from the execution / operation level input screen, Then, the server device 200 is notified (step S405).

  The process flow shown in FIG. 18 corresponds to steps S112 to S113 in the process flow of FIG. 7 used in the description of the first embodiment.

  In FIG. 18, the countermeasure implementation rate calculation unit 227 of the server device 200 reads out a security management policy corresponding to each countermeasure location from the security management policy DB 211 (step S501).

  The countermeasure implementation rate calculation unit 227 of the server device 200 reads out the security management measures corresponding to each threat among the security management measures read out in step S501 from the security management policy DB 211 (step S502).

  The countermeasure implementation rate calculation unit 227 of the server device 200 implements countermeasures for the security management policy read in step S502, that is, the security management policy group corresponding to the combination of one countermeasure location and one threat (measure area). The rate is calculated by the processing device 251 (step S503). The measure implementation rate is calculated as the number of management measures implemented in the group / the number of management measures required in the group × 100 (%).

  The evaluation map creation unit 229 of the server device 200 sets a display color corresponding to the countermeasure implementation rate calculated in step S503 (step S504).

  The countermeasure satisfaction rate calculation unit 228 of the server device 200 calculates a countermeasure satisfaction rate (operation level satisfaction degree) by the processing device 251 for the same security control group as in step S503 (step S505). The measure satisfaction rate is calculated as the sum of actual operation levels in the group / total operation levels required in the group × 100 (%).

  The evaluation map creation unit 229 of the server device 200 sets a display color corresponding to the measure satisfaction rate calculated in step S505 (step S506).

  When steps S502 to S506 are completed for the group of security management measures corresponding to the combination of the same countermeasure location and each other threat, it corresponds to the combination of the countermeasure location read next in step S501 and each threat. Steps S502 to S506 are executed for the security control group. When the steps S501 to S506 are completed for the group of security management measures corresponding to the combination of all the countermeasure locations and all the threats, the evaluation map creation unit 229 of the server device 200 sets the countermeasure implementation rate set in step S504. The evaluation map 402 is created using the corresponding display color and the display color corresponding to the measure satisfaction rate set in step S506 (step S507). Whether or not to display the numerical values of the countermeasure implementation rate calculated in step S503 and the countermeasure satisfaction rate calculated in step S505 on the evaluation map 402 may be arbitrarily determined.

  The terminal device 300 acquires the evaluation map 402 created in step S507 from the server device 200 via the network 150, and displays it on the screen by the display device 352 (step S508).

  In this example, the flow for creating an evaluation map using the two axes of countermeasure locations and threats out of the security control category axes has been shown. However, when using other category axes, the same map is used for the evaluation map. Can be created.

Embodiment 3 FIG.
The present embodiment will be described with a focus on differences from the operation of the security evaluation system 100 of the second embodiment.

  Specifically, in FIG. 18, as a pre-process for creating an evaluation map, a method for calculating a countermeasure satisfaction rate is different in a process for calculating a countermeasure implementation rate and a countermeasure satisfaction rate. That is, in the second embodiment, the countermeasure satisfaction rate calculation unit 228 of the server device 200 calculates the countermeasure satisfaction rate (operational level satisfaction) by the processing device 251 for the same group of security management measures as in step S503 (step S505). ). The measure satisfaction rate is calculated as the sum of actual operation levels in the group / total operation levels required in the group × 100 (%).

  In the present embodiment, the measure satisfaction rate in the process of step S505 is calculated as the number of management measures that have achieved the target of the operation level in the group / the total number of security control measures in the group × 100 (%). . Determining whether or not the operational level objective has been achieved is determined by determining whether the operational level result (determined by selecting a common countermeasure solution or input from the user) is equal to or higher than the defined operational level baseline. Judge that it is achieved. For example, the baseline is set to “3”, and the management measures with the results “3”, “4”, and “5” are added to the number of management measures that have achieved the target of the operation level. When the baseline is set to “4” and the result is “3”, it is not added to the number of management measures that have achieved the target of the operation level.

  As described above, according to the present embodiment, the measure satisfaction rate can be calculated from a viewpoint different from that of the second embodiment.

  This embodiment will be further described with reference to FIG.

  In the present embodiment, in step S112 in FIG. 7, the countermeasure satisfaction rate calculation unit 228 of the server device 200 performs security management in which the target value is stored in the target storage unit 223 in step S104 for each security management group. The processing device 251 counts the number of measures. In addition, the measure satisfaction rate calculation unit 228 is configured so that the record value stored by the record input unit 226 in step S111 reaches the target value stored in the target storage unit 223 in step S104 for each security control group. The number of management measures is counted by the processing device 251. Then, the measure satisfaction rate calculation unit 228 measures, for each security control group, the ratio between the number of security controls in which the target value is stored and the number of security controls in which the actual value reaches the target value. It is calculated by the processing device 251 as a sufficiency rate. As a result, it is possible to perform security evaluation / analysis of the information system using an index different from that in the first and second embodiments.

Embodiment 4 FIG.
The present embodiment will be described with a focus on differences from the operation of the security evaluation system 100 of the second embodiment.

  Specifically, the measure satisfaction rate is calculated in step S505 of FIG. 18, but in this embodiment, the measure satisfaction rate is calculated following the processing of step S505. The measure satisfaction level is a numerical value representing the difference between the operational level baseline and the result.

  The measure satisfaction rate calculated in the second and third embodiments is a numerical value calculated as a percentage of the results for all the management measures in the group, so there were several cases where specific results were obtained. Even so, it is hard to see as a whole. As for the measure satisfaction degree, a specific result is displayed.

  As a calculation method, the baseline value is subtracted from the result value, and the smallest value is calculated as min (numerical value), and the largest value is calculated as max (numerical value). min (x) indicates that x is the minimum value among the numerical values to be compared. On the other hand, max (x) indicates that x is the maximum value among the numerical values to be compared.

  A specific example is shown. Assume that there are management measures with baselines “4”, “3”, “3” and results “1”, “4”, “2”. In this case, as the divergence value, since the baseline value is subtracted from the resulting value, the difference value is -3, +1, -1, and is calculated as min (-3), max (+1).

  Thereafter, in step S507, the measure satisfaction degree is displayed on the evaluation map as additional information on the measure satisfaction rate.

  Thus, min (numerical value) and max (numerical value) are calculated and displayed as the measure satisfaction degree. By min (numerical value), it is possible to grasp the divergence degree of the one that has not achieved the best result (the one that has the shortest operation level) compared to the baseline. Further, the max (numerical value) can grasp the degree of divergence of the highest result (the operation level is considered to be the most excessive) compared to the baseline.

  This embodiment will be further described with reference to FIG.

  In the present embodiment, in step S112 of FIG. 7, the measure satisfaction rate calculation unit 228 of the server device 200 calculates the measure satisfaction rate for each security management group (or instead of calculating the measure satisfaction rate). For each security control measure, the processing device 251 subtracts the target value stored in the target storage unit 223 in step S104 from the actual value stored in the performance input unit 226 in step S111. Then, the measure satisfaction rate calculation unit 228 calculates, for each security control group, the processing device 251 as at least one of the minimum value and the maximum value of the subtraction result as the measure satisfaction degree.

  Finally, the evaluation map creation unit 229 of the server device 200 creates an evaluation map. This evaluation map includes, for each security control group, a countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit 227, a countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation unit 228, and a countermeasure satisfaction rate. (May be omitted). The evaluation map creation unit 229 transmits the created evaluation map to the terminal device 300 via the network 150 and causes the display device 352 to output the evaluation map. Note that instead of creating an evaluation map, the evaluation map creation unit 229 (output unit) simply measures the countermeasure implementation rate and countermeasure satisfaction rate calculation unit calculated by the countermeasure implementation rate calculation unit 227 for each security control group. The countermeasure satisfaction rate and the countermeasure satisfaction degree calculated by 228 may be notified to the terminal device 300 via the network 150 and may be output to the display device 352.

  As described above, according to the present embodiment, not only the measure satisfaction rate but also the measure satisfaction degree is notified to the user, so that it becomes easier to analyze the security of the information system and examine improvement measures.

Embodiment 5 FIG.
In the present embodiment, differences from the first embodiment will be mainly described.

  FIG. 19 is a block diagram showing a configuration of server apparatus 200 according to the present embodiment.

  19, the server device 200 includes a simulation unit 230 in addition to the one shown in FIG. The operation of the simulation unit 230 will be described later.

  FIG. 20 is a flowchart showing the operation of the security evaluation system 100 according to the present embodiment (security evaluation method according to the present embodiment, processing procedure of the security evaluation program according to the present embodiment).

  Since the operations up to step S113 (evaluation map display function 305) are the same as those in the first embodiment, description thereof is omitted (steps S101 to S112 are not shown).

  In step S114, the simulation unit 230 of the server apparatus 200 wants to introduce a new countermeasure solution that is not introduced in the information system to the terminal apparatus 300 via the network 150 by the user (or other Request input of common solution to be simulated.

  In step S115 (common countermeasure solution input function 303), the terminal device 300 receives an input of the common countermeasure solution from the user by the input device 351 in response to the request in step S114. Then, the terminal device 300 notifies the server device 200 via the network 150 of the common countermeasure solution input by the user.

  In step S116 (common countermeasure solution setting function 203), the result setting unit 225 of the server device 200 refers to the common countermeasure solution DB 214 under the control of the simulation unit 230, and the common countermeasure solution notified from the terminal device 300 in step S115. Thus, it is confirmed which security control measures are implemented and at which operation level each security control measure is implemented.

  In step S117 (execution presence / absence / operation level setting function 204), the result setting unit 225 of the server device 200 is a common countermeasure solution that the user wants to newly introduce based on the contents confirmed in step S116 under the control of the simulation unit 230. The storage device 252 stores whether or not each security control measure is implemented and the respective operation level. In other words, the result setting unit 225 updates the result flag and the actual value of the security control measures included in the common countermeasure solution identified in step S116 based on the solution information (or separately sets for simulation and the remaining part For the, copy the data already entered).

  In step S118 (evaluation map creation function 205), the countermeasure implementation rate calculation unit 227 of the server device 200 refers to the performance flag updated in step S117 for each security management group under the control of the simulation unit 230. The countermeasure implementation rate is recalculated by the processing device 251. Similarly, the countermeasure satisfaction rate calculation unit 228 of the server device 200 recalculates the total of the actual values updated in step S117 for each security management group under the control of the simulation unit 230, and then the countermeasure satisfaction rate. Is recalculated by the processing device 251. The evaluation map creation unit 229 of the server device 200 creates an evaluation map that represents the recalculated countermeasure implementation rate and the countermeasure satisfaction rate with numerical values and / or colors under the control of the simulation unit 230. The simulation unit 230 transmits the evaluation map created by the evaluation map creation unit 229 to the terminal device 300 via the network 150.

  In step S119 (evaluation map display function 305), the terminal apparatus 300 receives the evaluation map transmitted in step S118 from the server apparatus 200 via the network 150, and displays it on the screen by the display apparatus 352.

  As described above, in the present embodiment, the simulation unit 230 of the server device 200 outputs a plurality of common measures defined by the solution information stored in the solution information storage unit 224 after the evaluation map is output in step S113. Let the user choose any of the solutions (ie choose arbitrarily). Then, the simulation unit 230 sets the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit 227 when setting the performance flag and the actual value of the security control measures included in the selected common countermeasure solution based on the solution information. And the measure satisfaction rate calculated by the measure satisfaction rate calculation unit 228 are generated in numerical values and / or colors, and an evaluation map is generated and output to the display device 352 of the terminal device 300. This makes it easy for users to not only perform security evaluation and analysis of information systems, but also to consider common countermeasure solutions that should be introduced into information systems in order to improve security, improving convenience and efficiency. improves.

  The simulation unit 230 of the server device 200 automatically selects a common countermeasure solution that can enhance the security of the information system and presents it to the user instead of allowing the user to select a common countermeasure solution that has not yet been introduced into the information system. May be. As selection criteria, for example, when the evaluation map 402 shown in FIG. 14 is targeted, a common countermeasure solution that can change as many red columns as possible to yellow, yellow-green, and green is selected with priority. Can be considered. In this case, a list of common countermeasure solutions that are sorted in the order of the magnitude of the effect (how many red columns can be changed to yellow, yellow-green, green, etc.) may be presented to the user. In addition, a check column is provided next to the solution name of each common countermeasure solution in the list, and evaluation is performed when only the common countermeasure solution with the check turned on is introduced every time the user turns the check on / off. The map 402 may be created and output to the display device 352 of the terminal device 300 (the evaluation map 402 on the screen is updated).

  As mentioned above, although embodiment of this invention was described, you may implement combining 2 or more embodiment among these. Alternatively, one of these embodiments may be partially implemented. Or you may implement combining two or more embodiment among these partially.

  100 security evaluation system, 150 network, 200 server apparatus, 201 business impact setting function, 202 security control measure selection function, 203 common countermeasure solution setting function, 204 implementation presence / operation level setting function, 205 evaluation map creation function, 210 database, 211 Security control DB, 212 Business impact DB, 213 Operation level DB, 214 Common countermeasure solution DB, 215 Operation level definition DB, 221 Condition input unit, 222 Target setting unit, 223 Target storage unit, 224 Solution information storage unit, 225 Result setting unit, 226 Result input unit, 227 Countermeasure implementation rate calculation unit, 228 Countermeasure satisfaction rate calculation unit, 229 Evaluation map creation unit, 230 Simulation unit, 251 Processing equipment , 252 storage device, 253 input device, 254 output device, 300 terminal device, 301 business impact condition input function, 302 security control list display function, 303 common countermeasure solution input function, 304 implementation presence / operation level input function, 305 evaluation Map display function, 351 input device, 352 display device, 401a, b security control list, 402 evaluation map, 901 LCD, 902 keyboard, 903 mouse, 904 FDD, 905 CDD, 906 printer, 911 CPU, 912 bus, 913 ROM , 914 RAM, 915 communication board, 920 HDD, 921 operating system, 922 window system, 923 program group, 924 file group.

Claims (12)

A security evaluation device that classifies a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluates security for each group of security management measures,
For each security control measure, a target flag that indicates whether or not each security control measure needs to be implemented, and a target storage unit that stores in the storage device a target value when numerically evaluating the implementation details of each security control measure,
For each security control measure, a result flag indicating whether or not each security control measure has been implemented, a result value obtained by numerical evaluation of the implementation contents of each security control measure, and a result input unit for storing in a storage device;
For each group of security control measures, refer to the target flag stored by the target storage unit and the actual result flag stored by the actual result input unit, and the number of security control measures that need to be implemented and the actual implementation A countermeasure implementation rate calculation unit that calculates a ratio with the number of security management measures being implemented by the processing device as a countermeasure implementation rate;
For each security control group, measure satisfaction rate calculation for calculating by the processing device as a measure satisfaction rate the ratio between the total of the target values stored by the target storage unit and the total of the actual values stored by the result input unit And
Each security control group includes an output unit that outputs a countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and a countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation unit to a display device. A security evaluation device. A security evaluation device that classifies a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluates security for each group of security management measures,
For each security control measure, a target flag that indicates whether or not each security control measure needs to be implemented, and a target storage unit that stores in the storage device a target value when numerically evaluating the implementation details of each security control measure,
For each security control measure, a result flag indicating whether or not each security control measure has been implemented, a result value obtained by numerical evaluation of the implementation contents of each security control measure, and a result input unit for storing in a storage device;
For each group of security control measures, refer to the target flag stored by the target storage unit and the actual result flag stored by the actual result input unit, and the number of security control measures that need to be implemented and the actual implementation A countermeasure implementation rate calculation unit that calculates a ratio with the number of security management measures being implemented by the processing device as a countermeasure implementation rate;
For each group of security controls, the number of security controls whose target values are stored by the target storage unit and the actual values stored by the actual input unit reach the target values stored by the target storage unit. A countermeasure satisfaction rate calculation unit that calculates a ratio with the number of security management measures as a countermeasure satisfaction rate by the processing device;
Each security control group includes an output unit that outputs a countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and a countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation unit to a display device. A security evaluation device.   The output unit arranges one of the two types of classification items on the vertical axis and the other on the horizontal axis, and for each security control group, the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and the 3. The security evaluation device according to claim 1, wherein the security evaluation device is an evaluation map creation unit that creates an evaluation map that displays the measure satisfaction rate calculated by the measure satisfaction rate calculation unit and outputs the evaluation map to a display device.   The evaluation map creation unit creates an evaluation map in which the measure implementation rate calculated by the measure implementation rate calculation unit and the measure satisfaction rate calculated by the measure satisfaction rate calculation unit are color-coded according to the respective values. The security evaluation apparatus according to claim 3.   The evaluation map creation unit sets the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and the countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation unit in each of the security control groups in two stages, up and down or left and right. The security evaluation apparatus according to claim 3 or 4, wherein the evaluation map is displayed side by side. The security evaluation device further includes:
A solution information storage unit that stores in a storage device solution information that defines a plurality of common countermeasure solutions that combine specific security controls and define the implementation of each of the security controls;
Among the plurality of common countermeasure solutions defined by the solution information stored in the solution information storage unit, a common countermeasure solution introduced in the information system is selected, and the result flag of the security control measures included in the selected common countermeasure solution And an actual result setting unit for setting the actual value based on the solution information,
The result input unit inputs a result flag and a result value of a security control measure other than the security control measure included in the common measure solution selected by the result setting unit, and the result flag and result value of the input security control measure The security evaluation device according to claim 1, wherein a performance flag and a performance value of the security management policy set by the performance setting unit are stored in a storage device. The security evaluation device further includes:
After the countermeasure implementation rate and the countermeasure satisfaction rate are output by the output unit, any one of a plurality of common countermeasure solutions defined by the solution information stored in the solution information storage unit is arbitrarily selected and the selected common When the actual performance flag and actual value of the security control measures included in the countermeasure solution are set based on the solution information, the countermeasure implementation rate calculated by the countermeasure implementation rate calculation unit and the countermeasure satisfaction rate calculation unit are calculated. The security evaluation apparatus according to claim 6, further comprising a simulation unit that outputs a countermeasure satisfaction rate to a display device. The measure satisfaction rate calculation unit further subtracts the target value stored by the target storage unit from the actual value stored by the actual result input unit for each security control measure, and for each security control group, The processing device calculates at least one of the minimum value and the maximum value of the subtraction result as a measure satisfaction degree,
The security according to any one of claims 1 to 7, wherein the output unit outputs a measure satisfaction degree calculated by the measure satisfaction rate calculation unit to a display device for each group of security management measures. Evaluation device. A security evaluation method for classifying a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluating security for each group of security management methods,
For each security control measure, a target flag indicating whether or not each security control measure needs to be implemented, and a target value when the contents of the implementation of each security control measure are evaluated numerically are stored in a storage device.
For each security control measure, enter a performance flag indicating whether or not each security control measure has been implemented, and a performance value obtained by numerically evaluating the implementation contents of each security control measure, and store them in a storage device.
For each group of security controls, refer to the target flag and performance flag stored in the storage device to determine the number of security controls that need to be implemented and the number of security controls that are actually implemented. The ratio is calculated by the processing equipment as the measure implementation rate,
For each security control group, the ratio of the total of the target values stored in the storage device and the total of the actual values stored in the storage device is calculated by the processing device as a measure satisfaction rate,
A security evaluation method characterized by outputting the calculated countermeasure implementation rate and countermeasure satisfaction rate to a display device for each group of security management measures. A security evaluation method for classifying a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluating security for each group of security management methods,
For each security control measure, a target flag indicating whether or not each security control measure needs to be implemented, and a target value when the contents of the implementation of each security control measure are evaluated numerically are stored in a storage device.
For each security control measure, enter a performance flag indicating whether or not each security control measure has been implemented, and a performance value obtained by numerically evaluating the implementation contents of each security control measure, and store them in a storage device.
For each group of security controls, refer to the target flag and performance flag stored in the storage device to determine the number of security controls that need to be implemented and the number of security controls that are actually implemented. The ratio is calculated by the processing equipment as the measure implementation rate,
For each security control group, measure the ratio between the number of security controls whose target value is stored in the storage device and the number of security controls whose actual value stored in the storage device has reached the target value. Calculated by the processing device as the sufficiency rate,
A security evaluation method characterized by outputting the calculated countermeasure implementation rate and countermeasure satisfaction rate to a display device for each group of security management measures. A security evaluation program for classifying a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluating security for each group of security management measures,
For each security control measure, a target flag indicating whether or not each security control measure needs to be implemented, and a target storage process for storing in the storage device a target value when numerically evaluating the implementation details of each security control measure,
For each security control measure, a result flag indicating whether or not each security control measure has been implemented, a result value obtained by numerically evaluating the implementation contents of each security control measure, and a result input process for storing in a storage device;
For each security control group, refer to the target flag stored by the target storage process and the result flag stored by the result input process, and the number of security controls that need to be implemented and the actual implementation Measure implementation rate calculation processing, which is calculated by the processing device as a measure implementation rate as a ratio with the number of security management measures being implemented,
For each group of security control measures, measure satisfaction rate calculation for calculating by the processing device as a measure satisfaction rate a ratio between the total of the target values stored by the target storage processing and the total of the actual values stored by the result input processing Processing,
For each security control group, cause the computer to execute an output process for outputting the countermeasure implementation rate calculated by the countermeasure implementation rate calculation process and the countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation process to a display device. Security evaluation program characterized by that. A security evaluation program for classifying a plurality of security management measures, which are measures related to information system security, into a plurality of groups by combining two or more types of classification items, and evaluating security for each group of security management measures,
For each security control measure, a target flag indicating whether or not each security control measure needs to be implemented, and a target storage process for storing in the storage device a target value when numerically evaluating the implementation details of each security control measure,
For each security control measure, a result flag indicating whether or not each security control measure has been implemented, a result value obtained by numerically evaluating the implementation contents of each security control measure, and a result input process for storing in a storage device;
For each security control group, refer to the target flag stored by the target storage process and the result flag stored by the result input process, and the number of security controls that need to be implemented and the actual implementation Measure implementation rate calculation processing, which is calculated by the processing device as a measure implementation rate as a ratio with the number of security management measures being implemented,
For each group of security controls, the number of security controls whose target values are stored by the target storage process and the actual values stored by the actual input process reach the target values stored by the target storage process. A measure satisfaction rate calculation process in which a processing device calculates a ratio with the number of security management measures being taken as a measure satisfaction rate;
For each security control group, cause the computer to execute an output process for outputting the countermeasure implementation rate calculated by the countermeasure implementation rate calculation process and the countermeasure satisfaction rate calculated by the countermeasure satisfaction rate calculation process to a display device. Security evaluation program characterized by that.

Images