JP2011232874A - Method and device for information security management supporting - Google Patents

Abstract

PROBLEM TO BE SOLVED: To make operations to be done more efficient in performing information security management.SOLUTION: A method comprises: a process of comparing data on a control flow, which is prepared according to a predetermined IDEF0-base model notation based on the information security management reference, with rule data prepared preliminarily according to the predetermined model notation; a process of specifying functions or activities included in the rule data, and the data, which is determined to be short in the data on the control flow by the process of comparing, of input data, output data, resource data, governance condition data and event condition data of the functions or activities; and a presentation step of presenting the data specified by the process of specifying to a user.

Description

  This technology relates to information security management support technology.

  For example, a case is assumed in which the effectiveness evaluation and improvement of security measures are performed in accordance with the management standard for taking out a PC (Personal Computer) outside the office. For example, it is assumed that a management standard as shown in FIG. In such a case, each department in the office interprets such a management standard, and (1) index creation, (2) measurement object setting, (3) setting, (4) measurement, (5) evaluation, (6) The procedure of improvement is performed manually. However, as can be seen from FIG. 1, the management standard itself is ambiguous in various points, and such work depends on the experience of the person who performs these work, and what kind of index should be created. However, there is a problem that it is difficult to know what is appropriate as a measurement target, and as a result, evaluation and improvement do not progress well. In particular, for the part that the management standard itself treats as common sense, there are matters that are not noticeable unless you are an experienced person, or if you do not have experience, select the appropriate indicator unless you repeat the procedure described above many times. The problem that the measurement target cannot be set is a very large problem in terms of efficiency.

  IDEF (ICAM (Integrated Computer Aided Manufacturing) DEFinition) is a technique for graphically analyzing and transmitting various characteristics of corporate activities in a simple and accurate manner. The IDEF methodology is arranged and numbered for each characteristic to be expressed, and currently 16 targets are selected. Of these, IDEF0 and IDEFx are standardized as FIPS (Federal Information Processing Standards) and are widely used. IDEF0 is a method of describing manufacturing processes and business processes in a hierarchical manner using boxes and arrow lines, taking the relationship between functions and objects (including objects, information, people, money, etc.). The following documents exist for IDEF0.

JP 2003-167862 A JP 2003-187039 A

  As described above, the effectiveness of security measures in accordance with management standards and the previous work for improvement cannot be objectively judged on the appropriateness of selection of evaluation indicators, etc. It has become.

  Accordingly, an object of the present technology is to provide a technology for improving the efficiency of work necessary for implementing security measures in accordance with management standards.

  This information security management support method includes (A) a control stored in a first control flow storage unit that stores data on a control flow created according to a predetermined model notation based on IDEF0 based on information security management standards. A comparison step of comparing the data about the flow with the rule data stored in the control rule storage unit and created in advance according to a predetermined model notation, and (B) a function or activity included in the rule data, and a function or A specific step of identifying, among the input data of the activity, the output data, the resource data, the governance condition data, and the event condition data, data determined to be insufficient in the data regarding the control flow by the comparison step; and (C) a specific step The data identified by And a presentation step of presenting to the user.

  The work required for implementing security measures in accordance with the management standards can be made more efficient.

FIG. 1 is a diagram illustrating an example of management criteria. FIG. 2 is a functional block diagram of the information security management support system according to the embodiment. FIG. 3 is a diagram for explaining the ESG-IDEF0 notation. FIG. 4 is a diagram illustrating an example of the function definition table. FIG. 5 is a diagram illustrating an example of a function set definition table. FIG. 6 is a diagram illustrating an example of the extraction pattern definition table. FIG. 7 is a diagram illustrating a process and a procedure according to the present embodiment. FIG. 8 is a diagram illustrating an example of a control flow for PC take-out. FIG. 9 is a diagram illustrating an example of another control flow. FIG. 10 is a diagram illustrating an example of control flow data in a tabular format. FIG. 11 is a diagram for explaining the control resource data. FIG. 12A is a diagram illustrating an example of control resource data. FIG. 12B is a diagram illustrating an example of control resource data. FIG. 13 is a diagram illustrating a process flow of the first function definition table process included in the control flow correction support process. FIG. 14 is a diagram illustrating an example of matters pointed out by the user. FIG. 15 is a diagram for explaining control flow correction. FIG. 16 is a diagram illustrating an example of the control flow data (table format) after correction. FIG. 17 is a diagram showing a processing flow of a control flow definition process included in the control flow correction support process. FIG. 18 is a diagram illustrating an example of the indication items in the control flow definition process. FIG. 19 is a diagram for explaining the relationship between the control flows. FIG. 20 is a diagram illustrating an example of a control flow modified after the control flow definition process. FIG. 21 is a diagram illustrating an example of a control flow (table format) modified after the control flow definition process. FIG. 22 is a diagram illustrating a processing flow of the second function definition table process included in the control flow correction support process. FIG. 23 is a diagram illustrating an example of indication items in the second function definition table process. FIG. 24 is a diagram for explaining the correction of the control flow after the processing of the second function definition table. FIG. 25 is a diagram illustrating an example of a control flow (reference control flow) corrected after the second function definition table processing. FIG. 26 is a diagram illustrating an example of a control flow (table format) (standard control flow) corrected after the second function definition table processing. FIG. 27 is a diagram illustrating a process flow of a function set definition process included in the control flow correction support process. FIG. 28 is a diagram illustrating an example of indication items in the function set definition process. FIG. 29 is a diagram illustrating an example of an activity added after the function set definition process. FIG. 30 is a diagram illustrating an example of an activity (table format) added after the function set definition process. FIG. 31 is a diagram showing a processing flow of resource allocation processing. FIG. 32 is a diagram illustrating an example of a processing result of the resource allocation process. FIG. 33 is a diagram for explaining control resource data after correction. FIG. 34 is a diagram showing a processing flow of resource allocation processing. FIG. 35 is a diagram showing an example of the current control flow (table format) obtained after the resource allocation process. FIG. 36 is a diagram showing an example of the current control flow (table format) obtained after the resource allocation process. FIG. 37 is a diagram illustrating a processing flow of evaluation index candidate extraction processing. FIG. 38 is a diagram illustrating an example of data stored in the evaluation index candidate data storage unit. FIG. 39 is a functional block diagram of a computer.

  FIG. 2 shows a functional block diagram of the information security management support system according to the embodiment of the present technology. The information security management support system 100 includes a control rule storage unit 110, a control flow editing unit 120, a control rule assignment unit 130, a first control flow storage unit 140, a control resource editing unit 150, and a control resource data storage. Unit 160, control resource allocation unit 170, second control flow storage unit 180, monitor item extraction unit 190, and evaluation index candidate data storage unit 200.

  The control flow editing unit 120 creates and edits a control flow according to an instruction from the user and stores the control flow in the first control flow storage unit 140. The control rule allocation unit 130 performs processing using the data stored in the control rule storage unit 110 and the data stored in the first control flow storage unit 140, and if necessary, controls the control flow editing unit 120. Collaborate to prompt the user to modify the control flow. The first control flow storage unit 140 finally stores reference control flow (ToBe) data.

  The control resource editing unit 150 creates and edits control resource data in accordance with an instruction from the user, and stores the data in the control resource data storage unit 160. The control resource allocating unit 170 performs processing using the data stored in the control resource data storage unit 160 and the data stored in the first control flow storage unit 140 to obtain the current control flow (AsIs) data. Generated and stored in the second control flow storage unit 180. The control resource allocation unit 170 operates in cooperation with the control flow editing unit 120.

  The monitor item extraction unit 190 uses the data stored in the second control flow storage unit 180, the data stored in the control rule storage unit 110, and the data stored in the first control flow storage unit 140. Processing is performed, and evaluation index candidates are extracted and stored in the evaluation index candidate data storage unit 200.

  Note that the control flow data stored in the first control flow storage unit 140 and the second control flow storage unit 180 is presented to the user by the control flow editing unit 120, for example. In addition, the data stored in the evaluation index candidate data storage unit 200 is presented to the user by the monitor item extraction unit 190, for example.

  Next, FIG. 4 to FIG. 6 show an example of data regarding the control rules stored in advance in the control rule storage unit 110. The control rule is data prepared in advance for use in a process described below by a user having skills and experience of a predetermined level or higher.

  In this embodiment, a procedure to be performed for information security management is applied to a model, and functions, subjects, inputs / outputs and conditions on the procedure are clarified. The notation of ESG-IDEF0, which is an extension of IDEF0, is adopted for the model notation. Specifically, as shown in FIG. 3, the activity is represented by a rectangle. The activity includes a constraint activity and a business activity, and “B” (representing Business) is attached to the business activity. An arrow from above the activity rectangle represents a data flow (governance data flow) from a management layer (hierarchy based on the security control system) different from the activity, and condition data for this data flow is shown. Further, the arrow from the left side of the activity rectangle represents the data flow of the same management layer as the activity, the solid line arrow represents the input data, and the two-dot chain line arrow represents the condition data. An arrow to the right side of the activity rectangle represents output data. Furthermore, an arrow from the lower side of the activity rectangle represents resource allocation, and resource data is indicated.

  In the present embodiment, the activities and the dependency relationships are represented by connecting the activities in the vertical axis direction. A workflow is represented by connecting activities in the horizontal axis direction. Specifically, it represents the flow of operation and dependency.

  Under such a premise, data as shown in FIG. 4 is prepared in the control rule storage unit 110 as a function definition table necessary for information security management as the first control rule.

  In the example of FIG. 4, for each function, a function name, an activity, an input, an output, a governance condition, and a resource are registered. A general name is registered as the function name, and a standard document or a variation of the name used in the field is registered as the activity name. In addition, among the functions, those corresponding to business are given a “B” mark. The output corresponding to the condition processing result is given a “C” (check) mark. In FIG. 4, regarding the notation in the “data 1 (data 2)” format, “data 1” indicates the entity (medium) including the data with proper nouns, and in the case of general nouns, it indicates with <>. . “Data 2” indicates data (element), and in the case of a collective noun in which elements are collected, it is indicated by <>. For example, for “(<result> [permitted / denied, approval target name])”, “data 1” does not exist, and “result” represents a set of elements, and the specific content is [ Permission / non-permission, approval target name]. In addition, “resource” shall describe the position that should be the subject of control.

  From the data shown in FIG. 4, for example, the function “approval” (here “activity” is also the same), “approval name” as input, “result” and “record” as output, “confirmation item” as condition, resource As you can see, the “manager” is essential.

  FIG. 5 shows an example of a function set definition table including a function set that is a function group necessary for executing a specific function as the second control rule. In the example of FIG. 5, for each function set, a function set name, a function group included in the function set (for example, function 1-5), an execution order, and an essential flag are registered. If the mandatory flag is on, it indicates that all listed functions must be included. The first function set “time limit” in FIG. 5 indicates that the function “time limit setting” and the function “time limit confirmation” are essential function groups in this order.

  FIG. 6 shows an example of an extraction pattern definition table that defines, as the third control rule, a monitor item extraction method that is an element of a specific evaluation index as a pattern. In the example of FIG. 6, for each extraction pattern, a pattern name, a monitor item name, targets 1 and 2 to be extracted, and an evaluation condition are registered. The object to be extracted is specified by a control flow figure (such as the direction of an arrow) and a data element. Note that the pattern “G” is a pattern for monitoring the certainty of condition execution, which is an instruction from the host. The pattern “B” is a pattern for monitoring the accuracy of condition execution in the business to be managed. The pattern “CO” is a pattern for monitoring the authenticity of the condition acquisition source, that is, the matching accuracy with the reference.

  The data shown in FIGS. 4 to 6 are extracted and registered in advance by a user who has some experience.

  Next, the operation of the information security management support system 100 and the work of the user who evaluates and improves the effectiveness of security measures with the support of the system will be described in order.

  A rough process and work procedure are shown in FIG. First, the user who performs the work analyzes a standard (for example, PC take-out management standard shown in FIG. 1), instructs the control flow editing unit 120 to create a control flow according to the notation shown in FIG. The control flow data is stored in the first control flow storage unit 140 (FIG. 7: step S1). In the processing and procedure flow shown in FIG. 7, it is assumed that a dotted line block represents a procedure mainly performed by the user, and a solid line block represents a process mainly performed by the information security management support system 100.

  In step S1, the business that is a security measure and the rules (that is, conditions) in the business execution are extracted from the standard. More specifically, a verb or a word indicating a predetermined job and a word indicating a condition are extracted. In the example of FIG. 1, “take-out” and “carry-in” correspond to business. Further, “application” and “approval” correspond to the conditions. In this case, the control flow for “take-out” is considered first.

  Then, the operations “application”, “approval”, and “export” extracted from the criteria are described as activities, the information (including the medium) on which the activity operates is input data, the information (including the medium) on which the activity operates is output data, Describe the conditions necessary for the activity to act as condition data. Also, the conditions set according to individual inputs are described as event condition data that enters from the side to the activity, and common conditions that are determined by security controls and do not depend on individual inputs are Describe as input governance condition data. If it is unknown, “?” Is described.

  For example, the control flow for “Bring” is created by the control flow editing unit 120 as shown in FIG.

  As shown in FIG. 8, the activity “application” describes two governance conditions, two inputs, one resource, and one output. As for the activity “approval”, it is described that the output of the activity “application” is an input, there is one unknown governance condition, one resource, and one output. Furthermore, for the activity “Bring out B”, it is described that there is one input, the output of the activity “approval” is an event condition, there is one unknown governance condition, there is one resource, and there is one output. Is done. The “B” mark is attached to the activity related to the business. In addition, an arrow indicating an event condition is expressed so as to be distinguishable from an input / output arrow (for example, a two-dot chain line). The information shown in FIG. 8 is extracted from the reference (FIG. 1).

  The information notation in the control flow is the same as the notation shown in FIG. However, nouns are written as they are without formatting for the arrow from the bottom to the activity.

  Further, the control flow of the operation procedure creation standard different from FIG. 1 is described as shown in FIG. The control flow of this operational procedure creation standard describes that there is only one activity called “Create Procedure”, that there are two inputs, one governance condition, one output, and one resource. Is done.

  In addition to the description as a flow diagram as shown in FIGS. 8 and 9, the control flow is held in the first control flow storage unit 140 in a table format as shown in FIG. In the example of FIG. 10, for each control flow, a flow name, one or a plurality of activities, and inputs, outputs, governance conditions, event conditions, and resources for each activity are registered.

  Next, the user organizes the current resources, instructs the control resource editing unit 150, and stores the control resource data in the control resource data storage unit 160 (FIG. 7: step S3).

  For example, as shown in FIG. 11, paying attention to each activity, elements related to the activity (input, governance conditions, resources, etc., pay attention to the thick dotted line) are extracted, and existing resources (for example, existing systems) for them are extracted. And people). In addition, clarify resource conditions based on existing control rules.

  For example, in the case of a user in department A, the element “export application medium” for the activity “approval” is the “management server” body of the PC export management system, and the data “(<export application>)” of the element is: It exists as “application DB information” in the database in the PC take-out management system. Such information is registered in the control resource data storage unit 160.

  FIG. 12A shows an example of data stored in the control resource data storage unit 160. Here, FIG. 12A shows an example in the case of the PC export standard, and corresponding resource information (subject or entity of the element) is registered for each combination of the standard, activity, and element name. . As for the activity, the entity (person and / or system) that executes the control procedure is registered. FIG. 12A shows an example of resource information corresponding to each of the department A using the PC export management system and the department B using the PC export management ledger. FIG. 12B shows an example in the case of operation procedure creation criteria. The format is the same as in FIG. 12A, and here, department A and department B are shown separately.

  Next, the control rule allocation unit 130 performs control flow correction support processing on the control flow stored in the first control flow storage unit 140 in accordance with the control rule stored in the control rule storage unit 110 ( FIG. 7: Step S5). Specifically, the user instructs the control flow editing unit 120 according to the processing result of the control flow allocation unit 130 to correct the control flow data, and stores the correction result in the first control flow storage unit 140.

  This control flow correction support process will be described with reference to FIGS. First, the first function definition table process using the function definition table (FIG. 4) stored in the control rule storage unit 110 will be described with reference to FIGS.

  First, the control rule allocation unit 130 extracts an activity name from the control flow data stored in the first control flow storage unit 140 (step S21). For example, in the case where the control flow shown in FIG. 11 is to be processed, “application”, “approval”, and “take-out B” are extracted. Then, the control rule assignment unit 130 extracts the function definition rule for the extracted activity name from the function definition table (FIG. 4) of the control rule storage unit 110 (step S23). In the case of the function definition table in FIG. 4, the data of the row in which the function name or activity name column is “application”, “approval”, or “export” is read as a function definition rule. In the case of the function definition table of FIG. 4, since there is no row corresponding to “application”, the rule for “application” is not read out.

  Thereafter, the control rule assignment unit 130 identifies one unprocessed activity among the activities extracted from the control flow (step S25). Then, the control rule assigning unit 130 compares the identified activity data with the corresponding function definition rule to check whether they match (step S27).

  This process will be described with reference to FIG. For example, focus on the activity “approval”. According to the function definition table of FIG. 4, the function “approval” requires “(<approval target name>)” as an input and “(<result> [permitted / unpermitted, approval target name])] as an output. And “(<Record> [Confirmation Item C, Approver Name, Date / Time])” is required, “(<Confirmation Item>)” is required as a condition, and “Management Manager” is required as a resource It is prescribed that. When such data is compared with the elements of the activity “approval” (input / output information, condition information, resource information) in FIG. "(<Record>)" is leaked as output, and "(Allow)" is also "(<Result>)" and the element "Approval Target Name" is leaked Is identified. Similarly, for the activity “take-out B”, it is specified that data of “(<record>)” is leaked as an output.

  Accordingly, when the activity data identified in step S25 does not match the corresponding function definition rule (step S27: No route), the control rule assignment unit 130 outputs an indication about the mismatch point to the user (step S27). S29). For example, data as shown in FIG. 14 is output. In FIG. 14, data to be input by the user when it is determined that there is a leak is listed and pointed out.

  Then, the user gives an instruction to the control flow editing unit 120 and inputs data prompted to be input within a range that can be understood. That is, the control flow editing unit 120 receives a correction input from the user, corrects the control flow, and stores the corrected control flow data in the first control flow storage unit 140 (step S31).

  For example, the correction shown in FIG. 15 is performed on the control flow shown in FIG. A portion indicated by a dotted circle is corrected by the user. In this way, by comparing with the control rules created by highly skilled users, it becomes possible to provide a control flow by giving notice to a part that a general user cannot notice from the standard alone. When the correction shown in FIG. 15 is corrected on the control flow definition table, the table shown in FIG. 16 is obtained. The hatched cell shows the corrected part.

  If the data of the identified activity matches the corresponding function definition rule (if there is no corresponding function definition rule, it is determined to match) (step S27: Yes route), or after step S31, control rule assignment The unit 130 determines whether correction has been completed for all activities (step S33). If one activity is modified, other activities may be affected. Therefore, until the modification is not performed for all activities, it is not judged that the modification has been completed, and the modification has not been completed. Then, the process returns from step S33 to step S25. In step S25, for example, activities are selected in a cyclic order.

  On the other hand, when correction is completed for all activities, other control flow correction support processing is performed.

  Next, the control flow definition process included in the control flow correction support process will be described with reference to FIGS. In the control flow definition process, control flow data stored in the first control flow storage unit 140 is used.

  The control rule assignment unit 130 identifies one unprocessed activity from the control flow data stored in the first control flow storage unit 140 (FIG. 17: step S41). Further, the control rule assignment unit 130 extracts the text of the governance condition for the identified activity (Step S43).

  Then, the control rule assigning unit 130 identifies an activity in which a text that matches the extracted text is defined as an element as a related activity (step S45). There may be no related activities. If there is a related activity, the control rule assignment unit 130 reads the data of the specified related activity from the first control flow storage unit 140 (step S47).

  For example, for the activity “application”, “application content” is extracted as the text of the governance condition, so the first control flow storage unit 140 (FIG. 16) is searched using the text “application content” and matches. Identify the activity “Create Procedure” that includes text in the element “Output”. Then, the data about the activity “procedure creation” is read out. Similarly, when the activity “approval” is also processed, the activity “procedure creation” is also specified. On the other hand, since only “?” Is registered for the activity “take-out B”, the related activity is not specified.

  Then, the control rule assigning unit 130 outputs the related activity data or the indication of not applicable to the user (step S49). As shown in FIG. 18, it is pointed out that the text “application contents” of the governance condition of the activity “application” is included in the output “operation procedure manual” of the activity “procedure creation”. Similarly, it is pointed out that the text “confirmation matter” of the governance condition of the activity “approval” is included in the output “operation procedure manual” of the activity “create procedure manual”. It is pointed out that there are no applicable governance conditions for the activity “Bring out B”.

  This suggests that there is a relationship between the output “operation procedure manual” of the activity “procedure creation” and the governance conditions of the activities “application” and “approval”, as indicated by the dotted circle in FIG. become. For the activity “Bring out B”, “not applicable” will be pointed out, but the relevance will be examined from the points to be pointed out regarding other activities.

  The user gives an instruction to the control flow editing unit 120 and makes corrections based on the data pointed out within a known range. That is, the control flow editing unit 120 receives a correction input from the user, corrects the control flow, and stores the corrected control flow data in the first control flow storage unit 140 (step S51). For example, control flow data as shown in FIG. 20 is stored in the first control flow storage unit 140. In the example of FIG. 20, the two control flows are connected, and the governance conditions of the activities “application”, “approval”, and “take-out B” are corrected. The tabular control flow data is modified as shown in FIG. 21, for example. In FIG. 21, the hatched cell is a corrected cell, and the association with the “operation procedure manual” is registered in the governance condition column. In this way, the relevance of the control flow not noticed by the user can be noticed.

  Then, the control rule assigning unit 130 determines whether correction has been completed for all activities (step S53). If one activity is modified, other activities may be affected. Therefore, until the modification is not performed for all activities, it is not judged that the modification has been completed, and the modification has not been completed. Then, the process returns from step S53 to step S41. In step S41, for example, activities are selected in a cyclic order.

  On the other hand, when correction is completed for all activities, other control flow correction support processing is performed. In the above description, attention is paid only to the governance condition, but processing may be performed focusing on other unconnected input / output.

  Next, the second function definition table process included in the control flow correction support process will be described with reference to FIGS.

  The control rule assignment unit 130 identifies one unprocessed activity among the control flows stored in the first control flow storage unit 140 (FIG. 22: step S61). Further, the control rule assignment unit 130 extracts text about the input element of the identified activity (step S63). Then, the control rule assignment unit 130 extracts a function definition rule including at least a part of the extracted text as the text of the input element from the function definition table (FIG. 4) in the control rule storage unit 110 (step S65).

  For example, when the input column in the function definition table of FIG. 4 is searched with the text “scheduled to bring in” of the input element of the activity “application”, the element “ It can be seen that it partially matches “scheduled date”.

  Then, the control rule assigning unit 130 determines whether the activity specified in step S61 matches the activity of the function definition rule extracted in step S65 (step S67). In the example described above, “application” and “time limit setting” do not match. If they do not match (step S67: No route), the control rule assignment unit 130 outputs an indication about the mismatch point to the user (step S69). For example, data as shown in FIG. 23 is output. In the example of FIG. 23, it is pointed out that “scheduled date” is defined as an input for the activity “application”, and there is a possibility that the function / activity “time limit setting” may be included. In this way, the possibility of a function / activity that does not appear on the surface can be examined. Further, in the example of FIG. 23, from the function definition rule for the function / activity called “limit setting”, “setting target name”, “return / delete / discard / carry out / carry-in / carry-out / carry-out scheduled date” “time information” ”,“ Setting target name ”“ setting date and time C ”for output, and“ longest deadline ”for governance conditions are indispensable. In this way, the function definition rule may be simply presented as it is. Further, the input may be compared to identify the difference, the outputs may be compared to identify the difference, the conditions may be compared to identify the difference, and only the difference may be pointed out.

  Then, the user gives an instruction to the control flow editing unit 120 and corrects the data prompted to be corrected within the range that can be understood. That is, the control flow editing unit 120 receives a correction input from the user, corrects the control flow, and stores the corrected control flow data in the first control flow storage unit 140 (step S71).

  For example, the correction shown in FIG. 24 is performed on the control flow shown in FIG. Focusing on the input of the activity “application”, the “setting target name” included in the function / activity “time limit setting” corresponds to the already set “<export application medium> (export target name)”. No particular modification is made. On the other hand, “time information” included in the function / activity called “limit setting” is corrected to be added. Further, focusing on the output of the activity “application”, for the “setting target name” included in the function / activity called “limit setting”, the already set “<export application medium> (<export application>)” Since it corresponds, no correction is made in particular, but “setting date / time C” included in the function / activity “time limit setting” is corrected to add “scheduled date to bring in”. Further, when focusing on the governance condition of the activity “application”, it is modified so as to add the “longest deadline” included in the function / activity called “deadline setting”. Furthermore, in the present embodiment, the activity name “application” is also corrected to “application (limit setting)” because “limit setting” is inherent. In FIG. 24, a dotted circle with (1) is related to this correction.

  When the identified activity matches the extracted function definition rule (when there is no corresponding function definition rule, it is determined to match) (step S67: Yes route), or after step S71, the control rule assignment unit 130 determines whether correction has been completed for all activities (step S73). If one activity is modified, other activities may be affected. Therefore, until the modification is not performed for all activities, it is not judged that the modification has been completed, and the modification has not been completed. Then, the process returns from step S73 to step S61. In step S61, activities are selected in order.

  On the other hand, when correction is completed for all activities, other control flow correction support processing is performed.

  In the example of FIG. 24, when the above-described correction is performed, a function / activity called “limit setting” is specified from the “scheduled carry-in date” of the input element for the activity “approval”. This is the same as the activity “application”. Therefore, the control rule assignment unit 130 outputs almost the same indication. On the other hand, the dotted circle with (2) in FIG. 24 is a part related to the correction performed by the user. Furthermore, in the present embodiment, the activity name “approval” is also corrected to “approval (limit setting)” because “limit setting” is inherent. Since corrections may be made in a chained manner in this way, iterative processing is performed until all the activities are corrected.

  When such a correction is made, the control flow takes a form as shown in FIG. In the table format, the data is as shown in FIG. FIG. 26 shows a cell in which a hatched cell is corrected.

  Next, the function set definition process included in the control flow correction support process will be described with reference to FIGS.

  The control rule assignment unit 130 specifies an unprocessed activity name in the control flow data stored in the first control flow storage unit 140 (FIG. 27: step S81). Further, the first control rule assignment unit 130 searches the function set definition table (FIG. 5) in the control rule storage unit 110 with the specified activity name, and specifies the corresponding rule (step S83). For example, in the case of the activity “application (time limit setting)”, it is confirmed whether “application (time limit setting)” at least partially matches the function name registered in the function set definition table. In this case, the function set name “expiration date” is specified.

  If the corresponding rule is not specified in step S83 (step S85: No route), the process proceeds to step S93. On the other hand, when the corresponding rule is specified (step S85: Yes route), the control rule assignment unit 130 checks whether or not an activity connection according to the extraction rule exists in the control flow (step S87). If an activity connection according to the extraction rule exists in the control flow, the process proceeds to step S93. On the other hand, when there is no connection of activities according to the extraction rule in the control flow, the control rule assignment unit 130 presents that there is a rule nonconformity and also presents data on the rule to the user ( Step S89). For example, the function definition rule of the function / activity that is lacking in the corresponding rule stored in the control rule storage unit 110 is read out and presented to the user.

  For example, data as shown in FIG. 28 is presented to the user. In the example of FIG. 28, the activity “application (time limit setting)” indicates that the activity “time limit confirmation” is essential after “time limit setting”. Furthermore, the data to be set as the input, output, condition, and resource of the missing activity “confirm deadline” are presented.

  Then, the user gives an instruction to the control flow editing unit 120 and corrects the data prompted to be corrected within the range that can be understood. That is, the control flow editing unit 120 receives a correction input from the user, corrects the control flow, and stores the corrected control flow data in the first control flow storage unit 140 (step S91).

  For example, it is assumed that the user adds an instruction “confirm deadline” as shown in FIG. 29 by giving an instruction to the control flow editing unit 120. Note that the same indication and correction are made for the activity “approval (time limit setting)”. Note that data as shown in FIG. 30 is added to the control flow data in the table format.

  In addition, when there is a connection of activities according to the extraction rule, when it is determined that the rule is not extracted in step S85, or after step S91, the control rule assignment unit 130 completes correction for all activities. It is determined whether or not (step S93). If one activity is modified, other activities may be affected. Therefore, until the modification is not performed for all activities, it is not judged that the modification has been completed, and the modification has not been completed. The process returns from step S93 to step S81. In step S81, for example, activities are selected in a cyclic order.

  The processing described above is the content of the control flow correction support processing. In addition, about each process included in the control flow correction | amendment assistance process, you may replace and carry out an order. However, if a correction is added to the control flow, it may be necessary to make further corrections in other processes.

  Further, when the control flow correction support process is completed, the control flow stored in the first control flow storage unit 140 becomes the reference control flow (ToBe).

  Returning to the description of the processing in FIG. 7, the control resource allocation unit 170 then controls the reference control flow stored in the first control flow storage unit 140 and the control resource stored in the control resource data storage unit 160. The resource allocation process is performed using the data (step S7). This resource allocation process will be described with reference to FIGS.

  The control resource allocation unit 170 identifies one unprocessed control flow among the control flows stored in the first control flow storage unit 140 (FIG. 31: step S101). In addition, the control resource allocation unit 170 specifies one unprocessed activity in the specified control flow (step S103). Thereafter, the control resource allocation unit 170 extracts the resource definition corresponding to the identified activity from the control resource information definition table (FIGS. 12A and 12B) in the control resource data storage unit 160 (step S105).

  Then, the control resource allocation unit 170 performs matching between the text of the identified activity element and the extracted resource definition (step S107).

  For example, one unprocessed control flow is specified from the standard name or flow name (or title). For example, it is assumed that the control flow “PC take-out” is specified. Further, for example, it is assumed that the activity “approval” is specified in the control flow “PC export”. Then, the four lines for the activity “approval” in the resource definition (FIG. 12) and the line for the activity “approval” in the control flow (FIG. 26) are matched. Here, department A is considered. Then, the resource for the entire activity “Approval” is “Corporate Employee, Management Client-Approval Function” while the resource definition is “Information Device Manager” in the control flow. Replace with. In addition, in the resource definition, “export application medium (<export application>)” is “management server (application DB information)”, whereas in the control flow, there is a portion where the words match “<export application medium” > (<Export application> [name of object to be taken out, planned date of import])]. Therefore, “<bringing application medium> (<bringing application>) in the control flow is replaced with the resource definition data. Especially, a part that does not have a matching word (a word between []) remains. "? (Permission)" is "e-mail (date, executive employee name, subject name)", but in the control flow "? (<Result> [permission , Approval name]) ”. In this case, all are replaced with resource definitions. Note that “information device manager” is “executive employee” in the resource definition, but since the “approved” resource has already been replaced, nothing is done here. The same replacement is performed for other activities.

  In step S107, not only the comparison but also the corresponding item is replaced.

  FIG. 32 shows an example of the control flow after the replacement process for the activity “approval”. In FIG. 32, the dotted-lined part shows the part automatically replaced. However, as indicated by a two-dot chain line circle, there is a portion where matching could not be performed. This part is subject to the following processing.

  Then, the control resource allocating unit 170 determines whether there is a part that cannot be matched in step S107 (step S109). If there is no matching part, the control resource allocating unit 170 proceeds to the process of FIG. On the other hand, if there is an unmatchable part, the control resource allocation unit 170 presents the unmatchable part to the user (step S111). As described above, an indication such as “there is no resource definition” is made for the portion indicated by a two-dot chain line in FIG.

  Then, the user gives an instruction to the control flow editing unit 120 and corrects the data prompted to be corrected within the range that can be understood. That is, the control flow editing unit 120 receives a correction input from the user, corrects the control flow, and stores the corrected control flow data in the second control flow storage unit 180 (step S113).

  Here, when the user is pointed out with respect to the portion indicated by a two-dot chain line in FIG. 32, the governance flow is corrected with respect to the control flow. On the other hand, for “? (Longest term)” and “? (<Record> [confirmation item C, name of approver, date and time, name to be taken out, scheduled date of carry-out]), the resource definition is corrected.

  That is, the user gives an instruction to the control resource editing unit 150 to correct the resource definition. The control resource editing unit 150 receives a correction input from the user for the resource definition, and registers the correction content in the control resource data storage unit 160 (step S115). The processing shifts to the processing in FIG. For example, as shown in FIG. 33, as can be seen from the hatched line for the activity “approval”, a resource definition is added to the elements described above. In FIG. 33, other correction portions are also reflected.

  Shifting to the description of the processing in FIG. 34, the control resource allocation unit 170 determines whether correction has been completed for all the activities (step S117). If one activity is modified, other activities may be affected. Therefore, until the modification is not performed for all activities, it is not judged that the modification has been completed, and the modification has not been completed. Then, the process returns from step S117 to terminal S103 in FIG. As described above, when the resource definition is corrected, the reflection is not yet performed, and from this point, the process returns from step S117 to step S103. In step S103, for example, activities are selected in a cyclic order.

  On the other hand, when the correction has been completed for all activities, the control resource allocation unit 170 determines whether all control flows have been processed (step S119). If there is an unprocessed control flow, the process returns to step S101 via the terminal C.

  When the control resource allocation process as described above is performed, the current control flow (AsIs) as shown in FIG. 35 for department A and FIG. 36 for department B is generated. Flow data is stored in the second control flow storage unit 180.

  Returning to the description of the processing in FIG. 7, the monitor item extraction unit 190 uses the data stored in the first control flow storage unit 140, the second control flow storage unit 180, and the control rule storage unit 110. An evaluation index candidate extraction process is performed (step S9). The evaluation index candidate extraction process will be described with reference to FIGS.

  First, the monitor item extraction unit 190 identifies one unprocessed extraction rule from the extraction pattern definition table in the control rule storage unit 110 (step S131). Then, the monitor item extraction unit 190 extracts the measurement data from the second control flow storage unit 180 or the first control flow storage unit 140 and the second control flow storage unit 180 according to the rule (step S133).

  The patterns B and G in FIG. 6 are extracted from the second control flow storage unit 180. The pattern CO is extracted from the first control flow storage unit 140 and the second control flow storage unit 180. For example, if the pattern B is an extraction rule, the measurement data to be extracted is “event condition of business function B (activity)” as the target 1. In FIG. 35 (department A), since the business function B is only the activity “take-out B”, the event condition is “e-mail (date, executive employee name, target name)”. On the other hand, if pattern B is an extraction rule, target 2 is “output (condition processing result C)”. In FIG. 35, the output of the activity “take-out B” includes “management server (take-out DB information [take-out DB information [take-out target name, take-out name, approver name, date / time])” and “PC (current address)”. is there. Such measurement data is extracted.

  When the same processing is performed for the patterns G and CO in this way, data as shown in FIG. 38, for example, is stored in the evaluation index candidate data storage unit 200. In FIG. 38 (department A), for each extraction pattern, the corresponding pattern name (also referred to as an evaluation type), the measurement location that is the corresponding activity name, the measurement data extracted according to the pattern, and the evaluation condition (rule) of the extraction pattern And the evaluation index candidate generated from them is registered. In step S133, the evaluation type, measurement location, and measurement data are registered.

  In the case of the pattern CO regarding the source accuracy, the target 1 is extracted from the current control flow shown in FIG. 35, and the target 2 is extracted from the standard control flow shown in FIG. In FIG. 38, focusing on the activity “procedure creation”, the resource extracted from FIGS. 25 and 35 is registered as measurement data. Further, in the case of the pattern G regarding the execution accuracy of the governance conditions, regarding the target 1, focusing on the activity “approval” from the current control flow shown in FIG. “Management server (approval DB information [confirmation item C])” is extracted. For the object 2, “confirmation item C” representing the condition processing result C is extracted.

  Further, for department B, the same processing is separately performed although not shown.

  In step S133, a plurality of sets of measurement data may be extracted.

  Therefore, the monitor item extraction unit 190 identifies one set of unprocessed measurement data (step S135), generates an evaluation formula according to the rule, and stores it in the evaluation index candidate data storage unit 200 (step S139). In the case of the pattern B described above, since one element is obtained for the target 1 and two elements are obtained for the target 2, the combination of the target 1 and the target 2-1 and the combination of the target 1 and the target 2-2 are obtained. To generate an evaluation formula. Specifically, as shown in FIG. 38, the first evaluation formula “CMP email, PC” and the second evaluation formula “CMP email, management server-export DB information” are generated. “CMP” is a comparative meaning.

  In this case, it can be determined that the latter is appropriate as a pattern of business function event condition execution accuracy. That is, matching that matches the purpose is performed.

  Further, the monitor item extraction unit 190 determines whether all measurement data has been processed (step S141). If unprocessed measurement data exists, the process returns to step S135. On the other hand, if all the measurement data have been processed, the monitor item extraction unit 190 determines whether all the extraction rules have been processed (step S143). If there is an unprocessed extraction rule, the process returns to step S131. If all extraction rules have been processed, the process returns to the original process.

  Note that, as shown in FIG. 38, for each evaluation formula candidate, the name of the formula may be created and registered so that the meaning can be easily determined. In the case of the patterns B and G, for example, the pattern may be corrected more easily based on a naming rule such as the corresponding measurement place-target 1-target 2-match rate. The pattern CO is created by adopting, for example, a naming rule “corresponding measurement location−target 1−reference matching rate”. You may make it easy to understand this rule. It may be created with reference to the standard control flow shown in FIG.

  Returning to the description of the processing in FIG. 7, for example, the user instructs the monitor item extraction unit 190 to present evaluation formula candidates. From the presented evaluation expression candidates, the user selects an evaluation expression (that is, an index) that seems appropriate. And according to the said evaluation formula, a setting, a measurement, evaluation, and improvement are implemented (step S11).

  Specifically, if the system is to implement security measures, specify the measurement target included in the selected index, and configure settings to output data about the measurement target as a log of the system that implements the security measure. Do. If there is no log, it is used as information for reviewing the log design of the system that implements security measures.

  On the other hand, when the security measure is not implemented by the system, the measurement target included in the selected index is specified, and the measurement item list is created. If the measurement item does not exist, add the collection method to the measurement item list, such as creating the entity in the management ledger or collecting it by hearing, and enter it in the management ledger.

  Then, referring to the measurement results such as logs collected according to the above settings, the security measure status is obtained numerically by applying to the selected index.

  At this time, the ratio at which the measurement results are collected with respect to the number of measurement objects is calculated as the measurement execution rate. For example, when there are 100 targets of a specific index, when only 90 results (OK or NG) are obtained, the measurement implementation rate is 90%. Moreover, the rate which shows a normal among measurement results is calculated as a countermeasure implementation rate. When the normal (that is, OK) is 90 among the measurement results 90 of the specific index, the countermeasure implementation rate is 100%.

  Evaluate whether the measured security countermeasure status (the calculated value of the index) meets the rules of control rules and control resources (accuracy), and whether each implementation rate and implementation target are appropriate (completeness).

  It is evaluated whether the index representing accuracy exceeds a predetermined standard. For example, if the index is the ratio approved according to the conditions, 30% is 100% or less, so it is determined that improvement is necessary.

  Further, it is evaluated whether or not the index representing the resource meets a predetermined standard (rule in the control resource information definition). For example, if it is an indicator that the approver is an executive employee, the evaluation is made with reference to the results collected as “approver”. If the result of the comparison is 100%, it is determined that there is no problem.

  Further, when considering improvement measures, it is possible to conduct a study with reference to a control flow as shown in FIG. For example, even when a case where a permission has been obtained and taken out is 100%, if an incident has occurred, the elements are examined retroactively from the activity “Bringout B”. Then, although there is an element of the governance condition “confirmation item” of the activity “approval”, if it is found that the entry result is actually bad, it is possible to consider such improvement.

  Although the embodiment of the present technology has been described above, the present technology is not limited to this. For example, the functional block diagram shown in FIG. 2 is an example, and the data storage mode and functional block configuration may not match the actual file configuration or program module configuration.

  The information security management support system 100 described above is a computer device, and as shown in FIG. 39, a display control unit connected to a memory 2501, a CPU 2503, a hard disk drive (HDD) 2505, and a display device 2509. A bus 2519 is connected to 2507, a drive device 2513 for the removable disk 2511, an input device 2515, and a communication control unit 2517 for connecting to a network. An operating system (OS) and an application program for executing the processing in this embodiment are stored in the HDD 2505, and are read from the HDD 2505 to the memory 2501 when executed by the CPU 2503. If necessary, the CPU 2503 controls the display control unit 2507, the communication control unit 2517, and the drive device 2513 to perform necessary operations. Further, data in the middle of processing is stored in the memory 2501 and stored in the HDD 2505 if necessary. In an embodiment of the present technology, an application program for performing the above-described processing is stored in a computer-readable removable disk 2511 and distributed, and installed from the drive device 2513 to the HDD 2505. In some cases, the HDD 2505 may be installed via a network such as the Internet and the communication control unit 2517. Such a computer apparatus realizes various functions as described above by organically cooperating hardware such as the CPU 2503 and the memory 2501 described above, the OS, and necessary application programs.

  The above-described embodiment can be summarized as follows.

  This information security management support method includes (A) a control stored in a first control flow storage unit that stores data on a control flow created according to a predetermined model notation based on IDEF0 based on information security management standards. A comparison step of comparing the data about the flow with the rule data stored in the control rule storage unit and created in advance according to a predetermined model notation, and (B) a function or activity included in the rule data, and a function or A specific step of identifying, among the input data of the activity, the output data, the resource data, the governance condition data, and the event condition data, data determined to be insufficient in the data regarding the control flow by the comparison step; and (C) a specific step The data identified by And a presentation step of presenting to the user.

  By automatically presenting such data to the user, problems regarding the initially created control flow can be immediately understood and corrected, thereby improving work efficiency.

  Further, the rule data described above may include functional model definition data including essential data among input data, output data, resource data, governance condition data, and event condition data for each function or activity. In that case, the comparison step described above may include a step of extracting and comparing the function model definition data for the corresponding function or activity from the rule data for each activity included in the control flow. Further, the specifying step described above may include a step of specifying data that is insufficient for the activity among the essential data included in the extracted functional model definition data. In this way, deficient data is identified for each function or activity. Accordingly, it is possible to efficiently compensate for the missing data.

  Further, the comparison step described above may include a step of comparing the first input data of each activity included in the control flow with the second input data included in the functional model definition data. Furthermore, when the second input data of the function model definition data exists in which the specific step described above matches or partially matches the first input data of the activity included in the control flow, the function model definition Identifying the function or activity of the data and if the identified function or activity is not associated with the activity of the first input data, identify the identified function or activity as the missing function or activity Including the step of. In this way, the missing activity is identified. Therefore, the deficient activity can be efficiently compensated.

  Furthermore, the rule data described above may include a plurality of functions or activities and include function set definition data related to a connection relationship between the plurality of functions or activities. In this case, the comparison step described above may include a step of comparing each activity included in the control flow with the function set definition data. In addition, the specific steps described above may require that a specific function set definition data be included in the control flow if the specific activity included in the control flow is included in multiple functions or activities included in the specific function set definition data. A step of confirming whether the activity is linked according to the prescribed linkage relationship, and a step of extracting a function or activity that is not included in the control flow among a plurality of functions or activities included in the specific function set definition data. You may make it. In this way, it becomes possible to point out the deficient activity from the part that does not follow the rules in the connection relationship of the activities in the control flow.

  The first control flow storage unit described above may store data regarding a plurality of control flows. In such a case, this information security management support method matches the governance condition data of the first control flow with the activity input data, output data, governance condition data, and event condition data included in the second control flow. Or if there is data that matches or partially matches, and if there is data that matches or partially matches, the data, the activity for the data, and the second control flow including the activity are sent to the user. It may further include a step of presenting and a step of presenting to the user that there is no corresponding data when there is no matching or partial matching data in any control flow. By performing such a process, it becomes possible to link the control flows.

  Further, the information security management support method described above is configured so that the information security management standard is stored when data on the standard control flow, which is the control flow modified according to the presenting step, is stored in the first control flow storage unit. Each data element for each activity included in the reference control flow from the control resource definition data storage unit that stores the actual data for each data element for each activity included in the control flow created based on the control resource definition data Extracting the entity data for the data element in the control resource definition data corresponding to, and replacing the corresponding data for the corresponding data element for the corresponding activity included in the standard control flow with the extracted entity data. Standard control flow The data you are, may further include the steps of storing as data about the current state control flow in the second control flow data storage unit. In this way, the entity data can be automatically applied to the standard control rule generated from the information security management standard and the rule based on know-how.

  Furthermore, in the control rule storage unit described above, data elements used for the evaluation index and evaluation formula data including the data element may be registered for each evaluation index for the information security management standard. . In this case, this information security management support method corresponds to the data element used for each evaluation index stored in the control rule storage unit from the data on the current control flow stored in the second control flow data storage unit. A step of extracting data to be generated, generating an evaluation formula according to the data of the evaluation formula for the evaluation index, and storing it in the evaluation index candidate data storage unit. In this way, it becomes possible to automatically generate evaluation index candidates for judging the quality of measures in implementing the information security management standard.

  In addition, this information security management support method uses the data on the reference control flow and the current control flow stored in the first and second control flow data storage units to evaluate each evaluation index stored in the control rule storage unit. The method may further include a step of extracting data corresponding to the data element to be used, generating an evaluation formula according to the data of the evaluation formula for the evaluation index, and storing the evaluation formula in the evaluation index candidate data storage unit. Such an evaluation index may also be automatically generated.

  A program for causing a computer to perform the processing described above can be created, such as a flexible disk, a CD-ROM, a magneto-optical disk, a semiconductor memory (for example, ROM), a hard disk, etc. Stored in a computer-readable storage medium or storage device. Note that data being processed is temporarily stored in a storage device such as a RAM.

  The following supplementary notes are further disclosed with respect to the embodiments including the above examples.

(Appendix 1)
Data on the control flow stored in the first control flow storage unit for storing data on the control flow created according to a predetermined model notation based on IDEF0 based on the information security management standard, and a control rule storage unit And a comparison step for comparing the rule data stored in advance and prepared in advance according to the predetermined model notation,
Of the functions or activities included in the rule data, and the input data, output data, resource data, governance condition data, and event condition data of the functions or activities, there is a deficiency in the data regarding the control flow by the comparison step. A specific step of identifying the data determined to be,
A presenting step of presenting the data identified by the identifying step to the user;
An information security management support method that is executed by a computer.

(Appendix 2)
The rule data includes function model definition data including essential data among input data, output data, resource data, governance condition data, and event condition data for each function or activity,
The comparing step comprises:
Extracting and comparing the function model definition data for the corresponding function or activity from the rule data for each of the activities included in the control flow, and
The specific step includes
The information security management support method according to supplementary note 1, including a step of identifying data that is deficient in the activity among the essential data included in the extracted functional model definition data.

(Appendix 3)
The rule data includes function model definition data including essential data among input data, output data, resource data, governance condition data, and event condition data for each function or activity,
The comparing step comprises:
Comparing the first input data of each of the activities included in the control flow with the second input data included in the functional model definition data,
The specific step includes
When there is second input data of the functional model definition data that matches or partially matches the first input data of the activity included in the control flow, the function or activity of the functional model definition data is specified. And steps to
Identifying the identified function or activity as the missing function or activity if the identified function or activity is not associated with the activity of the first input data;
The information security management support method according to supplementary note 1 or 2 including:

(Appendix 4)
The rule data includes a plurality of functions or activities and includes function set definition data related to a connection relationship between the plurality of functions or activities.
The comparing step comprises:
Comparing each of the activities included in the control flow with the function set definition data,
The specific step includes
When the specific activity included in the control flow is included in the plurality of functions or activities included in the specific function set definition data, according to the connection relationship defined in the specific function set definition data during the control flow. Checking whether the activity is linked;
Extracting a function or activity not included in the control flow from the plurality of functions or activities included in the specific function set definition data;
The information security management support method according to any one of appendices 1 to 3, including:

(Appendix 5)
The first control flow storage unit stores data on a plurality of control flows.
A step of determining whether there is data that matches or partially matches among the governance condition data of the first control flow and the input data, output data, governance condition data, and event condition data of the activity included in the second control flow When,
Presenting the data, the activity for the data, and the second control flow including the activity to the user if there is matching or partial matching data;
If no matching or partial matching data exists in any control flow, presenting to the user that there is no corresponding data; and
The information security management support method according to any one of appendices 1 to 4, further including:

(Appendix 6)
When data on a standard control flow, which is a control flow modified in accordance with the presenting step, is stored in the first control flow storage unit, it is included in the control flow created based on the information security management standard The control resource corresponding to each data element for each activity included in the reference control flow from a control resource definition data storage unit that stores entity data for each data element for each activity as control resource definition data Extracting entity data for data elements in the definition data;
The extracted entity data replaces the corresponding data for the corresponding data element for the corresponding activity included in the reference control flow, and the data for the reference control flow after the replacement is the data for the current control flow. 2 storing in the control flow data storage unit;
The information security management support method according to any one of appendices 1 to 5, further including:

(Appendix 7)
In the control rule storage unit, for each evaluation index for the information security management standard, data elements used for the evaluation index and evaluation formula data including the data element are registered,
Extracting data corresponding to the data elements used for each of the evaluation indexes stored in the control rule storage unit from data on the current control flow stored in the second control flow data storage unit, Generating an evaluation formula according to the data of the evaluation formula for the evaluation index, and storing it in the evaluation index candidate data storage unit;
The information security management support method according to appendix 6, further comprising:

(Appendix 8)
From the data on the reference control flow and the current control flow stored in the first and second control flow data storage units to the data elements used for the respective evaluation indexes stored in the control rule storage unit The information security management support method according to appendix 7, further comprising: extracting corresponding data, generating an evaluation formula according to the data of the evaluation formula for the evaluation index, and storing the evaluation formula in the evaluation index candidate data storage unit.

(Appendix 9)
A program for causing a computer to execute the information security management support method according to any one of appendices 1 to 8.

(Appendix 10)
Data on the control flow stored in the first control flow storage unit for storing data on the control flow created according to a predetermined model notation based on IDEF0 based on the information security management standard, and a control rule storage unit Comparing means for comparing rule data stored in advance and prepared in advance according to the predetermined model notation,
Of the functions or activities included in the rule data, and the input data, output data, resource data, governance condition data, and event condition data of the functions or activities, there is a deficiency in the data regarding the control flow by the comparison step. An identifying means for identifying the determined data;
Presenting means for presenting the data identified in the identifying step to the user;
An information security management support apparatus.

110 Control Rule Storage Unit 120 Control Flow Editing Unit 130 Control Rule Allocation Unit 140 First Control Flow Storage Unit 150 Control Resource Editing Unit 160 Control Resource Data Storage Unit 170 Control Resource Allocation Unit 180 Second Control Flow Storage Unit 190 Monitor Item Extraction Unit 200 Evaluation index candidate data storage unit

Claims (10)

Data on the control flow stored in the first control flow storage unit for storing data on the control flow created according to a predetermined model notation based on IDEF0 based on the information security management standard, and a control rule storage unit And a comparison step for comparing the rule data stored in advance and prepared in advance according to the predetermined model notation,
Of the functions or activities included in the rule data, and the input data, output data, resource data, governance condition data, and event condition data of the functions or activities, there is a deficiency in the data regarding the control flow by the comparison step. A specific step of identifying the data determined to be,
A presenting step of presenting the data identified by the identifying step to the user;
An information security management support method that is executed by a computer. The rule data includes function model definition data including essential data among input data, output data, resource data, governance condition data, and event condition data for each function or activity,
The comparing step comprises:
Extracting and comparing the function model definition data for the corresponding function or activity from the rule data for each of the activities included in the control flow, and
The specific step includes
2. The information security management support method according to claim 1, further comprising: identifying data that is deficient in the activity among the essential data included in the extracted function model definition data. The rule data includes function model definition data including essential data among input data, output data, resource data, governance condition data, and event condition data for each function or activity,
The comparing step comprises:
Comparing the first input data of each of the activities included in the control flow with the second input data included in the functional model definition data,
The specific step includes
When there is second input data of the functional model definition data that matches or partially matches the first input data of the activity included in the control flow, the function or activity of the functional model definition data is specified. And steps to
Identifying the identified function or activity as the missing function or activity if the identified function or activity is not associated with the activity of the first input data;
The information security management support method according to claim 1 or 2, further comprising: The rule data includes a plurality of functions or activities and includes function set definition data related to a connection relationship between the plurality of functions or activities.
The comparing step comprises:
Comparing each of the activities included in the control flow with the function set definition data,
The specific step includes
When the specific activity included in the control flow is included in the plurality of functions or activities included in the specific function set definition data, according to the connection relationship defined in the specific function set definition data during the control flow. Checking whether the activity is linked;
Extracting a function or activity not included in the control flow from the plurality of functions or activities included in the specific function set definition data;
The information security management support method according to any one of claims 1 to 3, further comprising: The first control flow storage unit stores data on a plurality of control flows.
A step of determining whether there is data that matches or partially matches among the governance condition data of the first control flow and the input data, output data, governance condition data, and event condition data of the activity included in the second control flow When,
Presenting the data, the activity for the data, and the second control flow including the activity to the user if there is matching or partial matching data;
If no matching or partial matching data exists in any control flow, presenting to the user that there is no corresponding data; and
The information security management support method according to any one of claims 1 to 4, further comprising: When data on a standard control flow, which is a control flow modified in accordance with the presenting step, is stored in the first control flow storage unit, it is included in the control flow created based on the information security management standard The control resource corresponding to each data element for each activity included in the reference control flow from a control resource definition data storage unit that stores entity data for each data element for each activity as control resource definition data Extracting entity data for data elements in the definition data;
The extracted entity data replaces the corresponding data for the corresponding data element for the corresponding activity included in the reference control flow, and the data for the reference control flow after the replacement is used as the data for the current control flow. Storing in the control flow data storage;
The information security management support method according to any one of claims 1 to 5, further comprising: In the control rule storage unit, for each evaluation index for the information security management standard, data elements used for the evaluation index and evaluation formula data including the data element are registered,
Extracting data corresponding to the data elements used for each of the evaluation indexes stored in the control rule storage unit from data on the current control flow stored in the second control flow data storage unit, Generating an evaluation formula according to the data of the evaluation formula for the evaluation index, and storing it in the evaluation index candidate data storage unit;
The information security management support method according to claim 6, further comprising: From the data on the reference control flow and the current control flow stored in the first and second control flow data storage units to the data elements used for the respective evaluation indexes stored in the control rule storage unit The information security management support method according to claim 7, further comprising: extracting corresponding data, generating an evaluation formula according to the data of the evaluation formula for the evaluation index, and storing the evaluation formula in the evaluation index candidate data storage unit.   A program for causing a computer to execute the information security management support method according to any one of claims 1 to 8. Data on the control flow stored in the first control flow storage unit for storing data on the control flow created according to a predetermined model notation based on IDEF0 based on the information security management standard, and a control rule storage unit Comparing means for comparing rule data stored in advance and prepared in advance according to the predetermined model notation,
Of the functions or activities included in the rule data, and the input data, output data, resource data, governance condition data, and event condition data of the functions or activities, there is a deficiency in the data regarding the control flow by the comparison step. An identifying means for identifying the determined data;
Presenting means for presenting the data identified in the identifying step to the user;
An information security management support apparatus.

Images