JP2002247033A - Security management system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To simply execute the network management/inspection of an enterprise information system on the basis of information policy. SOLUTION: The security management system in provided with a policy database 132, a security management/inspection program database 133 allowing information security policy and a target system to correspond to a management/ inspection program, a policy/set information mapping table 136, and a set information storing database 137. The system retrieves a management/inspection program corresponding to the range of the information policy and the target system specified by an operator and automatically executes the retrieved program. The management/inspection program executes management/inspection concerned with the information security policy of the target system corresponding to the program itself. The system is provided with also an interface for retrieving the mapping table 136 about the set information of policy selected by a user, extracting different set contents to the same set item and selecting set contents suitable for the user.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a technique for supporting control and management of a security state of an information processing system including various processing devices connected to a network.

[0002]

2. Description of the Related Art In recent years, information systems using the Internet technology and the like have come to be widely used as infrastructures for corporate activities. Security systems are becoming increasingly important.

As a conventional technique for managing such a security system, there is a network management system such as a firewall and an anti-virus program for setting and changing individual security systems in an information system. For an overview of the network management system, see BELL LABS Technical Journal Volme 4, Num.
ber 4 October-December 1999 P.3-P22 “Network Mana
gement: described in Emerging Trends and Challenges. In addition, the scale of information systems used by each organization is expanding, and individual devices and VPNs (Virtual Pr
(ivate Network), etc., there is a need for a method or mechanism for easily setting settings across multiple devices.

[0004] In order to satisfy such needs, there has been proposed a technique for creating setting contents of individual devices from definition contents called more abstract policies. For example,
Regarding network resource allocation control, there is a priority control technique based on Diffserv proposed in RFC2475. Diff
serv classifies network traffic into classes,
This is a technique for executing priority control for each traffic class by defining a resource management policy for each class. A policy in Diffserv is a set of rules such as "Execute action B when condition A is satisfied" for traffic of a certain application. is there. Diffserv is also studying a "policy framework" mechanism that generates configuration parameters from policies defined by the administrator and sets them on each device.

Japanese Patent Application Laid-Open No. 2000-244495 discloses a method of automatically generating access control setting parameters for allocating network resources and ensuring security, using a definition relating to a task executed in a network as a policy, and It discloses a mechanism to set it on a firewall device.

[0006]

As for security measures for an information system, an information security policy, which is a measure based on a threat analysis of the entire information system, is created, and a security system is introduced and operated in the information system according to the information security policy. It is desired to implement it through a series of procedures such as management. As a recommendation for information system security measures in accordance with such procedures, there is a security evaluation standard CC (Common Criteria) internationally standardized as ISO15408 in June 1999.

However, it manages what security systems have been introduced to implement security measures in accordance with information security policies, and how the security system is operated and managed for each information security policy. There is no mechanism to do that.

For this reason, it is difficult to control and manage the security state of the information system in accordance with the information security policy unless the administrator has a high level of expertise in the information security policy and the security system. . In addition, the burden such as the time and cost required for controlling and managing the security state of the information system according to the information security policy is large.

In particular, as for the creation of an information security policy, as the content defined as the policy increases, it is guaranteed that the created policies do not contradict each other and that the policies are not impossible to realize in an actual network environment. It's getting harder to do.

[0010]

SUMMARY OF THE INVENTION The present invention provides a technique for simplifying control and management of the security state of an information system according to an information security policy. The present invention can perform a series of procedures such as creation of an information security policy, introduction of a security system to an information system and operation management in accordance with the information security policy, without high-level expertise in information security policies and security systems. Provide the technology to help you. The present invention assists a network administrator in creating a policy without contradiction and in creating settings for implementing a policy in a policy-based network management system that manages a system including computers connected to a network. Provide technology.

[0011] A first aspect of the present invention corresponds to at least one managed system and an information security policy, and adjusts the security state of the corresponding managed system to the corresponding information security policy. Prepare a plurality of management units to be controlled. Then, the management unit corresponding to the information security policy and the managed system specified by the user is extracted, and the security state of the managed system corresponding to the management unit is assigned to the management unit. Make changes to conform to the information security policy. Alternatively, a plurality of audit units corresponding to at least one managed system and the information security policy and auditing a security state of the corresponding managed system related to the corresponding information security policy are prepared. Then, the auditing unit corresponding to the information security policy and the managed system specified by the user is extracted, and the security status related to the corresponding information security policy of the managed system corresponding to the auditing unit is added to the auditing unit. Audit.

In the second embodiment of the present invention, first, a database is prepared in which a correspondence between an information security policy representing a policy of a security measure and at least one managed system is described. Then, the system accepts the designation of each managed system constituting the information system constructed or about to be constructed by the user, and extracts the information security policy registered in association with these from the database, for example, A security specification to be applied to the information system, which describes a list of correspondences between managed systems constituting the system and information security policies, is described. Next, system information such as the type and software version of the managed system, which is associated with the set of the information security policy and the managed system specified by the established security specification, and the relevant information of the managed system. A security management system installed in an information system constructed by a user executes a plurality of audit programs in which a process for auditing a security state related to an information security policy is described. Then, system information such as the model and software version of each managed system constituting the information system constructed by the user and the security state are audited, and the security of the information system is diagnosed. Next, a process for controlling a security state related to a corresponding information security policy of the managed system, which is associated with a set of the information security policy and the managed system specified by the established security specification, is described. Among several management programs,
For example, a management program associated with a set of an information security policy and a system to be managed determined that the user needs to change the security state based on the result of the security diagnosis is introduced into an information system constructed by the user. The management program is executed to change the security state of the managed system corresponding to the management program so as to match the information security policy corresponding to the management program.

In a third aspect of the present invention, a database is prepared in which an information security policy representing a policy of a security measure, a setting item of at least one managed system and a correspondence between the setting item and the setting item are described.
Then, it accepts designation of each managed system constituting the information system constructed or about to be constructed by the user, extracts information security policies registered in association with these from the database, and Create a list of setting items and setting values for the system. When a plurality of different setting values are extracted for a single setting item by a plurality of information security policies, the information security policy and a list of items and item values to be set by the policy are presented to the user. Then, a processing unit for selecting an item value to be adopted is provided.

[0014]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS (First Embodiment) As shown in FIG. 1, an information system according to the present embodiment includes an information security policy management / auditing support device 31 and management / auditing targets for servers, routers, firewalls and the like. It has a configuration in which it is connected to a computer 32 via a network 33.

As shown in FIG. 2, the hardware configuration of the information security policy management / audit support device 31 is, for example, connected to a CPU 11, a memory 12, an external storage device 13 such as a hard disk device, and a network 33. A communication device 14, an input device 15 such as a keyboard and a mouse, a display device 16 such as a display, and a reading device 17 for reading data from a portable storage medium such as an FD or a CD-ROM.
And an interface 18 for controlling data transmission and reception between the above-described components, and can be constructed on a general computer. The external storage device 13 stores a support program 134 for constructing each function of the information security policy management / audit support device 31 on a computer. The CPU 11 loads the program 134 onto the memory 12 and executes the program 134 to thereby execute the management / audit target area control unit 11.
1. The information security policy selection control unit 112, the information security policy / security management / auditing program association control unit 113, and the input / output control unit 114 are implemented on a computer. In addition, a system component device information database 131, an information security database 132, and a security management / auditing program database 133 are formed on the external storage device 13. Although not shown, a communication control unit and the like for mutually communicating with other devices via the network 33 are also constructed on the computer.

FIG. 3 shows the configuration of the computer 32 to be managed / audited. As shown in FIG. 3, the external storage device 13 of the management / auditing target computer 32 has an OS program 150 running on the management / auditing target computer 32 and an application program 137.
And security management / auditing program group 13 for security management / auditing of application programs 137
6 is stored. Other components having the same functions as those of the information security policy management / audit support device 31 shown in FIG. 2 are denoted by the same reference numerals. The CPU 11 executes the OS program 150 loaded on the memory 12 to execute
Implement S151 on an electronic computer. Further, by executing the application program 137 loaded on the memory 12, the application unit 13 which provides individual services of the server, the router, the firewall, and the like is provided.
8 is realized on a computer. In addition, by executing a management program included in the security management / auditing program group 136 loaded on the memory 12, the security management unit 139 for changing the state of the security measures of the OS 151 and the application unit 138 is provided on the computer. By executing the audit program included in the security management / management program group 136, the security audit unit 140 for checking the status of the security measures of the OS 151 and the application unit 138 is realized on the computer. Although not shown, a communication control unit and the like for mutually communicating with other devices via the network 33 are also constructed on the computer.

Each database of the information security policy management / audit support device 31 will be described. FIG. 4 shows the contents of the component device information database 131 of the system.
In the figure, in each row, a column 41 describes an identifier (SYSID) that uniquely identifies a system to be subjected to information security policy management / audit. In column 44, the name of the software program that builds the system indicated by the SYSID in column 41
(Names of the OS program 150 and the application program 137) are described. Column 42 describes the type of device (eg, router, server, client, firewall, etc.) on which the system indicated by the SYSID in column 41 operates. The column 45 stores the selection result by the operator of the system indicated by the SYSID in the column 41.

FIG. 5 shows the contents of the information security policy database 132. In the figure, in each row, a column 51 includes an identifier for uniquely identifying the information security policy.
(POLICYID) is described. In column 52, the policy type of the information security policy described in the column of POLICYID in column 51
(Eg, identification and authentication, access control function, etc.) are described. In column 53, a security measure indicating the content of the information security policy described in the POLICYID column of column 51
(For example, limiting the terminals that can access the network,
Implementation of a good password setting for identification / authentication information) is described. The column 54 stores the result of selection by the operator of the information security policy indicated by the POLICYID in the column 51.

FIG. 6 shows the contents of the security management / audit program database 133. In the figure, in each row, a column 61 describes an identifier (POLICYID) for uniquely identifying an information security policy. In the column of the management program in column 62, the name 621 of the management program that manages the security measures of the information security policy described in the column of POLICYID in column 61, and the SYSID 622 of the system that the management program with the name 621 manages are described. In addition, an association 623 indicating whether or not the management program with the name 621 is required is described. Then, in the column of the audit program in column 63, the POLICYID in column 61
The name 631 of the audit program that audits the security measures of the information security policy described in the column of, and the SYSID 63 of the system that the audit program with the name 631 audits
2 and an association 633 indicating whether or not the execution of the audit program with the name 631 is required.

The operation of security policy management / audit in the information system having the above configuration will be described. FIG. 7 shows an operation procedure of the security policy management / auditing device 31. The management / audit target area control unit 111 uses the input / output control unit 114 to register the display device 16 in the system component device information database 131 formed on the external storage device 13 as shown in FIG. The information security policy management / audit target area selection screen showing the contents of the information is displayed (step S701).

In FIG. 8, each item of “apparatus type” 91, “software type” 92, and “program name” 93
Columns 42, 43, 44 of the system component device information database 131
, Respectively. On this screen, the operator
The information security policy management / audit target area is specified in any of the items 91 to 93, and this can be selected by using the button of the item “usability” 94. This selection result is reflected in the column 45 of the system component device information database 131 by the management / audit target area control unit 111. That is, when a certain device type is selected, the column 45 of all the rows in which the device type is described, and when a certain software type is selected, all the lines in which the software type is described Column
Further, when a certain program name is selected, “YES” is registered in column 45 of the row in which the program name is described as selectable or not.

When the information security policy management / audit target area is selected by the operator (step S702),
The information security policy selection control unit 112 uses the input / output control unit 114 to display, on the display device 16, an information security policy selection screen showing the contents registered in the information security policy database 132, as shown in FIG. It is displayed (step S703).

In FIG. 9, items of “measure type” 1001 and “security measure” 1002 correspond to columns 52 and 53 of information security policy database 132, respectively. On this screen, the operator can select any item 100
The information security policy can be specified in 1 and 1002, and this can be selected with the button of the item “usability” 1003. The result of the selection is stored in column 5 of the information security policy database 132 by the information security policy selection control unit 112.
Reflected in 4. That is, when a certain measure type is selected, the column 54 of all rows in which the measure type is described,
When a certain security measure is selected, “YES” is registered as a selectable or not in column 54 of the row where the security measure is described.

When the information security policy is selected by the operator (step S704), the information security policy / security management / auditing program association control unit 113 determines the selected information based on the result selected in steps S701 to S704. A management / audit program corresponding to the security policy and the system is extracted from the security management / audit program database 133. Then, the extracted column 62 of the correspondence of the management / audit program
3, "Necessary" is registered in 633 (step S705). This extraction is performed according to the procedure shown in FIG.

For information security policy, column 61
The security management / audit program database 133 is searched using the presence or absence of the identifier (POLICYID) selected in step S704 ("YES" is registered in the column 54 in the information security policy database 132) in step S704.
(Step S801). Extracting the management program, targeting the column 622 in the same row as the identifier (POLICYID) sought, the system selected in step S702 ("YES" is registered in the column 54 in the system component information database 131) (Step S80)
2, S803). Then, the extraction of the audit program was performed on column 632 in the same row as the identifier (POLICYID) sought.
This is performed using the presence or absence of the identifier (SYSID) of the system selected in step S702 (YES is registered in column `` 54 '' in the system component device information database 131) (step S702).
804, S805). Returning to FIG. 7, when the management / auditing program extraction is completed, the information security policy / security management / auditing program association control unit 113 uses the input / output control unit 114 to display on the display device 16 as shown in FIG. ,
A screen for designating the implementation status of the information security policy and the change of the security measure is displayed (step S706).

In FIG. 11, items of “measure type” 1001 and “security measure” 1002 correspond to columns 52 and 53 of information security policy database 132, respectively, and are selected in step S704 (YES in step S704). Only those set in column 54) are displayed. The operator can select one or a plurality of information security policies to be managed or audited in each item of “measure type” 1001 and “security measure” 1002. The item “Management” 1101 is selected after selecting the information security policy.
This button is used to change security measures related to the selected information security policy using the management program. The item “audit” 1102 is used to select the information security policy using the audit program after selecting the information security policy. This button is used to confirm the implementation status of the information security policy related to. The operator can select one of the buttons “manage” 1101 and “audit” 1102.

The information security policy is selected by the operator, and “management” 1101 and “audit” 1102
Is selected (step S707), the information security policy / security management / auditing program association control unit 113 proceeds to step S705.
Extracted for the selected information security policy (security management and audit program database 133
(Necessary (○) is marked in the association columns 623 and 633), the security management program or the audit program is started via the network 33.

If the selected button is "manage" 1101, the management program extracted as described above from the management / audit program group 136 on the management / audit target computer 32 is activated and executed. . The security management unit 139 embodied by executing the management program displays, on the display device 16 of the computer 32 to be managed / audited, a management screen such as a security system setting change as shown in FIG. 12 (step S708). ). Then, a change in the setting of the security system is received and set, and the content is returned to the information security policy / security management / auditing program association control unit 113 via the network 33. Upon receiving the response, the information security policy / security management / auditing program association control unit 113 compares the content with the information security policy management / auditing support device 31.
Is displayed on the display device 16.

FIG. 12 shows an information security policy corresponding to the policy type 52 “identification and authentication function” and the security policy 53 “implementation of a good password for identification and authentication information” in the information security policy database 132 shown in FIG. A password management program (the management program name in FIG. 6), which is a management program for managing “AUTH-01”
621 “ADM_USR_ # 2”) is shown as an example. The screen in FIG. 12 is a screen for receiving a password setting change.

In step S707, if the selected button is "audit" 1102, the audit program extracted as described above from the management / audit program group 136 on the management / audit target computer 32 is started. , For example, the figure
According to the operation procedure as shown in FIG. 13, the security audit of the system where the audit program performs the audit is performed (step S709). Then, the result is transmitted to the information security policy / security management /
Responds to the audit program association control unit 113. Information security policy / security management
The audit program association control unit 113 displays the contents on the display device of the information security policy management / audit support device 31.
Display at 16.

FIG. 13 shows the information security policy “ACCADM-01” corresponding to the policy type 52 “access monitoring” and the security policy 53 “implementation of data program tampering detection” in the information security policy database 132 shown in FIG. The data tampering audit program (the management program name 621 "A
UDIT_LOG_ # 1 ”) is activated. In this example, the audit program checks whether the falsification detection program itself is installed and operated on the management / audit target computer 32 (step S1701), and checks whether the operation log is stored (step S1701). Step S170
2). Then, confirm the continuous operation of the falsification detection program by checking the update date of the operation operation log (step S
1703). If all of the confirmation items have been confirmed, the audit result is good, and therefore, “completed” is returned to the information security policy / security management / audit program association control unit 113 as the audit result (step S1705). ). On the other hand, if not, the audit result is defective, and therefore, “not implemented” is returned to the information security policy / security management / audit program association control unit 113 as the audit result (step S1704). Returning to FIG.
Upon receiving the response of the audit result, the information security policy / security management / audit program association control unit 113 displays it on the display device 16 (step S710).

In the present embodiment, a case has been described in which a management / auditing program is provided for each program described in the program name 44 in FIG. However, the present invention is not limited to this. For example, in the constituent device information database 131 of the system shown in FIG.
A management / audit program is provided for each unit of the device described in 2 and the software described in the software type 43, and the management / audit program is set according to the selected device type and software type and security measures. It may be executed.

When a management / auditing program is provided for each device type, the audit result can be displayed, for example, as follows. FIG. 14 shows the audit result in the component device information database 131 of the system shown in FIG.
For each device type 42, an example is shown in which the ratio of the implemented security type to the total number 53 of security measures of the relevant policy type is displayed using a so-called radar chart for each of the policy types 52 of the information security policy database shown in FIG. I have. FIG. 15 shows an example in which the executed ratio is displayed using a table. In FIG. 14 or FIG. 15, the operator
By specifying the tag 1201, the audit result for each device type 42 can be displayed. In addition, the operator sets
If you specify 02 and select the button "Details" 1203,
As shown in FIG. 17, an audit result returned for each security measure 53 is displayed for each measure type 52 in the information security policy database shown in FIG. In FIG. 17, when the operator wants to perform management such as setting change based on the audit result or wants to perform the audit again, he checks the selection column of column 1402 and changes the security measure using the management program. Button 1402 for performing the operation, or the button "audit" 1403 for confirming the implementation status of the information security policy using an audit program.

FIG. 16 shows the audit results for each measure type 52 in the information security policy database shown in FIG.
In this example, the ratio of the implemented security measures to the total number 53 of security measures of the measure type for each device type 42 of the component device information database 131 of the system shown in FIG. In FIG. 16, the operator can display an inspection result for each measure type 52 by designating a tag 1501. Further, if the operator specifies the device type 1502 and selects the button “Details” 1503, as shown in FIG. 17, for each policy type 52 of the information security policy database shown in FIG. Displays the audit results that were responded to.

According to the present embodiment, the following effects can be obtained. (1) The operator specifies the system to be managed and audited,
Just by selecting an information security policy, a security management / audit program required by the configuration is selected. For this reason, it is easy to associate with a security system introduced to implement security measures according to the information security policy. (2) By simply designating the management of the information security policy input by the operator, a management program for applying the information security policy of the target system can be started. For this reason, in order to perform the operation management of the information system according to the information security policy, the operation management becomes easy even for a manager who does not have a high level of specialized knowledge. (3) The state of the security measure based on the information security policy of the target system can be evaluated only by designating the state of the information security policy input by the operator to perform the audit. For this reason, in order to grasp the operation management state of the information system in accordance with the information security policy, the implementation is easy even for an administrator who does not have a high level of specialized knowledge. (Second Embodiment) In this embodiment, the security policy management / audit support device 31 described in the first embodiment is slightly modified, and the modified device 31 'is used.
A case in which an administrator assists a user in executing a series of procedures such as creation of an information security policy to be applied to a user's information system, introduction of a security system to the information system according to the information security policy, and operation management. explain.

FIG. 18 shows the configuration of the security policy management / audit support device 31 '. As shown, as shown in FIG.
The configuration of 1 ′ is basically the same as that of the first embodiment shown in FIG. However, when the CPU 11 loads the support program 134 stored on the external storage device 13 into the memory 12 and executes it, the system configuration device information database 131, the information security database 132, and the security In addition to the management / auditing program database 133, a component device information / security status database 135 of the management / auditing target system is formed. The database 135 stores the status of security measures for the system obtained from the audited system of the program by executing the audit program associated with the security management / audit program database 133 shown in FIG. Various information such as version information of a software program for constructing the system and a model of a device on which the system operates are stored.

FIG. 19 shows the contents of the component device information / security status database 135 of the management / auditing target system. In the figure, in each row, a column 71 describes the name (AUDITID) of the audit program. Column 72, SYSID721 of the system corresponding to the audit program specified by the AUDITID described in the corresponding column of the column 71 (can be specified from the security management and audit program database 133),
Update information 724 such as the software type 722, the program name 723, and the version and patch of the software program that constructs the system obtained from the system indicated by SYSID 721 by executing the audit program
And the latest information on the system to be audited by the audit program, including the type 725 and the type information 726 of the device on which the system operates. In column 73, the security management / audit program database 13 shown in FIG. 6 obtained by executing the audit program specified by the AUDITID described in the corresponding column of column 71 and shown in FIG.
POL associated with the audit program in 3
Whether the security program indicated by the information security policy specified by CYID 61 (which can be specified from the information security policy database 132) has been implemented 731 and the security status 732 of the system related to the security policy, Security information for the system to be executed is described. As the security state 732, for example, when the security measure is "restriction of terminals that can access the external network" and the system to be audited is a "router", the setting information on the connection of the router to the external network is applicable. I do. The type of information to be obtained as the security state 732 is determined for each audit program by a system audited by the audit program, an information security policy, and the like.

A description will be given of support for security management of an information system which can be realized by using the security policy management / audit support device 31 '. FIG. 20 is a diagram conceptually illustrating a security management support procedure of the information system which can be realized by using the security policy management / audit support device 31 ′. As shown, the support procedure for security management of the information system according to the present embodiment is divided into the following three phases. (1) Design phase Using the security policy management / auditing support device 31 ', a specification of an information system constructed or to be constructed by a user is accepted (2001), and a security specification applicable to the information system is formulated. Then, this security specification is presented to the user (2002), the information security policy applied to the information system is determined, and the information security policy is audited and managed in accordance with the determined information security policy. Set the policy management / audit support device 31 '(2
003). (2) Introduction phase The security policy management / audit support device 31 'is connected to the user's information system (2004). Then, the security state of the information system related to the information security policy determined in the design phase is diagnosed (2005, 200
6) If necessary, change the security state of the system (2007, 2008). (3) Operation phase Periodically diagnose the security status of the user's information system with respect to the information security policy determined in the design phase (2009, 2010). Identify the location where the change was made (2011) and change the security status of that location as needed (2012).
In addition, the security status diagnosis result and CERT (COMPUTER EM
ERGENCYRESPONSE TEAM) and other security hole information published by security intelligence agencies (2013), and identify where security status needs to be changed (2
011), the security state is changed (2012).

The administrator obtains the security diagnosis result (2010) obtained from the user's information system and the security hole information (2013) published by the security information organization based on the component device information database 131, the information security policy database 132, and the security information. By updating the information security policy management / audit support program 134 so that it is reflected in the management / audit program database 133, the contents will be reflected in the security system newly introduced to the user's information system in the future. Good (2014).

The security diagnosis result (2010) obtained from the user's information system can be used for a partial redesign of the security policy. That is,
The security diagnosis result created in the operation phase (2010) is fed back to the design phase (2014), and the administrator modifies the security specifications applicable to the system using the security policy management / audit support device 31 ', and It is also possible to re-present the results to the user (2002) and modify the security policy applied to the information system.

In FIG. 20, the information security policy management / audit support device 31 is realized as an integrated structure.
As shown in (1), an independent program divided for each function may be used. That is, in the design phase, the security specification design support tool (program) 1901 is used in the management site to confirm that the original security specification draft 1902 for the system and the constructed system satisfy the security specification. It outputs a security diagnosis item list file 1903 that describes a list of diagnosis items to be used. In the introduction phase, the security investigation / diagnosis tool 1905 is provided with the security diagnosis item list 1903 as input information to diagnose the situation where the security specifications formulated in the design phase are implemented in the management target 32, etc., and as a result Is output as a security diagnosis result file 1908. Furthermore, the security diagnosis result file 1908 is given as input information to the security operation management tool 1906, and if there is a problem in the security setting of the management target 1802 or the like, the setting is changed. Further, the security investigation / diagnosis tool 1905 collects information on the types and settings of the programs running on the management target 32 and the like, and stores them as type information / setting information DB1907. When the system is constructed in the introduction phase, a system information collection / setting agent program 1904 operating on the managed object 32 or the like may be distributed and used for information collection.

In the operation phase of the system, information about security holes 1910 issued by CERT or the like is obtained at any time in the management site, and the type information / setting information is obtained.
By searching the DB1907, a user site where the security hole may be present is specified, and a security diagnosis item list file 190 for the site is identified.
Perform the process to create 3. Furthermore, in the management site, a security diagnosis item list file 1903 created in the security investigation / diagnosis tool 1905 is given as an input, and a security diagnosis is performed for a user site that may have a security hole, and the result is subjected to a security diagnosis. Output as result file 1908. Further, the security diagnosis result file 1903 is given as input information to the security operation management tool 1906, and if there is a problem in the security setting of the management target 32 or the like, the setting is changed. Further, the security investigation / diagnosis tool 1905 periodically and periodically stores information on the types and settings of programs running on the management target 32 and the like.
Alternatively, it collects irregularly and stores the model and setting status of the management target of the user site as model information / setting information DB1907. As with the design phase, collecting information involves:
A system information collection / setting agent program 1904 running on the management target 32 or the like may be used. At user site, unauthorized access detection tool 1911
In addition to detecting and taking countermeasures against unauthorized access using, security operation management tools in the management site 1906
Information on the results of unauthorized access detection on a regular basis,
Alternatively, collect the information at irregular intervals and store it in the detection result DB1909. If there is a security problem with the management target 32, change the settings. The contents of the detection result DB1909 and the information on security holes 1910 issued by CERT etc. indicate the trend of unauthorized access, and are fed back to the security specification design in the system design phase.

The operation of the security policy management / auditing device 31 'in each phase of design, introduction, and operation shown in FIG. 20 will be described below. FIG. 21 shows an operation procedure of the security policy management / auditing device 31 ′ in the design phase. This procedure is usually performed in a state where the security policy management / auditing device 31 'is not connected to the user's information system (at this stage, there is a possibility that the user's information system has not been constructed yet). The management / audit target area control unit 111 uses the input / output control unit 114 to cause the display device 16 to display the system component device information database 131 formed on the external storage device 13 as shown in FIG.
Displays the information security policy management / audit target area selection screen that indicates the contents registered in (S21
01). On this screen, the administrator has
The component device of the information system that the user has built or is about to build can be designated and selected.
This selection result is reflected in the column 45 of the system component device information database 131 by the management / audit target area control unit 111, and the selected component device (specified by a combination of the device type, the software type, and the program name) is selected. In the column 45 of the described row, “YES” is registered as the selectability.

When the administrator selects a component device of the user's information system (step S2102), the information security policy selection control unit 112 registers "YES" in column 45 in the system component device information database 131. AUDITID and PLICYI associated with SYSID
D, Security Management and Audit Program Database 1
Search for 33.

Information security policy selection control unit 112
Is associated with the SYSID of the device for each component device specified by the information 2201 described in the row where “YES” is registered in column 45 in the system component device information database 131 as shown in FIG. The policy type and security measure of the specified POLICYID (which can be specified from the information security policy database 132) 2202, and the audit (diagnosis) items of the audit program of the AUDITID associated with the SYSID and the POLICYID (this is the audit program (It may be stored in the external storage device 13 or the like in advance in association with). Then, the created security specification is displayed on the display device 16 using the input / output control unit 114 or output from a printing device (not shown) (step S2103). By presenting the security specification to the user, the operator can cause the user to determine a security measure to be applied to the information system constructed or to be constructed by the user.

Information security policy selection control unit 112
Is described in the display device 16 in the column 41 of the row where “YES” is registered in the column 45 in the system component device information database 131 as shown in FIG. 9 using the input / output control unit 114. POLICYID registered in the security management / auditing program database 133 in association with SYSID
Display an information security policy selection screen that indicates the type of measure and the security measure (which can be specified from the information security policy database 132) (step S21).
04). On this screen, the operator indicates,
The user can designate and select a measure type and a security measure to be applied to the information system constructed or to be constructed by the user. This selection result is reflected in the column 54 of the information security policy database 132, and “YES” is registered as a selectable or unselectable in the column 54 of the row in which the selected measure type and the security measure are described.

When the information security policy is selected by the administrator (step S2105), the information security policy / security management / auditing program association control unit 113 selects the information security policy based on the result selected in steps S2101 to S2105. A management / audit program corresponding to the information security policy and the constituent devices is extracted from the security management / audit program database 133. Then, “necessary (○)” is registered in the extracted management / audit program association columns 623 and 633 (step S21).
06). The extraction procedure is the same as the procedure shown in FIG. As described above, the audit program for auditing the implementation status of each information security policy to be applied to the user's information system and the management program for changing the status are set in the security policy management / auditing device 31 '.

The operation in the introduction phase will be described.
Figure 23 shows the security policy management and
The operation procedure of the inspection device 31 'will be described. This procedure is performed when the security policy management / auditing device 31 'that has passed through the design phase is connected to the information system constructed by the user. First, the information security policy / security management / auditing program association control unit 113, among the management / auditing program group 136 on the management / auditing target computer 32,
The audit program in which the column “633” of the association of the security management / audit program database 133 is marked as “necessary” is started via the network 33, and the security audit unit 140 is constructed on the management / audit target computer 32 (step S2301).

The security auditing unit 140 includes various information on the components of the audited system (including information such as the version information of the software program that constructs the audited system and the type of the device on which the audited system operates) and the security status (auditing). Audit the security measures indicated by the information security policy corresponding to the program and the security status of the audited system related to the security measures). Then, the result of the audit is transmitted to the information security policy / security management / audit program association control unit 1 via the network 33.
Respond to 13. The information security policy / security management / auditing program association control unit 113 updates the contents of the component device information / security status database 135 of the management / auditing target system according to the returned audit result (step S2302).

When the information security policy / security management / auditing program association control unit 113 receives an audit result report instruction from the administrator via the input / output control unit 114 (step S2303), the constituent devices of the management / auditing target system The contents of the information / security state database 135 are displayed as the latest audit result report on the display device 16 or output from a printing device (not shown) using the input / output control unit 114 (step S2304). .

FIG. 24 shows an example of the audit result report. As shown in the figure, the component information of the managed / audited system
For each component 2401 specified by the latest system information described in the column 72 of the security status database 135, the policy type and security measure (information indicated by the POLICYID information security policy Security policy database 132
2402, and an audit (diagnosis) result 2403 for the audit item of the audit program of the AUDITID described in the column 71 in association with the SYSID of the device.
The audit result 2403 is created based on the security information described in the column 73 of the component device information / security status database 135 of the management / audit target system. As described above, the security information is determined by the system audited by the audit program, the information security policy, and the like. For example, the SYSI associated with the audit program
If the system specified by D is a router and the policy type and security measure indicated by the information security policy of POLICYID associated with the audit program are access monitoring and unauthorized access detection, the same SYSID and P
The history of unauthorized access detected by the security management unit 139 built on the management / auditing target computer 32 by starting the management program associated with OLCYID becomes security information. In this case, as shown in FIG. 25, the history of unauthorized access is displayed as the audit result 2403.

From the audit result report, the administrator can confirm the implementation status of the security measures indicated by the information security policies determined to be applied to the user's information system in the design phase, Can be specified.

When the information security policy / security management / auditing program association control unit 113 receives a security status change instruction from the administrator via the input / output control unit 114 (step S2305), the input / output control unit 114
In the display device 16, the administrator selects a desired management program from the management programs marked “Necessary” in the column 633 of the correspondence of the security management / audit program database 133, and performs security measures. A screen for designating the change is displayed (step S2306). On this screen, the policy type and security measure indicated by the information security policy of POLICYID 61 corresponding to each management program marked "Necessary" in the column 633 of the association of the security management / audit program database 133 (from the information security policy database 132) You can display the list that can be specified). With this configuration, the administrator can select a measure type and a security measure to be changed, and thus can select a management program for changing the security measure without knowledge of the management program. .

When the management program is selected by the administrator (step S2307), the information security policy / security management / auditing program association control unit 113
Management / audit program group 13 on the computer 32 to be managed / audited
Network management 33
The security management unit 139 is built on the management / auditing target computer 32 (step S2308).

The security manager 139 manages itself.
It executes processing in accordance with the security measures indicated by the information security policy associated with the management program built on the computer 32 to be audited. For example, as shown in FIG. 12, a management screen for changing security state settings is displayed on the display device 16 on the security policy management / auditing device 31 'via the network 33, and the administrator sets the security state. Prompt for changes. Then, the security status setting change content received from the administrator is obtained from the security policy management / auditing device 31 'via the network 33, and the security status is changed according to the content. As described above, it is possible to ensure that the security measures of the information security policies determined in the design phase are implemented in the information system constructed by the user.

The operation in the operation phase will be described.
Figure 26 shows the security policy management and
The operation procedure of the inspection device 31 'will be described. This procedure is performed for an information system in which it has been confirmed by the processing in the operation phase that the security measure of each information security policy determined in the design phase has been implemented.
The information security policy / security management / auditing program association control unit 113 executes step S shown in FIG.
Steps 2301 to S2302 are periodically executed (steps S2601 to S2602), and the contents of the component device information / security state database 135 of the management / audit target system are updated to the latest state. Further, when an audit result report instruction is received from the administrator via the input / output control unit 114 (step S2603), FIG.
Steps S2304 to S2308 shown in 3 are executed (step S2604).

In this way, the administrator can update the component information of the management / audit target system updated to the latest state.
/ From the audit result report created based on the contents of the security status database 135, after the introduction phase, the software version was upgraded, patches were applied, or the system type was changed, and the security status was changed. The system that was found can be specified. Then, it is possible to change the security state of the system as needed.

The administrator needs to compare security hole information published by a security information agency such as CERT with the audit result report and change the security state, such as software for constructing a system in which a security hole is found. The resulting system can be identified.
Then, it is possible to change the security state of the system as needed.

Further, the administrator specifies, from the audit result report, systems that have not been changed at all after the introduction phase, and if a version-up version or a patch has been released to the software that constructs the system, those systems have been identified. If a new device type is commercialized as a device on which the system operates, it is possible to prompt the user to change the device to the new device type.

The present embodiment has been described on the assumption that the security policy management / auditing devices 31 'used in each of the design, introduction, and operation phases are the same. However, a device that creates and outputs a security specification in the design phase (step S2101 in FIG. 21)
装置 2106) may be a device provided separately from the security policy management / auditing device 31 ′. That is, in FIG. 18, at least the management / audit target area control unit 111, the information security policy selection control unit 112, and the input / output control unit 114 are constructed, and the constituent device information database 131, the information security policy 132, and the security The management / auditing program database 135 can be formed in the external storage device 13 or the like. Create a specification and present it to the user. Then, by inputting the information security policy applied to the information system determined by the user to the security policy management / auditing device 31 ', an audit program for auditing the implementation status of the information security policy and a management program for changing the status May be set in the security policy management / auditing device 31 ′.

According to the present embodiment, in addition to the effects of the above-described first embodiment, even if the administrator does not have a high level of specialized knowledge about the information security policy and the security system, the administrator can make the information security policy clear. It is possible to provide support so that a series of procedures such as creation, introduction and operation management of an information system security system according to an information security policy can be performed.

The present invention is not limited to the above embodiments, and various modifications can be made within the gist of the invention. For example, in each of the above embodiments, the management / auditing program is located on the management / auditing target computer 32.
These are managed and managed on the audited computer 32.
It may be configured as a so-called agent program for performing an audit and notifying the administrator of the result via the network 33, and these may be arranged on the information security policy management / audit support devices 31, 31 '. Further, in each of the above embodiments, the management program or the audit program itself may execute other processes related to the information security policy, such as virus check, password change, log collection, or the like. The management program or the audit program may manage and audit the execution of the program for performing the above processing. (Third Embodiment) In the present embodiment, the security policy management / audit support device 31 'described in the second embodiment is described.
A method for allowing an administrator to create a setting content to be applied to a user's information system from an information security policy without inconsistency using the modified device 31 ″ will be described.

FIG. 27 shows the configuration of the security policy management / auditing support device 31 ″. As shown in the figure, the security policy management / auditing support device 31 ″ used in this embodiment is shown.
Is basically the same as that of the second embodiment shown in FIG. However, a policy / setting information mapping table 136 and a setting information storage database 137 are further formed on the external storage device 13. The mapping table 136 is a template that stores setting items and recommended setting values in the management / auditing target system, and is created in advance. The setting information storage database 137 stores information on the setting items corrected by the selected policy.

In the present embodiment, a security policy database 132 'which is an extension of the security policy database 132 is used. As illustrated in FIG. 28, the database 132 ′ further includes, in addition to FIG. 5, a column 55 for storing a list of device types to which each POLICYID is applicable, and a column 56 for storing a list of software types.

FIG. 29 exemplifies the contents of the policy / setting information mapping table 136 and the setting information storage database 137. In the mapping table 136, items to be set in the program to be managed and recommended setting values of the setting items are described in advance in accordance with the policy. POLI
A CYID, a software type is stored in a column 2902, a setting item name is stored in a column 2903, and an initial value of a setting is stored in a column 2904.
The setting information storage database 137 describes the setting contents of various types of software operating in the system. In each row in the figure, a column 2905 shows a SYSID, a column 2906 shows a software type, a column 2907 shows a setting item name, and a column 2908. The set value is stored in each.

FIG. 30 shows the operation procedure of the security policy management / auditing device 31 ″ in the design phase. This procedure is usually performed when the security policy management / auditing device 31 ″ is not connected to the user information system. (At this stage, the user's information system may not be built yet.) Management / audit target area control unit 1
11, the contents registered in the system component device information database 131 formed on the external storage device 13 as shown in FIG. 8 on the display device 16 using the input / output control unit 114. An information security policy management / audit target area selection screen is displayed (step S3001). On this screen, the administrator can specify and select a component device of the information system which is indicated by the user or which the user has constructed or is about to construct. The result of this selection is
The management / audit target area control unit 111 reflects the selected constituent device (specified by a combination of the device type, the software type, and the program name) in the column 45 of the system component device information database 131, and Row 4
In "5", "YES" is registered as the selectability. Note that the component device selected in step S3001 does not need to be physically limited to one device, and may be a logically one device composed of a plurality of physical devices.

When the administrator selects a component device of the user's information system (step S3002), the information security policy selection control unit 112 sets the security policy using the column 55 storing a list of applicable device types as a key. By searching the database 132 ', a set of POLICYIDs applicable to the component devices is extracted (step S300).
3).

Information security policy selection control unit 112
Presents the set of security policies extracted in step S3003 to the user using the display device 16, and requests selection of a policy to be adopted (step S3004). At this time, as shown in FIG. 31, the classification item, the specific example, the security measure type, and the item for selection thereof are displayed.
By referring to the policy / setting information mapping table 136, the setting information corresponding to the set of security policies selected by the user in step S2902 is stored in the setting information storage database 137 (step S3005). Finally, the database 137 is searched using all setting items as keys. At this time, when a plurality of entries match the setting items, all the setting values stored in the column 2908 are presented to the user, the selection of the setting values is prompted, and the setting values selected for all entries are stored ( Step S3006). Summarizing the above steps, an information flow as shown in FIG. 32 can be realized. The inspection content creation unit of the security policy selection unit and the security setting generation unit in FIG. 32 is realized by a security specification design support tool. The setting content creation unit and the device setting inspection unit of the security setting generation unit are realized by a security investigation / diagnosis tool. The device setting change means is realized by a security operation management tool.

Information security policy database 13
2 'and a security policy selection means 3101 are used to formulate a security policy to be applied to the system.
By creating the settings using the security setting generation unit 3102 and the security setting generation unit 3102, it is possible to consistently create the setting values to be applied to the user's information system from the security policy formulated by the user. In the introduction phase, the created setting values can be reflected in the target using a sequence (2007, 2008) for changing the setting state of the system. Inspection of the set value can be performed using a sequence (2005) for performing an audit of the system. In the present embodiment, the setting items for the security policy have been particularly described, but the present invention is not limited to this. For example, in a QoS policy or the like in Diffserv, it is possible to set a set value that conforms to the policy as a management target in a similar manner.

[0070]

According to the present invention, it is possible to simplify the control and management of the security and the traffic state of the information system according to the policy. You can also create consistent policies without policy and advanced expertise in security systems and traffic management,
It can support to execute a series of procedures such as network operation management according to those policies.

[Brief description of the drawings]

FIG. 1 is a schematic configuration diagram of an information system to which a first embodiment of the present invention has been applied.

FIG. 2 is a schematic configuration diagram of the information security policy management / audit support device 31 shown in FIG.

FIG. 3 is a schematic configuration diagram of a management / auditing target computer 32 shown in FIG. 1;

FIG. 4 is a system configuration device information database 1 shown in FIG.
31 is a view for explaining the contents of 31. FIG.

FIG. 5 is a diagram for explaining the contents of an information security policy database 132 shown in FIG. 2;

FIG. 6 is a diagram for explaining the contents of a security management / audit program database 133 shown in FIG. 2;

FIG. 7 is a flowchart showing an operation procedure of the information security policy management / audit support device 31 shown in FIG.

8 is a diagram showing an information security policy management / audit target area selection screen displayed in step S701 of FIG. 7;

9 is a diagram showing an information security policy selection screen displayed in step S703 of FIG.

FIG. 10 is a flowchart showing a processing procedure in step S705 of FIG. 7;

FIG. 11 is a diagram showing a screen for changing an information security policy implementation status / security measure displayed in step S706 of FIG. 7;

FIG. 12 is a diagram illustrating an example of a display screen when a management program is activated.

FIG. 13 is a flowchart illustrating an example of a processing procedure when an audit program is activated.

FIG. 14 is a diagram showing an information security policy audit result display screen.

FIG. 15 is a diagram showing an information security policy audit result display screen.

FIG. 16 is a diagram showing an information security policy audit result display screen.

FIG. 17 is a diagram showing an information security policy audit result display screen.

FIG. 18 is a schematic configuration diagram of an information security policy management / audit support device 31 ′ used in the second embodiment of the present invention.

19 is a diagram for explaining the contents of a component device information / security status database 135 of the management / auditing target system shown in FIG. 18;

20 is a diagram conceptually showing a support procedure for security management of an information system, which can be realized by using the security policy management / audit support apparatus 31 ′ shown in FIG.

21 is a flowchart showing an operation procedure of the security policy management / auditing device 31 'in the design phase shown in FIG.

FIG. 22 is a diagram illustrating an example of a security specification.

23 is a flowchart showing an operation procedure of the security policy management / auditing device 31 'in the introduction phase shown in FIG.

FIG. 24 is a diagram showing an example of an audit result report.

FIG. 25 is a diagram illustrating an example of an audit result report when an unauthorized access history is displayed as an audit result 2403.

26 is a flowchart showing an operation procedure of the security policy management / auditing device 31 'in the operation phase shown in FIG.

FIG. 27 is a schematic configuration diagram of an information security policy management / audit support device 31 ″ used in the third embodiment of the present invention.

FIG. 28 is a diagram for explaining the contents of the extended security policy database shown in FIG. 27;

FIG. 29 is a diagram for explaining the contents of a policy / setting information mapping table and a setting information storage database shown in FIG. 27;

FIG. 30 is a flowchart showing an operation procedure of the security policy management / auditing device 31 ″ in the design phase in the third embodiment.

FIG. 31 is a diagram illustrating an example of a user interface for requesting a user to select a security measure in the third embodiment.

FIG. 32 is a diagram for explaining an information flow when setting contents and inspection contents are reflected in a target from a security policy in the third embodiment.

[Explanation of symbols]

11 ... CPU 31, 31 ', 31 "... Information security policy management / audit support device 32 ... Management / audit target computer 33 ... Network 111 ... Management / audit target area control unit 112 ... Information security policy selection control unit 113 ... Information security Policy / Security Management / Audit Program Association Control Unit 114 ... Input / Output Control Unit 131 ... System Component Device Information Database 132 ... Information Security Policy Database 133 ... Security Management / Audit Program Database 134 ... Information Security Policy Management / Audit Support Program 135 ... Management -Device information / security status database of the system to be audited 136: Security management and audit support program group 137 ... Application program 138 ... Application section 139 ... Security management section 140 ... Security audit section 150 ... OS program 1 51… OS

 ──────────────────────────────────────────────────続 き Continued on the front page (72) Inventor Yasuhiko Nagai 1099 Ozenji Temple, Aso-ku, Kawasaki City, Kanagawa Prefecture Inside Hitachi, Ltd.System Development Laboratory (72) Inventor Hiromi Isokawa 1099 Ozenji Temple, Aso-ku, Kawasaki City, Kanagawa Prefecture (72) Kazuo Matsunaga, Inventor 5030 Totsukacho, Totsuka-ku, Yokohama-shi, Kanagawa Prefecture, Ltd.Software Division, Hitachi, Ltd. (72) Eri Kato 5030 Totsukacho, Totsuka-ku, Yokohama-shi, Kanagawa Prefecture, Ltd. Hitachi, Ltd. Software Division (72) Inventor Ishida Ishida 6-26-3 Minamioi, Shinagawa-ku, Tokyo F-term in Hitachi Information Network Co., Ltd. (reference) 5K030 GA15 GA19 HB08 HC01 JA10 KA01 KA02 KA07 KA13

Claims (17)

[Claims] 1. A security management system for controlling security states of a plurality of managed systems constituting an information system in accordance with an information security policy representing a policy of a security measure, wherein at least one managed system and information security are controlled. A plurality of management means corresponding to the policy and controlling the security state of the corresponding managed system so as to match the corresponding information security policy are provided. A registered database, a security content receiving means for receiving a user's selection of an information security policy and a range of a managed system, and a security content receiving means for receiving a selection from the database. Extracting means for extracting a management means corresponding to the information security policy and the managed system included in the box; and extracting the security state of the managed system corresponding to the managing means to the managing means extracted by the extracting means. And a management control means for changing the management means so as to match the information security policy corresponding to the management means. 2. A security management system for auditing a security state of a plurality of managed systems constituting an information system, the security state being related to an information security policy representing a policy of a security measure, wherein at least one managed system and information are provided. A database that has a plurality of auditing means that audits the security status of the corresponding managed system related to the corresponding information security policy in accordance with the security policy, and registers the correspondence between the information security policy, the managed system, and the auditing means. A security content receiving means for receiving from the user the selection of the information security policy and the range of the managed system; and a security content receiving means for receiving the selection from the database. Extracting means for extracting the information security policy and the auditing means corresponding to the managed system; and extracting the auditing means extracted by the extracting means into the corresponding information security policy of the managed system corresponding to the auditing means. And an audit control unit for auditing a security state related to the security management system. 3. A security management system for controlling security states of a plurality of managed systems constituting an information system according to an information security policy representing a policy of a security measure, wherein at least one managed system and information security are controlled. A plurality of management means corresponding to the policy and controlling the security state of the corresponding managed system so as to match the corresponding information security policy are provided. And a plurality of auditing means for auditing the security status of the corresponding managed system related to the corresponding information security policy. A recorded content database, a security content receiving means for receiving a selection of an information security policy and a range of a managed system from a user, and an information security policy included in the range in which the security content receiving means receives the selection from the database. Extracting means for extracting the managing means and the auditing means corresponding to the managed system; and extracting the security status of the managed system corresponding to the managing means to the managing means extracted by the extracting means. A management control unit that changes the information to match the corresponding information security policy; and an auditing unit extracted by the extracting unit, the security status of the managed system corresponding to the auditing unit related to the corresponding information security policy. Audit control operator to be audited Security management system characterized by having, when. 4. Using an electronic computer, the security status of a plurality of managed systems constituting an information system is determined.
A security management method for controlling according to an information security policy representing a policy of a security measure, the method comprising: receiving a user's selection of an information security policy and a range of a system to be managed; A range in which a selection has been received from a plurality of management programs, which describes processing for controlling the security state of the corresponding managed system in accordance with the system and the information security policy so as to match the corresponding information security policy. Extracting the management program corresponding to the information security policy and the managed system included in the management program; and causing the extracted management program to be executed, and the security state of the managed system corresponding to the management program. The method security management, characterized by having the steps of changing to match the information security policy corresponding to the management program. 5. A security management method for auditing, using an electronic computer, a security state of a plurality of managed systems constituting an information system, the security state relating to an information security policy representing a policy of a security measure. Accepting the information security policy and the selection of the range of the managed system; and corresponding to the at least one managed system and the information security policy stored in advance and the corresponding information security of the corresponding managed system. A step of extracting, from a plurality of audit programs, an audit program registered corresponding to the information security policy and the managed system included in the selection range, in which a process of auditing a security state related to the policy is described. , To execute the extracted audit program, method security management, characterized in that it comprises a step of auditing the security state associated with the information security policy corresponding to the audit program of the managed system corresponding to the audit program, the. 6. A storage medium storing a program for controlling security states of a plurality of managed systems constituting an information system in accordance with an information security policy representing a policy of a security measure, wherein the program comprises: When read and executed by the computer, a security content receiving unit that receives a user's selection of the information security policy and the range of the managed system, and at least one managed system and the information security policy, The security content receiving unit receives a selection from a database that stores a plurality of management programs describing a process of controlling the security state of the corresponding managed system so as to match the corresponding information security policy. Extracting means for extracting a management program corresponding to the information security policy and the managed system included in the box, executing the management program extracted by the extracting means, and changing a security state of the managed system corresponding to the management program. A storage medium storing a program, wherein a management control means for changing the management program so as to match the information security policy corresponding to the management program is constructed on the computer. 7. A program product for auditing a security status of a plurality of managed systems constituting an information system, the security status relating to an information security policy representing a security measure policy, wherein the program is read by a computer. The security content receiving means receives the information security policy and the selection of the range of the managed system from the user, and is adapted to correspond to at least one managed system and the information security policy. From a database storing a plurality of audit programs describing a process of auditing the security state of the managed system related to the corresponding information security policy, information security included in a range accepted by the security content accepting unit is selected. Extracting means for extracting an audit program registered corresponding to the policy and the managed system; and executing the audit program extracted by the extracting means, and executing the audit program of the managed system corresponding to the audit program. A storage medium storing a program, wherein an audit control means for auditing a security state related to a corresponding information security policy is constructed on the computer. 8. A security management method for supporting security management of a plurality of managed systems constituting an information system using an electronic computer, comprising: an information security policy representing a policy of a security measure; and at least one security policy. The information security policy associated with each managed system that constitutes the information system specified by the user is extracted from the database describing the correspondence with the managed system, and the security to be applied to the information system is extracted. A security specification formulating step of formulating specifications, and the managed object stored in association with each of a set of an information security policy and a managed system specified by the security specification formulated in the security specification formulating step. System type Executes a plurality of audit programs in which various information such as software versions and a process for auditing a security state of the managed system related to the information security policy are described, and configures an information system specified by the user. A security diagnosis step of diagnosing security of the information system by auditing various types of information and a security state of each type and software version of the managed system to be managed, and a security specification determined in the security specification development step A description describing a process for controlling the security state of the managed system related to the information security policy, which is stored in association with each of the information security policy and the set of the managed system. Security program that executes a management program specified by the user from among the management programs, and changes the security state of the managed system corresponding to the management program so as to match the information security policy corresponding to the management program. A security management method, comprising: an operation management step. 9. The security management method according to claim 8, wherein the security diagnosis step includes: an information security policy, a managed system,
From the database describing the correspondence with various information such as the type and software version of the managed system and the audit program describing the process of auditing the security state of the managed system related to the information security policy, The information system specified by the user is extracted by extracting and executing an audit program associated with each of the information security policy and the set of managed systems specified by the security specification formulated in the specification formulation step. Diagnosing the security of the security operation management step, the information security policy, the managed system,
From the database in which the correspondence with the management program in which the process of controlling the security state related to the information security policy of the security of the managed system is described is specified by the security specification formulated in the security specification formulation step. The management program associated with each of the information security policy and the set of managed systems to be managed is extracted, and the management program specified by the user is extracted from the management program and executed. A security state of the managed system to be changed so as to match an information security policy corresponding to the management program. 10. The security management method according to claim 8, wherein the step of formulating the security specification includes a step of correcting the formulated security specification using a result of the diagnosis in the security diagnosis step. And security management method. 11. The security management method according to claim 8, wherein the security diagnosis step is performed periodically. 12. The security management method according to claim 8, wherein the management program determines a security state of the managed system corresponding to the management program in accordance with a setting content received from a user. A security management method that changes the information so as to conform to an information security policy corresponding to the management program. 13. The security management method according to claim 8, wherein a database in which a correspondence between the information security policy and at least one managed system is described; The audit / management program stored in association with each pair with the managed system includes a CERT (Computer Emergency Response TE).
am) and security results disclosed by a security information agency and the result of the security diagnosis performed in the information system specified by the user in the security diagnosis step are reflected. 14. A security management system for supporting security management of a plurality of managed systems constituting an information system, wherein a correspondence between an information security policy representing a policy of a security measure and at least one managed system. Is extracted from the database, and an information security policy associated with each of the managed systems constituting the information system specified by the user is extracted from the database, and a security specification to be applied to the information system is formulated. Security specification formulating means, and a model of the managed system provided in association with each of a set of an information security policy and a managed system specified by the security specification formulated by the security specification formulating means. Yaso Various information such as software version, and a plurality of auditing means for auditing the security state of the managed system related to the information security policy, and a plurality of auditing means specified by the user based on audit results of the plurality of auditing means. Security diagnosis means for diagnosing the security of the information system; and a security system provided in association with each of a set of an information security policy and a managed system specified by the security specification formulated in the security specification formulation step. A plurality of management means for controlling the security state of the managed system related to the information security policy, and a management means designated by a user are executed, and the security state of the managed system corresponding to the management program is managed. Program Security management system characterized by having a security operation management means for changing to match the information security policy corresponding to. 15. The security management method according to claim 8, wherein the step of formulating the security specification includes the step of storing an information security policy associated with a managed system constituting an information system specified by a user in the database. And a step of selecting a policy to be adopted from the extracted information security policies. 16. The security management method according to claim 15, wherein the security specification formulating step further searches a policy / setting information mapping table for the adopted policy and corresponds to the selected security policy. A security management method, comprising: a step of extracting setting information; and a step of storing the extracted setting information in a setting information storage database. 17. The security management method according to claim 16, wherein, in the security specification formulating step, the setting information storage database is searched, and when a plurality of setting values exist for a certain setting item, A security management method, comprising the step of causing a user to select a set value.