JP2004133634A - Method for planning security countermeasure - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve the problem in conventional plans for security countermeasure and involving difficulty in logical selection caused by creating individual countermeasure for each risk and seriously considering its expense for selection to fall in the state liable to be the subjective countermeasure, and ambiguous cost effectiveness. <P>SOLUTION: The method for planning the security countermeasure comprises: a step for establishing an object for applying the security countermeasure; a step for establishing a target for every object; a step for extracting the risk of each object; a step for establishing the involvement rate of each risk; a step for extracting the countermeasure for every risk; a step for establishing an effect obtained by each countermeasure; a step for calculating the expense of each countermeasure; a step for adding the effect of each countermeasure in inexpensive order by aligning the entire countermeasure for every object by referring to the expense; and a step for deciding the effect-added countermeasure as the performing countermeasure when the added value of the effect exceeds the target. <P>COPYRIGHT: (C)2004,JPO

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a security measure planning method for buildings, facilities, information, and the like, and more particularly to a security measure planning method used when a security measure exceeding general specifications is taken.
[0002]
[Prior art]
In order to secure confidentiality (protect from leakage), integrity (prevent tampering), and applicability (use when needed) in buildings, facilities, or information, various factors, such as physical and human factors, There is a need to protect against risks, and various security measures are in place for this.
[0003]
For example, risks due to physical factors include natural disasters, disasters and obstacles to equipment and buildings, and risks due to human factors include negligence, acts that aim at profits, and acts that cause damage. Etc.
[0004]
Among the risks caused by the above physical factors, natural disasters include earthquakes, typhoons, heavy rains and floods, heavy snowfalls, landslides and faults, and lightning strikes.Disasters and obstacles to facilities and buildings include fires, power outages, and electrical accidents. , Line accident, electromagnetic noise, electric quality, temperature and humidity, dust, water cutoff, gas supply stop, water leakage, vibration / noise, equipment failure, deterioration / corrosion, system failure, etc.
[0005]
On the other hand, of the risks caused by human factors, negligence includes misfires, explosions, car accidents, collisions, erroneous operations, etc. -Theft of data and supplies, theft of money, leakage of confidentiality, etc.Among the actions that are intended to cause further damage are arson, alteration of data and materials, destruction of hardware and software, destruction of buildings・ Bombing, trespassing, labor struggle, sabotage, etc.
[0006]
Examples of measures against these risks include the following.
・
・
・
Landslides / faults: Past records or judgment on possibility, investigation of the existence of faults
Lightning strike: Setting of lightning protection level for buildings, scope of surge suppression
Fire: Fire prevention and non-combustibility measures, detection, evacuation guidance, fire suppression measures
Power outage: Power backup measures and backup device levels
Electrical accidents: Ground fault / overcurrent protection coordination measures, backup measures in case of failure, maintenance measures
Line accident: line backup measures
Electromagnetic noise: Countermeasures against electromagnetic wave / electrostatic induction failure, prevention of system malfunction
Electricity quality: harmonic countermeasures, voltage / frequency fluctuation countermeasures, margin of power supply capacity, grounding method
Temperature / humidity: room for outside air / indoor temperature / humidity conditions, equipment, heat source, etc.
Dust: design conditions, removal measures
Water interruption: Water source backup measures
・
・
・
Erroneous operation: Man-machine interface and fail-safe level setting,
Automation of equipment operation time, refresh measures
Bribery or breach by program / data manipulation: system access restrictions and data processing fraud prevention equipment level setting
Theft of program data and supplies: entry and exit management systems and carry-in / out management systems, firewalls, data encryption
Money theft: access control system, security system, carry-in / out management system
Leakage of confidential information: system access restriction, data processing fraud prevention function level setting, double storage of data and materials
・
・
・
Destruction and blasting of buildings: Estimated levels of destruction methods and types of explosives and soundness of buildings, access control systems, transport control systems
Illegal intrusion: layout and flow planning, access control system
Labor struggle and sabotage: access control system, level setting for welfare, refreshment and amenity related facilities
[0007]
The risk measures described above can be classified into the following five types.
Control measures: Measures to eliminate, avoid or reduce risks as much as possible in advance
Prevention measures: Measures to prevent the realization of risks
Detection measures: Measures to quickly detect the occurrence or situation of risk
Preliminary measures: measures to cover the occurrence of risks in other ways
Recovery measures: Measures to minimize losses when risks occur and to recover quickly
[0008]
In the conventional general security measure plan, security measures are individually devised for each of the above-mentioned risks, and the security measures are selected with an emphasis on the cost of the measures.
[0009]
[Problems to be solved by the invention]
For this reason, it was difficult to select a security measure that was logical, and it tended to be a subjective one, and the cost-effectiveness was ambiguous.
An object of the present invention is to solve such a problem.
[0010]
[Means for Solving the Problems]
In order to solve the above-mentioned problems, according to the first aspect of the present invention, a first step of setting a purpose for taking security measures, a second step of setting a goal to be achieved for each set purpose, and A third step of extracting a risk caused by the above, a fourth step of setting an involvement ratio of each risk of each objective, a fifth step of extracting a measure for each risk of each objective, and The sixth step of setting the effect of each measure for each objective risk, the seventh step of calculating the cost of each measure, and all the measures for each purpose are sorted by cost, and the An eighth step is to add the effect of the countermeasure, and a ninth step is to determine a countermeasure to which the effect has been added up to that point when the added value of the effect exceeds the above target as a countermeasure to be implemented. Security measure We propose a method.
[0011]
According to the second aspect of the present invention, in the method of the first aspect, after deciding a countermeasure to be performed in the ninth step, the effect per unit cost is extremely high from among the countermeasures whose costs are higher than the countermeasure to which the effect is added. To determine whether the goal can be achieved by that, and whether it is cheaper than the sum of the costs of the above determined measures, and if the goal can be achieved with lower cost, It is suggested that measures be taken.
[0012]
Next, in a third aspect of the present invention, a first step of setting a purpose of taking a security measure, a second step of setting a goal to be achieved for each set purpose, and a risk caused by each purpose are set. A third step to extract, a fourth step to set the participation rate of each risk for each objective, a fifth step to extract measures for each risk for each objective, and a fifth step to extract each risk for each objective. The sixth step of setting the effect of the measure, the seventh step of calculating the cost of each measure, and all the measures for each purpose are arranged according to the effect-to-cost ratio. An eighth step is to add the effect of the countermeasure, and a ninth step is to determine a countermeasure to which the effect has been added up to that point when the added value of the effect exceeds the above target as a countermeasure to be implemented. Security plan Suggest.
[0013]
According to the fourth aspect of the present invention, the object set in the first step of the first or third aspect of the invention is to propose that the assets to be protected and the holding state of the assets be configured.
[0014]
The invention of claim 5 proposes that the target set in the second step of the method of claim 1 or 3 is to reduce the amount of damage caused by risk.
[0015]
The invention of claim 6 proposes that the goal set in the second step of the invention of claim 1 or 3 is to reduce the frequency of occurrence of risk.
[0016]
According to the seventh aspect of the present invention, the participation rate of each risk for each purpose set in the fourth step of the first or third aspect of the present invention sets an impact level for each risk, and the total of the set impact levels is set. It is proposed to calculate and set the ratio with respect to.
[0017]
The invention of claim 8 proposes that, in the invention of claim 7, the total sum of the participation rates of all risks for each object is 1.
[0018]
The invention of claim 9 proposes that, in the invention of claim 7, the total sum of the participation rates of all risks for each object is set to 1 or less in consideration of the safety factor.
[0019]
In a tenth aspect of the present invention, in the sixth step of the first or third aspect of the invention, it is proposed that an expected reduction in damage due to the countermeasure is set as an effect of each countermeasure for each risk for each purpose. It is.
[0020]
In the eleventh aspect of the present invention, in the sixth step of the first or third aspect, the effect of each measure for each risk for each purpose is set for each measure by setting the degree of effect on the reduction of risk occurrence. Then, it is proposed to calculate and set as an effect rate indicating a ratio of the set effect degree to the whole.
[0021]
The invention of claim 12 proposes that, in the invention of claim 11, the total sum of the effect rates of all countermeasure risks for each risk of each object is 1.
[0022]
The invention of claim 13 proposes in the invention of claim 11 that the total of the effective rates of all the countermeasure risks for each risk of each object is set to 1 or less in consideration of the safety factor. .
[0023]
In the invention of claim 14, the cost of each measure calculated in the seventh step of claim 1 or 3 is an initial cost, a running cost, a renewal cost, or a life cycle cost which is a sum of the costs in a set number of years. We propose that
[0024]
The invention of claim 15 proposes that the cost of each measure arranged in the eighth step of claim 1 or 3 is a life cycle cost.
[0025]
The invention of claim 16 proposes that the cost of each measure arranged in the eighth step of claim 1 or 3 is an initial cost.
[0026]
In the seventeenth aspect of the present invention, the effect of sequentially adding in the eighth step of the first or third aspect is that the loss reduction amount by the countermeasure, which is a product of the expected loss amount after the countermeasure and the risk participation rate, is used. It is a suggestion.
[0027]
In the eighteenth aspect of the present invention, the effect of sequentially adding in the eighth step of the first or third aspect is a product of a risk occurrence frequency, a risk participation rate, and a risk occurrence frequency reduction effect rate. It is proposed to make the frequency decrease frequency.
[0028]
According to the present invention described above, for each purpose for which security measures are to be taken, goals to be achieved are clearly set, and all risks caused for each purpose are extracted, and all measures are extracted for each risk. , Calculate the cost of each measure, sort all the measures for each purpose for which the cost was calculated in this way by cost, add the effect of each measure in the order of lowest cost, and set the target by the added effect. Comparing whether it is achieved or not, and if the added value of the effect exceeds the above target, the countermeasure to which the effect was added up to that point is determined as the countermeasure to be implemented. The goal of the measure can be achieved.
[0029]
After deciding the measures to be implemented in the ninth step in this way, search for measures that have a very high effect per unit cost from among measures that are more costly than the measures with the added effects, and thereby set a target. It is determined whether or not the target can be achieved and whether or not the cost is lower than the sum of the costs of the determined measures. If the target can be achieved at a lower cost, the measures can be adopted.
[0030]
Also, in the present invention, in the eighth step, all measures for each purpose are arranged by the effect-to-cost ratio instead of the above-mentioned cost, and the effects of the respective measures are added in descending order of the effect-to-cost ratio. You can also
[0031]
In this case, the target set for each purpose may be a reduction in the amount of damage due to risk, a reduction in the frequency of occurrence of risk, or both.
[0032]
The cost for arranging all the measures may be a life cycle cost or an initial cost.
[0033]
Further, the effect of sequentially adding in order to determine whether or not the target is achieved may be the amount of loss reduction due to the countermeasure or the frequency of occurrence reduction due to the countermeasure according to the target. In the standard, it is possible to judge that both the cost target and the occurrence frequency target are satisfied as both the loss reduction amount due to the countermeasure and the frequency of occurrence reduction due to the countermeasure.
[0034]
BEST MODE FOR CARRYING OUT THE INVENTION
Next, an embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a flowchart showing the flow of processing in the security measure planning method of the present invention.
First, in a first step S1, the purpose of taking security measures, that is, the security purpose is set.
The setting of the security purpose is specifically set based on the state of the assets to be protected, that is, the state of holding the assets, according to the needs of the owner of the building or the facility.
The assets to be protected are people / things / information, and the holding state of the assets is, for example, as follows.
・ Not destroyed, falsified or erased
・ Not stolen
・ No secrets are leaked
・ Function can be continued
From such assets to be protected and their holding state, it is possible to configure a target such as “calculation of damage amount” or “calculation of occurrence frequency”.
[0035]
Next, in a second step S2, a goal to be achieved is set for each purpose set in the first step S1.
In other words, this goal sets a goal value indicating the degree of completeness of the event set in the first step S1.
This target value corresponds to, for example, “calculation of damage amount”, “calculation of occurrence frequency”, and “target for reduction of damage amount… YOO yen”, “target for reduction of occurrence frequency ...%”. Something like that.
[0036]
FIG. 2 is a data table showing a specific example of each item set in the first and second steps S1 and S2. This data table is formed for each purpose determined by the assets to be protected and the holding state, that is, for each purpose number Pi. The damage amount is composed of reproduction and reconstruction costs D1 belonging to property damage, repair and restoration costs D2, damage amount D3 for restoration time belonging to lost opportunity loss, and damage amount D4 due to loss of credit. , Their sum TD (= D1 + D2 + D3 + D4) represents the total damage. Further, the target reduction amount (reduction amount) of the damage amount is represented by DTD, and TD> DTD. The occurrence frequency TBO represents, for example, "Once every XX years" or "O degrees every 10 years", and the target value ITBO of the occurrence frequency also shows the same contents. Note that TBO> ITBO. In addition, regarding the cost D1 of reproduction and restructuring, in the case of non-reproducible assets, for example, in the case of a person (human life, injury), the amount is calculated as life insurance or precedent.
[0037]
Next, in a third step S3, a risk attributable to the set purpose is extracted, and then, in a fourth step S4, a participation rate of each risk for each purpose is set. The risks extracted in the third step S3 are the risks as described above, and the degree of influence is set for each risk of each purpose, and the ratio of the set degree of influence to the entire risk is calculated to set the involvement rate. .
[0038]
That is, FIG. 3 is a data table showing a specific example of each item set in the third and fourth steps S3 and S4. This data table is composed of respective object numbers Pi (i = 1, 2, 3,...). ), And a risk influence rate and a risk participation rate are set for each risk specified by the risk number Rj (j = 1, 2,...). That is, the risk impact RIF expresses the impact as a function for each risk of the risk number Rj with respect to the objective number Pi. For example, the degree of influence may be a continuous value from 0 to 100, or may be simply represented in three stages by numerical values of 10, 5, 1 or symbols ◎, △, △, etc. corresponding to those values. it can.
The risk participation rate RP in the figure is set by calculating the ratio of the degree of influence set for each risk to the entirety. That is,
RP = (RIF / ΣRIF) (however, the subscript j is omitted)
It is.
The sum ΣRP of the risk participation rates is ΣRP = 1 when the safety factor relating to each risk is not taken into account, but when the safety factor SF [Pi] is anticipated, it is 1 or less, for example, 0.8 or 0. It can also be 6 mag.
[0039]
Next, in a fifth step S5, measures are extracted for each risk for each purpose, and in a sixth step S6, the effect of each measure for each risk for each purpose is set. The effect of this measure is to set the expected reduction in damage due to the measure as the effect of each measure for each risk for each purpose, and to set the degree of effect for each measure on the reduction in risk occurrence, It can be calculated and set as an effect rate indicating a ratio of the set effect degree to the whole.
[0040]
That is, FIG. 4 is a data table showing a specific example of each item set in the fifth and sixth steps S5 and S6, and this data table has the respective object numbers Pi (i = 1, 2, 3,...). ) Are created for each risk number Rj (j = 1, 2,...), And the countermeasure numbers representing the respective countermeasures are Pi, Rj, Mk (i = 1, 2,...; J = 1, 2,. k = 1, 2,...). This data table has data items of a countermeasure number, a countermeasure type, and a countermeasure effect rate. It has an occurrence frequency effect degree MEF and an effect rate for reduction of risk occurrence due to the countermeasure, that is, a countermeasure occurrence frequency reduction effect rate MER.
[0041]
Here, the countermeasure types correspond to the five types as described above, where m1 = suppression countermeasure, m2 = prevention countermeasure, m3 = detection countermeasure, m4 = preliminary countermeasure, and m5 = recovery countermeasure. Further, the countermeasure occurrence frequency effect degree MEF sets the occurrence frequency reduction effect degree for each countermeasure number to the risk number Rj as a continuous value from 0 to 1000, or simply as 1, 10, 100, 1000. It can be represented in four stages.
The measure occurrence frequency reduction effect rate MER in the figure, that is, the measure occurrence frequency effect degree MEF set for each measure is calculated and set as a percentage. That is,
MER = (MEF / ΣMEF) (However, the subscript k is omitted)
It is.
The total sum ΣMER of the countermeasure frequency reduction effect rates MER is ΣMER = 1 when the safety factor for each countermeasure is not considered, but is 1 or less, for example, 0 when the safety factor SF [Pi, Rj] is expected. .8 or 0.6 etc.
[0042]
Next, in a seventh step S7, the costs of each of the above measures are calculated.
[0043]
That is, FIG. 5 is a data table showing a specific example of each item relating to the cost set or calculated in the seventh step S7. This data table is composed of countermeasure numbers Pi, Rj, Mk (i = 1, 2,...; J = 1, 2,...; K = 1, 2,...), A cost is set or calculated.
[0044]
The costs to be set or calculated include an initial cost IC, a running cost (increment = IRC; decrement = DRC), an update cost (update cost = RRC, an update cycle RT), and a life cycle cost MLCC which is a sum of them. Is
.
Here, the increment IRC of the running cost is, for example, an increment of the maintenance / maintenance cost, the operation cost, etc., and the decrement DRC is the decrease of the insurance premium, the reduction of the personnel cost, the reduction of the maintenance / maintenance cost, the operation cost. Minutes. Further, the update cycle RT is an update cycle of the device / equipment, and has a value of, for example, XX years. Further, the life cycle cost MLCC of the countermeasure is a sum of the initial cost IC, the running cost (increment = IRC; decrement = DRC), and the renewal cost (renewal cost = RRC, renewal cycle RT) with respect to the reference year n. Yes, and is calculated by the following equation.
MLCC [n] = IC + (IRC-DRC) × n + RRC × n / RT
Although the reference years n can be set arbitrarily, they are usually set to 30 years.
[0045]
Next, in an eighth step S8, all measures for each purpose are sorted by cost, and the effect of each measure is added in ascending order, and then, in a ninth step S9, the added value of the effect satisfies the target. If it exceeds, the countermeasure to which the effect is added up to that point is determined as the countermeasure to be implemented.
[0046]
For example, FIGS. 6 and 7 show data tables corresponding to the processes of the eighth and ninth steps S8 and S9. Of these, FIG. 6 is a data table for predicting the countermeasure effect by the damage amount. Yes
FIG. 7 is a data table for the purpose of predicting the countermeasure effect based on the risk occurrence frequency. These data tables are prepared by taking countermeasures of all countermeasure numbers Pi · Rj · Mk (i = 1, 2,...; J = 1, 2,...; K = 1, 2,...) For each objective number Pi. Created.
[0047]
First, the data table in FIG. 6 includes the life cycle costs MLCC [Pi, Rj, Mk] of the measures, the total damage TD [Pi], the target reduction amount DTD [Pi] of the loss, and the risk participation rate RP [Pi, Rj]. It has a data item of the expected damage reduction amount DTDR [Pi, Rj, Mk] after the countermeasure, and these data are set or calculated in the steps up to that point, and the life cycle cost MLCC [Pi [Rj · Mk] in ascending order.
[0048]
In addition to these data items, this data table also includes a data item of a loss reduction amount MDTD [Pi, Rj, Mk] due to a countermeasure obtained by multiplying the expected damage reduction amount DTDR after the countermeasure by the risk participation rate RP. These are added and accumulated in ascending order of the life cycle cost MLCC. That is, the data item SMDTD
[Pi] is their accumulated value, ie, SMTDD [Pi] =］ MDTD [Pi · Rj · Mk]. This accumulated value ΣMDTD is compared with the damage reduction target amount DTD [Pi], and {MDTD> DTD At this point, the target has been exceeded and the objective Pi has been cleared.
[0049]
Therefore, as described above, in the ninth step S9, when the added value of the effect exceeds the target, the measure to which the effect has been added up to that point is determined as the measure to be implemented.
[0050]
Next, the data table of FIG. 7 includes the life cycle costs MLCC [Pi, Rj, Mk] of the countermeasures, the occurrence frequency TBO [Pi], the target value ITBO [Pi] of the occurrence frequency, and the risk participation rate RP [Pi, Rj]. It has a data item of the occurrence frequency reduction effect rate MER [Pi, Rj, Mk] after the countermeasure, and these data are set or calculated in the previous steps, and are the same as those in FIG. Are arranged in ascending order according to the value of the life cycle cost MLCC [Pi, Rj, Mk].
[0051]
In addition to these data items, this data table includes a frequency of occurrence of risk reduction MITBO [Pi · Pi ·, which is a product of a frequency of occurrence of risk TBO, a risk participation rate RP, and a risk occurrence reduction effect rate MER. Rj · Mk], and these data are added and accumulated in ascending order of the life cycle cost MLCC. The number of occurrence frequency reductions MITBO due to the countermeasure is, for example, a value such as ○ degrees in n years. Data item CMITBO
[Pi] is a cumulative value of these, that is, the number of times of decrease in the frequency of occurrence of synthesis due to a plurality of countermeasures CMITBO [Pi] = ・ MITBO [Pi · Rj · Mk]. When ΣMITBO> ITBO, the target is exceeded and the target Pi is cleared.
[0052]
Therefore, also in this case, as described above, in the ninth step S9, when the added value of the effect exceeds the above target, the measure to which the effect has been added up to that point is determined as the measure to be implemented.
[0053]
As described above, in the examples shown in FIGS. 6 and 7, the cost of each measure for aligning each data in the eighth step is the life cycle cost MLCC, but instead of this, the initial cost IC or the like is used. Of course, other costs may be used.
[0054]
In the above-described processing flow of the present invention, when there are a plurality of security objectives, measures are determined so as to satisfy all the security goals in the ninth step S9. If there is a relationship such as substitution or reciprocity, a combination that minimizes the total countermeasure cost may be adopted.
[0055]
Next, in step S10 in FIG. 1, the measures determined in the steps up to that are comprehensively evaluated using a comprehensive evaluation index.
The comprehensive evaluation index is, for example, as follows.
1. Reduction amount of loss by all measures / reduction target of loss amount
2. Decrease in frequency of occurrence by all measures / Target for reduction of frequency of occurrence
3. Reduction amount of damages due to all measures / Total measures cost
[0056]
By using these comprehensive evaluation indices, the following evaluation can be obtained.
With the comprehensive evaluation index 1, the degree of achievement (%) of the reduction target of the amount of damage can be understood.
The overall evaluation index of No. 2 indicates the degree of achievement (%) of the reduction target of the occurrence frequency.
With the comprehensive evaluation index of No. 3, the cost effectiveness (%) can be understood.
[0057]
Next, FIG. 8 to FIG. 25 show the data tables in the above-described respective processes of the present invention by specific numerical examples, and have the following correspondence with FIG. 2 to FIG. are doing.
FIG. 8 corresponds to FIG.
FIG. 9 corresponds to FIG.
10 to 23 correspond to FIG.
FIG. 24 corresponds to FIG.
FIG. 25 corresponds to FIG.
FIG. 26 corresponds to FIG.
[0058]
Since FIGS. 8 to 26 are self-evident from the corresponding description of FIGS. 2 to 7, detailed description is omitted, but the range indicated by A in FIG. 25 and the range indicated by B in FIG. The measures within the specified range represent the determined measures. In FIG. 26, the comparison for determining the countermeasure is performed by comparing the number of times CITBO is reduced in the frequency of occurrence of synthesis by a plurality of countermeasures with the difference between the frequency of occurrence TBO [Pi] and the target value ITBO of the frequency of occurrence.
[0059]
In the present invention, as described above, after deciding a measure to be performed in the ninth step, a measure having a very high effect per unit cost is searched from among measures having a larger cost than the measure obtained by adding the effect, Judge whether the target can be achieved and whether it is cheaper than the sum of the costs of the measures determined above.If the goal can be achieved at a lower cost, adopt the measures. You can also.
[0060]
In the above description of the embodiment, in the eighth step, all measures for each purpose are sorted by cost, but instead of cost, they are sorted by effect-to-cost ratio, and the effect-to-cost ratio is sorted. The effect of each measure can be added in descending order.
[0061]
【The invention's effect】
As described above, the present invention has the following effects.
a. Security measures that balance costs such as initial costs and life cycle costs with security can be taken.
b. The owner and designer can clearly set the goals of the security plan.
c. By performing a facility plan with security balance, it is possible to reduce non-life insurance premiums.
d. By examining the security balance of existing facilities, it can be used as a factor in asset value evaluation such as due diligence (building evaluation).
e. Even inexperienced designers can make reasonable plans.
[Brief description of the drawings]
FIG. 1 is a flowchart showing a processing flow in a security measure planning method of the present invention.
FIG. 2 is a data table showing a specific example of each item set in first and second steps S1 and S2.
FIG. 3 is a data table showing a specific example of each item set in third and fourth steps S3 and S4.
FIG. 4 is a data table showing a specific example of each item set in fifth and sixth steps S5 and S6.
FIG. 5 is a data table showing a specific example of each item relating to costs set or calculated in a seventh step S7.
FIG. 6 shows a specific example of a data table corresponding to the processing of eighth and ninth steps S8 and S9.
FIG. 7 shows another specific example of the data table corresponding to the processing of the eighth and ninth steps S8 and S9.
FIG. 8 shows the data table of FIG. 2 using specific numerical values.
FIG. 9 shows the data table of FIG. 3 using specific numerical values.
FIG. 10 shows the data table of FIG. 4 using specific numerical values.
11 shows the data table of FIG. 4 using specific numerical values.
FIG. 12 illustrates the data table of FIG. 4 using specific numerical values.
FIG. 13 shows the data table of FIG. 4 using specific numerical values.
FIG. 14 shows the data table of FIG. 4 using specific numerical values.
FIG. 15 shows the data table of FIG. 4 using specific numerical values.
FIG. 16 shows the data table of FIG. 4 using specific numerical values.
FIG. 17 illustrates the data table of FIG. 4 using specific numerical values.
FIG. 18 illustrates the data table of FIG. 4 using specific numerical values.
FIG. 19 shows the data table of FIG. 4 using specific numerical values.
FIG. 20 shows the data table of FIG. 4 using specific numerical values.
FIG. 21 illustrates the data table of FIG. 4 using specific numerical values.
FIG. 22 illustrates the data table of FIG. 4 using specific numerical values.
FIG. 23 illustrates the data table of FIG. 4 using specific numerical values.
24 shows the data table of FIG. 5 using specific numerical values.
FIG. 25 shows the data table of FIG. 6 using specific numerical values.
FIG. 26 shows the data table of FIG. 7 using specific numerical values.
[Explanation of symbols]
S1 to S10 Step
A, B Scope of determined measures

Claims (18)

A first step of setting a purpose for taking security measures, a second step of setting a goal to be achieved for each set purpose, a third step of extracting a risk caused for each purpose, A fourth step of setting the involvement ratio of each objective risk, a fifth step of extracting measures for each risk of each objective, and a sixth step of setting the effect of each measure for each risk of each objective. A step, a seventh step of calculating the cost of each measure, an eighth step of arranging all measures for each purpose by cost, and adding the effect of each measure in order of decreasing cost, and an added value of the effect And a ninth step of determining, as a measure to be taken, a measure to which an effect has been added when the above-mentioned target is exceeded. After deciding the measures to be implemented in the ninth step, search for measures that have a very high effect per unit cost from among the measures that are more expensive than the measures that add the effect, and whether the target can be achieved by that. And determining whether or not the cost is lower than the sum of the costs of the determined measures. If the target can be achieved with the lower cost, the measure is adopted. How to plan security measures described in A first step of setting a purpose for taking security measures, a second step of setting a goal to be achieved for each set purpose, a third step of extracting a risk caused for each purpose, A fourth step of setting the involvement ratio of each objective risk, a fifth step of extracting measures for each risk of each objective, and a sixth step of setting the effect of each measure for each risk of each objective. A step, a seventh step of calculating the cost of each measure, and an eighth step of arranging all measures for each purpose by an effect-to-cost ratio and adding the effect of each measure in descending order of the effect-to-cost ratio. A security measure plan, comprising: a step; and a ninth step of determining, as an action to be taken, a measure to which the effect has been added when the added value of the effect exceeds the target. Method 4. The security measure planning method according to claim 1, wherein the purpose set in the first step includes an asset to be protected and a holding state of the asset. 4. The security measure planning method according to claim 1, wherein the target set in the second step is to reduce the amount of damage caused by risk. 6. The security measure planning method according to claim 1, wherein the target set in the second step is to reduce the frequency of occurrence of risks. 2. The involvement rate of each risk for each purpose set in the fourth step is set by setting an influence degree for each risk and calculating a ratio of the set influence degree to the whole. Or the security measure planning method described in 3. 8. The security measure planning method according to claim 7, wherein the sum of the participation rates of all risks for each purpose is 1. 8. The security countermeasure planning method according to claim 7, wherein a total sum of participation rates of all risks for each purpose is set to 1 or less in consideration of a safety factor. 4. The security countermeasure planning method according to claim 1, wherein in the sixth step, an expected reduction amount of damage due to the countermeasure is set as an effect of each countermeasure for each risk for each purpose. In the sixth step, the effect of each measure for each risk for each purpose is set as an effect rate for each measure against the reduction of risk occurrence, and an effect rate indicating a ratio of the set effect degree to the whole. 4. The security measure planning method according to claim 1, wherein the security measure planning method is set by calculating 12. The security countermeasure planning method according to claim 11, wherein the sum of the effective rates of all countermeasures for each risk for each purpose is 1. 12. The security countermeasure planning method according to claim 11, wherein a total sum of effect rates of all countermeasure risks for each risk for each purpose is 1 or less in consideration of a safety factor. 4. The cost of each measure calculated in the seventh step is an initial cost, a running cost, a renewal cost, or a life cycle cost which is a sum of the costs in a set number of years. Security planning methods 3. The security measure planning method according to claim 1, wherein the cost of each measure arranged in the eighth step is a life cycle cost. 4. The security measure planning method according to claim 1, wherein the cost of each measure arranged in the eighth step is an initial cost. 4. The security measure plan according to claim 1, wherein the effect of sequentially adding in the eighth step is a damage decrease amount by the measure, which is a product of the expected damage decrease amount after the measure and the risk participation rate. Method The method according to claim 1 or 2, wherein the effect of sequentially adding in the eighth step is a frequency of occurrence reduction by a countermeasure, which is a product of a risk occurrence frequency, a risk participation rate, and a risk occurrence frequency reduction effect rate. Security measure planning method described in 3

Images