JP2008009878A - Server device, information management method of server device, information management program of server device, client device, information management method for client device, information management program of client device, information management system and information management method for information management system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To polish information about a risk analysis so as to be more appropriate information. <P>SOLUTION: A server 100 stores master information about security that is common in respective business processing executed by each client 200 in a master database group 190. A master information edition processing part 120 transmits instance information obtained by duplicating the master information to each client 200, and an instance information editing processing part 220 receives the instance information. The instance information editing processing part 220 changes the instance information in accordance with relevant business, and an instance difference information collection processing part 260 transmits change contents to the server 100. A master difference information management processing part 160 receives the change contents from each client 200 and retransmits master information updated by the received change contents to each client 200. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention includes, for example, a server device that can be used to enhance information security, a server device information management method, a server device information management program, a client device, a client device information management method, a client device information management program, and an information management The present invention relates to an information management method for a system and an information management system.

A conventional risk analysis system related to information security is a system that collects previous information and efficiently analyzes risk information, such as asset values, threats, and vulnerabilities that compose information security risk. (For example, Patent Document 1). Patent Document 1 proposes a method of flexibly incorporating a security standard, which is one viewpoint for risk analysis, into the work of risk analysis.
JP 2002-352062 A

Conventional risk analysis on information security has the following issues.
(1) In order to perform effective risk analysis for an organization, knowledge of both the risk analysis method itself and knowledge about operations in the organization is required.
(2) The risk analysis method itself required know-how in terms of risk thinking and how to understand threats and vulnerabilities, and the introduction of the risk analysis method required the assistance of consultants. As a result, the cost of introducing a risk analysis method was high.
(3) The consultant's support was also required to properly construct the introduced risk analysis method in line with the organization's work.

This is solved by a risk analysis system related to information security disclosed in Patent Document 1 and the like. However, the risk analysis system disclosed in Patent Document 1 has the following problems.
(1) Information security risks are composed of elements such as threats and vulnerabilities, but threats and vulnerabilities change over time (for example, the emergence of new types of viruses / worms). In addition, countermeasures against information security risks will change due to the establishment of new technologies. For this reason, in order to incorporate these into the risk analysis of each organization in a timely manner, it is necessary to monitor the aforementioned threats, vulnerabilities, new technologies, etc., but this monitoring requires human costs.
(2) There is no material for objectively judging how the constructed risk analysis method is compared to other companies in the same industry.
(3) It is not possible to confirm that consultants who have introduced risk analysis methods in their company have not leaked confidential information regarding risk analysis of their organization to other companies.

  The present invention has been made, for example, in order to solve the above-described problems, and an object thereof is to reduce the cost for risk analysis. In addition, for example, an object of the present invention is to be able to refine information relating to risk analysis so as to be a more appropriate expression of risk.

  The server device of the present invention stores specific common information in a storage device, acquires specific common information from the storage device, and transmits the specific common information acquired to each client device that executes specific information processing. Change information indicating the content of the specific common information changed according to the information processing of each client device by each client device to which the first transmission unit has transmitted specific common information. A change information receiving unit that stores in a storage device the change information of each client device received and received from the device, and a change that satisfies a predetermined condition with reference to the change information of each client device stored by the change information receiving unit Select the information and update the specific common information based on the selected change information to change the change contents of each client device to the specific common information An information updating unit that reflects the information updating unit is characterized in that a second transmission unit for transmitting the specific common information that reflects the changes Each client device to each client device.

  According to the present invention, for example, information relating to risks that change with time is not taken in timely for each organization (client device), but is taken as information common to each organization (in the server device) to be subjected to risk analysis. Cost can be reduced. In addition, for example, according to the present invention, by using the risk analysis result (change information) performed in each organization (client device), so that the expression of the risk is more appropriate (between the server device and the client device). (Between) can refine information on risk analysis.

Embodiment 1 FIG.
FIG. 1 is a system configuration diagram of an information security risk management system 999 according to the first embodiment.
The information security risk management system 999 (an example of an information management system) in Embodiment 1 includes an information security risk management server 100 (an example of a server device) and an information security risk management client 200 (an example of a client device).
The information security risk management server 100 manages master risk analysis information (master information) referred to by each organization.
The information security risk management client 200 performs risk analysis by customizing the master risk analysis information provided by the information security risk management server 100 for each organization.

  Hereinafter, the information managed by the information security risk management server 100 is referred to as master information (an example of specific common information), and the information security risk management server 100 generates information based on the master information and is used by the information security risk management client 200. Use instance information.

  The information security risk management server 100 executes information processing related to the business of the organization by strengthening security by utilizing information related to security indicated by the instance information.

The information security risk management server 100 includes a threat master database 191, a vulnerability master database 192, a countermeasure master database 193, a relation master database 194, a risk master database 195, and a master difference database 196 as a master database group 190.
Each database provided in the information security risk management server 100 has the following functions.
The threat master database 191 stores and manages threat master information related to information security threats.
The vulnerability master database 192 stores and manages vulnerability master information related to information security vulnerabilities.
The countermeasure master database 193 stores and manages countermeasure master information regarding countermeasures against information security threats and vulnerabilities.
The relation master database 194 stores and manages relation master information representing the relation among threat master information, vulnerability master information, and countermeasure master information.
The risk master database 195 stores and manages risk master information related to information security risks.
The master difference database 196 stores and manages master difference information for threat master information, vulnerability master information, countermeasure master information, relation master information, and risk master information.

The information security risk management server 100 further includes a server-side data management processing unit 110, a master information editing processing unit 120, a risk analysis processing unit 130, an instance generation processing unit 140, a master update determination processing unit 150, and a master difference information management processing unit. 160.
Each unit included in the information security risk management server 100 has the following functions.
The server-side data management processing unit 110 performs input / output processing such as acquisition and registration of each master information for each master database in the master database group 190.
The master information editing processing unit 120 has a function for editing threat master information, vulnerability master information, countermeasure master information, relation master information, and risk master information.
The risk analysis processing unit 130 performs risk analysis based on the threat master information, vulnerability master information, and relationship master information, and stores the analysis result in the risk master database 195 as risk master information.
The instance generation processing unit 140 (an example of the first transmission unit) includes each piece of master information (threat master information, vulnerability master information, countermeasure master information, relation master information, risk master) for risk analysis in the information security risk management server 100. Information), instance information used by each information security risk management client 200 for risk analysis is generated.
The master difference information management processing unit 160 (an example of a change information reception unit / second transmission unit) is configured with instance information indicating a risk analysis result performed by each information security risk management client 200 in accordance with a request from the information security risk management client 200. The difference (master difference information described later) from the master information in the information security risk management server 100 is efficiently collected.
The master update determination processing unit 150 (an example of an information update unit) determines whether or not the instance update difference information raised from each information security risk management client 200 may be reflected in the master information.

Each information security risk management client 200 includes a threat instance database 291, a vulnerability instance database 292, a countermeasure instance database 293, a related instance database 294, as an instance database group 290 similar to the master database group 190 of the information security risk management server 100. A risk instance database 295 and an instance update difference database 296 are provided.
Further, each information security risk management client 200 includes an instance edit log database 297. The instance edit log database 297 stores and manages edit log information indicating an edit history of instance information.

Each information security risk management client 200 further includes a client-side data management processing unit 210, an instance information editing processing unit 220, an instance update difference determination processing unit 250, and an instance difference information collection processing unit 260.
Each unit included in the information security risk management client 200 has the following functions.
The client-side data management processing unit 210 performs input / output processing such as acquisition and registration of each instance information for each instance database of the instance database group 290.
The instance information editing processing unit 220 (an example of a first receiving unit / information changing unit) obtains instance information from the information security risk management server 100 and edits the instance information according to the status of the organization.
The instance difference information collection processing unit 260 (an example of a change information transmission unit / second reception unit) includes client information indicating a risk analysis result performed by the information security risk management client 200 and master information in the information security risk management server 100. The difference (instance update difference information) is efficiently collected.
The instance update difference determination processing unit 250 determines whether to report the instance update difference information collected by the instance difference information collection processing unit 260 to the information security risk management server 100 side.

FIG. 2 is a diagram illustrating an example of external appearances of the information security risk management server 100 and the information security risk management client 200 included in the information security risk management system 999 according to the first embodiment.
In FIG. 2, the information security risk management server 100 and the information security risk management client 200 include a system unit 910, a display device 901 having a CRT (Cathode / Ray / Tube) or LCD (liquid crystal) display screen, a keyboard 902 (Key).・ Board: K / B), mouse 903, FDD904 (Flexible / Disk / Drive), CDD905 (compact disk device), printer device 906, scanner device 907, and other hardware resources, which are connected by cables and signal lines Has been.
The system unit 910 is a computer and is connected to the Internet 940 via a LAN 942 (local area network) and a gateway 941.

FIG. 3 is a diagram illustrating an example of hardware resources of the information security risk management server 100 and the information security risk management client 200 included in the information security risk management system 999 according to the first embodiment.
In FIG. 3, an information security risk management server 100 and an information security risk management client 200 include a CPU 911 (Central Processing Unit, a central processing unit, a processing unit, an arithmetic unit, a microprocessor, a microcomputer, and a processor that execute a program. Say). The CPU 911 is connected to the ROM 913, the RAM 914, the communication board 915, the display device 901, the keyboard 902, the mouse 903, the FDD 904, the CDD 905, the printer device 906, the scanner device 907, and the magnetic disk device 920 via the bus 912, and the hardware. Control the device. Instead of the magnetic disk device 920, a storage device such as an optical disk device or a memory card read / write device may be used.
The RAM 914 is an example of a volatile memory. The storage media of the ROM 913, the FDD 904, the CDD 905, and the magnetic disk device 920 are an example of a nonvolatile memory. These are examples of a storage device, a storage device, or a storage unit.
The communication board 915, the keyboard 902, the scanner device 907, the FDD 904, and the like are examples of an input device, an input device, or an input unit.
The communication board 915, the display device 901, the printer device 906, and the like are examples of output devices, output devices, or output units.

The communication board 915 is connected to the LAN 942 or the like. The communication board 915 is not limited to the LAN 942 and may be connected to the Internet 940, a WAN (wide area network) such as ISDN, or the like. When connected to a WAN such as the Internet 940 or ISDN, the gateway 941 is unnecessary.
The magnetic disk device 920 stores an OS 921 (operating system), a window system 922, a program group 923, and a file group 924. The programs in the program group 923 are executed by the CPU 911, the OS 921, and the window system 922.

The program group 923 stores programs for executing functions described as “˜unit” and “˜database” in the embodiment. The program is read and executed by the CPU 911.
In the file group 924, processing such as “determination result”, “calculation result”, “retrieve result”, and the like when the functions “˜part” and “˜database” are executed in the embodiment. Result data, data to be passed between programs that execute the functions of "~ part", "~ database", other information, data, signal values, variable values, and parameters are "~ information" and "~ file" It is stored as an item. “˜Information” and “˜File” are stored in a recording medium such as a disk or a memory. Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, and calculated. Used for CPU operations such as calculation, processing, output, printing, and display. Information, data, signal values, variable values, and parameters are temporarily stored in the main memory, cache memory, and buffer memory during the CPU operations of extraction, search, reference, comparison, operation, calculation, processing, output, printing, and display. Is remembered.
In addition, arrows in the flowcharts described in the embodiments mainly indicate input / output of data and signals. The data and signal values are the RAM 914 memory, the FDD 904 flexible disk, the CDD 905 compact disk, and the magnetic disk device 920 magnetic field. It is recorded on a recording medium such as a disc, other optical discs, mini discs, DVD (Digital Versatile Disc). Data and signal values are transmitted online via a bus 912, a signal line, a cable, or another transmission medium.

  In the embodiment, what is described as “to part” and “to database” may be “to circuit”, “to apparatus”, “to device”, and “to means”. It may be “step”, “˜procedure”, “˜processing”, “˜phase”. That is, what is described as “˜unit” and “˜database” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware. Firmware and software are stored as programs in a recording medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, and a DVD. The program is read by the CPU 911 and executed by the CPU 911. In other words, the information management program causes the computer to function as “˜part” and “˜database”. Alternatively, the procedure or method of “˜part” and “˜database” is executed by a computer.

  Hereinafter, the information security risk management server 100 is described as a server 100, and the information security risk management client 200 is described as a client 200.

Next, the operation will be described.
FIG. 4 is a flowchart showing an information management method of the information security risk management system 999 in the first embodiment.
As shown in FIG. 4, the information management process flow using the information security risk management system 999 is divided into the following four phases.
(1) Master information registration phase on the server 100 side (2) Instance information acquisition and instance information editing phase by the client 200 (3) Instance update difference information collection by the client 200 and master information update phase by the server 100 (4) Client 200 Re-acquisition of instance information and instance information re-editing phase by hereafter.

FIG. 5 is a flowchart showing (1) the master information registration phase on the server 100 side of the information management method according to the first embodiment.
(1) The master information registration phase on the server 100 side will be described below with reference to FIG.

  The master information editing processing unit 120 is a threat master information related to a threat edited based on information on existing threats and vulnerabilities indicated by ISO / IEC TR13335 (GMITTS: Guidlines for the Management of IT Security), etc. The vulnerability master information related to gender is input from the input device. Then, the server-side data management processing unit 110 stores the threat master information input by the master information editing processing unit 120 in the threat master database 191 and the vulnerability master information in the vulnerability master database 192 (step S-101).

Here, threat master information and vulnerability master information will be described with reference to FIGS.
FIG. 6 shows threat master information stored in the threat master database 191 according to the first embodiment.
FIG. 7 shows vulnerability master information stored in the vulnerability master database 192 according to the first embodiment.
An example of items of threat master information stored and managed by the threat master database 191 is shown in FIG. 6, and an example of items of vulnerability master information stored and managed by the vulnerability master database 192 is shown in FIG. The threat master information in the threat master database 191 and the threat instance information in the threat instance database 291 have the same items, and the vulnerability master information in the vulnerability master database 192 and the vulnerability instance information in the vulnerability instance database 292 are the same items. Have

As shown in FIG. 6, the threat master information stored and managed by the threat master database 191 has, for example, a threat record composed of items of threat ID, threat overview, threat details, and occurrence frequency for each threat. .
The threat ID (identifier) is information for identifying a threat record.
The threat summary is information that directly explains the threat, and words (keywords) relating to threats such as eavesdropping, physical intrusion, and destruction are examples of the threat summary. For example, the threat summary is extracted from a list of existing words related to the threat.
The threat details are information that explains the threat in detail. In the threat details, a specific example may be shown to explain the threat more easily.
The occurrence frequency is information indicating the occurrence frequency of each threat. For example, the frequency of occurrence is 1) once every several decades, 2) once every few years, 3) once a year, 4) once every several months, 5) once a month, 6) every few weeks Once or 7) One or more times per week.

As shown in FIG. 7, the vulnerability master information stored and managed by the vulnerability master database 192 includes, for example, a vulnerability record composed of items of vulnerability ID, vulnerability overview, and vulnerability details, for each vulnerability. Have against.
The vulnerability ID is information for identifying the vulnerability record.
The vulnerability summary is information that briefly explains the vulnerability. For example, the vulnerability summary is extracted from a list of existing words (existing keywords) related to the vulnerability.
Vulnerability details are information that describes vulnerabilities in detail. In order to explain the vulnerability more easily in the vulnerability details, a specific example may be given.

Next, returning to FIG. 5, (1) Step S-102 in the master information registration phase will be described.
The master information editing processing unit 120 inputs relationship master information related to the relationship between threats from the input device, and the server-side data management processing unit 110 stores the relationship master information input by the master information editing processing unit 120 in the relationship master database 194. (Step S-102).

Some threats may only occur (or could be a risk) after other threats occur. For example, the threat that a document placed in the workplace is stolen by an unauthorized third party has the threat of the intrusion of an unauthorized third party or the threat of taking out the document at the previous stage. Very likely. In other words, the threat of document theft is closely related to the threat of intrusion into the workplace and the threat of illegally taking out documents. The information security risk management system 999 includes a relationship master database 194 for storing and managing relationship master information representing the relationship between such threats.
The relationship master database 194 manages not only information related to the relationship between threats used here but also information related to the relationship between countermeasures input in the next step S-103.

Here, the related master information will be described with reference to FIG.
FIG. 8 shows relation master information stored in the relation master database 194 in the first embodiment.
As shown in FIG. 8, the relation master information has a relation record composed of items of relation ID, relation type, result ID, relation operand, constituent element 1 ID, constituent element 2 ID for each relation, for example. . The relation master information in the relation master database 194 and the relation instance information in the relation instance database 294 have the same items.
The relationship ID is information for identifying a relationship record representing a relationship between threats and a relationship between countermeasures.
The relationship type represents 1) information regarding the relationship between threats or 2) information regarding the relationship between countermeasures.
The component element 1 ID and the component element 2 ID indicate the IDs of the two component elements constituting the relationship. In the component 1 ID and the component 2 ID, the threat ID (see FIG. 6) included in the threat master information is set when the relationship type indicates information related to the relationship between threats, and the relationship type is between countermeasures. A countermeasure ID (see FIG. 9) included in the countermeasure master information is set when the information is related information.
The result ID is information for identifying the threat / countermeasure derived from the relationship between the two constituent elements indicated by the constituent element 1 ID and the constituent element 2 ID. In the result ID, as identification information of the derived threat / countermeasure, an ID set in the component 2ID indicating the threat / countermeasure caused by the threat / measure indicated by the component 1ID, the component 1ID and the component 2ID, Is set as an ID for identifying a threat caused by the two threats / measures shown in FIG.
The relation operand indicates the relation between the two constituent elements indicated by the constituent element 1 ID and the constituent element 2 ID and the result ID. For example, the relational operand indicates 1) mere derivation [A → B] or 2) compound condition [A and B → C]. 1) Simple derivation [A → B] indicates that the threat or countermeasure indicated by the component 2 ID is derived by using the threat or countermeasure indicated by the component 1 ID as a factor. 2) The compound condition [A and B → C] indicates that a new threat, countermeasure, or other event is derived based on the two threats or countermeasures indicated by the constituent element 1 ID and the constituent element 2 ID.

Next, returning to FIG. 5, (1) Step S-103 of the master information registration phase will be described.
The master information editing processing unit 120 collects countermeasure master information about the latest currently effective countermeasures from the Internet 940 and other information sources (for example, a computer connected to the LAN 942, a storage medium such as a CD-ROM), and server side data The management processing unit 110 stores the countermeasure master information collected by the master information editing processing unit 120 in the countermeasure master database 193 (step S-103).

Here, the countermeasure master information will be described with reference to FIG.
FIG. 9 shows countermeasure master information stored in the countermeasure master database 193 in the first embodiment.
An example of items of countermeasure master information stored in the countermeasure master database 193 is shown in FIG.
As shown in FIG. 9, the countermeasure master information stored and managed by the countermeasure master database 193 includes, for example, countermeasure records each including countermeasure ID, countermeasure overview, countermeasure details, and countermeasure type items. . The countermeasure master information in the countermeasure master database 193 and the countermeasure instance information in the countermeasure instance database 293 have the same items.
The countermeasure ID is information for identifying the countermeasure record.
The countermeasure summary is information that briefly explains the countermeasure, and words relating to countermeasures such as introduction of a firewall and formulation of a procedure are examples of the countermeasure outline. For example, the countermeasure summary is extracted from a list of existing words related to the countermeasure.
The countermeasure details are information that explains the countermeasures in detail. In order to explain the countermeasures in an easy-to-understand manner, specific examples should be shown in detail.
The countermeasure type indicates how the countermeasure basically works against threats. For example, the countermeasure type indicates 1) deterrence, 2) prevention, 3) detection or 4) recovery. 1) Suppression indicates that the occurrence of a threat cannot be completely suppressed but can be controlled to some extent. 2) Prevention refers to preventing interference with assets even if a threat occurs. 3) Although detection cannot control the occurrence of a threat itself, it indicates that interference with assets is minimized by detecting the occurrence and encouraging measures to minimize the impact. 4) Recovery indicates that the occurrence of the threat itself cannot be controlled, but that the situation prior to the occurrence of the threat is restored from the situation damaged by the occurrence of the threat.

Next, returning to FIG. 5, (1) Step S-104 of the master information registration phase will be described.
The master information editing processing unit 120 inputs relationship master information related to the relationship between countermeasures from the input device, and the server-side data management processing unit 110 stores the relationship master information input by the master information editing processing unit 120 in the relationship master database 194. (Step S-104).

  Some countermeasures may not be able to address the risks of exploiting vulnerabilities by themselves. For example, the monitoring of entrances and exits with a surveillance camera can detect unauthorized intrusions at an early stage, but in order to minimize damage, A coping method must be established. Moreover, the measure of monitoring the entrance / exit by the monitoring camera cannot prevent the intrusion of a third party in the first place. Thus, since countermeasures do not exploit vulnerabilities, there is a relationship that countermeasures complement each other and act comprehensively. The countermeasure is managed in the relation master database 194 by the relation master information as shown in FIG.

Next, returning to FIG. 5, (1) Step S-105 of the master information registration phase will be described.
The risk analysis processing unit 130 inputs risk master information related to an assumed risk edited based on threat master information, vulnerability master information, and relationship master information. The server-side data management processing unit 110 stores the risk master information input by the risk analysis processing unit 130 in the risk master database 195.
The risk master information can be generated based on, for example, the value of assets, threats, vulnerabilities, and their relationships in accordance with the contents indicated by ISO / IEC TR13335 (step S-105).

FIG. 10 shows risk master information stored in the risk master database 195 in the first embodiment.
An example of risk master information items stored and managed by the risk master database 195 is shown in FIG.
As shown in FIG. 10, the risk master database 195 includes, for example, risk records each composed of items of risk ID, asset type ID, original information, related threat ID, related vulnerability ID, and assumed risk for each risk. Against. The risk master information in the risk master database 195 and the risk instance information in the risk instance database 295 have the same items.
The risk ID is information for identifying a risk record.
The asset type ID is information for identifying the type of target asset. For example, the asset type ID is 1) notebook PC [including electronic data], 2) mobile phone, 3) portable storage medium [USB (Universal Serial Bus) memory, DVD], 4) paper, 5) electronic data in office [non- Share], 6) In-office electronic data [Share], 7) Exchange electronic data [Mail etc.], 8) Servers or 9) Office supply [Copier, FAX, landline].
The original information is information for identifying the originality (primary / secondary) of the target asset. For example, the original information indicates 1) primary, 2) secondary or 3) secondary [external generation].
The related threat ID indicates an ID of a threat that can occur with respect to the target asset. The result ID (see FIG. 8) included in the related master information is an example of information set in the related threat ID.
The related vulnerability ID indicates a vulnerability ID indicating a vulnerability that can be exploited by the threat indicated by the related threat ID. One threat can exploit multiple vulnerabilities.
The assumed risk indicates a description of a situation or the like regarding a risk that may occur due to the threat indicated by the related threat ID or the vulnerability indicated by the related vulnerability ID.

  Through the above processing (steps S-101 to S-105), the server 100 registers the master information in the master database.

FIG. 11 is a flowchart showing (2) the instance information acquisition and instance information editing phase by the client 200 in the information management method according to the first embodiment.
Next, regarding the information management processing method shown in FIG. 4, (2) the instance information acquisition and instance information editing phase by the client 200 will be described with reference to FIG.
In each client 200, the instance information editing processing unit 220 transmits an instance information request for requesting instance information to the server 100 (step S-201).
In the server 100, the instance generation processing unit 140 receives the instance information request, creates a copy of the threat master information, vulnerability master information, countermeasure master information, relationship master information, and risk master information stored in each master database, A copy of each created master information is transmitted as instance information to the client 200 (step S-202 [example of first transmission process]).
In the client 200, the instance information editing processing unit 220 receives threat instance information, vulnerability instance information, countermeasure instance information, related instance information, and risk instance information from the server 100 (step S-203 [example of first receiving process]. ]).
The instance information editing processing unit 220 performs risk analysis processing and instance information editing processing according to the status of the organization for each instance information obtained from the server 100, and the client side data management processing unit 210 performs an instance information editing processing unit. Each instance information 220 analyzed and edited by the risk 220 is stored in each instance database (step S-204 [an example of information changing process]).
When the instance information is changed by the editing process, the instance information editing processing unit 220 generates instance editing log information indicating that the instance information has been edited, and the client side data management processing unit 210 generates the instance information editing processing unit 220. The instance edit log information thus stored is stored in the instance edit log database 297 (step S-205).
When the instance information edit processing unit 220 edits the instance information, the instance information edit processing unit 210 generates instance update difference information indicating the edited content of the instance information. The client side data management processing unit 210 generates the instance update difference generated by the instance information edit processing unit 220. Information is stored in the instance update difference database 296 (step S-206).

In step S-204, the instance information editing processing unit 220 performs risk analysis according to the status of the organization, and performs, for example, at least one of the following editing processes according to the risk analysis result.
(1) Delete non-applicable threats.
(2) Delete non-applicable vulnerabilities.
(3) Perform expression corrections that are not appropriate for the organization.
(4) Select effective measures.
(5) Add unregistered threats.
(6) Add unregistered vulnerabilities.
(7) Add measures that are not registered.

FIG. 12 shows instance edit log information stored in the instance edit log database 297 according to the first embodiment.
An example of the item of the instance edit log information stored and managed by the instance edit log database 297 is shown in FIG.

As shown in FIG. 12, the instance edit log information stored and managed by the instance edit log database 297 has, for example, an instance edit log record composed of a history ID, an edit date, and an edit type for each instance edit process. .
The history ID is information for identifying the instance edit log record.
The edit date indicates the date on which the edit processing was performed on the instance information.
The edit type is information indicating the type of editing performed on the instance information. For example, the edit type indicates 1) register instance or 2) confirm update difference data. 1) “Register an instance” indicates that the instance information editing processing unit 220 has edited and registered the instance information acquired from the server 100. 2) Confirm update difference data indicates that the instance update difference determination processing unit 250 has determined the instance update difference information transmitted to the server 100 [see FIG. 14].

FIG. 13 shows instance update difference information stored in the instance update difference database 296 according to the first embodiment.
An example of the instance update difference information items stored and managed by the instance update difference database 296 is shown in FIG.

As shown in FIG. 13, the instance update difference information (an example of change information) stored and managed by the instance update difference database 296 includes, for example, an update difference ID, an occurrence date, a target ID, a target record ID, a difference type, and a character before update. Column, post-update character string, pre-update result ID, pre-update relation operand, pre-update component 1 ID, pre-update component 2 ID, post-update result ID, post-update relation operand, post-update component 1 ID, post-configuration component 2 ID Each instance editing process has an instance update difference record composed of an update reason and a processing flag.
The update difference ID is information for identifying an instance update difference record.
The occurrence date indicates the date when the difference between the master information and the instance information occurs by editing the instance information.
The target ID is information for identifying the edited instance information (difference target) item. Assume that the client 200 can identify an item of instance information by assigning a unique ID that does not overlap each item of all instance information.
The target record ID is information for identifying the edited record among the records of the instance information. The edited object can be specified by the two IDs of the target ID and the target record ID.
The difference type is information indicating what kind of editing caused the difference. For example, the difference type indicates 1) character string editing, 2) item addition, 3) item deletion, 4) relationship addition, 5) relationship deletion, and 6) relationship correction.
The pre-update character string indicates a character string before editing when the difference type indicates 1 (character string editing).
The post-update character string indicates the character string after editing when the difference type indicates 1 (character string editing).
Pre-update result ID, pre-update relationship operand, pre-update component 1 ID, and pre-update component 2 ID indicate pre-update information when the difference type indicates 4 (relation added) or 6 (relation correction). For the contents of each item, refer to the result ID, relation operand, component 1 ID, and component 2 ID of the relation master information shown in FIG.
The post-update result ID, post-update relationship operand, post-update component 1ID, and post-update component 2ID indicate post-update information when the difference type indicates 4 (relation added) or 6 (relation correction). For the contents of each item, refer to the result ID, relation operand, component 1 ID, and component 2 ID of the relation master information shown in FIG.
The reason for updating indicates the reason for editing.
The processing flag is information indicating whether to report the instance update difference record identified by the update difference ID to the server 100. For example, the processing flag indicates 0) unprocessed, 1) scheduled report, 2) no report, or 3) client reflected.

  Through the above processing (step S-201 to step S-206), the client 200 obtains the instance information and performs an appropriate editing process on the obtained instance information.

When the instance information is appropriately edited by the client 200 in the instance information acquisition and instance information editing phase by the client 200 described in steps S-201 to S-206, the instance information on the client 200 side and the master on the server 100 side are obtained. Differences occur between information.
In the next instance difference information collection and master information update phase, the master difference information (instance update difference information) collection process indicating the difference between the instance information and the master information is reflected, and the master difference information is reflected in the master information. The master information update process is performed.

FIG. 14 is a flowchart showing (3) the instance update difference information collection by the client 200 and the master information update phase by the server 100 in the information management method according to the first embodiment.
(3) The instance update difference information collection by the client 200 and the master information update phase by the server 100 will be described below with reference to FIG.

First, on the client 200 side, the instance difference information collection processing unit 260 refers to the instance edit log information stored in the instance edit log database 297, acquires the previous date and time when the instance information was obtained from the server 100, and the instance update difference An additional list of instance update difference information added after the previous date and time acquired by referring to the instance update difference information stored in the database 296 is generated. At this time, the instance difference information collection processing unit 260 edits each edit date (instance edit log information item) indicated by each instance edit log record whose edit type (instance edit log information item) is “1 (register instance)”. ) Is the latest editing date when the instance information was obtained. Also, the instance difference information collection processing unit 260 collects the update difference IDs (instance update difference information items) of the instance update difference record whose occurrence date (instance update difference information item) is newer than the previous date and time when the instance information was acquired. Additional list information is generated (step S-301).
Next, the instance update difference determination processing unit 250 determines whether or not each instance update difference record indicated by the additional list generated by the instance difference information collection processing unit 260 in step S-301 may be reported to the server 100. A report list for the instance update difference record determined to be reported is generated. At this time, the instance update difference determination processing unit 250 sets “1 (scheduled to report)” to the process flag of the instance update difference record determined to be reported, and “2 ( No report) ”is set, and report list information in which the update difference IDs of the instance update difference records in which“ 1 (scheduled to report) ”is set as the processing flag is generated (step S-302).
Next, the instance difference information collection processing unit 260 transmits each instance update difference record indicated by the report list generated by the instance update difference determination processing unit 250 in step S-302 to the server 100 as instance update difference information. At this time, the instance difference information collection processing unit 260 changes the processing flag of each instance update difference record indicated by the report list from “1 (scheduled report)” to “3 (client reflected)”, and each instance indicated by the report list A copy of the update difference record is created, and the created copy of each instance update difference record is transmitted to the server 100 as instance update difference information (step S-303 [an example of change information transmission processing]).
Then, the instance update difference determination processing unit 250 sets the edit date of the instance edit log record and sets the date when the report list for the instance update difference information determined to be reported to the server 100 in step S-302 is set as the edit date of the instance edit log record. “2 (confirm update difference data)” is set, and the instance edit log record is newly registered in the instance edit log database 297 (step S-304).

  On the server 100 side, the master difference information management processing unit 160 receives the instance update difference information transmitted by the client 200 in step S-303, and registers the received instance update difference information as master difference information in the master difference database 196 ( Step S-305 [an example of change information reception processing]).

  Finally, on the server 100 side, the master update determination processing unit 150 determines whether or not the master difference information registered by the master difference information management processing unit 160 in step S-305 can be reflected in the master information, and is reflected in the master information. The master information is actually updated by reflecting the master difference information determined to be possible. At this time, the master update determination processing unit 150 may add correction to the master difference information (step S-306 [an example of information update processing]).

Reflected in the determination criteria of the instance update difference information to be reported to the server 100 determined by the instance update difference determination processing unit 250 of the client 200 in step S-302 and the master information determined by the master update determination processing unit 150 of the server 100 in step 306 The criteria for determining the master difference information to be performed are, for example, as follows. For example, the instance difference information collection processing unit 260 and the master update determination processing unit 150 determine whether or not the following criteria are satisfied, and select instance update difference information and master difference information that satisfy one or more criteria or all criteria. .
(1) Is it applicable to other organizations? (2) Is the expression method more understandable to the operator? (3) Is it the latest information that is not yet described in the master information? (4) Is typographical or omission corrected?

15 and 16 show master difference information stored in the master difference database 196 in the first embodiment.
Examples of items of master difference information stored and managed by the master difference database 196 are shown in FIGS.

As shown in FIGS. 15 and 16, master difference information stored and managed by the master difference database 196 includes, for example, each item of difference ID, client ID, and instance update difference information (difference ID to update reason), determination, and determination reason. Each instance update difference record has a master difference record composed of a process result character string, a process result ID, a process result related operand, a process result component 1 ID, and a process result component 2 ID.
The difference ID is information for identifying the master difference record.
The client ID is information for identifying the client 200 that has transmitted the instance update difference information.
Each item of the difference ID to the update reason is the content of the instance update difference information (see FIG. 13).
The determination indicates the determination result of the master update determination processing unit 150 performed on the master difference information in step S-306. For example, the judgment indicates 1) Accept, 2) Deny, and 3) Modify. 1) Accept indicates that the master difference information can be reflected in the master information. 2) Deny indicates that the master difference information cannot be reflected in the master information. 3) Modify indicates that the master difference information is corrected, and the corrected master difference information can be reflected in the master information.
The determination reason indicates the reason for determination by the master update determination processing unit 150.
A processing result character string, a processing result ID, a processing result related operand, a processing result component 1 ID, and a processing result component 2 ID indicate information after the determination processing in step S-306. The contents of each item are the same as the updated character string, the updated result ID, the updated relation operand, the updated component 1 ID, and the updated component 2 ID, respectively.

  Through the above processing (steps S-301 to S-306), the server 100 acquires the master difference information and updates the master information.

FIG. 17 is a flowchart showing the (4) instance information reacquisition and instance information reediting phase by the client 200 of the information management method in the first embodiment.
In the information management processing method shown in FIG. 4, finally, the client 200 that once obtained the instance information obtains new instance information based on the added / changed master information as the original information. (4) Instance by the client 200 The information reacquisition and instance information reediting phase will be described below with reference to FIG.

  On the client 200 side, the instance difference information collection processing unit 260 acquires the previous date and time when the instance information was acquired from the server 100 with reference to the instance edit log information stored in the instance edit log database 297, and the acquired date and time is stored in the server 200. 100 side is notified (step S-401).

  On the server 100 side, a master updated by the master difference information management processing unit 160 after the date and time notified from each client 200 side from each master database that manages master information on threats, vulnerabilities, countermeasures, relationships, and risks. Only the information is extracted as master difference information, and the extracted master difference information is transmitted to the client 200 (step S-402 [example of second transmission process]).

  On each client 200 side, the instance difference information collection processing unit 260 receives the master difference information from the server 100, and stores the instance information related to the threat, vulnerability, countermeasure, relationship, and risk corresponding to the received master difference information. Register in the database. At this time, the instance difference information collection processing unit 260 prevents the instance information from being overwritten by the registered data (master difference information) (step S-403 [example of second reception process]).

  Whether or not the data registered here is reflected in the instance information is determined in both the comparison between the instance update difference information and the master difference information and the operator's determination in the subsequent steps.

  First, the instance update difference determination processing unit 250 compares the master difference information with the instance update difference information (step S-404).

  If the content of the change or deletion of the master information indicated by the master difference information is not in the history of changes or deletions in the client 200 side (= not registered in the instance update difference database 296), the client 200 changes or deletes Since the previous master information is used as it is, the instance update difference determination processing unit 250 directly updates each instance information with the master difference information (step S-405).

  As a result of the comparison in step S-404, when any change has been made on the client 200 side regarding the content indicated by the master difference information, the instance update difference determination processing unit 250 changes the data before the change (instance information). A user interface (for example, a data editing screen displayed on the display device 901) that can be compared with later data is provided, and the operator is made to determine whether to update the instance information with the master difference information. Then, the instance update difference determination processing unit 250 updates the instance information with the master difference information determined by the operator to update the instance information. At this time, if necessary, the operator edits the updated data and customizes the instance information so as to match the situation of the organization (step S-406).

  When the processing is completed for all master difference information in step S-405 and step S-406, the instance update difference determination processing unit 250 reflects each master difference information as a result of processing the master difference information (as it is reflected / not reflected in the instance information as it is). / Update and change) and register it in the instance update difference database 296 as instance update difference information (step S-407).

  In each process of the information management method described above, the information security risk management system 999 may perform the process of editing or selecting the master information and the instance information together with the operator, or may be performed without using the operator.

  For example, in step S-101, the master information editing processing unit 120 of the server 100 displays the contents of ISO / IEC TR13335 on the display device 901, and the operator confirms the displayed information while checking the displayed information based on a predetermined condition. Information and vulnerability master information may be input from the keyboard 902. Similarly, the master information editing processing unit 120 obtains the contents of threat master information in step S-102, information obtained from the Internet 940 or the like in step S-103, and contents of countermeasure master information in step S-104. In S-105, the contents of threat master information, vulnerability master information, relation master information, and ISO / IEC TR13335 are displayed on the display device 901 to prompt the operator to input relation master information, countermeasure master information, and risk master information. Also good. In step S-204, the instance information editing processing unit 220 of the client 200 displays the instance information received from the server 100 on the display device 901, and gives the operator instance information based on a predetermined condition according to the situation of the organization. You may customize it. In step S-302, the instance update difference determination processing unit 250 of the client 200 selects an instance update difference record to be displayed on the display device 901 and transmitted to the server 100 based on a predetermined condition. You may let them. In step S-306, the master update determination processing unit 150 of the server 100 may display the master difference record on the display device 901 and cause the operator to select a master difference record to be reflected in the master information based on a predetermined condition. Good.

  Further, for example, in step S-101 described above, the master information editing processing unit 120 of the server 100 generates threat master information and vulnerability master information by editing the contents of ISO / IEC TR13335 based on pre-defined conditions. May be. The condition is expressed by a program or a definition file and stored in a storage device. Similarly, the master information editing processing unit 120 obtains the contents of threat master information in step S-102, information obtained from the Internet 940 or the like in step S-103, and contents of countermeasure master information in step S-104. In S-105, the contents of threat master information, vulnerability master information, relation master information, and ISO / IEC TR13335 are edited based on pre-defined conditions to generate relation master information, countermeasure master information, and risk master information. May be. Further, in step S-204, the instance information editing processing unit 220 of the client 200 may edit and customize the instance information received from the server 100 based on a condition according to a predefined organizational situation. In step S-302, the instance update difference determination processing unit 250 of the client 200 may select an instance update difference record that satisfies a predefined condition and transmit it to the server 100. In step S-306, the master update determination processing unit 150 of the server 100 may select a master difference record that satisfies a predefined condition and reflect it in the master information.

  Further, for example, in the above step S-101, the master information editing processing unit 120 of the server 100 displays the contents of ISO / IEC TR13335 on the display device 901, and the operator confirms the displayed information, while the threat master information, The vulnerability master information may be input, and the master information editing processing unit 120 may generate the threat master information and the vulnerability master information by correcting the input information based on a predefined condition. Similarly, in steps S-102, S-103, S-104, S-105, S-204, S-302, and S-306, each part of the information security risk management system 999 is an operator. Editing processing and selection processing may be performed on the result of editing and selection performed in the above.

Specific examples are shown below.
In step S302, the client 200 stores the personal name, IP address, host name, and organization name in the storage device as predefined conditions, and the instance update difference determination processing unit 250 stores the personal name, IP stored in the storage device. Information that does not include an address, host name, or organization name is determined as instance update difference information to be reported to the server 100.
In S <b> 204, the client 200 stores the threat and vulnerability deleted by the user risk analysis in the storage device. Then, in the subsequent processing of S204, the instance information editing processing unit 220 presents the threats and vulnerabilities (threats and vulnerabilities that have been deleted in the past) stored in the storage device to the user by the display device. Prompt the user to edit the instance information.
In S306, when the content of the difference indicates addition, the master update determination processing unit 150 reflects the master difference information in the master information. In addition, when the content of the difference is other than addition, the master update determination processing unit 150 receives the instance update difference information of the same difference content from the client 200 of a predetermined ratio (for example, 90%), and the master difference Reflect the information in the master information. At this time, the master update determination processing unit 150 refers to the master difference information (instance update difference information), and whether the difference type (see FIG. 13) indicates 2) item addition or 4) relationship addition or other Determine whether it is addition or non-addition.

In the first embodiment, for example, the information security risk management system 999 having the following characteristics has been described.
(1) It has risk analysis master information that is maintained by, for example, an expert who is experienced in risk analysis.
(2) Risk analysis is easily performed by customizing a copy from the master information using the risk analysis master information so as to suit the organization.
(3) Only necessary information is extracted from the risk analysis results performed in each organization and reflected in the master information.

In addition, it has been described that the information security risk management system 999 having the above characteristics has the following configuration, for example.
(1) Information security risk management server 100
(A) Master information editing processing unit 120
Each DB (database) of threat / vulnerability / countermeasure can be edited.
(B) Risk analysis processing unit 130
The information in the above DBs is related to each other, and information serving as a risk analysis master is created.
(C) Instance generation processing unit 140
Information to be passed to the client 200 is generated from the master information.
(D) Master difference information management processing unit 160
The difference between the result edited on the client 200 side and the information in the server 100 is taken.
(E) Master update determination processing unit 150
For example, the operator determines whether or not to update the data in the server 100 with reference to the difference between the result edited on the client 200 side and the information in the server 100.
(F) Server-side data management processing unit 110
Control access to each data.
(2) Information security risk management client 200
(A) Instance information editing processing unit 220
Changed the risk analysis-related instance obtained from the server 100 for your organization. The changed history is accumulated in the instance update difference database 296.
(B) Instance difference information collection processing unit 260
The difference between the result edited on the client 200 side and the information in the server 100 is collected.
(C) Instance update difference determination processing unit 250
It is determined whether or not the collected instance update difference information can be sent to the server 100, and secret information is excluded if necessary.
(D) Client-side data management processing unit 210
Control access to each data.

As described above, the information security risk management system 999 of this embodiment compares the master information on the server 100 side with the instance information on the client 200 side, manages the difference, and appropriately reflects each other. Since it has a mechanism, it has the following effects.
(1) Since the user of the client 200 can perform risk analysis using the risk analysis master information prepared by the server 100, appropriate risk analysis can be easily performed.
(2) The user of each client 200 can flexibly change the risk analysis result to suit the situation of his / her organization by customizing the instance information created based on the master information for each organization.
(3) Since the server 100 side can know the threats, vulnerabilities, countermeasures, etc. that the server 100 side operator did not assume from the risk analysis result customized by each client 200, the server 100 side operator Information gathering work can be reduced.
(4) Since the client 200 can determine whether to report the risk analysis result of the organization to the server 100, confidentiality within the organization can be ensured.
(5) On the server 100 side, the master information is updated after determining whether or not the risk analysis result on the client 200 side should be registered as master information. Therefore, the generality of the master information can be ensured.

Risk analysis has the following characteristics, and solving the problem of how to share the results of risk analysis and risk management that require careful handling among organizations and bring benefits to each organization is one of the purposes of this form. One.
Characteristics of risk analysis: “It is necessary for organizations to conduct their own risk analysis, but depending on the type of industry and company, risk analysis may differ in the magnitude of risk, but it is assumed that there are many common items. However, what kind of risk analysis has been performed is a significant indication of what kind of risk the company has, and public disclosure of risk analysis content is a direct attack on the company. May lead to. "
By refining each piece of information relating to risk analysis according to the present embodiment, the user can materialize security measures in the client organization based on information relating to sophisticated risk analysis. The implementation of security measures within the client organization is, for example, the introduction of physical security management measures (entrance / exit systems) that formulate necessary procedures.

Embodiment 2. FIG.
In the first embodiment, the server 100 provides the client 200 with master information for risk analysis common to each organization.
In the second embodiment, the server 100 provides the client 200 with master information for each organization corresponding to each organization.
Hereinafter, items different from the first embodiment will be described.

FIG. 18 is a system configuration diagram of the information security risk management system 999 according to the second embodiment.
The information security risk management system 999 in the second embodiment adds the following configuration to the configuration of the system shown in FIG.
The client 200 further includes an organization information input processing unit 270 that inputs organization information related to the organization processed by the client 200 from an input device.
The server 100 further includes an organization information database 197 for storing and managing the organization information input by the organization information input processing unit 270 of the client 200, and an organization information management processing unit 170 for storing the organization information in the organization information database 197.

FIG. 19 is a flowchart showing an information management method of the information security risk management system 999 in the second embodiment.
Next, the operation will be described. The information management processing flow using the information security risk management system 999 is divided into five phases, which are obtained by adding the phase (0) to the four phases shown in the first embodiment (see FIG. 4).
(0) Organization information input phase by the client 200 (1) Master information registration phase on the server 100 side (2) Instance information acquisition and instance information editing phase by the client 200 (3) Instance difference information collection by the client 200 and by the server 100 Master information update phase (4) Instance information re-acquisition and instance information re-editing phase by the client 200 Hereinafter, details of processing are described for each phase.

FIG. 20 is a flowchart showing an organization information input phase by (0) client 200 of the information management method according to the second embodiment.
(0) In the organization information input phase by the client 200, processing is performed in the following steps.

First, the organization information input processing unit 270 of the client 200 inputs its own organization information from the input device. An input item input by the organization information input processing unit 270 is a configuration item of organization information (see FIG. 21) stored and managed by an organization information database 197 in the server 100 described later. At this time, the organization information input processing unit 270 displays, for example, an organization information input screen on the display device 901, causes the operator to input information on the own organization using an input device such as the keyboard 902, and the own organization input from the input device Is stored in the storage device (step S-501).
Next, the organization information input processing unit 270 transmits information (organization information) to the input own organization to the server 100 (step S-502).
Next, the organization information management processing unit 170 of the server 100 receives the organization information transmitted by the organization information input processing unit 270 of the client 200 (step S-503).
Then, the organization information management processing unit 170 registers the received organization information in the organization information database 197 (step S-504).

FIG. 21 shows organization information stored in the organization information database 197 in the second embodiment.
An example of the items of organization information stored and managed by the organization information database 197 is shown in FIG.
In the organization information database 197, for example, each client 200 has an organization record having organization information ID, business type, location, and organization scale as configuration items.
The organization information ID is information for identifying an organization record related to the organization to which the client 200 manages information security risk.
The business type represents the type of main business performed by the organization.
The location indicates the location where the organization is located, such as the prefecture name.
The organization size indicates information on the size of the organization such as the number of members.
The content to be set for each item of organization information may be selected from items classified in advance to some extent.

  The difference from the first embodiment regarding the master information registration phase on the server 100 side in the second embodiment shown in FIG. It is stored in each master database in correspondence with the location and the organization scale). However, the processing flow is the same as that shown in FIG.

  The instance information acquisition and instance information editing phase by the client 200 in the second embodiment shown in FIG. 19 is the same as the processing flow (see FIG. 11) shown in the first embodiment.

  The instance difference information collection by the client 200 and the master information update phase by the server 100 in the second embodiment shown in FIG. 19 are basically the same as the processing flow in the first embodiment shown in FIG. However, in step S-306, when the master update determination processing unit 150 reflects the instance update difference information obtained from the client 200 in the master information, the master update determination processing unit 150 follows the organization information of the reporting source client 200. The part that has a criterion for reflection is a characteristic process.

  Further, FIG. 17 also shows processing in which the client 200 reflects the change in the master information in the instance information (instance information reacquisition and instance information re-editing phase in the second embodiment shown in FIG. 19). This is almost the same as the processing flow in the first embodiment. However, in step S-402, as the extraction condition when the master difference information management processing unit 160 extracts the master difference information, the organization information of the client 200 is included in the organization information other than the date notified from the client 200 side. It is added that the information matches. In other words, in step S-402, the master difference information management processing unit 160 displays the organization record indicating the same type of business as the business processed by the client 200, or the location where the client 200 is installed or its neighboring prefecture. Each master information associated with an organization record indicating the same or an organization record having an organization scale similar to that of the organization using the client 200 is transmitted to each client 200.

In the second embodiment, for example, the information security risk management system 999 having the following characteristics has been described.
(1) By preparing risk analysis master information corresponding to the characteristics of the organization, risk analysis suitable for each organization can be easily performed.

In addition, it has been described that the information security risk management system 999 having the above characteristics has the following configuration, for example.
(1) Information security risk management server 100
(A) Organization information management processing unit 170
The organization information regarding the client 200 input by the client 200 is managed.
(2) Information security risk management client 200
(A) Organization information input processing unit 270
Information related to the organization of the client 200 is input.

As described above, the information security risk management system 999 of the present embodiment has the following effects by adding an element called organization information to the master information managed on the server 100 side.
(1) Master information for risk analysis is not uniform and is prepared with a range (same type of business, same prefecture / adjacent prefecture, comparable scale, etc.), so a master that is more suitable for the organization on the client 200 side Information can be constructed, and the workload on the client 200 side is reduced.

1 is a system configuration diagram of an information security risk management system 999 according to Embodiment 1. FIG. The figure which shows an example of the external appearance of the information security risk management server 100 with which the information security risk management system 999 in Embodiment 1 is provided, and the information security risk management client 200. The figure which shows an example of the hardware resources of the information security risk management server 100 with which the information security risk management system 999 in Embodiment 1 and the information security risk management client 200 are equipped. 6 is a flowchart showing an information management method of the information security risk management system 999 in the first embodiment. 5 is a flowchart showing a master information registration phase on the server 100 side of the information management method according to the first embodiment. The figure which shows the threat master information memorize | stored in the threat master database 191 in Embodiment 1. FIG. The figure which shows the vulnerability master information memorize | stored in the vulnerability master database 192 in Embodiment 1. FIG. The figure which shows the relationship master information memorize | stored in the relationship master database 194 in Embodiment 1. FIG. The figure which shows the countermeasure master information memorize | stored in the countermeasure master database 193 in Embodiment 1. FIG. The figure which shows the risk master information memorize | stored in the risk master database 195 in Embodiment 1. FIG. 6 is a flowchart showing (2) instance information acquisition and instance information editing phase by the client 200 of the information management method according to the first embodiment. The figure which shows the instance edit log information memorize | stored in the instance edit log database 297 in Embodiment 1. FIG. The figure which shows the instance update difference information memorize | stored in the instance update difference database 296 in Embodiment 1. FIG. 6 is a flowchart showing (3) collection of instance difference information by the client 200 and master information update phase by the server 100 in the information management method according to the first embodiment. FIG. 6A is a diagram illustrating master difference information stored in a master difference database 196 according to the first embodiment (1). FIG. 6B is a diagram showing master difference information stored in the master difference database 196 in the first embodiment (2). 6 is a flowchart showing (4) instance information reacquisition and instance information re-editing phase by the client 200 in the information management method according to the first embodiment. FIG. 10 is a system configuration diagram of an information security risk management system 999 according to Embodiment 2. 10 is a flowchart showing an information management method of the information security risk management system 999 in the second embodiment. 10 is a flowchart showing an organization information input phase by the (0) client 200 of the information management method according to the second embodiment. The figure which shows the organization information memorize | stored in the organization information database 197 in Embodiment 2. FIG.

Explanation of symbols

  100 server, 110 server-side data management processing unit, 120 master information editing processing unit, 130 risk analysis processing unit, 140 instance generation processing unit, 150 master update determination processing unit, 160 master difference information management processing unit, 170 organization information management processing 190 Master database group, 191 Threat master database, 192 Vulnerability master database, 193 Countermeasure master database, 194 Relationship master database, 195 Risk master database, 196 Master difference database, 197 Organization information database, 200 clients, 210 Client side data Management processing unit, 220 instance information editing processing unit, 250 instance update difference determination processing unit, 260 instance difference information collection processing unit, 270 organization information Force processing unit, 290 instance database group, 291 threat instance database, 292 vulnerability instance database, 293 countermeasure instance database, 294 relation instance database, 295 risk instance database, 296 instance update difference database, 297 instance edit log database, 901 display device , 902 keyboard, 903 mouse, 904 FDD, 905 CDD, 906 printer device, 907 scanner device, 910 system unit, 911 CPU, 912 bus, 913 ROM, 914 RAM, 915 communication board, 920 magnetic disk device, 921 OS, 922 Window system, 923 programs, 924 files, 940 in Internet, 941 gateway, 942 LAN, 999 Information security risk management system.

Claims (12)

Store specific common information in storage devices,
A first transmitter that transmits specific common information acquired from the storage device to each client device that executes specific information processing;
The first transmission unit receives and receives change information from each client device indicating that the specific common information has been changed according to the information processing of each client device by each client device that has transmitted specific common information. A change information receiving unit that stores change information of each client device in a storage device;
The change information receiving unit stores the change information stored in each client device, selects the change information satisfying a predetermined condition, updates specific common information based on the selected change information, and changes each client device. An information update unit that reflects the content in specific common information;
The server apparatus, wherein the information update unit includes a second transmission unit that transmits specific common information reflecting the change contents of each client device to each client device. The server device is information on information security as the specific common information,
Information on threats based on ISO / IEC TR13335;
Information on vulnerabilities based on ISO / IEC TR13335;
Information on risks under ISO / IEC TR13335;
Information on countermeasures against vulnerabilities,
Information about the relationship between each threat,
The server apparatus according to claim 1, wherein at least one of the information related to the relationship between each countermeasure is stored in a storage device. The server device stores the specific common information in a storage device for each type of information processing,
The first transmission unit transmits the specific common information for each type of information processing to each client device using the information processing type as information for selecting specific common information by each client device. The server device according to any one of claims 1 and 2. The first transmission unit performs the first transmission process of transmitting the specific common information acquired by acquiring the specific common information from the storage device to each client device that executes specific information processing,
The change information receiving unit displays the change information indicating the content of the specific common information changed according to the information processing of each client device by each client device to which the first transmission unit has transmitted the specific common information. Change information reception processing for storing the change information of each client device received and received from the storage device,
The information updating unit refers to the change information of each client device stored in the change information receiving unit, selects change information satisfying a predetermined condition, updates specific common information based on the selected change information, and updates each client. Perform information update processing to reflect the changes of each device in specific common information,
An information management method for a server device, wherein the second transmission unit performs a second transmission process in which the information update unit transmits specific common information reflecting the change contents of each client device to each client device. .   An information management program for a server device, which causes a computer to execute the information management method for the server device according to claim 4. A first receiving unit that receives specific common information from the server device and stores the received specific common information in a storage device;
An information changing unit that changes specific common information stored in the first receiving unit according to information processing executed by the client device;
A change information transmitting unit that transmits change information indicating the content of the change of specific common information to the server device;
A second receiving unit that receives specific common information updated based on the change information of the own client device and the change information of another client device from the server device and stores the received specific common information in the storage device; A client apparatus that executes specific information processing using specific common information received by the second receiving unit. The first receiving unit is information on information security as the specific common information,
Information on threats based on ISO / IEC TR13335;
Information on vulnerabilities based on ISO / IEC TR13335;
Information on risks under ISO / IEC TR13335;
Information on countermeasures against vulnerabilities,
Information about the relationship between each threat,
The client device according to claim 6, wherein at least one of the information related to the relationship between each countermeasure is received and stored in a storage device. The first receiving unit receives the specific common information for each type of information processing,
The information changing unit selects and selects the specific common information of the type of information processing corresponding to the information processing executed by the client apparatus from the specific common information received by the first receiving unit. The client apparatus according to claim 6, wherein the common information is changed. The first reception unit receives the specific common information from the server device and performs the first reception process of storing the received specific common information in the storage device,
An information change unit performs an information change process for changing specific common information stored in the first receiving unit according to information processing executed by the own client device,
A change information transmission unit performs a change information transmission process of transmitting change information to the server device indicating content of the change of specific common information by the information change unit,
The second receiving unit receives the specific common information updated based on the change information of the own client device and the change information of the other client device from the server device, and stores the received specific common information in the storage device. An information management method for a client device that performs second reception processing, wherein specific information processing is executed using specific common information received by the second reception unit. Method.   An information management program for a client device, which causes a computer to execute the information management method for the client device according to claim 9. Store specific common information in storage devices,
A first transmitter that transmits specific common information acquired from the storage device to each client device that executes specific information processing;
The first transmission unit receives and receives change information from each client device indicating that the specific common information has been changed according to the information processing of each client device by each client device that has transmitted specific common information. A change information receiving unit that stores change information of each client device in a storage device;
The change information receiving unit stores the change information stored in each client device, selects the change information satisfying a predetermined condition, updates specific common information based on the selected change information, and changes each client device. An information update unit that reflects the content in specific common information;
A server device comprising: a second transmission unit that transmits specific common information reflecting the change contents of each client device to each client device;
A first receiving unit that receives specific common information received from the server device and stores the received specific common information in a storage device;
An information changing unit that changes specific common information stored in the first receiving unit according to information processing executed by the client device;
A change information transmitting unit that transmits change information indicating the content of the change of specific common information to the server device;
A second receiving unit that receives specific common information updated based on the change information of the own client device and the change information of another client device from the server device and stores the received specific common information in the storage device; And a client device that executes specific information processing using specific common information received by the second receiving unit. In the server device,
The first transmission unit performs the first transmission process of transmitting the specific common information acquired by acquiring the specific common information from the storage device to each client device that executes specific information processing,
The change information receiving unit displays the change information indicating the content of the specific common information changed according to the information processing of each client device by each client device to which the first transmission unit has transmitted the specific common information. Change information reception processing for storing the change information of each client device received and received from the storage device,
The information updating unit refers to the change information of each client device stored in the change information receiving unit, selects change information satisfying a predetermined condition, updates specific common information based on the selected change information, and updates each client. Perform information update processing to reflect the changes of each device in specific common information,
A second transmission unit performs a second transmission process in which the information update unit transmits specific common information reflecting the change contents of each client device to each client device;
In each client device
The first reception unit receives the specific common information from the server device and performs the first reception process of storing the received specific common information in the storage device,
An information change unit performs an information change process for changing specific common information stored in the first receiving unit according to information processing executed by the own client device,
A change information transmission unit performs a change information transmission process of transmitting change information to the server device indicating content of the change of specific common information by the information change unit,
The second receiving unit receives the specific common information updated based on the change information of the own client device and the change information of the other client device from the server device, and stores the received specific common information in the storage device. Perform the second reception process,
An information management method for an information management system, wherein each client device executes specific information processing using specific common information received by the second receiving unit.

Images