JP2008171101A - Policy improvement system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a policy improvement system which uses an access log to monitor illegal operation, allows a user to input a violation cause upon occurrence of policy violation for assisting in policy improvement, and checks creation dates of a folder and a file and an access right so as to analyze the status of use of the access log, thus enabling to improve the policy. <P>SOLUTION: The policy improvement system 1 defines a file including a predetermined keyword in contents of the file and meta information as a secret file, inspects whether or not the keyword is included in the file regularly, acquires an access log of the file determined being the secret file based on the result of the inspection, defines a file stored in a predetermined folder being the secret file to identify the secret file, and checks files stored in the folder regularly. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a policy improvement system, and more particularly, to a policy improvement system capable of monitoring an unauthorized operation using an access log and allowing a user to input a cause of violation when a policy violation occurs to help improve the policy.

In order to prevent leakage and falsification of files containing important information such as confidential information, it is necessary to define and manage policies such as file access control. Therefore, when the information system is changed, an appropriate policy is applied according to the change of the information system, for example, every time the number of PCs / servers for customers is changed or folders / files are created / deleted. There is a need (see, for example, Patent Document 1).
JP 2005-182478 A

  However, when the information system becomes complicated, there is a problem that an administrator makes a mistake in policy creation or policy application, or a policy set by changing the information system becomes unsuitable. In addition, if all the files are monitored in order to prevent leakage or falsification of files containing important information, the access log becomes enormous, which makes it difficult to monitor all the files.

  The present invention periodically specifies a file containing important information from the file contents and meta information, and records an access log for the file. Use the access log to monitor unauthorized operations, and when a policy violation occurs, allow the user to input the cause of the violation and use it to improve the policy. Also, check the creation date and access rights of folders and files. An object of the present invention is to provide a policy improvement system capable of improving a policy by analyzing a use state of an access log.

  The present invention comprises a check server for checking a file of a customer computer and a monitoring server for monitoring the customer computer, and is a system for improving a policy such as access control to the file of the customer computer, wherein the check server Is a policy improvement system that periodically checks whether a file on a customer computer is a confidential file including a predetermined keyword, and obtains an access log of a file that is determined to be a confidential file as a result of the inspection.

  The present invention is also a policy improvement system in which the check server sets a file stored in a predetermined folder as a confidential file and periodically checks the file stored in the folder.

  In the present invention, when the check server reads the access log and finds an access right violation, the check server displays a window for describing the failure reason on the screen of the violator who violated the access right, and the failure reason When a policy setting error is pointed out, the policy improvement system displays the corresponding file and the role of the offender on the screen of the policy manager to determine whether the policy can be modified.

  Further, the present invention relates to a policy in which the check server compares the creation date of the file with the creation date of the folder storing the file, and the creation date of the folder is newer than the creation date of the file. It is a policy improvement system that determines that the policy has a possibility of omission and proposes an improvement plan for the determined policy.

  In the present invention, the check server compares the access right of the folder and the file with a standard assignment pattern of a role determined in advance for each confidential file, and the access to the reference of the assignment pattern. If the right setting has not been reached, the policy improvement system proposes a policy improvement plan by determining that the policy may be missed.

  The present invention is the policy improvement system in which the check server determines the policy that may not be in accordance with the current state from the access log of the file, and proposes an improvement plan for the policy.

  According to the present invention, it is possible to monitor an unauthorized operation using an access log, to allow a user to input a cause of a violation when a policy violation occurs, and to help improve the policy. Policies can be improved by checking access rights and analyzing access log usage.

The best mode for carrying out the present invention will be described.
An embodiment of the policy improvement system of the present invention will be described with reference to the drawings. FIG. 1 is an explanatory diagram of a policy improvement system according to an embodiment. As shown in FIG. 1, the policy improvement system according to the present embodiment includes devices installed in a customer (customer) 10 and an information management company 30.

  On the customer 10 side, a check server 20, an account management server 21 and a policy server 22 are installed, and these are connected to a customer PC (computer) 11 and servers 12 and 13. The check server 20 connects the confidential file list DB (database) 23 and the access log DB 24. The account management server 21 connects to the account management DB 25. The policy server 22 connects the policy DB 26. These check server 20, account management server 21, and policy server 22 are connected to the computer 27 of the administrator 51.

  On the other hand, a monitoring server 31 is installed on the information management company 30 side, and the monitoring server 31 connects the report template DB 32 and the policy proposal DB 33. The monitoring server 31 is connected to the computer 34 of the monitor 52. The check server 20 on the customer 10 side and the monitoring server 31 on the information management company 30 side are connected via a network 41 such as the Internet and can communicate with each other.

  An example of a processing procedure in the embodiment will be described. In FIG. 1, the PC 11 and the servers 12 and 13 on the customer 10 side (1) check a file and identify a confidential file. (2) The access log is set to be recorded only for the confidential file. (3) Collect access logs. Also, (4) an unauthorized operation is monitored, and when a violation occurs, a window for asking the reason is displayed on the user screen. (5) The user points out a policy mistake. The administrator 51 (6) uses the computer 27 to determine policy correction. (7) Correct the policy of the corresponding device. The monitor 52 on the information management company 30 side uses the computer 34 to compare (8) file / folder creation date and time. (9) Check the file access right. (10) Analyze the access log. (11) Output a report. In this way, processing in the policy improvement system of this embodiment can be performed.

  An example of a window in the policy improvement system of the embodiment will be described. FIG. 2 shows a window 51 for asking the user the reason for failure when a policy violation occurs. In this window 51, items such as an operation mistake, a mis-policy setting mistake, etc., which are not known about the policy, are displayed, and an opinion and an impression of a policy violator can be input.

  An example of an information collection target file determination procedure in the policy improvement system of the embodiment will be described. FIG. 3 is an explanatory diagram of a procedure for determining an information collection target file in the embodiment. The procedure for determining the information collection target file includes steps S1 to S9. In step S1, the check server 20 periodically checks files in the PCs 11 / servers 12 and 13 under management, and when it is time to check, the check server 20 periodically manages in step S2. Check the files in the PC 11 and servers 12 and 13 below.

  In step S3, in order to shorten the check time, the inspection date and time recorded in the meta information of the file is compared with the update date and time of the file. If the file update date / time is not the inspection date / time and the file update date / time does not exceed the inspection date / time, the process proceeds to step S9, and the current date / time is recorded in the file meta information as the inspection date / time.

  If the update date and time of the file is or exceeds the inspection date and time in step S3, the contents and meta information of the file are inspected using the keywords registered in the information classification list in step S4. In step S5, it is determined whether there is a keyword. If there is no keyword, the process moves to step S9, and the current date and time is recorded in the meta information of the file as the inspection date.

  If there is a keyword in step S5, the file name, file path, and IP address to be inspected are recorded in the confidential file list in step S6. In step S7, the most important information category among the found keywords is recorded in the confidential file list. In step S8, a monitoring flag is recorded in the file meta information. In step S9, the current date and time are recorded in the file meta information as the inspection date and time. Steps S2 to S9 are repeated. When all the files are checked, the procedure for determining the information collection target file is terminated.

  As described above, when the information collection target file is determined, the check server 20 periodically checks the files in the PCs 11 / servers 12 and 13 under management. At this time, in order to shorten the check time, the inspection date and time recorded in the meta information of the file is compared with the update date and time of the file, and if the file update date and time is newer than the inspection date and time, the inspection is performed. Do. When the file is the inspection target, the contents of the file and the meta information of the file are inspected with the keyword registered in the information classification list. If there is a keyword as a result of the inspection, the file name, file path, IP address to be inspected, and the most important information category among the found keywords are recorded in the confidential file list, and the meta information of the file. The monitoring flag is recorded. After the inspection is completed, the current date and time is recorded in the file meta information.

  Next, an example of an access log acquisition procedure in the policy improvement system of the embodiment will be described. FIG. 4 is an explanatory diagram of an access log acquisition procedure according to the embodiment. The access log acquisition procedure includes steps S10 to S14. In step S 10, an agent for collecting access logs is installed in each PC 11 / server 12, 13. The access log is, for example, a log of file update, file copy, file move, file delete, file name change, and the like. If the agent detects access to the file, in step S11, the meta information of the accessed file is confirmed. As a result of the confirmation, in step S12, when the monitoring flag is not recorded for the meta information of the file, the access log acquisition procedure is terminated, but when the monitoring flag is recorded for the meta information of the file. In step S13, it is determined that the file is an important file, and the access log of the file is acquired from the access log DB 24. In step S14, the access log of the acquired file is transmitted to the check server 20, and the access log acquisition procedure is terminated.

  As described above, when the access log is acquired, when the agent detects access to the file, the meta information of the accessed file is confirmed. If a monitoring flag is recorded for the meta information of this file, it is determined that the file is an important file and acquisition of an access log for this file is started. The acquired access log is transmitted to the check server 20.

  Next, an example of a procedure for monitoring unauthorized operations in the policy improvement system according to the embodiment will be described. FIG. 5 is an explanatory diagram of a procedure for monitoring unauthorized operations in the embodiment. The procedure for monitoring unauthorized operations includes steps S20 to S26. In step S20, the check server 20 reads the access log of the transmitted file. If there is no failed action as a result of reading this access log in step S21, the procedure for monitoring unauthorized operations is terminated. If there is an unsuccessful action, in step S22, a window 61 for asking the reason for failure as shown in FIG. 2 is displayed on the screen of the PC 11 of the access source customer (user) who executed the action.

  In step S23, the customer (user) receives and saves an input of the reason for failure in the window 61 of the screen of the PC 11. If the reason why the customer (user) has failed is not a policy error in step S24, an unauthorized operation determination process is performed in step S26, and the procedure for monitoring unauthorized operations is terminated. If the reason for the failure is a policy mistake, in step S25, a policy improvement process at the time of user indication is performed, and in step S26, an unauthorized operation determination process is performed, and the procedure for monitoring unauthorized operations is terminated.

  In this way, when monitoring an unauthorized operation, the check server 20 reads the transmitted access log, and when there is a failed action (for example, write failure, read failure, etc.), the action is performed. A window 61 for asking the reason for failure is displayed on the screen of the executed customer (user) PC 11. If the failure reason is a policy setting error, the policy improvement process when the user points out is performed. In addition, an unauthorized operation determination process is performed regardless of whether the failure reason is a policy error. The failure reason input by the user is stored in the check server 20 and used when a policy improvement measure is proposed.

  Next, an example of policy improvement processing when a user points out in the policy improvement system of the embodiment will be described. FIG. 6 is an explanatory diagram of the policy improvement processing when the user points out in the embodiment. The policy improvement process at the time of user indication has steps S30 to S35. In step S30, the client administrator 51 is notified of the name of the policy violator, the content of the violation, the target file, the file storage location, and the application policy. In step S31, the role of the offender is acquired from the account management DB 25 and displayed on the management screen of the administrator 51.

  In step S32, the administrator 51 determines whether or not the policy has been modified. If there is no policy modification input in step S33, the administrator 51 is informed that the policy has not been modified in step S35. Finish the improvement process. If there is an input for policy modification in step S33, the policy is modified in step S34, the modified policy is applied to the corresponding device via the policy server 22, and the policy is transmitted to the user in step S35. The policy improvement process at the time of user indication is terminated.

  As described above, when the policy improvement process is performed when the user points out, the customer administrator 51 is notified of the policy violator name, the violation content, the target file, the storage location of the file, and the applied policy. Display on the management screen. At the same time, the role of the offender (title, affiliation, etc.) is acquired from the account management DB 25 and displayed on the management screen. As a result, the administrator 51 can confirm whether or not there is a policy setting error. If there is a setting error, enter the policy correction. Thereafter, the modified policy is applied to the corresponding device via the policy server 22.

  Next, an example of the unauthorized operation determination process in the policy improvement system of the embodiment will be described. FIG. 7 is an explanatory diagram of an unauthorized operation determination process in the embodiment. The unauthorized operation determination process includes steps S40 to S43. In step S40, the access log is analyzed by going back from the current time by the “injustice determination interval” set in the check server 20. If “the number of violations of the same user” is equal to or greater than the “user's fraud determination threshold” in step S41, it is determined that there are many frauds in a plurality of files, and it is determined in step S43 that illegal processing has been performed. Then, an alert is notified to the supervisor 52 and the administrator 51 on the customer 10 side, and the unauthorized operation determination process is terminated.

  In step S41, when “the number of violations of the same user” is smaller than “the fraud determination threshold by the user”, the process proceeds to step S42. In step S42, if the “number of violations of the same user” is equal to or greater than the “thickness determination threshold for the same file”, that is, if the number of violations is greater than or equal to the threshold, in step S43, it is determined It judges that there are many, alerts the supervisor 52 and the administrator 51 of the customer 10 side, and complete | finishes unauthorized operation judgment processing. In step S42, if the “number of violations of the same user” is smaller than the “invalidity determination threshold for the same file”, the unauthorized operation determination process is terminated.

  As described above, when performing the unauthorized operation determination process, the access log is analyzed by going back the time of the “illegal determination interval” set in the check server 20 from the current time. For example, when the fraud determination interval is set to 1 hour, the latest access log for 1 hour is analyzed. At the time of analysis, the “number of violations of the same user” is compared with the “invalidity determination threshold by the user” and the “incorrectity determination threshold for the same file” set in the check server 20. When the number of violations is equal to or greater than the threshold, the former determines that there are many frauds with respect to a plurality of files, and the latter determines that there are many frauds with respect to the same file. If there are many frauds, an alert is sent to the supervisor 52 and the customer manager 51 to warn of the occurrence of an illegal operation.

  Each process after the folder / file creation date / time comparison procedure described below is periodically performed by the monitoring server 31 and the result is reflected in the report issued to the customer by the information management company. The monitoring server 31 is provided with a confidential file list DB 23, an access log DB 24, and various setting value recording areas, so that the data and various setting values corresponding to the confidential file list DB 23 and the access log DB 24 of the check server 20 are synchronized. The following processing may be performed on the report template DB 32 and the policy plan DB 33 on the monitoring server 31.

  Next, an example of a folder / file creation date / time comparison procedure in the policy improvement system of the embodiment will be described. FIG. 8 is an explanatory diagram of a folder / file creation date / time comparison procedure in the embodiment. The folder / file creation date / time comparison procedure includes steps S50 to S56. In step S50, the following processing is performed for the files registered in the confidential file list of the confidential file list DB 23 of FIG.

  In step S51, it is determined whether the storage location check of the confidential file list is OK. If it is OK, the folder / file creation date / time comparison procedure is terminated. If the storage location check of the confidential file list is not OK, the creation date of the file is acquired from the meta information of the file in step S52, and the folder for storing the file is specified from the confidential file list in step S53. .

  Further, in step S54, the creation date and time of the specified folder is acquired. In step S55, it is determined whether the folder creation date and time is newer than the file creation date and time. If the date / time is old, the folder / file creation date / time comparison procedure ends. If the folder creation date / time is newer than the file creation date / time, it is determined in step S56 that there is a possibility of policy application omission, and the policy omission possibility is recorded in a report. Steps S50 to S56 are repeated, and when the files registered in all the confidential file lists are checked, the folder / file creation date / time comparison is terminated.

  In this way, when comparing the folder / file creation date / time, the file creation date / time and the folder creation date / time from the file's meta information are determined for the files registered in the confidential file list. Acquire and compare the creation date of both. If the folder creation date is newer, it is determined that there is a possibility of policy application omission, and the possibility of policy application omission is recorded in a report. At a later date, the administrator 51 of the customer 10 sees this report, checks the corresponding folder / file, and checks the storage location check of the confidential file list if there is no problem. Items that are checked in the storage location check are excluded from the date / time comparison.

  Next, an example of a file access right confirmation procedure in the policy improvement system of the embodiment will be described. FIG. 9 is an explanatory diagram of the procedure for checking the access right of the file in the embodiment. The file access right confirmation procedure includes steps S60 to S68. In step S60, the following processing is performed for the files registered in the confidential file list. In step S61, information classification (for example, (secret), internal secret, general information, etc.) is acquired from the confidential file list, and in step S62, an evaluation value corresponding to the information classification is acquired from the policy evaluation reference table. In step S63, the folder for storing the file is specified from the confidential file list. In step S64, the access right of the specified folder is read, and the evaluation value is calculated in the role evaluation list.

  If the evaluation value of the information category is smaller than or equal to the evaluation value of the folder in step S65, the file access right confirmation procedure is terminated. If the evaluation value of the information category is larger than the evaluation value of the folder, in step S66, the file access right is read and the evaluation value is calculated from the role evaluation value list. If the evaluation value of the information category is smaller than or equal to the evaluation value of the file in step S67, the file access right confirmation procedure process is terminated. If the evaluation value of the information section is larger than the evaluation value of the file in step S67, it is sufficient if both the evaluation value of the folder and the evaluation value of the file are smaller than the evaluation value of the information section in step S68. If the access right is not set, a warning is issued to the supervisor 52 and the customer manager 51 for the corresponding file, and the warning content is reflected in the report and recorded.

  As described above, when the access right of the file is confirmed, an evaluation value corresponding to the information classification of the file is acquired from the policy evaluation reference table for the file registered in the confidential file list. The evaluation value of this information category indicates an indication of the access right to be applied to the folder / file. Next, the access right of the folder storing the file and the access right of the file are read, and the evaluation value is calculated from the role evaluation list. When the evaluation value of the information category and the evaluation value of the folder / file are compared, and both the evaluation value of the folder and the evaluation value of the file are smaller than the evaluation value of the information category, sufficient access rights are not set. The monitor 52 and the customer manager 51 are warned and the details of the warning are recorded in the report. Steps S60 to S68 are repeated. When the files registered in all the confidential file lists are checked, the file access right confirmation is finished.

  Next, an example of a procedure for proposing a policy improvement plan in the policy improvement system of the embodiment will be described. FIG. 10 is an explanatory diagram of a procedure for proposing a policy improvement plan in the embodiment. The policy improvement proposal procedure includes steps S70 to S79. In step S70, the following processing is performed on the files recorded in the confidential file list DB 23. In step S71, the recording frequency in the access log is compared with the access frequency threshold value. If the recording frequency in the access log is equal to or less than the access frequency threshold value, recording in the external medium is monitored as a policy improvement measure in step S72. Displayed on the management screen of the person 52. In step S73, the administrator 52 reflects the policy improvement measure in the report with reference to the policy improvement measure plan and the user input value on the management screen.

  On the other hand, if the recording frequency in the access log is larger than the access frequency threshold value in step S71, the following processing is performed for each violation content in step S74. In step S75, the total number of users accessing the file recorded during the period specified by the access log determination interval from the access log (the number of unique users) and the number of users who have violated them (the number of unique violators) calculate.

  If the number of unique users is equal to or smaller than 1 in step S76, the policy improvement proposal process is terminated. If the number of unique users is greater than 1, the ratio of the number of violators in the number of unique users is calculated in step S77. In step S78, if the calculated ratio of violators is the same as or less than the violating user ratio, the procedure process for suggesting a policy improvement plan is terminated. If the calculated ratio of violators is greater than the violating user ratio, the policy improvement plan, the user input value statistics, and the comments are displayed on the management screen of the monitor 52 in accordance with the contents of the violation in step S79. indicate. Steps S70 to S72 and Steps S74 to S79 are repeated. When the files registered in all the confidential file lists and all the violation contents are checked, the procedure for proposing the policy improvement proposal is terminated.

  As described above, when the policy improvement proposal is processed, the recording frequency in the access log is checked for the files registered in the confidential file list. If the recording frequency in the access log is less than or equal to the “access frequency threshold” set in the check server 20, it is determined that the file is an important file but is not frequently used. “Record” is displayed on the management screen of the supervisor 52.

  If the access frequency is larger than the “access frequency threshold” set in the check server 20, the access log is analyzed for the period specified by the “access log judgment interval” for each violation content (update violation, copy violation, etc.). . In the analysis, the total number of users who access the file (the number of unique users) and the number of users who have violated the number (the number of unique violators) are calculated from the user names recorded in the access log.

  If there are multiple violators, and the calculated percentage of violators exceeds the “violating user rate” set in the check server 20, the policy setting is not in line with the current situation, so the multiple people are the same. The policy improvement plan stored in the policy plan DB 33 and the statistics of the input values input by the user when the policy is violated (the result of counting the selected options) And the comment are displayed on the screen of the supervisor 52. The monitor 52 selects the policy improvement plan and reflects it in the report with reference to the policy improvement plan and the user input value indicating the user's opinion.

As described above, the policy improvement system of this embodiment is as follows.
(1) Predetermining keywords corresponding to information categories that indicate the confidentiality of files (for example, (secret), confidential inside, general information, etc.), and periodically determine whether the keywords are included in the contents of individual files or in file meta information. Inspect. A monitoring flag is recorded in the meta information of the confidential file. Each PC 11 / server 12, 13 is set to acquire an access log for the file when there is a monitoring flag in the meta information of the file. As a method for specifying a confidential file, there is a method for designating a file stored in a predetermined folder as a confidential file in addition to a method for inspecting the contents of the file.

(2) The file access log is monitored, and when a policy violation occurs, the user is caused to input the reason for the policy violation, which is utilized for policy improvement. At this time, the frequency of access to the file and the frequency of occurrence of violations are also referenced. Also, comparing the creation date and time of the confidential file and the folder that stores the file, and if the creation date and time of the folder is newer, the confidential file may have been moved to a new folder with insufficient access rights settings. Therefore, the administrator 51 is warned of the possibility of policy omission. Furthermore, a guideline of the access right to be applied to the folder / file is determined, and by comparing with the current access right of the confidential file, a potential policy application error is found and the administrator 51 is warned. .

  In the policy improvement system of the present invention, a file containing a predetermined keyword in the file contents or the file's meta information is defined as a confidential file, and periodically inspected whether the file contains a keyword. As a result of the inspection, a file access log is acquired for a file that is determined to be a confidential file. As a result, it is possible to periodically identify a file containing important information from the file contents and meta information, and to monitor unauthorized operations using the access log for the file.

  In the policy improvement system of the present invention, in order to identify a confidential file, a file stored in a predetermined folder is defined as the confidential file, and the file stored in the folder is periodically checked. Thereby, a confidential file can be specified reliably.

  In the policy improvement system of the present invention, when the access log is read and an access right violation is found, a window for describing the reason for failure is displayed on the screen of the violator who has violated the access right. If a setting error is pointed out, the policy administrator can display the file and the role of the offender on the screen of the policy manager to determine whether the policy can be modified. As a result, when a policy violation occurs, the user can input the cause of the violation, which can be used to improve the policy.

  Furthermore, the policy improvement system of the present invention compares the file creation date with the creation date of the folder storing the file, and if the folder creation date is newer than the file creation date, the policy application omission is omitted. It is determined that the policy is likely to be, and an improvement plan for the determined policy is proposed. Thereby, the policy can be improved by checking the creation date and time and the access right of the folder or file.

  In the policy improvement system according to the present invention, the access right of the folder and the file is compared with a standard assignment pattern of a role determined in advance for each confidential file, and the access right is set as a reference of the assignment pattern. If not, it is determined that there is a possibility of policy omission and a policy improvement proposal is proposed. Thereby, it is possible to improve the policy by analyzing the usage status of the access log.

In the policy improvement system of the present invention, a policy that may not be in accordance with the current state is determined from the access log of the file, and a policy improvement plan is proposed. This
By the way, this invention is not limited to the said Example, A various modification is employable in the range which does not deviate from a claim.

Explanatory drawing of the policy improvement system of an Example. Explanatory drawing of the window in an Example. Explanatory drawing of the procedure of the information collection object file determination in an Example. Explanatory drawing of the procedure of acquisition of the access log in an Example. Explanatory drawing of the procedure of monitoring of unauthorized operation in an Example. Explanatory drawing of the policy improvement process at the time of user indication in an Example. Explanatory drawing of the unauthorized operation judgment process in an Example. Explanatory drawing of the procedure of the creation date comparison of the folder / file in an Example. Explanatory drawing of the procedure of the access right confirmation of the file in an Example. Explanatory drawing of the procedure of the proposal of the policy improvement plan in an Example.

Explanation of symbols

10 Customer 11 Customer PC
12, 13 Server 20 on customer side Check server 21 Account management server 22 Policy server 30 Information management company side 31 Monitoring server 41 Network 51 Administrator 52 Monitor 61 Window

Claims (6)

A system that includes a check server that checks a file of a customer computer and a monitoring server that monitors the customer's computer, and improves a policy such as access control to the file of the customer computer,
The check server periodically inspects whether a file of a customer computer is a confidential file including a predetermined keyword, and obtains an access log of a file determined to be a confidential file as a result of the inspection. Policy improvement system to do.   The policy improvement system according to claim 1, wherein the check server sets a file stored in a predetermined folder as a confidential file and periodically checks the file stored in the folder.   When the check server reads the access log and finds an access right violation, the check server displays a window for describing the reason for failure on the screen of the violator who violated the access right, and there is a policy setting error as the failure reason. 3. The policy improvement system according to claim 1, wherein, when pointed out, the policy administrator displays a corresponding file and the role of the offender on the screen of the policy manager to determine whether the policy can be modified.   The check server compares the creation date and time of the file with the creation date and time of the folder that stores the file. When the creation date and time of the folder is newer than the creation date and time of the file, there is a possibility that policy application may be omitted. The policy improvement system according to claim 1, wherein the policy improvement system determines a policy and proposes an improvement plan for the determined policy.   The check server compares the access right of the folder and the file with a standard assignment pattern of a role determined in advance for each confidential file, and the setting of the access right has reached the reference of the assignment pattern. 5. The policy improvement system according to claim 4, wherein if there is no policy, the policy is determined to be a policy that may be missed, and an improvement plan for the policy is proposed.   6. The policy improvement system according to claim 5, wherein the check server determines the policy that may not be in accordance with the current state from the access log of the file, and proposes an improvement plan for the policy.

Images