JP2017211858A - Security administrative support system and security administrative support method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide appropriate security management when the degree of a role or state of a person, or a value of or defence against assets changes.SOLUTION: A detection unit 121 detects a change to the degree of a role or state of a person, or a value of or defence against assets on the basis of information acquired from a management system managing the person or the assets. A determination unit 122 determines whether the change detected by the detection unit 121 satisfies an appointed condition on the basis of the detected information, and when the change is determined to satisfy the appointed condition, makes judgment information which is information about the alteration of the management method of the person or the assets. An executive unit 123 executes processing about the alteration of the management method of the person or the assets on the basis of the judgment information made by the determination unit 122.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a security management support system and a security management support method.

  Attacks on assets may be made using human factors. For example, a person may be guided by a targeted attack or a phishing attack, the computer may be infected with a virus, and assets managed by the computer, that is, information may be leaked.

  As security management techniques for protecting assets from such attacks, management by access control (see, for example, Non-Patent Document 1) and management by trails such as logs (see, for example, Non-Patent Document 2) are known. Yes. In addition, to protect assets from attacks, it is known that people learn to detect attacks, formulate response procedures, or create a culture that raises individual awareness of security. (For example, refer nonpatent literature 3).

Information-technology Promotion Agency, “Investigation Report on Security Policy Model for Access Control, 2004 No. 736 (2005)”, [online], [Search January 21, 2016], Internet (http: / /www.ipa.go.jp/files/000013734.pdf) Shinichi Nakahara, Naoto Fujiki, Shigehiko Ushijima, “Cloud Traceability (CBoC TRX)”, NTT Technical Journal Vol.23, No.10, 2011. Christopher Hadnagy (Translated by Mitsuaki Narita) “Social Engineering”, Nikkei Business Publications, 2012.

  However, there is a problem that conventional security management technology may not be able to perform appropriate security management when the role (value) or state (defense) of a person or the value or degree of defense of an asset changes. was there.

  For example, when a person reads confidential material and learns confidential information, the role of the person increases. Also, for example, when a person is tired, it can be said that the degree of the person's fatigue state is low, and is easily induced by a phishing attack or the like.

  For example, when it is determined that a material is treated as an intellectual property, the value of the material becomes high. Further, for example, when the content of a material that has been treated as confidential is announced in the press, the value of the material becomes low. For example, when an electronic file is encrypted, the degree of defense of the electronic file is increased.

  In this way, the value and defense of people and assets change dynamically. When the value and defense of people and assets change, the security management that has been performed until then may become excessive or insufficient. In such a case, the conventional security management technology cannot perform appropriate security management, that is, security management that is neither excessive nor insufficient.

  The security management support system of the present invention, based on information acquired from a system for managing people or assets, a detection unit that detects that the role or state of the person, or the value of the asset or the degree of defense has changed, It is determined whether the change detected by the detection unit satisfies a predetermined condition, and when it is determined that the change satisfies the predetermined condition, the information is related to a change in the management method of the person or the asset. A determination unit that generates determination information; and an execution unit that executes a process related to a change in the management method of the person or the asset based on the determination information generated by the determination unit.

  The security management support method of the present invention, based on information acquired from a system for managing a person or an asset, a detection step of detecting a change in the role or state of the person, or the value of the asset or the degree of defense, It is determined whether or not the change detected by the detection step satisfies a predetermined condition, and when it is determined that the change satisfies the predetermined condition, the information relates to a change in the management method of the person or the asset. The method includes a determination step of creating determination information, and an execution step of executing a process related to a change in the management method of the person or the asset based on the determination information generated by the determination step.

  According to the present invention, appropriate security management can be performed when the role or state of a person, the value of an asset, or the degree of defense changes.

FIG. 1 is a diagram illustrating an example of a configuration of a security management support system according to the first embodiment. FIG. 2 is a diagram illustrating an example of the configuration of the security management support apparatus according to the first embodiment. FIG. 3 is a diagram for explaining processing of the security management support apparatus according to the first embodiment. FIG. 4 is a diagram for explaining the processing of the detection unit of the security management support apparatus according to the first embodiment. FIG. 5 is a diagram for explaining the processing of the detection unit of the security management support apparatus according to the first embodiment. FIG. 6 is a diagram for explaining the processing of the detection unit of the security management support apparatus according to the first embodiment. FIG. 7 is a diagram for explaining processing of the determination unit of the security management support apparatus according to the first embodiment. FIG. 8 is a diagram illustrating an example of a building in which the security management support system according to the first embodiment is implemented. FIG. 9 is a diagram illustrating an example of the change identifier. FIG. 10 is a diagram illustrating an example of a security policy. FIG. 11 is a diagram illustrating an example of a signal received by the detection unit. FIG. 12 is a diagram illustrating an example of detection information. FIG. 13 is a diagram illustrating an example of determination information. FIG. 14 is a diagram illustrating an example of determination information. FIG. 15 is a diagram illustrating an example of determination information. FIG. 16 is a sequence diagram illustrating a processing flow of the security management support system according to the first embodiment. FIG. 17 is a flowchart illustrating a processing flow of the detection unit of the security management support system according to the first embodiment. FIG. 18 is a flowchart showing the flow of processing of the determination unit and execution unit of the security management support system according to the first embodiment. FIG. 19 is a flowchart showing the flow of external risk processing in the security management support system according to the first embodiment. FIG. 20 is a diagram for explaining processing of the security management support apparatus according to another embodiment. FIG. 21 is a diagram illustrating an example of a computer in which a security management support apparatus is realized by executing a program.

  Hereinafter, embodiments of a security management support system and a security management support method according to the present application will be described in detail with reference to the drawings. In addition, this invention is not limited by this embodiment.

[Configuration of First Embodiment]
First, the configuration of the security management support system according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating an example of a configuration of a security management support system according to the first embodiment. As shown in FIG. 1, the security management support system 1 includes a security management support device 10 and a management system 20. The security management support apparatus 10 is a server apparatus, for example. The security management support device 10 and the management system 20 are connected to each other by any type of communication network such as a wired or wireless LAN (Local Area Network) or VPN (Virtual Private Network).

  The management system 20 includes a device for managing people or assets such as sensor devices, file servers, and monitoring cameras. The management system 20 transmits information on the person or asset being managed as a signal.

  Here, the configuration of the security management support apparatus 10 will be described with reference to FIG. FIG. 2 is a diagram illustrating an example of the configuration of the security management support apparatus according to the first embodiment. As shown in FIG. 2, the security management support apparatus 10 includes a communication unit 11, a control unit 12, and a storage unit 13.

  The communication unit 11 performs data communication with other devices via a network. For example, the communication unit 11 is a NIC (Network Interface Card). The communication unit 11 transmits and receives data to and from the management system 20.

  The control unit 12 controls the entire security management support apparatus 10. The control unit 12 is, for example, an electronic circuit such as a CPU (Central Processing Unit) or MPU (Micro Processing Unit), or an integrated circuit such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array). The control unit 12 has an internal memory for storing programs and control data that define various processing procedures, and executes each process using the internal memory. The control unit 12 functions as various processing units when various programs are operated. For example, the control unit 12 includes a detection unit 121, a determination unit 122, and an execution unit 123.

  The storage unit 13 is a storage device such as an HDD (Hard Disk Drive), an SSD (Solid State Drive), or an optical disk. The storage unit 13 may be a semiconductor memory capable of rewriting data, such as a RAM (Random Access Memory), a flash memory, and an NVSRAM (Non Volatile Static Random Access Memory). The storage unit 13 stores an OS (Operating System) executed by the security management support apparatus 10 and various programs. Furthermore, the storage unit 13 stores various information used in executing the program. The storage unit 13 includes a detection storage unit 131 and a determination storage unit 132.

  Here, the process of each part of the control part 12 is demonstrated using FIG. FIG. 3 is a diagram for explaining processing of the security management support apparatus according to the first embodiment. As illustrated in FIG. 3, the detection unit 121 detects that the role or state of a person, the value of an asset, or the degree of defense changes based on information acquired from a management system 20 that manages a person or an asset. And the detection part 121 transmits a detection result to the determination part 122 as detection information.

  The determination unit 122 receives the detection information transmitted by the detection unit 121. Then, the determination unit 122 determines whether the change detected by the detection unit 121 satisfies a predetermined condition based on the detection information, and when determining that the change satisfies the predetermined condition, Create judgment information, which is information related to management method changes. Then, the determination unit 122 transmits the created determination information to the execution unit 123. Based on the determination information created by the determination unit 122, the execution unit 123 executes a process related to a change in a person or asset management method.

  For example, as shown in FIG. 4, when the role or state of a person, or the value or defense of an asset changes, the software or hardware of the management system 20 creates a signal indicating the change and transmits it to the detection unit 121. You may make it do. Further, the detection unit 121 may detect the signal exchanged between modules such as software and hardware. For example, when the file storage folder is changed in the file server, the management system 20 acquires information on the storage folder after the file change, and transmits the acquired information to the detection unit 121 as a signal. Then, the detection unit 121 creates determination information based on the signal transmitted from the management system 20 and transmits the determination information to the determination unit 122. FIG. 4 is a diagram for explaining the processing of the detection unit of the security management support apparatus according to the first embodiment.

  For example, the detection unit 121 detects that the role or state of a person has changed based on biological information acquired from a sensor device attached to the person. For example, the detection unit 121 detects that the value of the electronic file or the degree of defense has changed based on information about the electronic file acquired from the server that manages the electronic file that is the asset.

  Further, as shown in FIG. 5, when each device of the management system 20 changes the role or state of a person, the value of assets, or the degree of defense, the determination unit 122 uses data indicating the change as detection information. May be sent to. For example, when the file storage folder is changed in the file server, the file server transmits information regarding the changed storage folder to the determination unit 122 as detection information. In this case, each device of the management system 20 also functions as the detection unit 121. FIG. 5 is a diagram for explaining the processing of the detection unit of the security management support apparatus according to the first embodiment.

  When the detection unit 121 acquires information from the management system 20, the detection unit 121 creates detection information and transmits the created detection information to the determination unit 122. At this time, as illustrated in FIG. 6, the detection unit 121 may perform processing according to the condition information with reference to the detection storage unit 131. FIG. 6 is a diagram for explaining the processing of the detection unit of the security management support apparatus according to the first embodiment.

  The detection storage unit 131 stores, as condition information, a condition relating to time or time, a condition relating to access, a condition relating to a movement range, and processing when each condition is satisfied for a person or an asset.

  As the condition information, the detection storage unit 131 stores, for example, “when the value level of an arbitrary asset increases, transmit detection information indicating that the asset is a changed asset to the determination unit”. . In addition, for example, the detection storage unit 131 transmits “detection information indicating that the person is a changed person to the determination unit when the protection level of any person falls below a predetermined threshold” as the condition information. I remember that. In addition, the detection storage unit 131 may include, for example, “sends detection information indicating that the asset is a changed asset to the determination unit when a specific asset exceeds a predetermined expiration date” as the condition information. I remember it. In addition, for example, “when the user of a specific asset is other than a specific person, the detection storage unit 131 transmits detection information indicating that the asset is a changed asset to the determination unit” as the condition information. I remember that. In addition, as the condition information, for example, the detection storage unit 131 transmits “detection information indicating that the asset is a changed asset to the determination unit when the specific asset moves to a folder other than the designated folder”. Is remembered.

  When the determination unit 122 acquires the detection information from the detection unit 121, the determination unit 122 determines whether the change in the person or the asset indicated by the detection information satisfies a predetermined condition. The created determination information is transmitted to the execution unit 123. At this time, as shown in FIG. 7, the determination unit 122 may include an analysis unit 122 a, cause the analysis unit 122 a to refer to the determination storage unit 132, and perform processing according to the condition information. FIG. 7 is a diagram for explaining processing of the determination unit of the security management support apparatus according to the first embodiment.

  For example, “when one or more value levels of an arbitrary asset are increased, the determination storage unit 132 creates determination information indicating processing for restricting access to the asset and transmits the determination information to the execution unit”. Is remembered. Further, the judgment storage unit 132 creates and executes, as condition information, for example, judgment information indicating a process of transmitting a message prompting the person to return home when the fatigue level of an arbitrary person becomes 4 or more. "Send to the department".

  Note that the creation and transmission method of the determination information by the determination unit 122 is not limited to the above. For example, the determination unit 122 may create determination information according to a preset processing flow. Further, the determination unit 122 may create determination information using a determination model created by performing machine learning on the detection information.

  Here, an example in which the security management support system 1 is implemented in the building 30 shown in FIG. 8 will be described. FIG. 8 is a diagram illustrating an example of a building in which the security management support system according to the first embodiment is implemented.

  The building 30 includes a machine room 310, an employee room 320, and a storage room 330. The machine room 310 is provided with an entrance / exit management device 311 and a PC 312. The employee room 320 includes an entrance / exit management device 321 and PCs 322 and 323. The storage room 330 is provided with an entrance / exit management device 331. The storage room 330 has rooms 332 and 336. The room 332 includes an entrance / exit management device 333, a PC 334, and a safe 335. In the room 336, a PC 337 and a safe 338 are provided.

  The entrance / exit management devices 311, 321, 331, and 333 perform entry / exit permission for each room, opening / closing a key, and recording an entrance / exit history. The PCs 312, 322, 323, 334, and 337 have functions for determining whether or not to move or edit a stored electronic file and recording a history of movement or editing. In addition, the rooms 332 and 336 may be provided with surveillance cameras that monitor the safes 335 and 338, respectively. Each entrance / exit management device, each PC, and each monitoring camera function as a device of the management system 20.

  The detection unit 121 includes a change identifier in the detection information. The change identifier identifies the role or state of a person, or the type of asset value or degree of defense, and is stored in, for example, the detection storage unit 131. The change identifier will be described with reference to FIG. FIG. 9 is a diagram illustrating an example of the change identifier. As shown in FIG. 9, the change identifier having the identification number “2-2” has the name “human external risk (OHR)”, and indicates the risk level of human fatigue with a score in the range of 1 to 4. It is a thing.

  As described above, the detection unit 121 determines the role of the person based on at least one of the asset value, the asset storage location, the asset storage method, the person's job title, the person's fatigue, and the person's internal crime risk. Detects changes in state or asset value or degree of defense.

  Also, as shown in FIG. 10, the score for each level of each change identifier is set in advance as a security policy. The number of points set here is used for detection information and the like. FIG. 10 is a diagram illustrating an example of a security policy. As shown in FIG. 10, for example, when the external risk (OHR) is “5. Heavy fatigue”, the score is “4”. Further, when the asset value (VA) is “1. public”, the score is “0”. Further, when the basic human defense (BHD) is “4. administrator”, the score is “3”.

  Here, an example in which the employee A is operating the PC 323 in the employee room 320 will be described. At this time, it is assumed that the employee A is wearing a commercially available fatigue sensor, and the fatigue sensor transmits information on fatigue of the user who wears it as a signal. The fatigue sensor is an example of an apparatus included in the management system 20.

  For example, the detection unit 121 receives a signal as shown in FIG. 11 from the fatigue sensor worn by the employee A. FIG. 11 is a diagram illustrating an example of a signal received by the detection unit. As shown in FIG. 11, the signal includes information related to the time, the degree of fatigue, and the subject. The degree of fatigue is expressed as a score in accordance with the security policy of FIG. In the example of FIG. 11, the signal indicates that the score indicating the fatigue of the employee A is “4”, that is, the employee A is in a heavy fatigue state.

  The detection unit 121 creates detection information as shown in FIG. 12 based on the received signal. FIG. 12 is a diagram illustrating an example of detection information. As illustrated in FIG. 12, the detection unit 121 includes that the change identifier is “2-2” in the detection information, the target is the employee A, and the score indicating fatigue is “4”.

  The determination unit 122 creates determination information based on the detection information. In this case, the determination unit 122 creates three pieces of determination information illustrated in FIGS. 13 to 15 are diagrams illustrating an example of the determination information. The determination unit 122 includes, in the determination information, a score indicating fatigue, a destination such as a device that executes the process, and a process content.

  The execution unit 123 includes a message creation unit, a mail creation unit, and a PC operation control unit. The message creation unit displays the designated message on the designated PC. In addition, the mail creation unit transmits the specified message by mail to the specified destination. Further, the PC operation control unit disables execution of the specified operation on the specified PC.

  The judgment information shown in FIG. 13 is that the score indicating fatigue is “4”, the destination address of the message creation unit that is a device that executes processing is “192.168.100.10”, and the processing content is the return of employee A. Indicates that a message prompting the user to send is sent.

  The judgment information shown in FIG. 14 is that the score indicating fatigue is “4”, the destination address of the mail creation unit, which is a device that executes processing, is “192.168.100.11”, and the processing content is the information manager C It is shown that it is transmitting the mail which requests | requires preparing the substitute of the employee A.

  The determination information shown in FIG. 15 is that the score indicating fatigue is “4”, the destination address of the PC operation control unit, which is a device that executes processing, is “192.168.100.12”, and the processing content is that of employee A. This indicates that the function of a part of the PC 323 being used is to be limited.

  As described above, the detection unit 121 detects that the degree of human fatigue has changed based on the value representing the degree of human fatigue acquired from the system for managing people. In addition, the determination unit 122 creates, as determination information, information related to processing for restricting a person from operating an electronic file that is an asset according to the value. In addition, the execution unit 123 executes processing for restricting a person from operating the electronic file based on the determination information. The execution unit 123 may execute transmission of a message requesting to change a person or asset management method or to change a person or asset management method.

  The processing flow of the security management support system 1 will be described with reference to FIG. FIG. 16 is a sequence diagram illustrating a processing flow of the security management support system according to the first embodiment. As shown in FIG. 16, first, the fatigue sensor of the management system 20 recognizes that the employee A who is operating the PC 323 is very tired and has a change in physical condition, and sends a signal (step S11).

  The detection unit 121 receives the signal transmitted from the fatigue sensor, and confirms from the received signal that the state of the employee A has changed from “normal” to “heavy fatigue” (step S12). Next, the detection unit 121 creates detection information based on the received signal and transmits the detection information to the determination unit 122 (step S13).

  Here, the determination unit 122 receives the detection information and confirms the change identifier included in the received detection information (step S14). The determination unit 122 confirms that the change identifier is “2-2”, that is, an external risk (step S15). Further, the determination unit 122 confirms that the human external risk score represents “4”, that is, “heavy fatigue” (step S16). Then, the determination unit 122 determines whether to create determination information based on the processing flow (step S17). Here, it is assumed that the determination unit 122 determines to generate determination information.

  Next, the determination unit 122 creates determination information including a warning of employee A returning home and a notice of restrictions on PC use, and transmits the determination information to the message creation unit (step S18). Further, the determination unit 122 creates determination information including an instruction to restrict the use of PC by the employee A, and transmits the determination information to the PC operation control unit (step S19). In addition, the determination unit 122 creates mail generation determination information that prompts the information manager to prepare a substitute for the employee A, and transmits the determination information to the mail creation unit (step S20).

  When the message creation unit receives the determination information, it creates a warning message for returning to the employee A, and displays the generated warning message on the PC operated by the employee A (step S21). Further, a sentence that the use of the PC operated by the employee A is restricted is created, and the created sentence is displayed on the PC operated by the employee A (step S22). Then, the PC operation control unit performs a process to prevent the mail URL and attached file from being opened on the PC operated by the employee A (step S23). In addition, when receiving the determination information, the mail creating unit generates a mail that prompts the information manager to prepare a substitute (step S24).

[Process of First Embodiment]
The processing flow of the security management support system 1 will be described with reference to FIG. First, the processing flow of the detection unit 121 will be described with reference to FIG. FIG. 17 is a flowchart illustrating a processing flow of the detection unit of the security management support system according to the first embodiment.

  As illustrated in FIG. 17, the detection unit 121 confirms the presence / absence of a signal from the management system 20 (step S <b> 101). When the signal from the management system 20 can be confirmed (Yes at Step S102), the detection unit 121 creates detection information based on the received signal, and transmits the created detection information to the determination unit 122 (Step S103). . In addition, when the signal from the management system 20 cannot be confirmed (No at Step S102), the detection unit 121 continues to confirm whether there is a signal (Step S101).

  Next, the processing flow of the determination unit 122 and the execution unit 123 will be described with reference to FIG. As illustrated in FIG. 18, first, when the determination unit 122 receives a message from the detection unit 121 (step S201), the determination unit 122 checks whether detection information is included in the received message (step S202). When the detection information is not included in the message (step S202, No), the determination unit 122 continues to receive the message (step S201).

  The determination part 122 confirms the change identifier contained in detection information, when detection information is contained in the message (step S202, Yes) (step S203). Here, when the change identifier is “1-1”, that is, asset value (step S204, Yes), the determination unit 122 and the execution unit 123 perform asset value processing (step S205). If the change identifier is not “1-1” (step S204, No), the determination unit 122 and the execution unit 123 do not perform asset value processing.

  Next, when the change identifier is “2-1”, that is, the basic human defense (step S206, Yes), the determination unit 122 and the execution unit 123 perform the basic human defense process (step S207). If the change identifier is not “2-1” (step S206, No), the determination unit 122 and the execution unit 123 do not perform the basic human defense process.

  Next, when the change identifier is “2-2”, that is, external risk (step S208, Yes), the determination unit 122 and the execution unit 123 perform external risk processing (step S209). When the change identifier is not “2-2” (No at Step S208), the determination unit 122 and the execution unit 123 do not perform external risk processing.

  Next, when the change identifier is “2-3”, that is, a human internal risk (step S210, Yes), the determination unit 122 and the execution unit 123 perform a human internal risk process (step S211). When the change identifier is not “2-3” (No at Step S210), the determination unit 122 and the execution unit 123 do not perform the human internal risk process.

  Next, when the change identifier is “3-1”, that is, asset basic defense (step S212, Yes), the determination unit 122 and the execution unit 123 perform asset basic defense processing (step S213). When the change identifier is not “3-1” (No in step S212), the determination unit 122 and the execution unit 123 do not perform the asset basic defense process.

  Next, when the change identifier is “3-2”, that is, asset addition defense (step S214, Yes), the determination unit 122 and the execution unit 123 perform asset addition defense processing (step S215). When the change identifier is not “3-2” (No in step S214), the determination unit 122 and the execution unit 123 do not perform the asset addition defense process.

  Here, a specific example of human external risk processing will be described with reference to FIG. FIG. 19 is a flowchart showing the flow of external risk processing in the security management support system according to the first embodiment.

  As illustrated in FIG. 19, the determination unit 122 confirms the current fatigue based on the detection information received from the detection unit 121 (step S2091). When the determination unit 122 confirms that the number of points included in the detection information is “4”, that is, heavy fatigue (Yes in step S2092), the determination unit 122 prompts the operator to return home, creates determination information for PC use restriction notice, and creates a message. The data is transmitted to the creation unit (step S2093). In addition, the determination unit 122 creates e-mail generation determination information that prompts the information manager to prepare an operator's substitute, and transmits the determination information to the e-mail generation unit (step S2094). In addition, the determination unit 122 creates determination information for performing processing for preventing the operator's mail URL and attached file from being opened, and transmits the determination information to the PC operation control unit (step S2095). In addition, the determination part 122 does not perform these processes, when it cannot confirm that the score contained in detection information is "4" (step S2092, No).

  Next, when the determination unit 122 confirms that the score included in the detection information is “3”, that is, light fatigue (step S2096, Yes), the determination unit 122 generates determination information that prompts the operator to take a break and sends the determination information to the message generation unit. Transmit (step S2097). In addition, the determination part 122 does not perform this process, when it cannot confirm that the score contained in detection information is "3" (step S2096, No).

  Next, when the determination unit 122 confirms that the score included in the detection information is “1”, that is, favorable (step S2098, Yes), the information manager is notified that the operator is another substitute person. The determination information to be notified is created and transmitted to the message creation unit (step S2099). In addition, the determination part 122 does not perform this process, when it cannot confirm that the score contained in detection information is "1" (step S2098, No).

[Effect of the first embodiment]
The detection unit 121 detects a change in the role or state of a person, the value of an asset, or the degree of defense based on information acquired from a management system 20 that manages a person or an asset. Then, the determination unit 122 determines whether the change detected by the detection unit 121 satisfies a predetermined condition based on the detection information, and when determining that the change satisfies the predetermined condition, Create judgment information, which is information related to management method changes. And the execution part 123 performs the process regarding the change of the management method of a person or an asset based on the judgment information produced by the determination part 122. FIG.

  As a result, even if the role or status of a person, or the value or degree of defense of an asset changes, the change of the management method of the person or asset corresponding to the change, or processing that prompts the change, etc. Therefore, appropriate security management can be performed.

  The execution unit 123 executes transmission of a message requesting to change a person or asset management method or to change a person or asset management method. This makes it possible to change the asset management method to an appropriate method when the role or state of the person or the value of the asset or the degree of defense changes.

  The detection unit 121 detects that the degree of a person's state has changed based on biological information acquired from a sensor device attached to the person. Thereby, the state of a person can be expressed as a signal, and an objective determination based on the signal can be performed.

  The detection unit 121 detects that the value of the electronic file or the degree of defense has changed based on information about the electronic file acquired from the server that manages the electronic file that is the asset. Thereby, a change in the value or the degree of defense can be automatically detected.

  Based on at least one of the value of the asset, the asset storage location, the asset storage method, the person's job title, the person's fatigue, and the risk of the person's internal crime, the detection unit 121 determines the role or state of the person or the asset. Detects a change in the value of or the degree of defense. This makes it possible to detect a change in the role or state of a person or the value of assets or the degree of defense by an appropriate method.

  The detection unit 121 detects that the degree of human fatigue has changed based on a value representing the degree of human fatigue obtained from a system for managing people. In addition, the determination unit 122 creates, as determination information, information related to processing for restricting a person from operating an electronic file that is an asset according to the value. In addition, the execution unit 123 executes processing for restricting a person from operating the electronic file based on the determination information.

  For example, when a person is tired, the person is easily guided by a phishing attack or the like. For this reason, it is possible to perform appropriate security management by detecting the degree of fatigue and restricting the operation of the electronic file.

[Other Embodiments]
As illustrated in FIG. 20, the determination unit 122 and the execution unit 123 of the security management support apparatus 10 may feed back information on the processing result to the detection unit 121 and the determination unit 122, respectively. In this case, the detection unit 121 and the determination unit 122 create detection information and determination information, respectively, based on information about the fed back processing result.

  For example, the following examples can be considered. First, the detection unit 121 detects that the operator is “heavy fatigue” based on the signal transmitted from the fatigue sensor of the management system 20 and indicating that the operator's state is “heavy fatigue”. Create information. Based on the detection information, the determination unit 122 creates determination information indicating a process for transmitting a message prompting the operator to return home. Here, assuming that the operator actually gets tired enough to recover if he takes a break, that is, the state of “light fatigue” is obtained as feedback, the detection unit 121 uses the feedback information to When a similar signal is transmitted from the fatigue sensor from the next time, detection information indicating “light fatigue” is generated.

  In the above embodiment, the case where the security management support apparatus 10 manages an electronic file as an asset has been described. However, the asset to be managed by the security management support apparatus 10 is not limited to an electronic file. For example, the asset managed by the security management support apparatus 10 may be a paper medium, a physical medium storing an electronic file such as an HDD, a USB (Universal Serial Bus) memory, an SD card, a cash card, It may be a monetary value such as a precious metal.

[System configuration, etc.]
Further, each component of each illustrated apparatus is functionally conceptual, and does not necessarily need to be physically configured as illustrated. In other words, the specific form of distribution / integration of each device is not limited to that shown in the figure, and all or a part thereof may be functionally or physically distributed or arbitrarily distributed in arbitrary units according to various loads or usage conditions. Can be integrated and configured. Furthermore, all or a part of each processing function performed in each device may be realized by a CPU and a program that is analyzed and executed by the CPU, or may be realized as hardware by wired logic.

  Also, among the processes described in this embodiment, all or part of the processes described as being performed automatically can be performed manually, or the processes described as being performed manually can be performed. All or a part can be automatically performed by a known method. In addition, the processing procedure, control procedure, specific name, and information including various data and parameters shown in the above-described document and drawings can be arbitrarily changed unless otherwise specified.

[program]
As one embodiment, the security management support apparatus 10 can be implemented by installing a security management support program for executing the security management support described above as package software or online software on a desired computer. For example, the information processing apparatus can function as the security management support apparatus 10 by causing the information processing apparatus to execute the security management support program. The information processing apparatus referred to here includes a desktop or notebook personal computer. In addition, the information processing apparatus includes mobile communication terminals such as smartphones, mobile phones and PHS (Personal Handyphone System), and slate terminals such as PDA (Personal Digital Assistant).

  The security management support device 10 can also be implemented as a security management support server device that uses a terminal device used by a user as a client and provides the client with the above-described services related to security management support. For example, the security management support server device is implemented as a server device that provides a security management support service that receives a signal from the management system 20 and outputs a processing result. In this case, the security management support server device may be implemented as a Web server, or may be implemented as a cloud that provides services related to the security management support described above by outsourcing.

  FIG. 21 is a diagram illustrating an example of a computer in which a security management support apparatus is realized by executing a program. The computer 1000 includes a memory 1010 and a CPU 1020, for example. The computer 1000 also includes a hard disk drive interface 1030, a disk drive interface 1040, a serial port interface 1050, a video adapter 1060, and a network interface 1070. These units are connected by a bus 1080.

  The memory 1010 includes a ROM (Read Only Memory) 1011 and a RAM 1012. The ROM 1011 stores a boot program such as BIOS (Basic Input Output System). The hard disk drive interface 1030 is connected to the hard disk drive 1090. The disk drive interface 1040 is connected to the disk drive 1100. For example, a removable storage medium such as a magnetic disk or an optical disk is inserted into the disk drive 1100. The serial port interface 1050 is connected to a mouse 1110 and a keyboard 1120, for example. The video adapter 1060 is connected to the display 1130, for example.

  The hard disk drive 1090 stores, for example, an OS 1091, an application program 1092, a program module 1093, and program data 1094. That is, a program that defines each process of the security management support apparatus 10 is implemented as a program module 1093 in which a code executable by a computer is described. The program module 1093 is stored in the hard disk drive 1090, for example. For example, a program module 1093 for executing processing similar to the functional configuration in the security management support apparatus 10 is stored in the hard disk drive 1090. Note that the hard disk drive 1090 may be replaced by an SSD.

  The setting data used in the processing of the above-described embodiment is stored as program data 1094 in, for example, the memory 1010 or the hard disk drive 1090. Then, the CPU 1020 reads the program module 1093 and the program data 1094 stored in the memory 1010 and the hard disk drive 1090 to the RAM 1012 and executes them as necessary.

  The program module 1093 and the program data 1094 are not limited to being stored in the hard disk drive 1090, but may be stored in, for example, a removable storage medium and read out by the CPU 1020 via the disk drive 1100 or the like. Alternatively, the program module 1093 and the program data 1094 may be stored in another computer connected via a network (LAN, WAN (Wide Area Network), etc.). The program module 1093 and the program data 1094 may be read by the CPU 1020 from another computer via the network interface 1070.

DESCRIPTION OF SYMBOLS 1 Security management support system 10 Security management support apparatus 11 Communication part 12 Control part 13 Storage part 20 Management system 121 Detection part 122 Determination part 123 Execution part 131 Storage part for detection 132 Storage part for determination

Claims (7)

Based on information acquired from a system for managing a person or asset, a detection unit that detects that the role or state of the person or the value or degree of defense of the asset has changed,
It is determined whether the change detected by the detection unit satisfies a predetermined condition, and when it is determined that the change satisfies the predetermined condition, the information is related to a change in the management method of the person or the asset. A determination unit for creating determination information;
Based on the determination information created by the determination unit, an execution unit that executes processing related to a change in the management method of the person or the asset;
A security management support system comprising:   The said execution part performs transmission of the message which requests | requires performing the change of the management method of the said person or the said asset, or the management method of the said person or the said asset, The Claim 1 characterized by the above-mentioned. Security management support system.   3. The security management support according to claim 1, wherein the detection unit detects that the degree of the state of the person has changed based on biological information acquired from a sensor device attached to the person. system.   The said detection part detects that the value of the said electronic file or the degree of defense changed based on the information regarding the said electronic file acquired from the server which manages the electronic file which is an asset. Or the security management support system according to 2;   The detection unit is configured based on at least one of the value of the asset, the storage location of the asset, the storage method of the asset, the position of the person, the fatigue of the person, and the risk of internal crime of the person. 3. The security management support system according to claim 1, wherein a change in the role or state of the asset or the value of the asset or the degree of defense is detected. The detection unit detects that the degree of fatigue of the person has changed based on a value representing the degree of fatigue of the person acquired from a system for managing the person,
The determination unit creates, as the determination information, information related to processing for restricting the person from operating an electronic file that is an asset according to the value,
The security management support system according to claim 1, wherein the execution unit executes a process of restricting the person from operating the electronic file based on the determination information. A detection step of detecting a change in the role or state of the person or the value or degree of defense of the asset based on information acquired from a system for managing a person or an asset;
It is determined whether or not the change detected by the detection step satisfies a predetermined condition, and when it is determined that the change satisfies the predetermined condition, the information relates to a change in the management method of the person or the asset. A decision process for creating decision information;
Based on the determination information created by the determination step, an execution step of executing processing relating to a change in the management method of the person or the asset;
A security management support method characterized by comprising:

Images