JP4175574B1 - Management system, management server, and management program - Google Patents

Abstract

[PROBLEMS] To prevent the occurrence of a serious security accident without affecting normal use.
Environment information in each user terminal is collected from each user terminal to a management server, and in the management server, a policy definition concerning security information and security collected in each user terminal is provided. Are compared to identify the user terminal 10 and the content of the policy violation, the user terminal 10 having a policy violation number or number of times or more is specified as the management strengthening target terminal 10A, and education about the policy violation is executed. . When the policy violation is resolved by education, it is excluded from the management strengthening target or the management strengthening level is changed.
[Selection] Figure 1

Description

  The present invention is applied to, for example, an information processing system constructed by connecting user terminals, servers and the like so as to communicate with each other via a network such as a local area network (LAN) in a company or the like. It relates to security management technology.

In general, in an information processing system (internal system) constructed in a company or the like, a user terminal (information processing apparatus; PC, etc.) operated and used by each employee
The terminal is sometimes simply referred to as a “terminal”, and is connected to other client terminals via a LAN so as to be communicable with each other and to a file server that manages various files. Various files to be managed can be used. Each user terminal in the internal system can be connected to an external communication network such as the Internet via a proxy server connected to the LAN, and can receive services provided by various servers on the Internet ( For example, see Patent Document 1 below).

In such information processing systems, security awareness has increased in recent years, and in many companies, information leakage countermeasures and security measures are often applied to in-house systems (each terminal). Employee training is provided by e-learning (electronic education system using the Internet or Intranet) to ensure correct security settings and corporate policies for users (employees). 2).
Republished patent WO2003 / 038634 Japanese Patent Laid-Open No. 2004-77740

  However, even when e-learning employee training is performed, there is a problem of user awareness, and it is difficult to make the state of all user terminals conform to the policy definition of each company. A user terminal that does not match the policy definition (in violation of the policy) depends on the content of the policy violation, but for security reasons such as leakage of personal information and confidential information, and the spread of viruses to the outside. May cause serious accidents.

  For this reason, the system administrator strongly wants to identify user terminals that are likely to violate policies and cause serious accidents as described above, and to ensure that such user terminals can be placed under management. There is a request.

  In order to meet the demand, the management server may monitor the operation status of all user terminals belonging to the information processing system while always recording it as an operation log. If the operation log is always recorded, the amount of the operation log becomes enormous, which is not preferable. Moreover, if such an operation log is analyzed to identify an operation that may cause a serious accident, the analysis process takes a lot of time and is not practical.

Moreover, even if the operation log is recorded, it is possible to analyze the occurrence of the accident after the fact, but there remains a problem that the occurrence of the accident cannot be suppressed in advance.
Furthermore, it is conceivable that the user terminal is disconnected from the network connection. However, when such a measure is executed, a new problem occurs that the normal business use is hindered.

  The present invention was devised in view of such a situation, and does not store and analyze a huge amount of operation logs, and does not affect normal use. The purpose is to reliably identify and manage user terminals and operations that are highly likely to cause an accident, and to prevent the occurrence of serious security accidents.

The present invention which achieves the above problems is configured as follows.
(1) According to the first aspect of the present invention, a plurality of user terminals are connected to the plurality of user terminals so that they can communicate with each other, and in accordance with a policy definition predetermined as an operating environment to be protected by the user terminals. Te a management server that manages the user terminal of the plurality of the environmental information of the information about the operating environment at each of said plurality of user terminals, and the environment information collecting means for collecting the said management server from each user terminal Then, the management server causes the processing unit to execute a predetermined management program, and compares the environment information in each user terminal collected by the environment information collecting means with a policy definition relating to security set in advance. a comparing means for operating environments to identify the contents of the operation environment of the user terminal and policy violations in violation of the policy definition, the comparison result by said comparing means coercive The storage means and the processing unit execute a predetermined management program, and based on the comparison result stored in the storage means, the number of policy violations is 1 to a predetermined number of user terminals, or the number of policy violations 1 to a predetermined number of user terminals as the first management enhancement target terminal, while the number of policy violations exceeds the predetermined number, or the number of policy violations exceeds the predetermined number A plurality of users while maintaining the connection state of the second management strengthening target terminal specified by the specifying means for specifying the user terminal as the second management strengthening target terminal and the second management strengthening terminal. and interrupting means for interrupting the system a terminal belongs, in the state processing unit executes a predetermined control program, which is blocked by said blocking means, to the second management reinforcing target terminal, the contents of the policy violation An electronic education control means for executing an electronic education corresponding processing unit executes a predetermined control program, the environmental information acquisition means after the electronic education in the second managed reinforcing target terminal is performed by the electronic education control means And confirming means for confirming whether or not the policy violation in the second management strengthening target terminal has been resolved by operating the comparison means, and confirming the resolution of the policy violation in the second management strengthening target terminal by the confirmation means And an excluding unit that switches the second management strengthening target terminal to the first management strengthening target terminal when the management is performed.

(2) The invention described in claim 2 is based on a policy definition that is connected to a plurality of user terminals so that they can communicate with each other and that the user terminal should protect. Te a management server that manages the user terminal of the plurality of the environmental information of the information about the operating environment at each of said plurality of user terminals, and the environment information collecting means for collecting the said management server from each user terminal Then, the management server causes the processing unit to execute a predetermined management program, and compares the environment information in each user terminal collected by the environment information collecting means with a policy definition relating to security set in advance. a comparing means for operating environments to identify the contents of the operation environment of the user terminal and policy violations in violation of the policy definition, the comparison result by said comparing means coercive The storage means and the processing unit execute a predetermined management program, and based on the comparison result stored in the storage means, the number of policy violations is 1 to a predetermined number of user terminals, or the number of policy violations 1 to a predetermined number of user terminals as the first management enhancement target terminal, while the number of policy violations exceeds the predetermined number, or the number of policy violations exceeds the predetermined number A plurality of users while maintaining the connection state of the second management strengthening target terminal specified by the specifying means for specifying the user terminal as the second management strengthening target terminal and the second management strengthening terminal. Blocking means for blocking from the system to which the terminal belongs, a processing unit executes a predetermined management program, and the first management strengthening target terminal and the second management strengthening target terminal specified by the specifying means An electronic education control means for executing an electronic education in accordance with the contents of the policy violation, processing unit executes a predetermined control program, the first management enhanced receiver terminal by electronic education control means and the second strengthening management target terminal After the electronic education is executed, the environmental information collection means and the comparison means are operated to check whether the policy violation between the first management strengthening target terminal and the second management strengthening target terminal has been resolved. And confirming the policy violation in the first management enhancement target terminal by the confirmation means, excluding the first management enhancement target terminal from the management enhancement target, and in the second management enhancement target terminal And an exclusion means for switching the second management enhancement target terminal to the first management enhancement target terminal when the policy violation is confirmed to be resolved. It is a management system.

(3) The invention described in claim 3 is connected to a plurality of user terminals so that they can communicate with each other, and the plurality of user terminals are connected in accordance with a policy definition predetermined as an operating environment to be protected by the user terminals. An environment management information management agent file that causes each of the plurality of user terminals to collect environment information and notify the management server of the result of the collection. Environment information collection agent file transmission means for transmission, environment information reception means for receiving the environment information transmitted from each user terminal, and a processing unit executes a predetermined management program and is collected by the environment information reception means by comparing the policy definition of preset security and the environment information at each user terminal has, operating environment violates the policy definition A user terminal and comparison means for identifying the contents of the policy violation become the operating environment, a storage unit for storing the comparison result by said comparing means, processing unit executes a predetermined control program, stored in said storage means On the other hand, based on the comparison result, a user terminal having a policy violation number of 1 to a predetermined number or a user terminal having a policy violation number of 1 to a predetermined number of times is specified as the first management enhancement target terminal. A specifying means for specifying a user terminal in which the number of violations exceeds the predetermined number or a user terminal in which the number of policy violations exceeds the predetermined number as a second management enhancement target terminal; Further, the second management enhancement target terminal is disconnected from the system to which the plurality of user terminals belong while maintaining the connection state with the management server, and the processing unit has a predetermined management Run the program in a state of being blocked by said blocking means, to the second management enhanced receiver terminal, the electronic educational control means for executing an electronic education in accordance with the contents of the policy violation, processing unit a predetermined management program The environmental information collection means and the comparison means are operated after the electronic education control means executes the electronic education in the second management reinforcement target terminal, and the policy violation in the second management enhancement target terminal is resolved. A confirmation means for confirming whether or not a policy violation has been resolved in the second management enhancement target terminal by the confirmation means, and an exception for switching the second management enhancement target terminal to the first management enhancement target terminal And a management server.

(4) The invention described in claim 4 is connected to a plurality of user terminals so as to be able to communicate with each other, and the plurality of user terminals are arranged in accordance with a policy definition predetermined as an operating environment to be protected by the user terminals. An environment management information management agent file that causes each of the plurality of user terminals to collect environment information and notify the management server of the result of the collection. Environment information collection agent file transmission means for transmission, environment information reception means for receiving the environment information transmitted from each user terminal, and a processing unit executes a predetermined management program and is collected by the environment information reception means by comparing the policy definition of preset security and the environment information at each user terminal has, operating environment violates the policy definition A user terminal and comparison means for identifying the contents of the policy violation become the operating environment, a storage unit for storing the comparison result by said comparing means, processing unit executes a predetermined control program, stored in said storage means On the other hand, based on the comparison result, a user terminal having a policy violation number of 1 to a predetermined number or a user terminal having a policy violation number of 1 to a predetermined number of times is specified as the first management enhancement target terminal. A specifying means for specifying a user terminal in which the number of violations exceeds the predetermined number or a user terminal in which the number of policy violations exceeds the predetermined number as a second management enhancement target terminal; Further, the second management enhancement target terminal is disconnected from the system to which the plurality of user terminals belong while maintaining the connection state with the management server, and the processing unit has a predetermined management Run the program, in the first managed enhance target terminal and the second strengthening management target terminal specified by said specifying means, and an electronic education control means for executing an electronic education in accordance with the contents of the policy violation, processor Executes a predetermined management program, and operates the environmental information collection means and the comparison means after the electronic education control means executes electronic education in the first management strengthening target terminal and the second management strengthening target terminal. Confirmation means for confirming whether or not the policy violation in the first management enhancement target terminal and the second management enhancement target terminal has been resolved, and the policy violation in the first management enhancement target terminal by the confirmation means. When the cancellation is confirmed, the first management strengthening target terminal is excluded from the management strengthening target, and when the policy violation is resolved in the second management strengthening target terminal, the second management is confirmed. A management server comprising: exclusion means for switching a strengthening target terminal to a first management strengthening target terminal.

(5) The invention described in claim 5 is connected to a plurality of user terminals so as to be able to communicate with each other, and the plurality of user terminals are arranged in accordance with a policy definition predetermined as an operating environment to be protected by the user terminals. A management program for causing a computer to function as a management server for managing an environment information collection agent file that causes each of the plurality of user terminals to collect environment information and notify the management server of the collection result , Environment information collection agent file transmitting means for transmitting to the plurality of user terminals, environment information receiving means for receiving the environment information transmitted from each user terminal, and each user terminal collected by the environment information receiving means by comparing the policy definition of preset security and the environment information in the operating environment violates the policy definition Comparison means for identifying the user terminal and the contents of the policy violation become operating environment are, storage means for storing the comparison result by said comparing means, based on the comparison results stored in said storage means, the number of policy violations 1 to a predetermined number of user terminals or a user terminal having a policy violation number of 1 to a predetermined number of times is specified as the first management enhancement target terminal, while the number of policy violations exceeds the predetermined number A specifying means for specifying a terminal or a user terminal whose number of policy violations exceeds the predetermined number as a second management strengthening target terminal, the second management strengthening target terminal specified by the specifying means, While maintaining the connection state to the second management strengthening target terminal in a state of being blocked by the blocking means and being blocked from the system to which the plurality of user terminals belong. Electronic educational control means for executing an electronic education in accordance with the contents of the policy violation, by operating the environmental information collection means and said comparing means after the electronic education in the second managed reinforcing target terminal is performed by the electronic education control means Confirmation means for confirming whether or not the policy violation at the second management enhancement target terminal has been resolved, and when the confirmation means confirms that the policy violation at the second management enhancement target terminal has been resolved, (2) A management program for causing the computer to function as an exclusion unit that switches a management enhancement target terminal to a first management enhancement target terminal.

(6) The invention described in claim 6 is connected to a plurality of user terminals so as to be able to communicate with each other, and the plurality of user terminals are arranged in accordance with a policy definition predetermined as an operating environment to be protected by the user terminals. A management program for causing a computer to function as a management server for managing an environment information collection agent file that causes each of the plurality of user terminals to collect environment information and notify the management server of the collection result , Environment information collection agent file transmitting means for transmitting to the plurality of user terminals, environment information receiving means for receiving the environment information transmitted from each user terminal, and each user terminal collected by the environment information receiving means by comparing the policy definition of preset security and the environment information in the operating environment violates the policy definition Comparison means for identifying the user terminal and the contents of the policy violation become operating environment are, storage means for storing the comparison result by said comparing means, based on the comparison results stored in said storage means, the number of policy violations 1 to a predetermined number of user terminals or a user terminal having a policy violation number of 1 to a predetermined number of times is specified as the first management enhancement target terminal, while the number of policy violations exceeds the predetermined number of users A specifying means for specifying a terminal or a user terminal whose number of policy violations exceeds the predetermined number as a second management strengthening target terminal, the second management strengthening target terminal specified by the specifying means, the management server While maintaining the connection state with the plurality of user terminals, blocking means for blocking from the system to which the plurality of user terminals belong, the first management enhancement target terminal specified by the specifying means, and the second pipe In the enhanced receiver terminal, the electronic educational control means for executing an electronic education in accordance with the contents of the policy violation, electronic education performed in a first managed enhance target terminal and the second managed enhanced receiver terminal by electronic education control means Confirmation means for operating the environmental information collection means and the comparison means after being confirmed to confirm whether the policy violation in the first management strengthening target terminal and the second management strengthening target terminal has been resolved, and When the confirmation means confirms that the policy violation at the first management enhancement target terminal has been resolved, the first management enhancement target terminal is excluded from the management enhancement target, and the policy violation at the second management enhancement target terminal is resolved. A management program for causing the computer to function as an exclusion means for switching the second management enhancement target terminal to the first management enhancement target terminal when confirmed Lamb.

According to the present invention, the following effects can be obtained.
(1) According to the invention of the management system according to claim 1, the management server according to claim 3, and the management program according to claim 5, environmental information in each of the plurality of user terminals is managed from each user terminal. Based on the latest and past comparison results, the environment information and security policy definitions for each collected user terminal are compared in the management server and the policy definition related to security is compared. Thus, user terminals with the number of policy violations exceeding the specified number or user terminals that have repeated policy violations more than the specified number of times are identified as the management enhancement target terminals, and the operation status of the identified management enhancement target terminals is monitored. Recorded as an operation log.

  Also, here, the user terminal having the policy violation number of 1 to the predetermined number or the user terminal having the policy violation number of 1 to the predetermined number is specified as the first management enhancement target terminal and recorded as the operation log. The user terminal whose policy violation number exceeds the predetermined number, or the user terminal whose policy violation number exceeds the predetermined number is specified as the second management enhancement target terminal, and electronic education about policy violation is provided. The user terminal is shut off from the system.

  Here, not all user terminals are targeted, but the operation log is recorded for the first management strengthened target terminal, and without saving and analyzing a huge amount of operation logs, User terminals and operations that do not affect use and are likely to cause serious security accidents can be reliably identified. That is, a user terminal having a policy violation number of 1 to a predetermined number, or a user terminal having a policy violation number of 1 to a predetermined number of times is likely to cause a serious security accident (first management It is possible to reliably place such a user terminal under the management of a system administrator or the like and record the operation status thereof. Therefore, it is possible to reliably prevent the occurrence of a serious security accident without saving and analyzing a huge amount of operation logs without affecting normal use. Furthermore, it is possible to cause the first management enhancement target terminal to securely execute electronic education about policy violation, and to allow the user to reliably recognize policy compliance.

  On the other hand, for the second management enhancement target terminal, which has a higher number of policy violations / number of times than the first management enhancement target terminal and is more likely to cause a serious security accident, a plurality of user terminals are provided with electronic education. By shutting off from the system to which the system belongs, the safety of the system can be reliably maintained. For the second management enhancement target terminal blocked in this way, the administrator etc. directly audits the terminal (or its user) and confirms that security safety has been obtained, and has a special permission. Only when it is obtained, it is desirable to be excluded from the second management strengthening target (or switched to the first management strengthening target terminal) to enable connection to the system.

  As a result, not all user terminals are targeted, but operation logs are recorded for terminals that are subject to enhanced management, eliminating the need to store and analyze a huge amount of operation logs. User terminals and operations that are likely to cause serious accidents can be reliably identified.

  In other words, a user terminal with more than a predetermined number of policy violations or a user terminal that has repeated policy violations more than a predetermined number of times is a user terminal that is likely to cause a serious security accident (terminal for strengthening management). As a result, it is possible to reliably place such a user terminal under the control of a system administrator or the like and record the operation status thereof. Therefore, it is possible to reliably prevent the occurrence of a serious security accident without saving and analyzing a huge amount of operation logs without affecting normal use.

  In addition, after the electronic education at the management reinforcement target terminal is executed, it is confirmed whether or not the policy violation at the second management enhancement target terminal has been resolved, and when the policy violation is confirmed, the second management is performed. The strengthening target terminal is changed to the first management strengthening target terminal, and the operation status at the management strengthening target person terminal is monitored.

  When the policy violation is resolved in accordance with electronic education, the second management strengthening target terminal is changed to the first management strengthening target terminal, so that a user terminal that is highly likely to cause a serious security accident (second Terminals that are subject to enhanced management) are placed under the control of system administrators, etc., until the policy violation is resolved in accordance with electronic education, and are shut off from the system. Without storing and analyzing a large amount of operation logs, normal use is not affected, and the occurrence of a serious security accident can be surely prevented.

  Also, after the second management enhancement target terminal is identified, login / access to the server / database in the system to which a plurality of user terminals belong is prohibited by the terminal until it is confirmed that the policy violation has been resolved at the terminal. As a result, it is possible not only to allow users of terminals that are subject to enhanced management to resolve electronic education / policy violations more thoroughly, but also to violate policy violations to users of terminals that are likely to cause serious accidents. Until the problem is solved, the terminal cannot log in / access to the server or the database, so that the occurrence of a serious security accident can be prevented more reliably and in advance.

In addition, not all user terminals are targeted, but operation is targeted at management strengthening target terminals that have not been confirmed to resolve policy violations even after a lapse of a predetermined time, or user terminals that have been re-identified as management strengthening target terminals. Logs are recorded and a large amount of operation logs are not saved and analyzed, so that normal use is not affected and user terminals and operations that are likely to cause serious security accidents are ensured. Can be specified. In other words, a terminal that is subject to enhanced management that does not confirm that the policy violation has been resolved even after a lapse of a predetermined time, or a user terminal that is re-specified as a terminal that is subject to enhanced management is a user terminal that is likely to cause a serious security accident. As a result, it is possible to reliably place such a user terminal under the control of a system administrator or the like and record the operation status thereof. Therefore, it is possible to reliably prevent the occurrence of a serious security accident without saving and analyzing a huge amount of operation logs without affecting normal use.

  (2) According to the invention of the management system according to claim 2, the management server according to claim 4, and the management program according to claim 5, environmental information in each of the plurality of user terminals is managed from each user terminal. Based on the latest and past comparison results, the environment information and security policy definitions for each collected user terminal are compared in the management server and the policy definition related to security is compared. Thus, user terminals having the number of policy violations greater than or equal to a predetermined number and user terminals that have repeated policy violations a predetermined number of times or more are identified as management enhancement target terminals.

  Also, here, electronic education about policy violation is executed with the number of policy violations being 1 to a predetermined number of user terminals or the number of policy violations being 1 to a predetermined number of user terminals as the first management enhancement target terminal. On the other hand, a user terminal whose number of policy violations exceeds the predetermined number, or a user terminal whose number of policy violations exceeds the predetermined number is specified as a second management enhancement target terminal, and The electronic education is executed and the user terminal is blocked from the system.

  Here, a user terminal having a policy violation number of 1 to a predetermined number, or a user terminal having a policy violation number of 1 to a predetermined number of times is likely to cause a serious security accident (first terminal). It is possible to place such a user terminal under the control of a system administrator or the like and execute electronic education on policy violations. Accordingly, it is possible to reliably prevent the occurrence of a serious security accident without affecting normal use. Furthermore, by making the first management strengthening target terminal execute electronic education regarding policy violations reliably, the user can be surely recognized about policy compliance.

  On the other hand, for the second management enhancement target terminal, which has a higher number of policy violations / number of times than the first management enhancement target terminal and is more likely to cause a serious security accident, a plurality of user terminals are provided with electronic education. By shutting off from the system to which the system belongs, the safety of the system can be reliably maintained. For the second management enhancement target terminal blocked in this way, the administrator etc. directly audits the terminal (or its user) and confirms that security safety has been obtained, and has a special permission. Only when it is obtained, it is desirable to be excluded from the second management strengthening target (or switched to the first management strengthening target terminal) to enable connection to the system.

As a result, it is possible to reliably identify user terminals and operations that are likely to cause a serious security accident.
In addition, as a user terminal that is likely to cause a serious security accident (a terminal that is subject to enhanced management), a user terminal that has a policy violation count greater than or equal to a predetermined number or a user terminal that has repeated a policy violation more than a predetermined number of times. As a result, it is possible to reliably place such a user terminal under the control of a system administrator or the like and record the operation status thereof. Therefore, it is possible to reliably prevent the occurrence of a serious security accident without saving and analyzing a huge amount of operation logs without affecting normal use.

  Here, after the electronic education in the management strengthening target terminal is executed, it is checked whether or not the policy violation in the first management strengthening target terminal has been resolved. The management reinforcement target terminal is excluded from the first management enhancement target terminals, and the normal monitoring state is restored.

  In addition, it is confirmed whether or not the policy violation in the second management strengthening target terminal has been resolved. If the policy violation is resolved, the second management strengthening target terminal is changed to the first management strengthening target terminal. The operation status at the management enhancement target person terminal is monitored.

  In other words, when a policy violation has been resolved in accordance with electronic education, by excluding the first management enhancement target terminal from the management enhancement target, a user terminal that is likely to cause a serious security accident (the management enhancement target) Terminals can be kept under the control of system administrators etc. until the policy violation is resolved according to electronic education, and the operation status can be recorded, so a huge amount of operation logs should be saved and analyzed In addition, it does not affect normal use, and the occurrence of a serious security accident can be reliably and prevented.

  In addition, when a policy violation has been resolved in accordance with electronic education, changing the second management strengthened target terminal to the first management strengthened target terminal allows a user terminal that is likely to cause a serious security accident ( Because the second management enhancement target terminal) is surely placed under the control of a system administrator or the like until the policy violation is resolved according to electronic education, it can be shut off from the system, and the operation status can be recorded even after the resolution. Therefore, it is possible to reliably prevent the occurrence of a serious security accident without saving or analyzing a huge amount of operation logs without affecting normal use.

  Also, after the second management enhancement target terminal is identified, login / access to the server / database in the system to which a plurality of user terminals belong is prohibited by the terminal until it is confirmed that the policy violation has been resolved at the terminal. As a result, it is possible not only to allow users of terminals that are subject to enhanced management to resolve electronic education / policy violations more thoroughly, but also to violate policy violations to users of terminals that are likely to cause serious accidents. Until the problem is solved, the terminal cannot log in / access to the server or the database, so that the occurrence of a serious security accident can be prevented more reliably and in advance.

  In addition, not all user terminals are targeted, but operation is targeted for management strengthening target terminals that are not confirmed to resolve policy violations even after a lapse of a predetermined time, or user terminals that have been re-specified as management strengthening target terminals. Logs are recorded, without storing and analyzing a huge amount of operation logs, ensuring normal user terminals and operations that do not affect normal use and are likely to cause serious security accidents Can be specified. In other words, a terminal that is subject to enhanced management that does not confirm that the policy violation has been resolved even after a lapse of a predetermined time, or a user terminal that is re-specified as a terminal that is subject to enhanced management is a user terminal that is likely to cause a serious security accident. As a result, it is possible to reliably place such a user terminal under the control of a system administrator or the like and record the operation status thereof. Therefore, it is possible to reliably prevent the occurrence of a serious security accident without saving and analyzing a huge amount of operation logs without affecting normal use.

  When the management reinforcement target terminal executes electronic education in the management system, management server, and management program described in (1) and (2) above, an electronic education agent file for policy violation is transmitted from the management server to the management reinforcement target terminal. To the terminal and execute the electronic education agent file at the terminal, it is possible to cause the user of the terminal to execute the electronic education about the policy violation. Therefore, the management server can execute the electronic education about the policy violation very easily and accurately only by transmitting the electronic education agent file about the policy violation to the management enhancement target terminal.

In addition, when the management reinforcement target terminal executes electronic education in each management system, management server, and management program described above, if the electronic education for the management reinforcement target terminal is the first time, the content of the policy violation in the management reinforcement target terminal In response to execution of electronic education according to the terminal subject to strengthened management, if it is the second or later electronic training for the terminal subject to enhanced management, it manages the electronic education related to all policy violations including the contents of policy violations at the terminal subject to enhanced management. For user terminals that have been targeted for enhanced management for the first time by being executed by the enhanced target terminal, electronic education is provided only for the content of policy violations that have been identified as the enhanced management target terminal. If a user terminal is identified more than once, a serious security accident will occur. As a user terminal with an extremely high possibility of being managed, it is possible to conduct thorough policy compliance by conducting electronic education on policy violations in general, as well as the contents of policy violations that have been identified as terminals for enhanced management Become.

  Furthermore, when collecting environment information from each user terminal in each management system, management server, and management system described above, an environment information collection agent file is transmitted from the management server to a plurality of user terminals, and the environment information is collected at each user terminal. By executing the information collection agent file, it is possible to collect environmental information in the user terminal on the management server. Therefore, the management server creates environment information collection agent files and simply sends the environment information collection agent files to multiple user terminals all at once, making it very easy to collect environment information on multiple user terminals. can do.

  In addition, based on the latest and past comparison results obtained for multiple user terminals, the probability of occurrence of a serious security accident in a system to which multiple user terminals belong is estimated, and the estimated results are used for multiple uses. By notifying the administrator and each user of the administrator terminal, the administrator and the user are informed of the risk of a serious security incident in the system, and the security awareness of the administrator and the user is raised. It is possible to secure and maintain a safe environment for internal systems in companies.

  At this time, in addition to the latest and past comparison results obtained for a plurality of user terminals, based on the results of electronic education on system security for the users of the plurality of user terminals, By estimating the probability of occurrence of a serious accident in security in the system to which it belongs, the result of electronic education is taken into account and reflected in the probability of occurrence of a serious accident, and the reliability of the estimated value of the serious accident occurrence probability can be further increased.

Embodiments of the present invention will be described below with reference to the drawings.
[1] First embodiment [1-1] Configuration of the first embodiment:
FIG. 1 is a block diagram showing the configuration of a management system (management server and user terminal) as a first embodiment of the present invention. As shown in FIG. 1, the management system (in-company system) of the first embodiment Reference numeral 1 denotes an information processing system constructed by connecting a plurality of user terminals 10, a management server 20, and a proxy server 30 through a LAN 40 so that they can communicate with each other in a company or the like.

  Each user terminal 10 is a personal computer or the like used / carried by a user who is an employee of the company, and executes various programs including a storage unit (not shown) such as a hard disk and an agent file described later. Thus, a processing unit (CPU) 11 that can function as means 111 and 112 described later is provided. Each user terminal 10 is configured to be connected to an external communication network (not shown; including, for example, the Internet, a public line network, etc.) via the LAN 40 and the proxy server 30 and can be connected to various external servers. ing.

The LAN 40 is connected to a file server 33 storing various data files in the in-house system and a mail server 35 handling electronic mail in the in-house system, and is accessed from the user terminal 11 or the like. Is configured to be possible.

  As described above, the management server 20 is connected to each user terminal 10 through the LAN 30 so as to be able to communicate with each other, and manages each user terminal 10. It functions as information receiving means 22, comparing means 23, storing means 24, specifying means 25, and managing means 26. The functions as these means 21 to 26 are realized by executing a management program preinstalled in a storage unit (not shown) by a processing unit (CPU; not shown) constituting the management server 20.

  The environmental information collection agent file transmission means 21 transmits the environmental information collection agent file to each of the plurality of user terminals 10 belonging to the in-company system 1 via the LAN 40 by attaching it to an e-mail or the like. . At this time, information (email address or the like) related to each user terminal 10 of the transmission destination is registered in advance in the management server 20 by the administrator of the in-company system 1 or the like. The environment information collection agent file transmission means 21 transmits the environment information collection agent file periodically so that the user terminal (PC) 10 is regularly audited (environment information check) as described later with reference to FIG. It is assumed that it is performed for a specific purpose (for example, once a day or twice a day).

  In the management server 20, a process (task) desired to be executed by each user terminal 10 is created in advance as an agent file, and the agent file is stored in the storage unit or the like in the management server 20. Here, the environment information collection agent file causes each user terminal 10 to execute a process of collecting environment information in each user terminal 10 and a process of notifying the collection result to the management server 20.

  The environment information collection agent file transmitted to each user terminal 10 is automatically or when the user performs a predetermined operation (for example, a double click operation with a mouse) on the file. It is executed by the processing unit 11. That is, the processing unit 11 functions as the environment information collection agent file execution unit 111, and the environment information in the user terminal 10 is collected along with the execution operation, and the collection result is transmitted to the management server 20 via the LAN 40. Be notified.

  Here, the environment information collected in each user terminal 10 is information (operating information / inventory information / execution environment information) regarding the operating environment in each user terminal 10, and the policy definition and the policy definition by the comparison unit 23 as described later. It is sufficient to include information to be compared (for example, information related to security settings and information about all software installed in each user terminal 10). It is also possible to collect information regarding hardware resources and software resources in the user terminal 10 as environmental information.

  As information about hardware resources, for example, computer name / OS / CPU / CPU speed / keyboard type / physical memory / available memory / video card / resolution / printer / swap size / domain name / logon user name / model name / Network card / MAC address / IP address / Net mask / Default gateway / DNS server / Socket version / Total capacity and free space for each local drive / BIOS version / BIOS manufacturer / machine manufacturer / machine name / machine serial machine UUID / motherboard manufacturer Information on name / motherboard name / CPU ID and the like.

Information related to software resources includes information (for example, product name, detailed version, file size, file update date) related to software (various application programs) held in the user terminal 10. If the user terminal 11 has security patch update software (for example, “Windows (registered trademark) Update”) for repairing an OS security hole, the security patch update information (whether it is the latest one or not) Whether or not) is also collected. In addition, when the user terminal 11 has anti-virus software (for example, “Norton AntiVilus (registered trademark)” etc.), the update information of the virus definition file in the anti-virus software (whether it is the latest or not) Is also collected. In addition, when the user terminal 10 has security software such as security patch update software, anti-virus software, anti-spyware software, etc., the setting status (security setting; on / off status, etc.) is also included. Collected.

  In addition to the above information, for example, screen saver / password lock timeout time, printer usage, periodical exploration history by personal information exploration program, usage status of owned software, etc. Collected.

The environment information receiving means 22 receives the environment information transmitted from each user terminal 10 and delivers it to the comparison means 23.
In the management system 1 of the present embodiment, the environment information collection agent file transmission means 21 and the environment information reception means 22 in the management server 20 and the environment information collection agent file execution means 111 in each user terminal 10 are used for a plurality of users. Environmental information collecting means for collecting environmental information in each terminal 10 from each user terminal 10 to the management server 20 is configured.

  The comparing means 23 compares the environment information in each user terminal 10 received and collected by the environment information receiving means 22 with a policy definition relating to security set in advance, thereby violating the policy definition. The contents of the terminal 10 and its policy violation are specified. Here, the policy definition is defined and set for each company, and registered in advance in the storage unit of the management server 20. Examples of the policy definition include the following items (1) to (5), but the present invention is not limited to these items (1) to (5). The contents of any policy definition are matters that are considered to have some problems in terms of security when the user terminal 10 does not comply with the policy definition.

(1) Information on applications prohibited from possession or use in each user terminal 10. For example, virtual VPN software, P2P software, spyware, file exchange software (Winny, etc.) and the like can be mentioned.

(2) Application information to be held in each user terminal 10. For example, security patch update software, various security software, personal information search program, and the like.

(3) Security setting status to be set in each user terminal 10. For example, various security software is set to ON, and the screen saver / password lock timeout time is set within a predetermined time (for example, 10 minutes).

(4) The personal information file is regularly searched by the personal information search program at each user terminal 10.
(5) The usage amount of the printer is within a predetermined number (for example, 100 per day) (the user terminal 10 having a large usage amount is regarded as having a high possibility of information leakage).

  The comparison means 23 of the present embodiment compares the environment information obtained from each user terminal 10 with these items (1) to (5), and the user terminal 10 defines the policy for each user terminal 10. If it is not observed, it is regarded as a policy violation, and the content of the policy violation is associated with information for identifying the user terminal 10 (user terminal identification information, etc.), and the comparison result Output as.

For example, the comparison means 23 of this embodiment is
[i] When the user terminal 10 has one possession / prohibition application of item (1), the fact and the number of policy violations “1” are output as policy violation contents,
[ii] If the user terminal 10 owns and uses one of the possession / prohibition applications of item (1), the fact and the number of policy violations “2” are output as the policy violation contents,
[iii] If the user terminal 10 possesses two possession / prohibition applications of item (1), the fact and the number of policy violations “2” are output as policy violation contents,
[iv] The user terminal 10 does not have one of the necessary security software items (2) installed, and the screen saver / password lock timeout time is set to 30 minutes (item (3) violation) In that case, the fact and the number of policy violations “2” are output as policy violation details.
[v] User terminal 10 does not have one of the security software turned on (item (3) violation) and does not regularly search personal information files (item (4) violation) and the printer When the daily usage amount is 200 [item (5) violation], the fact and the policy violation number “3” are output as the policy violation content.

  The storage unit 24 uses the user terminal identification information and the like so that the comparison result (policy violation content and number of policy violations) output from the comparison unit 23 as described above is the comparison result of which user terminal 10 is the comparison result. The comparison result is stored in a storage unit (RAM, hard disk, etc.) constituting the management server 20 or a storage device externally attached to the management server 20.

  Based on the latest comparison result by the comparison unit 23 and the past comparison result for each user terminal 10 stored by the storage unit 24, the specifying unit 25 determines that the number of policy violations is a predetermined number or more (for example, 3 or more). ) Or the user terminal 10 that has repeatedly violated the policy a predetermined number of times or more. Here, the latter “user terminal 10 that has repeatedly violated a policy more than a predetermined number of times” is subject to policy violations of the same content when periodic audits (environmental information collection and policy definition comparison) are performed. You may specify what has been repeated a predetermined number of times in succession, or you may specify what has been repeatedly repeated policy violations of different contents within a predetermined period.

  The management unit 26 manages the management reinforcement target terminal (user terminal) 10A specified by the specifying unit 25, and includes a monitoring unit 261, a warning unit 262, a recording unit 263, an electronic education control unit 264, and a confirmation unit 265. It has functions as an excluding unit 266, a prohibiting unit (operation limiting unit) 267, an estimating unit 268, and a notifying unit 269. In this embodiment, the information related to the management strengthening target terminal 10A specified by the specifying unit 25 (identification information etc. specifying the terminal 10A) is stored in a storage unit (RAM, hard disk, etc.) constituting the management server 20 or managed. It is registered in a table such as a storage device attached to the server 20. Hereinafter, the “management enhancement target terminal” may be referred to as a “registered terminal”.

The monitoring unit 261 monitors (monitors) the operation status of the management strengthening target terminal 10A, and the warning unit 262 determines whether the administrator of the management strengthening target terminal 10A and the management strengthening target terminal 10A A warning is issued to the user, and the recording unit 263 records the operation status monitored by the monitoring unit 261 as an operation log in the management strengthening target terminal 10A.

  Here, as the operation status in the management strengthening target terminal 10A monitored by the monitoring unit 261, for example, the Internet access history, the usage status of the possessed / unusable application, the log / content of the email, the screen shot ( For example, once every 5 minutes). These operation statuses are associated with identification information for specifying the terminal 10A by the recording unit 263, and a storage unit (RAM, hard disk, etc.) constituting the management server 20 or a storage device externally attached to the management server 20 Etc. are recorded. The warning unit 262 refers to the latest monitoring result (latest operation status) by the monitoring unit 261 and the monitoring result recorded by the recording unit 263, and the storage unit 24 stores the monitoring result as necessary. With reference to the policy violation content of the terminal 10A, when the management strengthening target terminal 10A performs a dangerous operation that may cause a serious accident, a warning is immediately issued to the administrator and the user. Yes.

  The “dangerous operation that may cause a serious accident” may be, for example, an operation of accessing a problematic WEB site in the terminal 10A having file exchange software such as Winny (in this case, a virus Infection may lead to serious accidents such as information leaks), and the terminal 10A that does not conduct regular exploration of personal information files will attach a file that is unknown whether or not it is a personal information file to an e-mail. (In this case, there is a risk of causing a serious accident such as leakage of personal information), the terminal 10A in which the necessary security software is not installed, or the terminal 10A in which the security software is installed but not turned on Access the problem web site To such an operation (in this case, it can lead to serious accidents that or infected rose plated or information leaks the virus to virus) and the like.

  The electronic education control means 264 causes the management strengthening target terminal 10A to execute electronic education regarding policy violation, and has functions as an electronic education agent file creation / holding means 264a and an electronic education agent file transmission means 264b. .

  The electronic education agent file creation / holding means 264a creates or holds an electronic education agent file for causing the management strengthening target terminal 10A (user terminal 10) to execute electronic education regarding policy violation. As described above, the management server 20 creates a process (task) that each user terminal 10 desires to execute as an agent file.

  Here, the electronic education agent file is used to cause the processing unit 11 of the management strengthening target terminal 10A (user terminal 10) to execute electronic education regarding the policy violation contents. The electronic education agent file for policy violation may be created in advance for each policy violation content and held in the electronic education agent file creation / holding means 264a.

  Further, the contents of the electronic education executed by the processing unit 11 of the management strengthening target terminal 10A (user terminal 10) by the electronic education agent file may be in accordance with the contents of the policy violation in the terminal 10A, General policy violations including policy violations may be used.

In particular, as will be described later with reference to FIG. 5, for example, the electronic education control unit 264 in the present embodiment is the first electronic education for the management strengthening target terminal 10A (the first electronic education corresponding to the first policy violation). Or the 1st to Nth times (N is a natural number of 2 or more) (the 1st to Nth electronic education corresponding to the first to multiple policy violations) In the case where the management reinforcement target terminal 10A executes the electronic education corresponding to the content of the policy violation in the case where the electronic education for the management reinforcement target terminal 10A is the second or later or the Nth or later, the management reinforcement target terminal The terminal for strengthening management is made to execute electronic education on policy violations in general, including the content of policy violations in 10A.

  That is, the electronic education control unit 264 performs only electronic education according to the content of the policy violation in the management strengthening target terminal 10A or the policy in the management strengthening target terminal 10A according to the number of times of electronic training for the management strengthening target terminal 10A. The electronic education agent file creation / holding means 264a is made to create / hold the electronic education agent file corresponding to the number of times that the electronic education about the policy violation in general including the violation content is switched. .

  The electronic education agent file transmission means 264b manages the electronic education agent file regarding policy violation created / held by the electronic education agent file creation / holding means 264a by attaching it to an e-mail after creation or reading. This is transmitted to the strengthening target terminal 10A.

  The electronic education agent file transmitted to the management strengthening target terminal 10A is automatically or when the user performs a predetermined operation (for example, a double click operation with a mouse) on the file on the management strengthening target terminal 10A. It is executed by the processing unit 11. That is, the processing unit 11 functions as the electronic education agent file execution unit 112, and in accordance with the execution operation, electronic education corresponding to the policy violation content is executed for the user of the terminal 10A. .

  At this time, the electronic education agent file execution means 112 in the management reinforcement target terminal 10A includes information on whether or not the electronic education has been completed in the management reinforcement target terminal 10A [test result (test result; test result; test for user). Including the answer result)] to the management server 20 via the LAN 40.

  In addition, the electronic education control means 264 in the management server 20 scores the test result accompanying the electronic education from the management reinforcement target terminal 10A, and compares the score result with the environmental information collected by the terminal 10A and the comparison result 23. Along with the result (policy violation content, etc.), it is configured to notify the administrator of the in-company system 1 (for example, the department manager of the department to which the user belongs). As a result, the management server 20, the administrator, and the like can grasp the user (employee) who has performed electronic education / the user (employee) who has not performed electronic education, and can perform more thorough electronic education. .

  In addition, the electronic education is forcibly executed to the user without ending the operation of the electronic education until the user completes and completes the electronic education (until the answer to the test is completed) in the management strengthened target terminal 10A. You may comprise. Thereby, electronic education can be executed reliably and thoroughly regardless of the user's will and consciousness.

Furthermore, in the management strengthening target terminal 10A that has completed the electronic education, a completed desktop stamp indicating that the electronic education has been completed is displayed on the desktop. On the terminal 10A (10) that has not completed the electronic education, An incomplete desktop stamp indicating that electronic education has not been completed may be displayed on the desktop. This desktop stamp (bitmap image) cannot be deleted / moved on the terminal 10A (10) side and is pasted on the desktop wallpaper. Therefore, the user can delete the desktop stamp by operating himself / herself. It cannot be moved or moved, it is always displayed on the desktop, and it is exposed not only to the user but also to other people's eyes. Therefore, by displaying the completed desktop stamp or incomplete desktop stamp on the desktop, it is possible to encourage the user's will and consciousness to voluntarily execute the electronic education. Can be executed thoroughly.

  The confirmation unit 265 operates the environmental information collection unit and the comparison unit 23 described above after the electronic education in the management strengthening target terminal 10A is executed by the electronic education control unit 264, and the policy violation in the management strengthening target terminal 10A is resolved. It is to confirm whether or not.

  The excluding unit 266 excludes the management strengthening target terminal 10A from the management strengthening target when the confirmation unit 265 confirms that the policy violation in the management strengthening target terminal 10A is resolved. However, as will be described later with reference to FIG. 3, in this embodiment, the user of the management strengthening target terminal 10 </ b> A achieved a result above the reference point in the electronic education about the policy violation in addition to the confirmation of the policy violation resolution. On the condition, the exclusion means 266 excludes the management enhancement target. At this time, the exclusion unit 266 deletes information related to the management reinforcement target terminal 10A registered in the table or the like (identification information or the like for specifying the terminal 10A) registered in the table or the like from the table or the like, as described above. The registered terminal) 10A is excluded from the management enhancement target. When the excluding unit 266 excludes the management strengthening target terminal (registered terminal) 10A from the management strengthening target, the number of policy violations and the number of policy violations counted for the management strengthening target terminal (registered terminal) 10A are zero. It may be reset, or it may be maintained without being reset and used as it is when specifying the terminal for which management is to be strengthened in the future.

  The prohibition means (operation restriction means) 267 is a management reinforcement target terminal from when the management reinforcement target terminal 10A is specified by the specification means 25 until the confirmation means 265 confirms that the policy violation in the management reinforcement target terminal 10A is resolved. The operation restriction agent file prohibiting the execution of programs other than a predetermined program (a program on the white list) is created and attached to an e-mail, and transmitted to the management strengthening target terminal 10A. That is, the prohibiting means (operation restricting means) 267 constitutes an operation restricting means in the claims.

  Note that the program operation permission list may be included in the operation restriction agent file, or a separate dedicated data file may be prepared and sent from the management server to the user terminal.

  In addition to the execution of the program, it is prohibited to open other than specified data files (whitelisted data files (document files, spreadsheet data files, image files)) on the terminal to be strengthened in management, in addition to program execution. Alternatively, it may be determined by an operation restriction agent file.

  In addition to program execution, handling (execution, opening) other than various files with a predetermined extension (files with extensions listed in the whitelist) is prohibited in addition to program execution. Alternatively, it may be determined by an operation restriction agent file.

  In the following embodiment, it is described that execution of programs other than those listed in the white list and opening other than data files are prohibited. Also good.

  Further, the operation restriction agent file may be defined so that what can be executed and handled and what cannot be handled in a state where the above programs, data files, extensions, and the like are combined. For example, the program A and the program B can be used for various data files, and the data file a can be viewed only by the program A.

  Further, the prohibition means (operation restriction means) 267 manages the period from when the management strengthening target terminal 10A is specified by the specifying means 25 until the confirmation means 265 confirms that the policy violation in the management strengthening target terminal 10A is resolved. Prohibit the execution of programs other than the specified program (whitelisted program) on the terminal to be strengthened, and create an operation restriction agent file that deletes the prohibited program and attach it to an e-mail. Are transmitted to the management strengthening target terminal 10A.

  In addition, the prohibition unit (operation restriction unit) 267 performs the management strengthening after the management strengthening target terminal 10A is specified by the specifying unit 25 until the confirmation unit 265 confirms that the policy violation in the management strengthening target terminal 10A is resolved. Login / access to the server / database (not shown) in the in-company system 1 by the target terminal 10A is prohibited.

  Further, this prohibiting means (operation restricting means) 267 replaces the login / access prohibition with respect to the server / database in the in-company system 1, and the management strengthening target is confirmed by the confirming means 265 after the management strengthening target terminal 10A is identified by the identifying means 25. While the policy violation in the terminal 10A is confirmed to be resolved, the management strengthening target terminal 10A maintains the connection state with the management server 20 (the state where data transmission / reception by the agent file as described above is possible) You may make it function as an interruption | blocking means to interrupt | block from the system 1. FIG.

  The estimation means 268 obtains the latest comparison results obtained by the comparison means 23 and the past comparison results saved by the saving means 24 obtained for a plurality of user terminals 10 (all user terminals 10 belonging to the in-company system 1). And the probability of occurrence of a serious security accident in the in-company system 1 based on the electronic education result on the security of the in-company system 1 for the user of the user terminal 10 (management strengthened target terminal 10A) It is estimated according to the technique to do.

  The notification unit 269 notifies the occurrence probability estimated by the estimation unit 268 to the administrator of the in-company system 1 and the user of the user terminal 10 belonging to the in-company system 1 through the LAN 40 using e-mail or the like. Then, it is displayed on the terminal of the administrator or the user terminal 10.

  Here, as described above, the “serious accident” refers to, for example, information leakage (for example, leakage of personal information or confidential information (encryption table)) associated with virus infection, or user's consciousness / unconsciousness. For example, leakage of personal information associated with the operation, and the spread of viruses in and out of the system 1 associated with virus infection.

Further, when the estimation means 268 estimates the probability of occurrence of a serious security accident in the in-company system 1, for example, Heinrich's law can be used. Heinrich's law is a law published by American engineer Heinrich, which was derived from analysis of statistics on cases of occupational accidents. If the frequency of serious accidents is 1, the frequency of minor injuries (accidents) Is 29, and the frequency of occurrence of an uninjured disaster (incident) is 300. Based on this, it is often used in safety activities as a warning that “There are 29 minor injury accidents and 300 near-miss incidents behind the occurrence of one serious accident (death or serious injury).” ing. Such Heinrich's law (ratio of “1: 29: 300”) is also used in business. For business, for example, if the frequency of fatal failures is 1, complaints from customers (claims) The failure frequency of 29 is 29, which did not result in a claim, but the in-house party is assumed to have a small failure frequency of 300.

  Using such Heinrich's law, the estimation means 268 of the present embodiment provides minor injuries when the occurrence frequency of security “serious accidents” such as information leakage and virus dispersion as described above is 1, for example. Assuming that the frequency of accidents (failures in which customer complaints are received) is 29 and that the frequency of unscathed accidents (small failures) is 300, users who have received electronic education among the above-mentioned policy violations The number of policy violations made while recognizing the violation is counted as the number of occurrences of minor accidents (failures in which customer complaints occur). In addition, among the above-mentioned policy violations, the number of policy violations made without knowing that the user has not received electronic education about the violation is counted as the number of occurrences of intactness (small failure). For example, when the number of occurrences of an intact accident becomes “150”, it is estimated that the occurrence probability of a serious accident is 50%. In addition, when the number of occurrences of minor accidents is “29” or the number of occurrences of uninjured accidents is “300”, it is estimated that the probability of occurrence of a serious accident is 100%. Furthermore, when the number of uninjured accidents becomes “600”, it is estimated that two serious accidents may occur.

[1-2] Operation of the first embodiment:
Next, the operation of the first embodiment configured as described above will be described with reference to FIGS.

First, the operation of the management server 20 of this embodiment will be described with reference to the flowchart shown in FIG. 2 (steps S101 to S119).
As shown in FIG. 2, the management server 20 regularly audits all user terminals (PCs) 10 (environmental information collection and policy definition comparison), and determines whether or not the audit timing has come. Monitoring is performed (step S101), and when the audit timing comes (YES route of step S101), based on information (email address etc.) regarding each user terminal 10 of the transmission destination registered in advance in the management server 20, the environment The information collection agent file transmission means 21 transmits the environment information collection agent file to each of all user terminals 10 belonging to the in-company system 1 by attaching it to an e-mail (step S102).

  Here, according to the flowchart (steps S51 to S54) shown in FIG. 6A, the environment information collecting operation of each user terminal 10 belonging to the in-company system 1 of the present embodiment will be described. As shown in FIG. 6A, each user terminal 10 monitors whether or not an environment information collection agent file has been received from the management server 20 (step S51), and receives the environment information collection agent file. Then (YES route in step S51), or when the user performs a predetermined operation (for example, a double click operation with a mouse) on the file, the environment information collection agent file is stored on the user terminal 10. It is executed by the processing unit 11 (step S52). As a result, environment information in the user terminal 10 (for example, information related to security settings and information about all software installed in each user terminal 10) is collected (step S53). The collection result is transmitted / notified to the management server 20 via the LAN 40 (step S54).

The management server 20 receives environment information from each user terminal 10 belonging to the in-company system 1 (step S103), and receives environment information from all user terminals 10 belonging to the in-company system 1 (step S103). (YES route of S104), one is selected from the plurality of user terminals 10 (step S105), and the following processing (steps S106 to S119) is executed.

  In step S104, the process proceeds to the next process (steps S106 to S119) when environment information is received from all user terminals 10 belonging to the in-company system 1, but even if a predetermined time has elapsed. When the environment information from all the user terminals 10 cannot be received, the process may proceed to the next process (steps S106 to S119) based on the environment information received when the predetermined time has elapsed. Further, when environment information is received from all user terminals 10 belonging to the in-company system 1, the environment information is received from one user terminal 10 instead of proceeding to the next processing (steps S106 to S119). The next process (steps S106 to S116) may be executed each time.

  When one unprocessed user terminal 10 is selected in step S105, the storage unit (table) of the management server 20 is referred to, and the user terminal (hereinafter may be referred to as a processing target terminal) 10 is already managed. It is determined whether or not it is registered as the reinforcement target terminal 10A (step S106). When the terminal is not registered as the management strengthening target terminal 10A (NO route in step S106), the environment information collected for the processing target terminal 10 by the comparison unit 23 is set as a policy definition related to security [the above item (1) Compared to (5), whether or not the processing target terminal 10 violates the policy definition, and if it violates, the content of the policy violation (including the number of policy violations) is specified ( Step S107). The comparison result (policy violation content and number of policy violations) by the comparison unit 23 is associated by the storage unit 24 with identification information or the like that can identify the processing target terminal 10 and stored in the storage unit of the management server 20 as a past comparison result. Saved (step S108). When the processing target terminal 10 does not violate the policy, the fact is stored as a comparison result.

  If the processing target terminal 10 has violated the policy (YES route in step S109), after the past comparison result for the processing target terminal 10 is read by the specifying unit 25 (step S110), the comparison unit 23 and the past comparison result for each user terminal 10 stored by the storage means 24, the processing target terminal 10 has a policy violation number of a predetermined number or more (for example, three or more). It is determined and specified whether or not the user terminal 10 or the user terminal 10 that has repeatedly violated the policy for a predetermined number of times, that is, whether or not the processing target terminal 10 is the management strengthening target terminal 10A ( Step S111).

  When the processing target terminal 10 is the management strengthening target terminal 10A (YES route in step S112), identification information for identifying the processing target terminal 10 (management strengthening target terminal 10A) is registered in a table or the like by the specifying unit 25. (Step S113).

  Further, the prohibition means (operation restriction means) 267 creates an operation restriction agent file that prohibits execution of a program other than a predetermined program (whitelisted program) in the management reinforcement target terminal 10A, and attaches it to an e-mail. The management strengthening target terminal 10A that has been transmitted to the management strengthening target terminal 10A and has received the operation restriction agent file is prohibited from executing a program other than a predetermined program (a program on the white list) (step S114).

In addition, the prohibition means (operation restriction means) 267 prohibits execution of a program other than the predetermined program (whitelisted program) in the management strengthening target terminal 10A, and an operation restriction agent file that deletes the prohibited program. The management strengthening target terminal 10A that has been created and attached to an e-mail or transmitted to the management strengthening target terminal 10A and has received this operation restriction agent file is prohibited from executing other than a predetermined program (a whitelisted program). At the same time, the program whose execution is prohibited is deleted (step S114).

  Also, login / access to the server / database or the like in the in-company system 1 by the registered management strengthening target terminal (registered terminal) 10A is prohibited, or the registered management strengthening target terminal (registered terminal) 10A Then, while maintaining the connection state with the management server 20 (a state in which data transmission / reception by the agent file is possible), the system is disconnected from the in-company system 1 (step S114).

  However, in the case where login / access to the server / database in the in-company system 1 is prohibited, or in the case where the management strengthening target terminal 10A is blocked from the in-company system 1, at least between the management strengthening target terminal 10A and the management server 20 It is assumed that only exchanges (various agent files, environmental information, electronic education results, operation status, etc.) are possible.

  On the other hand, if it is determined in step S106 that the processing target terminal 10 has already been registered as the management reinforcement target terminal 10A (YES route in step S106), the comparison means 23 causes the processing target terminal that is the management enhancement target terminal 10A. The environmental information collected for 10 is compared with a policy definition relating to security set in advance [see items (1) to (5) above], and whether or not the terminal 10 to be processed violates the policy definition. If so, the content of the policy violation (including the number of policy violations) is specified (step S115). The comparison result (policy violation content and number of policy violations) by the comparison unit 23 is associated by the storage unit 24 with identification information or the like that can identify the processing target terminal 10 and stored in the storage unit of the management server 20 as a past comparison result. After being stored (step S116), the process proceeds to step S117 described later.

  At this point, if the processing target terminal 10 has not violated the policy, the fact is saved as a comparison result. However, in this embodiment, the processing target terminal 10 violates the policy in this processing. Even if it is determined that the management strengthening target terminal 10A is not included, the management strengthening target terminal 10A is not excluded from the management strengthening target. In the present embodiment, as will be described later with reference to FIG. 3, the user of the terminal 10 that has been identified as the management enhancement target has received an electronic education about policy violation and has achieved a result above the reference point and the policy. Exclude from the management enhancement only when the violation is resolved. In other words, even if the user resolves the policy violation without receiving the electronic education about the policy violation, it will not be excluded from the management strengthening target, and the user will be sure to receive the electronic education about the policy violation and thoroughly comply with the policy. It has become.

  After processing in step S114, after processing in step S116, or when it is determined in step S109 that the processing target terminal 10 has not violated the policy (NO route), or in step S112, the processing target terminal 10 When it is determined that the terminal is not the management strengthening target terminal 10A (NO route), it is determined whether or not the audit process has been completed for all the user terminals 10 (step S117), and when it is not completed (NO in step S117). Route), the process returns to the process of step S105, and the processes of steps S105 to S116 described above are performed on the unprocessed user terminal 10.

When the audit process has been completed for all the user terminals 10 (YES route in step S117), the estimation unit 268 obtains a plurality of user terminals 10 (all user terminals 10 belonging to the in-company system 1). The latest comparison result by the comparison unit 23 and the past comparison result stored by the storage unit 24 and the electronic information about the security of the in-company system 1 for the user of the user terminal 10 (management strengthening target terminal 10A). Based on the educational result, the probability of occurrence of a serious security accident in the in-company system 1 is estimated according to the above-described method (step S118), and the estimated value is notified by the notification means 269 to the administrator of the in-company system 1. Etc. and the user of the user terminal 10 belonging to the in-house system 1 by using e-mail etc. It is informed via the (step S119).

Next, the management operation by the management unit 26 of the management server 20 for the terminal registered as the management reinforcement target terminal 10A as described above will be described with reference to FIGS.
FIG. 3 is a flowchart (steps S21 to S28) for explaining the operation of the management unit 26 in the management server 20 of this embodiment. As shown in FIG. In order to perform the management periodically, it is monitored whether or not the management timing is reached (step S21). When the management timing is reached (YES route of step S21), the management strengthening target terminal 10A is registered in the table or the like. Is registered (step S22).

  When there is a registered terminal (YES route in step S22), one is selected from the registered terminals (management strengthening target terminal) 10A (step S23), and the program execution restriction described with reference to FIGS. 4 and 5 respectively. The process (step S24) and the electronic education process (step S25) are executed.

  Here, according to the flowchart shown in FIG. 4 (steps S31 to S34), the program execution restriction process executed in step S24 in FIG. 3, that is, the monitoring means 261 / recording means 263 / warning means 262 / inhibiting means (in the management means 26) The operation of the operation limiting means) 267 will be described.

  In the program execution restriction step S24, the monitoring unit 261 monitors and monitors the operation status of the management strengthening target terminal 10A (step S31). (Step S32). Here, as described above, the operation status to be monitored / recorded includes, for example, the Internet access history, the usage status of the possessed / unusable application, the log / content of the email, and the screen shot (for example, once every 5 minutes) ) Etc.

  Thereafter, the management means 26 determines whether or not there is a problem in the operation status of the monitored management enhancement target terminal 10A, that is, a dangerous operation that may cause a serious accident in the management enhancement target terminal 10A (described above). It is determined whether or not has been performed (step S33). When a dangerous operation as described above is performed (YES route in step S33), the warning unit 262 immediately issues a warning to the administrator and the user of the management strengthening target terminal 10A, and then the prohibition unit (operation restriction). Means) 267 transmits the operation restriction agent file to the management strengthening target terminal 10A, and prohibits execution of programs other than the predetermined program (whitelisted program) in the management strengthening target terminal 10A (step S35). And it returns and transfers to the process of step S25 of FIG. On the other hand, when the dangerous operation as described above is not performed (NO route of step S33), the process returns to the process of step S25 of FIG.

Here, according to the flowchart (steps S71 to S74) shown in FIG. 7, the operation in the operation restricted state on the management strengthening target terminal 10A side in the management system 10 of the present embodiment will be described. As shown in FIG. 7, the management strengthening target terminal 10A monitors whether or not an operation restriction agent file has been received from the management server 20 (step S71). When the operation restriction agent file is received (step S71). YES route), the operation restriction agent file is automatically executed by the processing unit 11 on the management reinforcement target terminal 10A (step S72). Thereby, in the management strengthening target terminal 10A, the execution of the predetermined program (white list posting program) is permitted (step S73), and the execution of other than the predetermined program (white list posting program) is prohibited (step S73). Step S74). If there is an operation for executing a program other than a predetermined program (a program on the white list), it is transmitted / notified to the management server 20 via the LAN 40 (step S74). Furthermore, when the operation restriction agent file is executed by the processing unit 11 on the management strengthening target terminal 10A, programs other than the predetermined program (whitelisted program) are deleted in the management strengthening target terminal 10A. The

  In addition, execution of a program other than a predetermined program is prohibited, which means that execution of an unauthorized installation program is also prohibited, that is, unauthorized installation cannot be executed. ing.

  Further, according to the flowchart shown in FIG. 5 (steps S41 to S48), the electronic education processing executed in step S25 of FIG.

  In the electronic education processing step S25, first, the management means 26 refers to the electronic education result for the management strengthening target terminal 10A, completes the electronic education for the user of the terminal 10A, and obtains the test result above the reference point. Whether or not necessary electronic education is completed (step S41). If the electronic education is completed (YES route in step S41), the process returns to FIG. The process proceeds to step S26.

  On the other hand, if the electronic education has not been completed (NO route of step S42), whether or not the electronic education for the management strengthening target terminal 10A is started (whether or not it is the first electronic education corresponding to the first policy violation). Or) 1st to Nth (N is a natural number equal to or greater than 2) or not (whether it is the 1st to Nth electronic education corresponding to the first to multiple policy violations). (Step S42).

  If YES is determined in step S42, that is, if the electronic education for the management strengthening target terminal 10A is the first time (the first electronic education corresponding to the first policy violation) or the first to Nth times (N Is a natural number of 2 or more) (when it is the 1st to Nth electronic education in response to the first to multiple policy violations), the processing target terminal 10 became an opportunity to be registered as the management strengthening target terminal 10A. In order for the terminal 10A to execute electronic education (e-learning) according to the content of the policy violation, the electronic education agent file is created by the electronic education agent file creation / holding means 264a, or It is read from the educational agent file creation / holding means 264a (step S42).

  If NO is determined in step S42, that is, if the electronic education for the management reinforcement target terminal 10A is the second or later or the Nth or later, the processing target terminal 10 is registered as the management reinforcement target terminal 10A. In order to cause the terminal 10A to execute electronic education (e-learning) about the entire policy violation including the content of the policy violation that triggered the action, the electronic education agent file is an electronic education agent file creation / holding means 264a. Or read from the electronic education agent file creation / holding means 264a (step S44).

An agent file for executing electronic education according to the policy violation contents and an agent file for executing electronic education for all policy violations including the contents of the policy violation are provided as means for creating / holding electronic education agent files. If it is already held in H.264a, the agent file is read out as an electronic education agent file. If it is not held, it is created by the electronic education agent file creation / holding means 264b.

  In this way, the agent file read from the electronic education agent file creation / retention means 264a or the agent file created by the electronic education agent file creation / retention means 264a is transmitted by the electronic education agent file transmission means 264b. It is sent to the management strengthening target terminal 10A by attaching it to an e-mail (step S45).

  Here, according to the flowchart (steps S61 to S64) shown in FIG. 6B, the electronic education operation of the management strengthening target terminal 10A in the management system 10 of the present embodiment will be described. As shown in FIG. 6B, the management strengthening target terminal 10A monitors whether or not an electronic education agent file has been received from the management server 20 (step S61). YES route in step S61), or when the user performs a predetermined operation (for example, a double click operation with the mouse) on the file, the electronic education agent file is a processing unit on the management reinforcement target terminal 10A. 11 (step S62). Thereby, electronic education (including a test) about policy violation in the management strengthening target terminal 10A is executed for the user of the management strengthening target terminal 10A (step S63). In this embodiment, the electronic education is performed. As a result, for example, information on whether or not the electronic education has been completed at each user terminal 11 and a test result accompanying the electronic education (test result; including an answer result to the test by the user) are sent to the management server 20 via the LAN 40. Is transmitted / notified (step S64).

  The management server 20 receives the electronic education result from each user terminal 11 belonging to the evaluation target system 10 (step S46), and the answer result included in the electronic education result is received by the electronic education control means 264 of the management means 26. The scoring result is notified (step S47), and the scoring result is notified to the administrator of the in-company system 1 together with the environmental information collected for the terminal 10A, the comparison result (policy violation content, etc.) based on the comparison result 23, etc. The improvement of violation is urged (step S48), and then the process returns to the process of step S26 in FIG. If the electronic education result is not transmitted from the management reinforcement target terminal 10A even after the predetermined period has elapsed, the electronic education control means 264 executes the electronic education necessary for the user of the management reinforcement target terminal 10A. Notify the administrator, etc. as a scoring result along with environmental information and comparison results.

  Thus, after completing the electronic education in the registration terminal 10A selected in step S23, the management means 26 refers to the electronic education result for the processing target terminal 10, and the processing target terminal 10 is the management strengthening target terminal. All users of the terminal 10A have finished taking electronic education on policy violations that have been registered as 10A (or taking electronic education on policy violations in general, including details on the policy violations). In addition, it is determined whether or not a test result equal to or higher than the reference point has been acquired, and the environment information collection unit and the comparison unit 23 are further operated by the confirmation unit 265 of the management unit 26 to cause a policy violation in the registered terminal 10A. It is confirmed whether or not has been eliminated (step S26).

When the test result equal to or higher than the reference point has been obtained and all policy violations have been resolved (YES route in step S26), the registration terminal 10A is excluded from the management reinforcement target by the exclusion unit 266 of the management unit 26. That is, the registration (identification information, etc.) of the processing target terminal 10 as the management strengthening target terminal 10A is deleted from the table or the like, and the operation restriction / prohibition / blocking state for the processing target terminal 10 by the prohibition means (operation restriction means) 267 Is released (step S27). On the other hand, if a test result equal to or higher than the reference point has not been acquired and / or if all policy violations have not been resolved, that is, if NO is determined in step S26, step S27 is skipped.

  Thereafter, it is determined whether or not the process has been completed for all the registered terminals (management strengthening target terminals) 10A (step S28). If the process has not been completed (NO route of step S28), the process returns to the process of step S23. Steps S23 to S27 are performed on the unprocessed registered terminal 10A. If the process has been completed for all registered terminals 10A (YES route in step S28), or if it is determined in step S22 that there is no registered terminal (NO route), the process returns to step S21.

[1-3] Effects of the first embodiment:
As described above, according to the management system 1 as the first embodiment of the present invention, the environment information in each of the plurality of user terminals 10 (for example, the environment in each of the plurality of user terminals 10 belonging to an internal system such as a company). Information) is collected from each user terminal 10 to the management server 20, and the management server 20 compares the collected environmental information with the policy definition related to security, and violates the policy. 10 and the contents of the policy violation are identified, and the number of policy violations is a predetermined number based on the latest and past comparison results (information specifying the user terminal 10 that has violated the policy and the results of specifying the contents of the policy violation). The above-described user terminal 10 and the user terminal 10 that has repeatedly violated the policy a predetermined number of times or more are the management strengthening target terminal 10A. Identified Te, the operation status of the specified managed enhanced target terminal 10A, are monitored by the monitoring means 261, is recorded as an operation log by recording means 263. Then, the management server 20 prohibits execution of a program other than the predetermined program in the identified management reinforcement target terminal 10A.

  As a result, not all user terminals 10 are targeted, but the operation log is recorded for the management strengthened target terminal 10A, and a large amount of operation logs are not saved and analyzed, and security is ensured. It is possible to reliably identify user terminals and operations that are likely to cause serious accidents.

  Furthermore, since execution of a program other than the predetermined program is prohibited at the management strengthening target terminal, a serious security accident can be prevented in advance. Since network connection and normal program execution are not prohibited, normal use is not affected and serious security incidents can be prevented.

  That is, the user terminal 10 having the policy violation number of the predetermined number or more and the user terminal 10 repeating the policy violation for the predetermined number of times or more are identified as the management strengthening target terminal 10A that is highly likely to cause a serious security accident. Thus, it becomes possible to place such a terminal 10A under the control of a system administrator or the like and record the operation status. Therefore, it is possible to reliably prevent the occurrence of a serious security accident without saving and analyzing a huge amount of operation logs without affecting normal use.

  At this time, the environment information collection agent file is transmitted from the management server 20 to the plurality of user terminals 10, and the environment information collection agent file is executed in each user terminal 10, whereby the environment information in the user terminal 10 is managed. 20 can be collected. Therefore, the management server 20 creates environment information collection agent files and transmits the environment information collection agent files to the plurality of user terminals 10 all at once. Easy to collect.

Further, the management strengthening target terminal 10A is set as a monitoring target of the operation status, and the management strengthening target terminal 10A causes a serious accident by issuing a warning to the administrator or the user of the management strengthening target terminal 10A according to the monitoring result. When a potentially dangerous operation is performed, a warning can be immediately issued, and the occurrence of a serious security accident can be prevented more reliably and in advance.

  Furthermore, by causing the management strengthening target terminal 10A to execute electronic education regarding policy violations, the user of the management strengthening target terminal 10A performing policy violations can reliably execute electronic education regarding policy violations. it can.

  Further, in the electronic education control means 264 of the present embodiment, only the electronic education corresponding to the content of the policy violation in the management strengthening target terminal 10A is performed according to the number of times of the electronic training for the management strengthening target terminal 10A, or the management strengthening target For the user terminal that became the management strengthening target terminal 10A for the first time (or 1 to N times) by switching whether to conduct electronic education on the entire policy violation including the policy violation content in the terminal 10A, the management strengthening target terminal We conduct electronic education only on the content of policy violations that have been identified as 10A, and the user terminal 10 that is identified as the management strengthening target 10A more than twice (or N times) It is regarded as a user terminal 10 that has a very high possibility of causing a serious accident, and is specially designated as a terminal 10A targeted for strengthening management. To be subjected to electronic education about the policy violation in general, not only the contents of the policy violation that caused, it is possible to enforce policy compliance.

  At this time, the electronic education agent file regarding the policy violation is transmitted from the management server 20 to the management strengthening target terminal 10A, and the electronic education agent file is executed by the terminal 10A so that the electronic education regarding the policy violation is used by the terminal 10A. Can be executed by a person. Therefore, the management server 20 can execute the electronic education about the contents of the policy violation very easily and accurately only by transmitting the electronic education agent file corresponding to the contents of the policy violation to the management strengthening target terminal 10A. Can do.

  After the electronic education, the confirmation means 265 confirms whether or not the policy violation has been resolved in accordance with the electronic education in the management strengthening target terminal 10A, and if the policy violation in the management strengthening target terminal 10A has been resolved and the management strengthening When the user of the target terminal 10A has achieved a score exceeding the reference point in the electronic education about policy violation, the exclusion means 266 excludes the management strengthened target terminal 10A from the management strengthening target, thereby causing a serious security accident. The terminal 10A targeted for strengthening management, which has a high possibility of causing a fault, is placed under the control of a system administrator or the like until the policy violation is resolved in accordance with electronic education, and the operation status can be recorded. Without saving and analyzing operation logs, it does not affect normal use, and ensures that serious security incidents occur It is possible to stop.

  Further, after the management strengthening target terminal 10A is specified, until the cancellation of the policy violation in the terminal 10A is confirmed, the terminal 10A logs in / accesses to a server or a database in the system 1 to which the plurality of user terminals 10 belong. Prohibiting the terminal 10A allows the user of the management strengthening target terminal 10A to perform electronic education / policy violation resolution more thoroughly, as well as the terminal 10 (10A having a high possibility of causing a serious accident). The terminal 10 (10A) cannot log in / access the server or database until the policy violation is resolved by the user of), so that the occurrence of a serious security accident can be prevented more reliably and in advance. it can.

Similarly, after the management strengthening target terminal 10 </ b> A is identified, the terminal 10 </ b> A is maintained in the connection state with the management server 20 until it is confirmed that the policy violation in the terminal 10 </ b> A is resolved. By shutting off from the system 1 to which 10 belongs, the occurrence of a serious security accident can be prevented more reliably and in advance while the terminal 10A is placed under the management of the management server 20.

  In this embodiment, as described with reference to FIG. 3, the management strengthening target terminal 10A completes the electronic education about the policy violation, obtains the test result above the reference point, and all the policy violations are resolved. Operation restriction (program execution restriction) only when it becomes a state, that is, when the user of the management strengthening target terminal 10A recognizes the policy violation and sets the state of the terminal 10A to a state that matches the policy definition. Since the login / access prohibition state and the blocking state from the system 1 are released, the education on the security (policy definition) in the system 1 is used while preventing the occurrence of a serious security accident more reliably. It is possible to raise the user's security awareness.

  Further, as described above, for example, by using Heinrich's law, a plurality of user terminals 10 belong based on the latest and past comparison results (number of policy violations) obtained for the plurality of user terminals 10. It is possible to estimate the probability of occurrence of a serious security accident in the in-company system 1, and notify the administrator and each user of the plurality of user terminals 10 of the estimation result, thereby the in-company system 1. In order to inform the managers and users of the risk of serious security incidents, and to raise the security awareness of the managers and users, and to secure and maintain a safe environment for the corporate system 1 Can do.

  At this time, in addition to the latest and past comparison results obtained for the plurality of user terminals 10 (information specifying the user terminal 10 in violation of the policy and the result of specifying the content of the policy violation), the plurality of user terminals Based on the results of electronic education on the security of the in-company system 1 for ten users, the probability of occurrence of a serious accident in the in-company system 1 is estimated, so that (Test results after electronic education / recognition of policy violations of each user, etc.) are taken into account and reflected, and the reliability of the estimated value of the probability of serious accidents can be further increased. For example, in the estimation means 268 of the present embodiment, a minor injury accident (accident) according to Heinrich's law as described above with respect to the case where the policy violation is made while recognizing by electronic education and without being recognized. As a result, the estimated value of the occurrence probability of a serious accident is made higher.

[2] Second embodiment:
[2-1] Configuration of the second embodiment:
FIG. 8 is a block diagram showing the configuration of a management system (management server and user terminal) as a second embodiment of the present invention. As shown in FIG. 8, the management system (in-house system) of the second embodiment. In the same manner as in the first embodiment, the information processing system 1A is constructed by connecting a plurality of user terminals 10, the management server 20A, and the proxy server 30 via the LAN 40 so that they can communicate with each other. System. In the figure, the same reference numerals as those already described indicate the same or substantially the same parts, and detailed description thereof will be omitted.

  As described above, the management server 20A in the management system 1A of the second embodiment is connected to each user terminal 10 through the LAN 30 so as to be able to communicate with each other, and manages each user terminal 10, and collects environmental information. It functions as agent file transmission means 21, environment information reception means 22, comparison means 23a, storage means 24, and management means 26. The functions as these means 21, 22, 23a, 24, and 26a execute a management program installed in advance in a storage unit (not shown) by a processing unit (CPU; not shown) constituting the management server 20A. Is realized.

Since the environment information collection agent file transmission unit 21 and the environment information reception unit 22 function in the same manner as in the first embodiment, detailed description thereof is omitted.
The comparison unit 23a follows the same standard as the comparison unit 23 of the first embodiment, and the policy information related to the environment information and the preset security in each user terminal 10 received and collected by the environment information collection unit 22 [for example, the above-mentioned By comparing (1) to (5)], the user terminal 10 violating the policy definition is identified as the management strengthening target terminal 10A. That is, in the management system 1A of the second embodiment, the specifying unit 26 as in the first embodiment is not provided, and the comparison unit 23a compares the environment information and the policy definition in each user terminal 10 with each other. The user terminal 10 that violates the policy definition even once (one case) is specified as the management strengthening target terminal 10A.

  Further, the storage unit 24 also uses the user terminal 10 so that the comparison result (policy violation content and the number of policy violations) by the comparison unit 23a is the comparison result of which user terminal 10 is the same as in the first embodiment. Corresponding to identification information, etc., and saved as a past comparison result. The comparison result is saved in a storage unit (RAM, hard disk, etc.) constituting the management server 20 or a storage device externally attached to the management server 20. Is done.

  The management unit 26a of the second embodiment manages the management strengthening target terminal (user terminal) 10A specified by the comparison unit 23a. Similar to the first embodiment, the management unit 26a, the warning unit 262, and the recording unit. 263, electronic education control means 264, confirmation means 265, exclusion means 266, prohibition means (operation restriction means) 267, estimation means 268, and notification means 269 are provided. In this embodiment, the information related to the management strengthening target terminal 10A specified by the comparison unit 23a (identification information etc. specifying the terminal 10A) is stored in a storage unit (RAM, hard disk, etc.) constituting the management server 20A or managed. It is registered in a table or the like such as a storage device externally attached to the server 20A.

  Then, the electronic education control means 264 causes the management strengthening target terminal 10A specified by the comparison means 23a to execute electronic education regarding policy violation. The electronic education agent file creation / retention is the same as in the first embodiment. It has functions as means 264a and electronic education agent file transmission means 264b.

  Further, as in the first embodiment, the confirmation unit 265 operates the environmental information collection unit and the comparison unit 23 described above after the electronic education in the management reinforcement target terminal 10A is executed by the electronic education control unit 264, thereby strengthening the management. The exclusion unit 266 confirms whether the policy violation in the management strengthening target terminal 10A is confirmed by the confirmation unit 265, as in the first embodiment, and confirms whether the policy violation in the target terminal 10A has been resolved. This management strengthening target terminal 10A is excluded from the management strengthening target on the condition that the user of the management strengthening target terminal 10A has achieved a score above the reference point in the electronic education about policy violation.

  Furthermore, the monitoring unit 261 according to the second embodiment allows the confirmation unit 265 to check the management strengthening target terminal 10 </ b> A even after a predetermined time (for example, several tens of minutes, one day after being registered as the management strengthening target). When it is not confirmed that the policy violation has been resolved, or when the user terminal 10 excluded from the management enhancement target by the exclusion unit 266 is identified again as the management enhancement target terminal 10A by the comparison unit 23a when the policy violation is resolved, The operation status in the management strengthening target terminal 10A is monitored. The operation status in the management strengthening target terminal 10A monitored by the monitoring unit 261 is the same as that in the first embodiment, and the warning unit 262 is in accordance with the operation status monitored by the monitoring unit 261. The recording unit 263 records the operation status monitored by the monitoring unit 261 as an operation log in the management strengthening target terminal 10A.

Further, the prohibiting means (operation restricting means) 267 of the second embodiment applies to the server / database (not shown) in the in-company system 1A by the management strengthening target terminal 10A according to the operation status monitored by the monitoring means 261. According to the function as a prohibition unit for prohibiting login / access and the operation status monitored by the monitoring unit 261, the management strengthen target terminal 10A is connected to the management server 20 (data transmission / reception by the agent file as described above is performed). It also has a function as a blocking means for blocking from the in-company system 1A while maintaining a possible state.

  Further, the prohibition unit (operation restriction unit) 267 increases the management enhancement after the management strengthening target terminal 10A is specified by the specifying unit 25 until the confirmation unit 265 confirms that the policy violation in the management strengthening target terminal 10A is resolved. An operation restriction agent file that prohibits execution of programs other than a predetermined program (a program on the white list) in the target terminal is created, attached to an e-mail, and transmitted to the management strengthening target terminal 10A. That is, the prohibiting means (operation restricting means) 267 constitutes an operation restricting means in the claims.

  Further, the prohibition means (operation restriction means) 267 manages the period from when the management strengthening target terminal 10A is specified by the specifying means 25 until the confirmation means 265 confirms that the policy violation in the management strengthening target terminal 10A is resolved. Prohibit the execution of programs other than the specified program (whitelisted program) on the terminal to be strengthened, and create an operation restriction agent file that deletes the prohibited program and attach it to an e-mail. Are transmitted to the management strengthening target terminal 10A.

[2-2] Operation of the second embodiment:
Next, the operation of the second embodiment configured as described above will be described with reference to FIGS.

  First, the operation of the management server 20A of the second embodiment will be described according to the flowchart shown in FIG. 9 (steps S101 to S109, S113, S115, S116 to S119). As shown in FIG. 9, in the management server 20A, periodic audits (environmental information collection and policy definition comparison) are performed on all user terminals (PCs) 10, and it is determined whether or not the audit timing has come. Monitoring is performed (step S101), and when the audit timing comes (YES route of step S101), based on information (email address and the like) regarding each user terminal 10 of the transmission destination registered in advance in the management server 20A, the environment The information collection agent file transmission unit 21 transmits the environment information collection agent file to each of all user terminals 10 belonging to the in-company system 1A, for example, by attaching it to an e-mail (step S102). Here, the environmental information collection operation of each user terminal 10 is the same as that described in the first embodiment (see FIG. 6A), and thus the description thereof is omitted.

  The management server 20A receives environment information from each user terminal 10 belonging to the in-company system 1A (step S103), and receives environment information from all user terminals 10 belonging to the in-company system 1A (step S103). (YES route of S104), one is selected from the plurality of user terminals 10 (step S105), and the following processing (steps S106 to S109, S113, S115 to S119) is executed.

In step S104, when environment information is received from all user terminals 10 belonging to the in-company system 1A, the process proceeds to the next process (steps S106 to S109, S113, S115 to S119). If environment information from all the user terminals 10 cannot be received even after a lapse of time, the following processing (steps S106 to S109, S113, S115) is performed based on the environment information received at the time when the predetermined time has elapsed. To S119). Further, when environmental information is received from all user terminals 10 belonging to the in-company system 1A, the process is not shifted to the next process (steps S106 to S109, S113, S115 to S119), but one user terminal. The following processing (steps S106 to S109, S113, S115, and S116) may be executed each time environmental information is received from 10.

  When one unprocessed user terminal 10 is selected in step S105, the storage unit (table) of the management server 20A is referred to, and the user terminal (hereinafter may be referred to as a processing target terminal) 10 is already managed. It is determined whether or not it is registered as the reinforcement target terminal 10A (step S106). If it is not registered as the management strengthening target terminal 10A (NO route in step S106), the environment information collected for the processing target terminal 10 by the comparison unit 23a is set as a policy definition related to security [the above item (1) Compared to (5), whether or not the processing target terminal 10 violates the policy definition, and if it violates, the content of the policy violation (including the number of policy violations) is specified ( Step S107). The comparison result (policy violation content and number of policy violations) by the comparison unit 23a is associated by the storage unit 24 with identification information that can identify the processing target terminal 10, and is stored in the storage unit of the management server 20A as a past comparison result. Saved (step S108). When the processing target terminal 10 does not violate the policy, the fact is stored as a comparison result.

  When the processing target terminal 10 violates the policy (YES route in step S109), the processing unit 10a identifies the processing target terminal 10 as the management strengthening target terminal 10A by the comparison unit 23a. Identification information or the like for specifying the target terminal 10A) is registered in a table or the like (step S113).

  On the other hand, if it is determined in step S106 that the processing target terminal 10 has already been registered as the management strengthening target terminal 10A (YES route in step S106), the processing unit terminal that is the management strengthening target terminal 10A is compared by the comparison unit 23a. The environmental information collected for 10 is compared with a policy definition relating to security set in advance [see items (1) to (5) above], and whether or not the terminal 10 to be processed violates the policy definition. If so, the content of the policy violation (including the number of policy violations) is specified (step S115). The comparison result (policy violation content and number of policy violations) by the comparison unit 23a is associated by the storage unit 24 with identification information that can identify the processing target terminal 10, and is stored in the storage unit of the management server 20A as a past comparison result. After being stored (step S116), the process proceeds to step S117 described later.

  As in the first embodiment, if the processing target terminal 10 does not violate the policy at this point, the fact is saved as a comparison result. In this embodiment, the processing target is Even if it is determined that the terminal 10 does not violate the policy, the management strengthening target terminal 10A is not excluded from the management strengthening target. In this embodiment, as will be described later with reference to FIG. 10, the user of the terminal 10 that has been identified as a management enhancement target has received an electronic education about policy violation and has achieved a result that is above the reference point. Exclude from the management enhancement only when the violation is resolved. In other words, even if the user resolves the policy violation without receiving the electronic education about the policy violation, it will not be excluded from the management strengthening target, and the user will be sure to receive the electronic education about the policy violation and thoroughly comply with the policy. It has become.

After the process of step S113, or after the process of step S116, or when it is determined in step S109 that the processing target terminal 10 has not violated the policy (NO route), an audit process is performed for all user terminals 10. It is determined whether or not the process has been completed (step S117). If the process has not been completed (NO route of step S117), the process returns to step S105, and the above-described steps S105 to S109, S1
13, the process of S115 to S116 is executed.

  When the audit process has been completed for all the user terminals 10 (YES route in step S117), as in the first embodiment, the estimation unit 268 causes a plurality of user terminals 10 (all the devices belonging to the in-company system 1 to be registered). The latest comparison result obtained by the comparison means 23a obtained in the user terminal 10) and the past comparison result saved by the saving means 24 and the user of the user terminal 10 (management strengthened target terminal 10A) Based on the result of electronic education about the security of the system 1A, the probability of occurrence of a serious accident in security in the in-company system 1A is estimated according to the above-described method (step S118), and the estimated value is obtained by the notification means 269. The administrator of the company system 1A and the user of the user terminal 10 belonging to the company system 1A It is notified through the LAN40 using electronic mail or the like (step S119).

  Next, the management operation by the management unit 26a of the management server 20A for the terminal registered as the management reinforcement target terminal 10A as described above will be described with reference to FIGS.

  FIG. 10 is a flowchart (steps S21 to S23, S201 to S206, S28) for explaining the operation of the management unit 26a in the management server 20A of the present embodiment. As shown in FIG. In order to periodically manage the management strengthening target terminal 10A, the management timing is monitored (step S21). When the management timing is reached (YES route in step S21), the above table and the like are strengthened. It is determined whether the target terminal 10A is registered as a registration terminal (step S22).

  If there is a registered terminal (YES route in step S22), one is selected from the registered terminals (management strengthening target terminal) 10A (step S23), and first described above with reference to FIGS. 5 and 6B. Then, the same electronic education process (step S201) as in the first embodiment is executed. Since the procedure is the same as that of the first embodiment, the description thereof is omitted.

  After completing the electronic education in the registration terminal 10A selected in step S23, the management means 26a refers to the electronic education result for the processing target terminal 10 and registers the processing target terminal 10 as the management strengthening target terminal 10A. All users of the terminal 10A have completed the electronic education about the policy violation that triggered the opportunity (or the electronic education about the policy violation in general, including the content of the policy violation). It is determined whether or not the test result has been acquired, and further, whether or not the policy violation in the registered terminal 10A has been resolved by operating the environmental information collection unit and the comparison unit 23a by the confirmation unit 265 of the management unit 26a. It is confirmed whether or not (step S202).

  When the test result equal to or higher than the reference point has been obtained and all policy violations have been resolved (YES route in step S202), the registration terminal 10A is excluded from the management enhancement target by the exclusion unit 266 of the management unit 26a. That is, the registration (identification information and the like) of the processing target terminal 10 as the management reinforcement target terminal 10A is deleted from the table or the like (step S203), and the process proceeds to step S28.

On the other hand, if a test result equal to or higher than the reference point has not been acquired and / or if all policy violations have not been resolved, that is, if NO is determined in step S202, first, the registration terminal 10A In addition, it is determined whether or not the state in which the policy violation by the confirmation unit 265 is not confirmed continues for a predetermined time (for example, tens of minutes, several hours, one day after being registered as a management enhancement target). (Step S204), it is determined whether or not the user terminal 10 excluded from the management enhancement target by the exclusion unit 266 due to the resolution of the policy violation is the terminal specified again as the management enhancement target terminal 10A by the comparison unit 23a. (Step S205).

  When the confirmation unit 265 does not confirm the cancellation of the policy violation even after a predetermined time has elapsed (YES route in step S204), or the user terminal 10 that has been excluded from the management enhancement target by the exclusion unit 266 along with the resolution of the policy violation. When the comparison means 23a identifies the management strengthening target terminal 10A again (NO route in step S204 to YES route in step S205), a program execution restriction process (step S206) is executed. Note that monitoring / recording / warning / prohibition / blocking processing may be executed together.

  Here, according to the flowchart shown in FIG. 11 (steps S31 to S33, S34a), the program execution restriction process executed in step S206 in FIG. 10, the monitoring / recording / warning / inhibition / blocking process, that is, the monitoring in the management means 26a. The operation of means 261 / recording means 263 / warning means 262 / inhibiting means (operation restricting means) 267 will be described.

  In the program execution restriction processing step S206, the monitoring unit 261 monitors and monitors the operation status of the management strengthening target terminal 10A in which the cancellation of the policy violation is not confirmed even after a predetermined time has elapsed and the terminal 10 that has been specified again as the management strengthening target terminal 10A. The monitored operation situation is recorded as an operation log in the management strengthening target terminal 10A by the recording unit 263 (step S32). Here, as described above, the operation status to be monitored / recorded includes, for example, the Internet access history, the usage status of the possessed / unusable application, the log / content of the email, and the screen shot (for example, once every 5 minutes) ) Etc.

  Thereafter, the management means 26a determines whether there is a problem in the operation status of the monitored management enhancement target terminal 10A, that is, a dangerous operation that may cause a serious accident in the management enhancement target terminal 10A (described above). It is determined whether or not has been performed (step S33). When a dangerous operation as described above is performed (YES route in step S33), the warning unit 262 immediately issues a warning to the administrator and the user of the management strengthening target terminal 10A, or prohibiting unit (operation limiting unit). ) 267 prohibits login / access to the server / database (not shown) in the in-company system 1 by the management strengthening target terminal 10A, or manages the management strengthening target terminal 10A by the prohibiting means (operation restricting means) 267. While maintaining the connection state with the server 20 (a state in which data transmission / reception by the agent file as described above is possible), the system is disconnected from the in-company system 1 (step S34a). Then, the prohibiting means (operation restricting means) 267 transmits the operation restricting agent file to the management strengthening target terminal 10A and prohibits execution of a program other than a predetermined program (a program on the white list) in the management strengthening target terminal 10A ( Step S35). The warning / prohibition / blocking process may be performed by combining the warning process and the prohibition process, or the warning process and the blocking process, and any one of the warning process, the prohibition process, and the blocking process is described above. It may be selected according to the level of dangerous operation performed and executed together with the program execution restriction process.

  After performing such a process, the process returns and the process proceeds to the process of step S28 in FIG. 10. On the other hand, when the dangerous operation as described above is not performed (NO route of step S33), step S34a and step S35 are skipped. Then, the process returns and the process proceeds to step S25 in FIG. Further, when the state in which the policy violation is not confirmed is not continued for a predetermined time or more and the management strengthening target terminal 10A is not re-specified (from the NO route in step S204 to the NO route in step S205), the steps in FIG. The process proceeds to S28.

  In step S28, it is determined whether or not the processing has been completed for all registered terminals (management strengthening target terminals) 10A. If not completed (NO route), the process returns to step S23, and unprocessed registrations are performed. Steps S23 and S201 to S206 are performed on the terminal 10A. If the process has been completed for all registered terminals 10A (YES route in step S28), or if it is determined in step S22 that there is no registered terminal (NO route), the process returns to step S21.

[2-3] Effects of the second embodiment:
As described above, according to the management system 1A as the second embodiment of the present invention, environmental information in each of the plurality of user terminals 10 is collected from each user terminal 10 to the management server 20A, and this management server 20A. The policy information related to security is compared with the collected environment information in each user terminal, and the user terminal 10 that violates the policy definition even once (one case) is specified as the management strengthening target terminal 10A. Execution of a program other than a predetermined program is prohibited in the specified management reinforcement target terminal 10A, and the specified management reinforcement target terminal 10A executes electronic education regarding policy violation. After the electronic education, the management reinforcement target terminal 10A performs electronic education. The confirmation means 265 confirms whether or not the policy violation has been resolved according to the management enhancement target terminal 10A. Rishi violation exclude that management enhanced receiver terminal 10A when it is eliminated by excluding means 266 from the management to be reinforced.

  And when the cancellation of the policy violation is not confirmed even after a predetermined time has passed, or when the user terminal 10 once excluded from the management reinforcement target due to the resolution of the policy violation is specified again as the management enhancement target terminal 10A, The operation status at the management enhancement target terminal is monitored and recorded as an operation log.

  Thereby, the user terminal 10 that violates the policy definition even once (one case) is identified as the management strengthening target terminal 10A, and execution other than the predetermined program is prohibited in the management strengthening target terminal 10A, and Since the management strengthening target terminal 10A is to execute the electronic education, the user of the management strengthening target terminal 10A who is violating the policy is immediately provided with the electronic education regarding the policy violation, and the user is in compliance with the policy. Can be surely recognized.

  Furthermore, since execution of a program other than the predetermined program is prohibited at the management strengthening target terminal, a serious security accident can be prevented in advance. Since network connection and normal program execution are not prohibited, normal use is not affected and serious security incidents can be prevented.

  In addition, not all user terminals 10 are targeted, but the management strengthening target terminal 10A in which the cancellation of the policy violation is not confirmed even after a predetermined time has passed, or the user terminal 10 that has been identified again as the management strengthening target terminal 10A Operation logs are recorded for users, without storing and analyzing a huge amount of operation logs, without affecting normal use, and a user terminal that is likely to cause a serious security accident 10 (10A) and operation can be specified reliably. In other words, the management strengthening target terminal 10A in which the cancellation of the policy violation is not confirmed even after the lapse of a predetermined time or the user terminal 10 re-specified as the management strengthening target terminal 10A is likely to cause a serious security accident. The user terminal 10 (10A) is recognized, and such a user terminal 10 (10A) can be reliably placed under the management of a system administrator or the like and the operation status can be recorded. Therefore, it is possible to reliably prevent the occurrence of a serious security accident without saving and analyzing a huge amount of operation logs without affecting normal use.

  At this time, as in the first embodiment, the management strengthening target terminal 10A causes a serious accident by issuing a warning to the administrator or user of the management strengthening target terminal 10A according to the monitoring result of the management strengthening target terminal 10A. When a potentially dangerous operation is performed, a warning can be immediately issued, and the occurrence of a serious security accident can be prevented more reliably and in advance.

  Further, by prohibiting login / access to the server / database in the system 1A to which the plurality of user terminals 10 belong, the management strengthening target terminal 10A is prohibited by the management strengthening target terminal 10A according to the monitoring result of the management strengthening target terminal 10A. For example, when an operation having a security problem is performed, login / access to the server or database of the management strengthened terminal 10A can be prohibited, so that a serious security accident can be more reliably and in advance. Can be prevented.

  Similarly, according to the monitoring result of the management strengthening target terminal 10A, the management strengthening target terminal 10A is disconnected from the system 1A to which the plurality of user terminals 10 belong while maintaining the connection state with the management server 20A. For example, when an operation having a security problem is performed on the management strengthening target terminal 10A, the management strengthening target terminal 10A can be disconnected from the system 1A. Therefore, the management strengthening target terminal 10A is placed under the management of the management server 20A. However, it is possible to prevent the occurrence of a serious security accident more reliably and in advance.

  In the second embodiment, when the confirmation unit 265 does not confirm the cancellation of the policy violation in the management strengthening target terminal 10A even after a predetermined time (for example, several tens of minutes, several hours, one day) has elapsed, When the user terminal 10 excluded from the management enhancement target by the exclusion unit 266 is identified again as the management enhancement target terminal 10A by the comparison unit 23a along with the cancellation, the management enhancement target terminal 10A is prohibited from being executed / operated except for a predetermined program. Log collection / recording target, but instead of this, the management strengthening target terminal 10A maintains the connection state with the management server 20A (the state where data transmission / reception by the agent file as described above is possible) by the blocking means 267. However, it is also conceivable to configure such that it is cut off from the in-company system 1A.

  As for the management strengthening target terminal 10A blocked from the system 1A in this way, the administrator or the like directly audits the terminal 10A (or its user) and confirms that security safety has been obtained. Only when a proper permission is obtained, it is excluded from the management strengthening target and enables connection to the system 1A. As a result, it is possible to allow the connection to the system 1A after allowing the terminal 10 and its users who are not aware of policy violations to thoroughly observe the policy, and to ensure the occurrence of a serious security accident. Moreover, it can be prevented beforehand.

[3] Third embodiment:
[3-1] Configuration of the third embodiment:
FIG. 12 is a block diagram showing the configuration of a management system (management server and user terminal) as the third embodiment of the present invention. As shown in FIG. 12, the management system (in-house system) of the third embodiment. In the same manner as in the first embodiment, the information processing system 1B is constructed by connecting a plurality of user terminals 10, the management server 20B, and the proxy server 30 through the LAN 40 so that they can communicate with each other. System. In the figure, the same reference numerals as those already described indicate the same or substantially the same parts, and detailed description thereof will be omitted.

As described above, the management server 20B in the management system 1B of the third embodiment is connected to each user terminal 10 via the LAN 30 so as to be able to communicate with each other, and manages each user terminal 10, and collects environmental information. It functions as agent file transmission means 21, environment information reception means 22, comparison means 23, storage means 24, identification means 25a and management means 26b. The functions of these means 21, 22, 23, 24, 25a, and 26b are the functions of a management program installed in advance in a storage unit (not shown) by a processing unit (CPU; not shown) constituting the management server 20B. It is realized by executing.

  Since the environment information collection agent file transmission unit 21, the environment information reception unit 22, the comparison unit 23, and the storage unit 24 function in the same manner as in the first embodiment, detailed description thereof is omitted.

  Based on the latest comparison result by the comparison unit 23 and the past comparison result for each user terminal 10 stored in the storage unit 24, the specifying unit 25a has a number of policy violations of 1 to a predetermined number of user terminals. 10 or the user terminal 10 whose number of policy violations is 1 to a predetermined number of times as the first management strengthening target terminal 10B, while the number of policy violations exceeds the predetermined number of user terminals 10 or The user terminal 10 in which the number of policy violations exceeds the predetermined number is specified as the second management enhancement target terminal 10C. Also in the third embodiment, the number and number of policy violations are output from the comparison unit 23 in the same manner as in the first embodiment.

  The management unit 26b manages the management reinforcement target terminals (user terminals) 10B and 10C specified by the specifying unit 25a. The monitoring unit 261, the warning unit 262, the recording unit 263, the electronic education control unit 264, and the confirmation unit 265, exclusion means 266, prohibition means (operation restriction means), estimation means 268, notification means 269a and blocking means 270. In the present embodiment, the information related to the first management strengthening target terminal 10B and the second management strengthening target terminal 10C specified by the specifying unit 25a (such as identification information specifying the terminals 10B and 10C) is stored in the management server 20B. It is registered in a storage unit (RAM, hard disk, etc.) or a table such as a storage device externally attached to the management server 20B.

  Similar to the notification unit 269 of the first embodiment, the notification unit 269a of the third embodiment determines the occurrence probability estimated by the estimation unit 268, such as an administrator of the in-company system 1B and a user terminal belonging to the in-company system 1B. 10 users are notified via the LAN 40 using e-mail or the like and displayed on the terminal of the administrator or the user terminal 10, and the management of the first management enhancement target terminal 10 </ b> B specified by the specifying unit 25 a It also fulfills the function of notifying at least one of the user and the user that the first management enhancement target terminal 10B has been specified.

  The monitoring unit 261 monitors the operation status of the first management strengthening target terminal 10B and the second management strengthening target terminal 10C specified by the specifying unit 25a, and the warning unit 262 is monitored by the monitoring unit 261. The recording unit 263 displays the operation status monitored by the monitoring unit 261 in accordance with the first management strengthening target terminal 10B and the first management target. 2 Recorded as an operation log in the management strengthening target terminal 10C. Note that the warning by the warning unit 262 and the recording of the operation log by the recording unit 263 may be performed for the first management strengthening target terminal 10B and not for the second management strengthening target terminal 10C.

The blocking unit 270 maintains the connection state of the second management strengthening target terminal 10C specified by the specifying unit 25a with the management server 20B (a state in which data transmission / reception using an agent file as described above is possible) 1B in the enterprise system 1B The electronic education control means 264 of the third embodiment causes the second management strengthening target terminal 10C to execute electronic education about policy violations in a state where it is blocked by the blocking means 270. Similar to the first embodiment, the electronic education agent file creation / holding means 264a and the electronic education agent file transmission means 264b are provided.

  Further, the prohibiting means (operation restricting means) 267a of the third embodiment is an in-company system based on the first management strengthening target terminal 10B and the second management strengthening target terminal 10C according to the operation status monitored by the monitoring means 261. Login / access to the server / database (not shown) in FIG.

  Further, the prohibiting means (operation restricting means) 267a of the third embodiment is an in-company system based on the first management strengthening target terminal 10B and the second management strengthening target terminal 10C according to the operation status monitored by the monitoring means 261. The management enhancement target terminal 10A is connected to the management server 20 in accordance with the function as a prohibition unit for prohibiting login / access to the server / database (not shown) in 1A and the operation status monitored by the monitoring unit 261. It also has a function as a blocking means for blocking from the in-company system 1B while maintaining (a state where data transmission / reception by an agent file as described above is possible).

  Further, the prohibiting means (operation restricting means) 267 resolves the policy violation in the management strengthening target terminal 10A by the confirmation means 265 after the first management strengthening target terminal 10B and the second management strengthening target terminal 10C are specified by the specifying means 25. Until the confirmation is made, create an operation restriction agent file that prohibits execution of programs other than the specified program (whitelisted program) on the terminal subject to enhanced management, and attach it to an e-mail. This is transmitted to the target terminal 10B and the second management enhancement target terminal 10C. That is, the prohibiting means (operation restricting means) 267 constitutes an operation restricting means in the claims.

  In addition, the prohibition means (operation restriction means) 267 is configured to detect a policy violation in the management strengthening target terminal 10A by the confirmation means 265 after the first management strengthening target terminal 10B and the second management strengthening target terminal 10C are specified by the specifying means 25. Until the resolution is confirmed, create an operation restriction agent file that prohibits the execution of programs other than the specified program (whitelisted program) on the management-strengthening target terminal and deletes the program that is prohibited from executing. Then, it is sent to the first management strengthening target terminal 10B and the second management strengthening target terminal 10C by attaching it to an e-mail.

  Further, as in the first embodiment, the confirmation unit 265 operates the environment information collection unit and the comparison unit 23 described above after the electronic education control unit 264 performs the electronic education in the second management strengthening target terminal 10C. The exclusion means 266 confirms whether or not the policy violation in the second management strengthening target terminal 10C has been resolved, and the exclusion means 266 is the policy violation in the second management strengthening target terminal 10C by the confirmation means 265 as in the first embodiment. The second management strengthening target terminal 10C is selected from the management strengthening target on the condition that the cancellation of the second management strengthening terminal 10C and the user of the second management strengthening target terminal 10C have achieved a score exceeding the reference point in the electronic education about policy violation. Exclude it. At this time, the second management strengthening target terminal 10C may be excluded from the management strengthening target at all, or the second management strengthening target terminal 10C is switched from the second management strengthening target terminal 10C to the first management strengthening target terminal 10B. May be.

[3-2] Operation of the third embodiment:
Next, the operation of the third embodiment configured as described above will be described with reference to FIGS.

First, the operation of the management server 20B according to the third embodiment will be described with reference to the flowchart shown in FIG. As shown in FIG. 13, the management server 20B periodically audits all user terminals (PCs) 10 (
Environmental information collection and policy definition comparison are being performed, and whether or not the audit timing has been reached is monitored (step S101). When the audit timing is reached (YES route in step S101), it is registered in advance in the management server 20B. Based on the information (email address etc.) regarding each user terminal 10 at the transmission destination, the environment information collection agent file transmission means 21 attaches the environment information collection agent file to the e-mail. 1 is transmitted to each of all user terminals 10 belonging to 1 (step S102). Here, the environmental information collection operation of each user terminal 10 is the same as that described in the first embodiment (see FIG. 6A), and thus the description thereof is omitted.

  The management server 20B receives environment information from each user terminal 10 belonging to the in-company system 1B (step S103), and receives environment information from all user terminals 10 belonging to the in-company system 1B (step S103). (YES route of S104), one is selected from a plurality of user terminals 10 (step S105), and the following processing (steps S106a, S107 to S110, S111a to S114a, S115 to S119, S121 to S126) is executed. To do.

  In step S104, when environment information is received from all user terminals 10 belonging to the in-company system 1B, the following processing (steps S106a, S107 to S110, S111a to S114a, S115 to S119, S121 to S126) is performed. However, if environment information from all the user terminals 10 cannot be received even after a predetermined time has elapsed, the next processing (on the basis of the environment information received at the time when the predetermined time has elapsed) You may transfer to step S106a, S107-S110, S111a-S114a, S115-S119, S121-S126. When environment information is received from all user terminals 10 belonging to the in-company system 1B, the process proceeds to the next process (steps S106a, S107 to S110, S111a to S114a, S115 to S119, S121 to S126). Instead, each time environmental information is received from one user terminal 10, the following processing (steps S106a, S107 to S110, S111a to S114a, S115, S116, S121 to S126) may be executed.

  When one unprocessed user terminal 10 is selected in step S105, the storage unit (table) of the management server 20B is referred to, and the user terminal (hereinafter may be referred to as a processing target terminal) 10 has already been stored. It is determined whether it is registered as the first management strengthening target terminal 10B or the second management strengthening target terminal 10C (step S106a). If it is not registered in either the first management strengthening target terminal 10B or the second management strengthening target terminal 10C (NO route in step S106a), the environmental information collected for the processing target terminal 10 by the comparison unit 23 is stored in advance. Compared to the policy definition for security that has been set (see the above items (1) to (5)), whether or not the processing target terminal 10 violates the policy definition, and if it violates, The contents (including the number of policy violations) are specified (step S107). The comparison result (policy violation content and number of policy violations) by the comparison unit 23 is associated by the storage unit 24 with identification information or the like that can identify the processing target terminal 10, and is stored in the storage unit of the management server 20B as a past comparison result. Saved (step S108). When the processing target terminal 10 does not violate the policy, the fact is stored as a comparison result.

If the processing target terminal 10 violates the policy (YES route in step S109), the comparison unit 10a reads the past comparison result for the processing target terminal 10 (step S110), and then the comparison unit. 23, the number of policy violations is 1 to a predetermined number or the number of policy violations, based on the latest comparison result of 23 and the past comparison result of each user terminal 10 stored by the storage unit 24. Is the first management strengthening target terminal 10B 1 to a predetermined number of times, or is the number of policy violations exceeding the predetermined number, or is the second management strengthening target terminal 10C having the number of policy violations exceeding the predetermined number of times? It is determined and specified whether or not (step S111a).

  When the processing target terminal 10 is the first management strengthening target terminal 10B (“first” route in step S112), identification information that identifies the processing target terminal 10 (first management strengthening target terminal 10B) by the specifying unit 25a Are registered in the table or the like (step S113a), and at least one of the administrator and the user of the first management enhancement target terminal 10B identified by the identification unit 25a is notified by the notification unit 269a. The fact that it has been identified as the terminal 10B is notified (step S114a).

  When the processing target terminal 10 is the second management strengthening target terminal 10C (“second” route in step S112), identification information for identifying the processing target terminal 10 (second management strengthening target terminal 10C) by the specifying unit 25a Are registered in the table or the like (step S125), and the blocking means 270 connects the registered second management strengthening target terminal 10C with the management server 20B (a state in which data transmission / reception by the agent file is possible). Is maintained from the in-company system 1B (step S126).

  Further, the prohibition means (operation restriction means) 267 creates an operation restriction agent file that prohibits execution of a program other than a predetermined program (whitelisted program) in the second management enhancement target terminal 10C, and attaches it to an e-mail. Then, the second management strengthening target terminal 10C, which has been transmitted to the second management strengthening target terminal 10C and has received this operation restriction agent file, is prohibited from executing other than a predetermined program (a program on the white list) (step S126). ).

  By maintaining the connection state with the management server 20B in this way, even if the second management strengthening target terminal 10C is disconnected from the in-company system 1, at least between the second management strengthening target terminal 10C and the management server 20B. Only the exchange (exchange of information such as various agent files, environment information, electronic education results, operation status, etc.) is maintained. In addition, when registering in step S125, the second management is performed for at least one of the administrator and the user of the second management strengthening target terminal 10C specified by the specifying unit 25a by the notification unit 269a. The fact that it has been identified as the enhancement target terminal 10C is notified.

  On the other hand, if it is determined in step S106a that the processing target terminal 10 has already been registered as the first management strengthening target terminal 10B or the second management strengthening target terminal 10C (YES route in step S106a), the comparison unit 23 The environment information collected for the processing target terminal 10 that is the management strengthening target terminal 10B or 10C is compared with a policy definition relating to security set in advance [see the above items (1) to (5)], and the processing target terminal 10 Whether the policy definition is violated or not, if it is violated, the content of the policy violation (including the number of policy violations) is specified (step S115). The comparison result (policy violation content and number of policy violations) by the comparison unit 23 is associated by the storage unit 24 with identification information or the like that can identify the processing target terminal 10, and is stored in the storage unit of the management server 20B as a past comparison result. Saved (step S116).

As in the first embodiment, if the processing target terminal 10 does not violate the policy at this point, the fact is stored as a comparison result. In this embodiment, the processing target is Even if it is determined that the terminal 10 does not violate the policy, the management strengthening target terminals 10B and 10C are not excluded from the management strengthening targets. In the present embodiment, as will be described later with reference to FIG. 14, the user of the terminal 10 once specified as the first management enhancement target or the second management enhancement target is in the state of the second management enhancement target terminal 10 </ b> C. It is excluded from management strengthening only when it has achieved a score above the reference point after receiving electronic education on policy violations and has resolved policy violations. That is, even if the user of the first management strengthening target terminal 10B or the second management strengthening target terminal 10C resolves the policy violation without receiving the electronic education about the policy violation, it is not excluded from the management strengthening target, and the policy must be set. They have been educated on violations and ensured policy compliance.

  After storing the comparison result in step S116, it is determined whether the processing target terminal 10 is the first management strengthening target terminal 10B or the second management strengthening target terminal 10C (step S121), and the first management strengthening is performed. If it is the target terminal 10B (YES route of step S121), the past comparison result for the processing target terminal 10 is read by the specifying unit 25a (step S122), and then the latest comparison result and storage by the comparison unit 23 are stored. Based on the past comparison results for each user terminal 10 stored by the means 24, the processing target terminal 10 remains the first management strengthening target terminal 10B, or the number of policy violations is the predetermined number. It is determined and specified whether or not the terminal is the second management strengthening target terminal 10C that has exceeded or the number of policy violations exceeds the predetermined number. That (step S123).

  When the processing target terminal 10 remains the first management strengthening target terminal 10B (NO route in step S124), the notifying unit 269a provides at least one of the administrator and the user of the first management strengthening target terminal 10B to The fact that it is still specified as the first management strengthening target terminal 10B is notified (step S114a). Further, when the processing target terminal 10 is changed from the first management strengthening target terminal 10B to the second management strengthening target terminal 10C (YES route of Step S124), the processing of Step S125 and Step S126 described above is executed.

  On the other hand, when the processing target terminal 10 is the second management strengthening target terminal 10C (NO route of step S121), the process proceeds to step S126, and the cutoff state of the second management strengthening target terminal 10C from the system 1B is maintained.

  After processing in step S114a, after processing in step S126, or when it is determined in step S109 that the processing target terminal 10 has not violated the policy (NO route), or in step S112a, the processing target terminal 10 If it is determined that neither the management strengthening target terminal 10B nor 10C is determined (NO route), it is determined whether or not the audit process has been completed for all user terminals 10 (step S117), and if not completed (step S117). NO route), the process returns to the process of step S105, and the processes of steps S105, S106a, S107 to S110, S111a to S114a, S115, S116, and S121 to S126 described above are performed on the unprocessed user terminal 10.

  When the audit process has been completed for all the user terminals 10 (YES route in step S117), as in the first embodiment, the estimation unit 268 causes a plurality of user terminals 10 (all the devices belonging to the in-company system 1 to be registered). The latest comparison result obtained by the comparison unit 23 and the past comparison result stored by the storage unit 24 obtained for the user terminal 10) and the user of the user terminal 10 (management strengthening target terminals 10B and 10C) Based on the result of electronic education on the security of the in-company system 1B, the probability of occurrence of a serious security accident in the in-company system 1B is estimated according to the above-described method (step S118), and the estimated value is the notification means 269a. Accordingly, the administrator of the in-company system 1B and the user terminal 10 belonging to the in-company system 1B. The user is notified via the LAN40 using electronic mail or the like (step S119).

  Next, the management operation by the management unit 26b of the management server 20B for the terminals registered as the management reinforcement target terminals 10B and 10C as described above will be described with reference to FIG.

FIG. 14 is a flowchart (steps S21 to S23, S211 to S216, S28) for explaining the operation of the management unit 26b in the management server 20B of this embodiment. As shown in FIG. In order to periodically manage the management strengthening target terminals 10B and 10C, it is monitored whether or not the management timing is reached (step S21). When the management timing is reached (YES route of step S21), the above table is displayed. It is determined whether the management strengthening target terminals 10B and 10C are registered as registered terminals (step S22).

  When there is a registered terminal (YES route in step S22), one of the registered terminals (management strengthening target terminals) 10B and 10C is selected (step S23), and the registered terminal is the first management strengthening target terminal 10B. Or the second management strengthening target terminal 10C (step S211), and if it is the first management strengthening target terminal 10B ("first" route in step S211), operation restriction (execution prohibition other than a predetermined program) / After executing the monitoring / recording / warning / prohibition / blocking process (step S212), the process proceeds to step S28. Note that the operation restriction (execution prohibition other than predetermined program) / monitoring / recording / warning / prohibition / blocking processing in step S212 is the same as the processing of the second embodiment described above with reference to FIG. Description is omitted.

  When the registered terminal is the second management strengthening target terminal 10C ("second" route in step S211), first, execution prohibition other than the predetermined program, monitoring / recording / warning process (step S213) is executed. Since the second management enhancement target terminal 10C is already disconnected from the system 1B at the time of registration (see step S126 in FIG. 13), here, the operation restriction described above with reference to FIG. / Monitoring / recording / warning / prohibiting / blocking processing is excluded from prohibiting / blocking processing. The procedure is substantially the same as the procedure shown in FIG.

  Thereafter, the same electronic education process (step S214) as that of the first embodiment described above with reference to FIGS. 5 and 6B is executed for the second management strengthening target terminal 10C. Since the procedure is the same as that of the first embodiment, the description thereof is omitted.

  After completing the electronic education in the second management strengthening target terminal 10C, the management means 26b refers to the electronic education result for the processing target terminal 10 and registers the processing target terminal 10 as the second management strengthening target terminal 10C. All users of the terminal 10C have completed the electronic education about the policy violation that triggered the event (or the electronic education about the general policy violation including the content of the policy violation) It is determined whether or not the test result has been acquired, and further, whether or not the policy violation in the registered terminal 10C has been resolved by operating the environmental information collection unit and the comparison unit 23 by the confirmation unit 265 of the management unit 26b. It is confirmed whether or not (step S215).

  When a test result equal to or higher than the reference point is obtained and all policy violations are resolved (YES route in step S215), the registration terminal 10C is excluded from the management enhancement target by the exclusion unit 266 of the management unit 26b. After the registration (identification information, etc.) of the processing target terminal 10 as the second management enhancement target terminal 10C is deleted from the table or the like and the blocking state from the system 1B by the blocking means 270 is released (step S216), step The process proceeds to S28. At this time, as described above, the second management strengthening target terminal 10C may be excluded from the management strengthening target at all, or the second management strengthening target terminal 10C may be excluded from the second management strengthening target terminal 10C. You may switch to the terminal 10B. On the other hand, if a test result equal to or higher than the reference point has not been acquired and / or if all policy violations have not been resolved, that is, if NO is determined in step S215, step S216 is skipped and step S216 is skipped. The process proceeds to S28.

  In step S28, it is determined whether or not the processing has been completed for all the registered terminals (management strengthening target terminals) 10B and 10C. If the processing has not been completed (NO route), the process returns to step S23, and is not processed. The processes of steps S23, S211 to S216 are executed for the registered terminals 10B and 10C. When the process is completed for all the registered terminals 10B and 10C (YES route in step S28), or when it is determined in step S22 that there is no registered terminal (NO route), the process returns to step S21.

[3-3] Effects of the third embodiment:
As described above, according to the management system 1B as the third embodiment of the present invention, the environmental information in each of the plurality of user terminals 10 is collected from each user terminal 10 to the management server 20B, and this management server 20B. The policy information related to security is compared with the collected environmental information in each user terminal 10 to identify the user terminal 10 and the content of the policy violation, and the number of policy violations based on the latest and past comparison results 1 to a predetermined number of user terminals 10 or user terminals 10 having a policy violation number of 1 to a predetermined number of times are specified as the first management strengthening target terminal 10B, while the number of policy violations is the predetermined number of times. The user terminal 10 exceeding the predetermined number or the user terminal 10 where the number of policy violations exceeds the predetermined number is the second management enhancement target terminal 10C. It is identified with.

  Then, the administrator and the user of the first management strengthening target terminal 10B and the second management strengthening target terminal 10C are notified that they have been specified as the first management strengthening target terminal 10B and the second management strengthening target terminal 10C, respectively. At the same time, the operation status at the first management enhancement target terminal 10B and the second management enhancement target terminal 10C is monitored and recorded as an operation log. Then, in the identified first management reinforcement target terminal 10B and the second management reinforcement target terminal 10C, execution other than the predetermined program is prohibited by the management server 20B.

  Further, for the second management strengthening target terminal 10C, the electronic education about policy violation is executed while being disconnected from the in-company system 1B while maintaining the connection state with the management server 20B.

  In this way, by notifying the administrator and the user of the first management strengthening target terminal 10B and the second management strengthening target terminal 10C, the first management strengthening target terminal 10B and the second management strengthening are given to the administrator and the user. It can be recognized that it is specified as the target terminal 10C, and the occurrence of a serious security accident can be prevented more reliably and in advance.

  Furthermore, since execution of a program other than the predetermined program is prohibited at the management strengthening target terminal, a serious security accident can be prevented in advance. Since network connection and normal program execution are not prohibited, normal use is not affected and serious security incidents can be prevented.

Also, not all user terminals 10 are targeted, but operation logs are recorded for the first management strengthening target terminal 10B and the second management strengthening target terminal 10C, and a huge amount of operation logs are stored. -Without analysis, it is possible to reliably identify user terminals and operations that are likely to cause a serious security accident without affecting normal use. That is, the user terminal 10 having a policy violation number of 1 to a predetermined number, the user terminal 10 having a policy violation number of 1 to a predetermined number, and the user terminal 10 having a policy violation number exceeding the predetermined number. Alternatively, the user terminals 10 whose number of policy violations exceeds the predetermined number of times are likely to cause serious security accidents (first management strengthening target terminal 10B and second management strengthening target terminal 10C). It is possible to place such user terminals 10B and 10C under the control of a system administrator or the like and record the operation status. Therefore, it is possible to reliably prevent the occurrence of a serious security accident without saving and analyzing a huge amount of operation logs without affecting normal use. The operation log recording target may be only the first management enhancement target terminal 10B. In this case, the operation log recording target is further narrowed down, and the amount of operation logs to be stored and analyzed can be further reduced.

  Furthermore, the second management strengthening target terminal 10C, which has a greater number of policy violations / number of times than the first management strengthening target terminal 10B and is more likely to cause a serious security accident, is shut off from the in-company system 1B. It is possible to reliably execute electronic education about policy violations without affecting the security of 1B, and to ensure that the user is aware of policy compliance while ensuring the safety of system 1B. .

  Then, after the electronic education, it is confirmed whether or not the policy violation in the second management strengthening target terminal 10C has been resolved according to the electronic education, and the second case in which the policy violation in the second management strengthening target terminal 10C is resolved. A user terminal (second management enhancement target) that is likely to cause a serious security accident by excluding the management reinforcement target terminal 10C from the management enhancement target (or may be switched to the first management enhancement target terminal 10B). Since the terminal 10C) is surely placed under the management of the system administrator or the like until the policy violation is resolved according to the electronic education, it is possible to reliably and prevent the occurrence of a serious security accident.

  In addition, it is confirmed whether or not the policy violation in the first management strengthening target terminal 10B has been resolved. If the policy violation in the first management strengthening target terminal 10B is resolved, the first management strengthening target terminal 10B is subject to management strengthening. In this case, the user terminal (first management strengthening target terminal 10B) that has a high possibility of causing a serious security accident is surely a system administrator until the policy violation is resolved. It is possible to record the operation status under the control of etc., without saving and analyzing a huge amount of operation logs, without affecting the normal use, ensuring the occurrence of serious security accidents Moreover, it can be prevented beforehand.

  Further, by issuing a warning to the administrator or user of the management reinforcement target terminals 10B and 10C according to the monitoring result of the management reinforcement target terminals 10B and 10C, the management reinforcement target terminals 10B and 10C may cause a serious accident, for example. It is possible to issue a warning immediately when a dangerous operation with security or an operation with a security problem is performed, thereby preventing a serious security accident more reliably and in advance. it can.

  Further, by prohibiting login / access to the server / database in the in-company system 1B by the management strengthening target terminals 10B, 10C according to the monitoring results of the management strengthening target terminals 10B, 10C, the management strengthening target terminals 10B, 10C. Login / access to the server or database can be prohibited when a dangerous operation that may cause a serious accident or an operation with a security problem is performed. Can be prevented more reliably and in advance.

[3-4] Modification of Third Embodiment:
In the third embodiment described above, as described with reference to FIGS. 13 and 14, notification processing (see step 114 a in FIG. 13) and operation restriction (execution other than the predetermined program) are performed on the first management strengthening target terminal 10 </ b> B. Prohibition) / monitoring / recording / warning / prohibition / blocking process (see step S212 in FIG. 14), blocking process (see step S126 in FIG. 13) and notification process (see FIG. 13) for the second management strengthening target terminal 10C. Step 114a of FIG. 14) and operation restriction (prohibition of execution of programs other than predetermined programs) / monitoring / recording / warning / prohibition processing (step S213 in FIG. 14) are performed, but the first management strengthening target terminal 10B and the second management strengthening target The management process to be performed on the terminal 10C is not limited to this.

  For example, notification processing (see step 114a in FIG. 13), operation restriction (execution prohibition other than predetermined program) / monitoring / recording / warning / prohibition / blocking processing (see step S212 in FIG. 14) for the first management enhancement target terminal 10B. ) And electronic education processing, and for the second management strengthening target terminal 10C, blocking processing (see step S126 in FIG. 13), notification processing (step 114a in FIG. 13) and operation restriction (execution prohibition other than predetermined program) / monitoring / Recording / warning / prohibition processing (step S213 in FIG. 14) may be performed.

  In the management server 20B in this modification, PC audit, environmental information collection, identification / registration / notification of the first management strengthening target terminal 10B / second management strengthening target terminal 10C, blocking of the second management strengthening target terminal 10C, serious The operations such as the accident occurrence probability estimation / notification are the same as the operations described in accordance with the flowchart shown in FIG. 13 (steps S101 to S105, S106a, S107 to S110, S111a to S114a, S115 to S119, S121 to S126). The description is omitted.

  Next, a modified example of the management operation by the management unit 26b of the management server 20B for the terminals registered as the management reinforcement target terminals 10B and 10C in the procedure shown in FIG. 13 will be described with reference to FIG.

  FIG. 15 is a flowchart (steps S21 to S23, S221 to S228, S28) for explaining a modified example of the operation of the management means 26b in the management server 20B of this embodiment. As shown in FIG. 15, the management means In 26b, in order to periodically manage the management strengthening target terminals 10B and 10C, whether or not the management timing has come is monitored (step S21), and when the management timing comes (YES route of step S21), It is determined whether or not the management strengthening target terminals 10B and 10C are registered as registered terminals in a table or the like (step S22).

  When there is a registered terminal (YES route in step S22), one of the registered terminals (management strengthening target terminals) 10B and 10C is selected (step S23), and the registered terminal is the first management strengthening target terminal 10B. Or the second management strengthening target terminal 10C (step S211), and if it is the first management strengthening target terminal 10B ("first" route in step S221), operation restriction (execution prohibition other than predetermined program) / After executing the monitoring / recording / warning / prohibition / blocking process (step S222; corresponding to step S212 in FIG. 14), the first management strengthening target terminal 10B is referred to with reference to FIGS. 5 and 6B. The electronic education process (step S223) similar to that of the first embodiment described above is executed. Since the procedure is the same as that of the first embodiment, the description thereof is omitted.

  After completing the electronic education in the first management strengthening target terminal 10B, the management means 26b refers to the electronic education result for the processing target terminal 10 and registers the processing target terminal 10 as the first management strengthening target terminal 10B. All users of the terminal 10B have completed the electronic education about the policy violation that triggered the opportunity (or the electronic education about the general policy violation including the content of the policy violation). It is determined whether or not the test result has been acquired, and further, whether or not the policy violation in the registered terminal 10B has been resolved by operating the environmental information collection unit and the comparison unit 23 by the confirmation unit 265 of the management unit 26b. It is confirmed whether or not (step S224).

If the test result equal to or higher than the reference point has been obtained and all policy violations have been resolved (YES route in step S224), the registration terminal 10B is excluded from the management enhancement target by the exclusion unit 266 of the management unit 26b. That is, the registration (identification information and the like) of the processing target terminal 10 as the first management enhancement target terminal 10B is deleted from the table or the like (step S225), and the process proceeds to step S28. On the other hand, if a test result equal to or higher than the reference point has not been acquired and / or if all policy violations have not been resolved, that is, if NO is determined in step S224, step S225 is skipped and step S225 is skipped. The process proceeds to S28.

  When the registered terminal is the second management strengthening target terminal 10C ("second" route in step S221), the operation restriction (execution prohibited except for the predetermined program) / monitoring / recording / warning process (step S226) is executed. Since the second management enhancement target terminal 10C is already disconnected from the system 1B at the time of registration (see step S126 in FIG. 13), here, the operation restriction described above with reference to FIG. / Monitoring / recording / warning / prohibiting / blocking processing is excluded from prohibiting / blocking processing. The procedure is substantially the same as the procedure shown in FIG.

  After this, for the second management strengthening target terminal 10C to be processed, the administrator or the like directly audits the terminal (or its user) and confirms that security safety has been obtained, and a special permission is granted. It is determined whether or not it has been obtained (step S227), and if the permission has been obtained (YES route of step S227), the exclusion unit 266 of the management unit 26b excludes the registered terminal 10C from the management enhancement target. That is, after the registration (identification information, etc.) of the processing target terminal 10 as the second management enhancement target terminal 10C is deleted from the table or the like, and the blocking state from the system 1B by the blocking means 270 is released (step S228). ), The process proceeds to step S28. At this time, as described above, the second management strengthening target terminal 10C may be excluded from the management strengthening target at all, or the second management strengthening target terminal 10C may be excluded from the second management strengthening target terminal 10C. You may switch to the terminal 10B. If the permission has not been obtained (NO route of step S227), the process proceeds to step S28 while maintaining the current status as the second management strengthening target terminal 10C.

  In step S28, it is determined whether or not the processing has been completed for all the registered terminals (management strengthening target terminals) 10B and 10C. If the processing has not been completed (NO route), the process returns to step S23, and is not processed. The processes of steps S23, S221 to S228 are executed for the registered terminals 10B and 10C. When the process is completed for all the registered terminals 10B and 10C (YES route in step S28), or when it is determined in step S22 that there is no registered terminal (NO route), the process returns to step S21.

  According to such a modification of the third embodiment of the present invention, the same operational effects as those of the third embodiment described above can be obtained. In this modification, a policy violation is made against the first management strengthening target terminal 10B. It is possible to ensure that the electronic education about the system is executed and to ensure that the user is aware of policy compliance.

  On the other hand, the number of policy violations / number of times is higher than that of the first management strengthening target terminal 10B, and the second management strengthening target terminal 10C, which is more likely to cause a serious security accident, is blocked from the in-company system 1B. The safety of the system 1B can be reliably maintained. For the second management strengthening target terminal 10C blocked in this way, the administrator or the like directly audits the terminal (or its user) and confirms that security safety has been obtained, and a special permission is granted. Is obtained from the second management strengthening target (or switched to the first management strengthening target terminal), and the connection to the system 1B is made possible, so that the safety of the system 1B is more reliably maintained. Is done.

After the electronic education for the first management strengthening target terminal 10B, the first management strengthening target terminal 10B confirms whether or not the policy violation is resolved according to the electronic education, and the policy violation in the first management strengthening target terminal 10B. When the problem is solved, the first management enhancement target terminal 10B
Is excluded from the management enhancement target, the user terminal (first management enhancement target terminal 10B) that has a high possibility of causing a serious security accident is surely a system until the policy violation is resolved according to electronic education. Since it is under the management of an administrator or the like, the occurrence of a serious security accident can be surely prevented.

[4] Other:
The present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the spirit of the present invention.

  Further, the above-described environment information collection agent file transmission means 21, environment information reception means 22, comparison means 23, 23a, storage means 24, identification means 25, 25a and management means 26, 26a, 26b [monitoring means 261, warning means 262 Recording means 263, electronic education control means 264, confirmation means 265, exclusion means 266, prohibition means (operation restriction means) 267, prohibition means (operation restriction means) 267 a, estimation means 268, notification means 269, and interruption means 270. ] (All or a part of the functions of each means) is realized by a computer (including a CPU, an information processing apparatus, and various terminals) executing a predetermined application program (management program).

  The program is, for example, a computer such as a flexible disk, CD (CD-ROM, CD-R, CD-RW, etc.), DVD (DVD-ROM, DVD-RAM, DVD-R, DVD-RW, DVD + R, DVD + RW, etc.). It is provided in a form recorded on a readable recording medium. In this case, the computer reads the management program from the recording medium, transfers it to the internal storage device or the external storage device, stores it, and uses it. Further, the program may be recorded in a storage device (recording medium) such as a magnetic disk, an optical disk, or a magneto-optical disk, and provided from the storage device to a computer via a communication line.

  Here, the computer is a concept including hardware and an OS (operating system), and means hardware operating under the control of the OS. Further, when the OS is unnecessary and the hardware is operated by the application program alone, the hardware itself corresponds to the computer. The hardware includes at least a microprocessor such as a CPU and means for reading a program recorded on a recording medium. The application program as the management program is stored in the computer as described above on the environment information collection agent file transmission means 21, environment information reception means 22, comparison means 23 and 23a, storage means 24, identification means 25 and 25a, and management means 26. , 26a, 26b are included in the program code for realizing the functions. Also, some of the functions may be realized by the OS instead of the application program.

  In addition to the above-described flexible disk, CD, DVD, magnetic disk, optical disk, and magneto-optical disk, the recording medium in the present embodiment includes an IC card, ROM cartridge, magnetic tape, punch card, computer internal storage device (RAM). In addition, various computer-readable media such as an external storage device or a printed matter on which a code such as a barcode is printed can be used.

[5] Note:
(Appendix 1)
Multiple user terminals,
A management server that is communicably connected to the plurality of user terminals and manages the plurality of user terminals;
Environmental information collecting means for collecting environmental information in each of the plurality of user terminals from each user terminal to the management server;
The management server
By comparing the environment information collected by the environment information collecting means with the policy definition related to security set in advance, the user terminal that violates the policy definition and the contents of the policy violation A comparison means to identify;
Storage means for storing past comparison results by the comparison means;
Based on the latest comparison result by the comparison unit and the past comparison result for each user terminal stored in the storage unit, the number of policy violations is a predetermined number of user terminals or policy violations. A specific means for identifying a user terminal that has been repeated more than once as a terminal subject to enhanced management,
Monitoring means for monitoring the operation status of the management strengthening target terminal specified by the specifying means;
Recording means for recording the operation status monitored by the monitoring means as an operation log in the management strengthening target terminal;
An operation restriction unit for prohibiting execution of a program other than a predetermined program in the management strengthen target terminal identified by the identifying unit;
A management system characterized by comprising

(Appendix 2)
The management server
The supplementary note 1 is characterized by comprising warning means for issuing a warning to at least one of an administrator and a user of the management strengthening target terminal according to the operation status monitored by the monitoring means. Management system.

(Appendix 3)
The management server
The management system according to appendix 1 or appendix 2, characterized in that the management enhancement target terminal identified by the identifying means is provided with electronic education control means for executing electronic education on policy violation. .

(Appendix 4)
The management server
After the electronic education control unit executes the electronic education at the management reinforcement target terminal, the environmental information collection unit and the comparison unit are operated to check whether the policy violation at the management enhancement target terminal has been resolved. Confirmation means;
Appendix 3 characterized by comprising exclusion means for excluding the management enhancement target terminal from the management enhancement target when the confirmation means confirms that the policy violation at the management enhancement target terminal has been resolved. The management system described.

(Appendix 5)
The management server
From the time when the management enhancement target terminal is specified by the specifying unit to the time when confirmation of policy violation in the management enhancement target terminal is confirmed by the confirmation unit, The management system according to appendix 4, characterized in that it comprises a prohibiting means for prohibiting login / access to a server / database in the system to which it belongs.

(Appendix 6)
The management server
The management enhancement target terminal is connected to the management server from the time when the management enhancement target terminal is specified by the specifying unit until the confirmation unit confirms that the policy violation in the management enhancement target terminal is resolved. The management system according to appendix 4, wherein the management system is configured to include blocking means for blocking from a system to which the plurality of user terminals belong while maintaining the above.

(Appendix 7)
Multiple user terminals,
A management server that is communicably connected to the plurality of user terminals and manages the plurality of user terminals;
Environmental information collecting means for collecting environmental information in each of the plurality of user terminals from each user terminal to the management server;
The management server
By comparing the environment information collected by the environment information collection means with the policy definition relating to security set in advance, the user terminal that violates the policy definition is defined as a management enhancement target terminal. A comparison means to identify;
Electronic education control means for causing the management enhancement target terminal specified by the comparison means to execute electronic education on policy violation;
After the electronic education control unit executes the electronic education at the management reinforcement target terminal, the environmental information collection unit and the comparison unit are operated to check whether the policy violation at the management enhancement target terminal has been resolved. Confirmation means;
Exclusion means for excluding the management strengthening target terminal from the management strengthening target when the confirmation means confirms the cancellation of the policy violation in the management strengthening target terminal;
When the confirmation means does not confirm the cancellation of the policy violation in the management enhancement target terminal even after a predetermined time has elapsed, or the user terminal excluded from the management enhancement target by the exclusion means due to the resolution of the policy violation A monitoring means for monitoring the operation status of the management strengthening target terminal, when the management strengthening target terminal is specified again by the means;
Recording means for recording the operation status monitored by the monitoring means as an operation log in the management strengthening target terminal;
An operation restriction unit for prohibiting execution of a program other than a predetermined program in the management strengthen target terminal identified by the identifying unit;
A management system characterized by comprising

(Appendix 8)
The management server
The appendix 7 is characterized by comprising warning means for issuing a warning to at least one of an administrator and a user of the management strengthening target terminal according to an operation situation monitored by the monitoring means. Management system.

(Appendix 9)
The management server
According to the operation status monitored by the monitoring means, the management strengthening target terminal is configured to include prohibition means for prohibiting login / access to the server / database in the system to which the plurality of user terminals belong. The management system according to appendix 7 or appendix 8, characterized by:

(Appendix 10)
The management server
According to the operation status monitored by the monitoring unit, the management enhancement target terminal is configured to include a blocking unit that blocks the system to which the plurality of user terminals belong while maintaining a connection state with the management server. 10. The management system according to any one of appendix 7 to appendix 9, wherein

(Appendix 11)
Multiple user terminals,
A management server that is communicably connected to the plurality of user terminals and manages the plurality of user terminals;
Environmental information collecting means for collecting environmental information in each of the plurality of user terminals from each user terminal to the management server;
The management server
By comparing the environment information collected by the environment information collecting means with the policy definition related to security set in advance, the user terminal that violates the policy definition and the contents of the policy violation A comparison means to identify;
Storage means for storing past comparison results by the comparison means;
Based on the latest comparison result by the comparison unit and the past comparison result for each user terminal stored in the storage unit, the number of policy violations is 1 to a predetermined number of user terminals, or policy violations While the number of times 1 to a predetermined number of user terminals is specified as the first management strengthening target terminal, the number of policy violations exceeds the predetermined number, or the number of policy violations exceeds the predetermined number Identifying means for identifying the user terminal as the second management enhancement target terminal;
Notification means for notifying that at least one of the administrator and the user of the first management enhancement target terminal identified by the identification means has been identified as the first management enhancement target terminal;
Monitoring means for monitoring the operation status of the first management enhancement target terminal specified by the specifying means;
Recording means for recording the operation status monitored by the monitoring means as an operation log in the first management strengthening target terminal;
An operation restriction unit for prohibiting execution of a program other than the predetermined program in the first management strengthening target terminal / second management strengthening target terminal specified by the specifying unit;
Blocking means for blocking the second management enhancement target terminal specified by the specifying means from a system to which the plurality of user terminals belong while maintaining a connection state with the management server;
Electronic education control means for causing the second management strengthening target terminal to execute electronic education on policy violation in a state where it is blocked by the blocking means;
A management system characterized by comprising

(Appendix 12)
The management server
Whether or not the policy violation in the second management enhancement target terminal has been resolved by operating the environmental information collection unit and the comparison unit after the electronic education control unit executes the electronic education in the second management enhancement target terminal. A confirmation means for confirming,
And an exclusion means for excluding the second management enhancement target terminal from the management enhancement target when the confirmation means confirms that the policy violation in the second management enhancement target terminal is resolved. The management system according to appendix 11.

(Appendix 13)
The management server
Supplementary note 11 characterized by comprising warning means for issuing a warning to at least one of an administrator and a user of the first management strengthening target terminal according to the operation status monitored by the monitoring means. Or the management system according to Appendix 12.

(Appendix 14)
The management server
In accordance with the operation status monitored by the monitoring means, the first management enhancement target terminal is configured to include prohibition means for prohibiting login / access to a server / database in a system to which the plurality of user terminals belong. The management system according to any one of Supplementary Note 11 to Supplementary Note 13, wherein

(Appendix 15)
Multiple user terminals,
A management server that is communicably connected to the plurality of user terminals and manages the plurality of user terminals;
Environmental information collecting means for collecting environmental information in each of the plurality of user terminals from each user terminal to the management server;
The management server
By comparing the environment information collected by the environment information collecting means with the policy definition related to security set in advance, the user terminal that violates the policy definition and the contents of the policy violation A comparison means to identify;
Storage means for storing past comparison results by the comparison means;
Based on the latest comparison result by the comparison unit and the past comparison result for each user terminal stored in the storage unit, the number of policy violations is 1 to a predetermined number of user terminals, or policy violations While the number of times 1 to a predetermined number of user terminals is specified as the first management strengthening target terminal, the number of policy violations exceeds the predetermined number, or the number of policy violations exceeds the predetermined number Identifying means for identifying the user terminal as the second management enhancement target terminal;
Notification means for notifying that at least one of the administrator and the user of the first management enhancement target terminal identified by the identification means has been identified as the first management enhancement target terminal;
Monitoring means for monitoring the operation status of the first management enhancement target terminal specified by the specifying means;
Recording means for recording the operation status monitored by the monitoring means as an operation log in the first management strengthening target terminal;
An operation restriction unit for prohibiting execution of a program other than the predetermined program in the first management strengthening target terminal / second management strengthening target terminal specified by the specifying unit;
Electronic education control means for causing the first management enhancement target terminal specified by the specifying means to execute electronic education on policy violation;
A management system comprising: blocking means for blocking the second management enhancement target terminal specified by the specifying means from a system to which the plurality of user terminals belong.

(Appendix 16)
The management server
Whether or not the policy violation in the first management enhancement target terminal has been resolved by operating the environmental information collection unit and the comparison unit after the electronic education control unit executes the electronic education in the first management enhancement target terminal. A confirmation means for confirming,
And an exclusion means for excluding the first management enhancement target terminal from the management enhancement target when the confirmation means confirms that the policy violation in the first management enhancement target terminal is resolved. The management system according to appendix 15.

(Appendix 17)
The management server
Supplementary note 15 characterized by comprising warning means for issuing a warning to at least one of an administrator and a user of the first management strengthening target terminal according to the operation status monitored by the monitoring means. Or the management system according to Appendix 16.

(Appendix 18)
The management server
In accordance with the operation status monitored by the monitoring means, the first management enhancement target terminal is configured to include prohibition means for prohibiting login / access to a server / database in a system to which the plurality of user terminals belong. The management system according to any one of supplementary note 15 to supplementary note 17, characterized in that:

(Appendix 19)
The electronic education control means is
An electronic education agent file creation / holding means for creating or holding an electronic education agent file for causing the management enhancement target terminal to execute electronic education regarding policy violation;
An electronic education agent file transmitting means for transmitting the electronic education agent file corresponding to the evaluation result created / held by the electronic education agent file creating / holding means to the management strengthening target terminal;
The management target terminal is
Electronic education agent file execution means for executing electronic education on policy violation in the management reinforcement target terminal to a user of the management enhancement target terminal by executing the electronic education agent file transmitted from the management server The management system according to any one of Supplementary Note 3 to Supplementary Note 18, wherein the management system is provided.

(Appendix 20)
The electronic education control means is
When the electronic training for the management strengthening target terminal is the first time, the electronic training for the management strengthening target terminal is executed while the electronic training for the management strengthening target terminal is executed. Any one of appendix 3 to appendix 19, characterized in that when it is the second time or later, the management reinforcement target terminal is caused to execute electronic education about the policy violation in general including the policy violation content in the management reinforcement target terminal. The management system according to one item.

(Appendix 21)
The environmental information collecting means is composed of environmental information collecting agent file transmitting means and environmental information receiving means in the management server, and environmental information collecting agent file executing means in each of the plurality of user terminals,
The environment information collection agent file transmission means in the management server causes the plurality of user terminals to execute collection of the environment information and notification of the collection result to the management server, Send to the user terminals,
The environment information collection agent file execution means in each user terminal collects the environment information in the user terminal by executing the environment information collection agent file transmitted from the management server, and displays the collection result. Send to the management server and notify
The environment information receiving means in the management server receives the environment information transmitted from each user terminal and passes it to the comparison means, according to any one of appendix 1 to appendix 20, Management system.

(Appendix 22)
The management server
Based on the latest comparison result obtained by the comparison means and the past comparison result for each user terminal stored in the storage means, obtained for the plurality of user terminals, the plurality of user terminals An estimation means for estimating the probability of occurrence of a serious security accident in the system to which the system belongs,
Appendices 1 to 21 comprising notification means for notifying at least one of an administrator and a user of the plurality of user terminals of the occurrence probability estimated by the estimation means The management system according to any one of the above.

(Appendix 23)
The estimating means is
The user of the plurality of user terminals together with the latest comparison result obtained by the comparison unit and the past comparison result for each user terminal stored in the storage unit obtained for the plurality of user terminals. 23. The management system according to appendix 22, wherein the occurrence probability is estimated based on an electronic education result regarding security of the system.

(Appendix 24)
The operation restriction means constitutes means for creating an operation restriction agent file that prohibits execution of a program other than a predetermined program in the specified management enhancement target terminal, and transmitting the file to the user terminal.
The management system according to any one of Supplementary Note 1 to Supplementary Note 22, wherein

(Appendix 25)
Operating a computer as the management system of the above supplementary notes 1 to 24;
A management program characterized by that.

It is a block diagram which shows the structure of the management system (a management server and a user terminal) as 1st Embodiment of this invention. It is a flowchart for demonstrating operation | movement of the management server shown in FIG. It is a flowchart for demonstrating operation | movement of the management means in the management server shown in FIG. 3 is a flowchart for explaining the operation of management means (monitoring / recording / warning means) in the management server shown in FIG. It is a flowchart for demonstrating operation | movement of the management means (electronic education control means) in the management server shown in FIG. It is a flowchart for demonstrating the environmental information collection operation | movement of each user terminal in the management system shown in FIG. 1, and an electronic education operation | movement. It is a flowchart for demonstrating the operation | movement restriction | limiting of the management reinforcement | strengthening object terminal (user terminal) in the management system shown in FIG. It is a block diagram which shows the structure of the management system (a management server and a user terminal) as 2nd Embodiment of this invention. It is a flowchart for demonstrating operation | movement of the management server shown in FIG. It is a flowchart for demonstrating operation | movement of the management means in the management server shown in FIG. It is a flowchart for demonstrating operation | movement of the management means (monitoring / recording / warning means) in the management server shown in FIG. It is a block diagram which shows the structure of the management system (a management server and a user terminal) as 3rd Embodiment of this invention. It is a flowchart for demonstrating operation | movement of the management server shown in FIG. It is a flowchart for demonstrating operation | movement of the management means in the management server shown in FIG. It is a flowchart for demonstrating the modification of operation | movement of the management means in the management server shown in FIG.

Explanation of symbols

1,1A, 1B Management system (in-house system)
10 User terminal 10A Management enhancement target terminal (user terminal)
10B 1st management reinforcement object terminal (user terminal)
10C second management reinforcement target terminal (user terminal)
11 Processing unit (CPU)
111 Environment information collection agent file execution means (environment information collection means)
112 Electronic Education Agent File Execution Unit 20, 20A, 20B Management Server 21 Environment Information Collection Agent File Transmission Unit (Environment Information Collection Unit)
22 Environmental information receiving means (environmental information collecting means)
23, 23a Comparison means 24 Storage means 25, 25a Identification means 26, 26a, 26b Management means 261 Monitoring means 262 Warning means 263 Recording means 264 Electronic education control means 264a Electronic education agent file creation / holding means 264b Electronic education agent file transmission means 265 confirmation means 266 exclusion means 267 prohibition means (operation restriction means)
267a Prohibited means (operation restriction)
268 Estimating means 269, 269a Notifying means 270 Blocking means 30 Proxy server 40 Local area network (LAN)

Claims (6)

Multiple user terminals,
A management server connected to the plurality of user terminals so as to communicate with each other and managing the plurality of user terminals according to a policy definition predetermined as an operating environment to be protected by the user terminals;
Environment information collecting means for collecting environment information related to information on the operating environment in each of the plurality of user terminals from each user terminal to the management server;
The management server
The processing unit executes a predetermined management program, and compares the environment information collected by the environment information collection unit with the environment information and a policy definition relating to security set in advance, so that the operating environment Comparison means to identify the user terminal that violates the policy and the contents of the operating environment that violates the policy,
Storage means for storing a comparison result by the comparison means;
The processing unit executes a predetermined management program, and based on the comparison result stored in the storage unit, the number of policy violations is 1 to a predetermined number of user terminals, or the number of policy violations is 1 to a predetermined number of times. A user terminal whose number of policy violations exceeds the predetermined number, or a user terminal whose number of policy violations exceeds the predetermined number 2 specifying means for specifying as a terminal for strengthening management;
Blocking means for blocking the second management enhancement target terminal specified by the specifying means from a system to which the plurality of user terminals belong while maintaining a connection state with the management server;
Electronic education control means for causing the second management strengthening target terminal to execute electronic education according to the content of the policy violation in a state where the processing unit executes a predetermined management program and is blocked by the blocking means;
After the processing unit executes a predetermined management program and the electronic education control means executes electronic education in the second management reinforcement target terminal, the environmental information collection means and the comparison means are operated to perform the second management enhancement. A confirmation means for confirming whether the policy violation in the target terminal has been resolved,
An exclusion means for switching the second management strengthening target terminal to the first management strengthening target terminal when the confirmation means confirms that the policy violation in the second management strengthening target terminal is resolved;
Management system characterized by comprising Multiple user terminals,
A management server connected to the plurality of user terminals so as to communicate with each other and managing the plurality of user terminals according to a policy definition predetermined as an operating environment to be protected by the user terminals;
Environment information collecting means for collecting environment information related to information on the operating environment in each of the plurality of user terminals from each user terminal to the management server;
The management server
The processing unit executes a predetermined management program, and compares the environment information collected by the environment information collection unit with the environment information and a policy definition relating to security set in advance, so that the operating environment Comparison means to identify the user terminal that violates the policy and the contents of the operating environment that violates the policy,
Storage means for storing a comparison result by the comparison means;
The processing unit executes a predetermined management program, and based on the comparison result stored in the storage unit, the number of policy violations is 1 to a predetermined number of user terminals, or the number of policy violations is 1 to a predetermined number of times. A user terminal whose number of policy violations exceeds the predetermined number, or a user terminal whose number of policy violations exceeds the predetermined number 2 specifying means for specifying as a terminal for strengthening management;
Blocking means for blocking the second management enhancement target terminal specified by the specifying means from a system to which the plurality of user terminals belong while maintaining a connection state with the management server;
An electronic education in which a processing unit executes a predetermined management program and causes the first management strengthening target terminal and the second management strengthening target terminal specified by the specifying means to execute electronic education according to the content of the policy violation. Control means;
After the processing unit executes a predetermined management program and the electronic education control means executes electronic education in the first management strengthening target terminal and the second management strengthening target terminal, the environment information collection means and the comparison means Confirming means for confirming whether or not a policy violation has been resolved between the first management enhancement target terminal and the second management enhancement target terminal;
When the confirmation means confirms that the policy violation in the first management enhancement target terminal is resolved, the first management enhancement target terminal is excluded from the management enhancement target, and the policy violation in the second management enhancement target terminal is resolved. An exclusion means for switching the second management enhancement target terminal to the first management enhancement target terminal when confirmed,
Management system characterized by comprising A management server connected to a plurality of user terminals so as to be able to communicate with each other, and managing the plurality of user terminals according to a policy definition predetermined as an operating environment to be protected by the user terminals,
Environment information collection agent file transmission for transmitting an environment information collection agent file that causes each of the plurality of user terminals to collect environment information and notify the management server of the collection result to the plurality of user terminals Means,
Environmental information receiving means for receiving the environmental information transmitted from each user terminal;
The processing unit executes a predetermined management program, and compares the environment information collected by the environment information receiving unit with the environment information and a policy definition relating to security set in advance, so that the operating environment has the policy definition. Comparison means to identify the user terminal that violates the policy and the contents of the operating environment that violates the policy,
Storage means for storing a comparison result by the comparison means;
The processing unit executes a predetermined management program, and based on the comparison result stored in the storage unit, the number of policy violations is 1 to a predetermined number of user terminals, or the number of policy violations is 1 to a predetermined number of times. A user terminal whose number of policy violations exceeds the predetermined number, or a user terminal whose number of policy violations exceeds the predetermined number 2 specifying means for specifying as a terminal for strengthening management;
Blocking means for blocking the second management enhancement target terminal specified by the specifying means from a system to which the plurality of user terminals belong while maintaining a connection state with the management server;
Electronic education control means for causing the second management strengthening target terminal to execute electronic education according to the content of the policy violation in a state where the processing unit executes a predetermined management program and is blocked by the blocking means;
After the processing unit executes a predetermined management program and the electronic education control means executes electronic education in the second management reinforcement target terminal, the environmental information collection means and the comparison means are operated to perform the second management enhancement. A confirmation means for confirming whether the policy violation in the target terminal has been resolved,
An exclusion means for switching the second management strengthening target terminal to the first management strengthening target terminal when the confirmation means confirms that the policy violation in the second management strengthening target terminal is resolved;
A management server characterized by comprising: A management server connected to a plurality of user terminals so as to be able to communicate with each other, and managing the plurality of user terminals according to a policy definition predetermined as an operating environment to be protected by the user terminals,
Environment information collection agent file transmission for transmitting an environment information collection agent file that causes each of the plurality of user terminals to collect environment information and notify the management server of the collection result to the plurality of user terminals Means,
Environmental information receiving means for receiving the environmental information transmitted from each user terminal;
The processing unit executes a predetermined management program, and compares the environment information collected by the environment information receiving unit with the environment information and a policy definition relating to security set in advance, so that the operating environment has the policy definition. Comparison means to identify the user terminal that violates the policy and the contents of the operating environment that violates the policy,
Storage means for storing a comparison result by the comparison means;
The processing unit executes a predetermined management program, and based on the comparison result stored in the storage unit, the number of policy violations is 1 to a predetermined number of user terminals, or the number of policy violations is 1 to a predetermined number of times. A user terminal whose number of policy violations exceeds the predetermined number, or a user terminal whose number of policy violations exceeds the predetermined number 2 specifying means for specifying as a terminal for strengthening management;
Blocking means for blocking the second management enhancement target terminal specified by the specifying means from a system to which the plurality of user terminals belong while maintaining a connection state with the management server;
An electronic education in which a processing unit executes a predetermined management program and causes the first management strengthening target terminal and the second management strengthening target terminal specified by the specifying means to execute electronic education according to the content of the policy violation. Control means;
After the processing unit executes a predetermined management program and the electronic education control means executes electronic education in the first management strengthening target terminal and the second management strengthening target terminal, the environment information collection means and the comparison means Confirming means for confirming whether or not a policy violation has been resolved between the first management enhancement target terminal and the second management enhancement target terminal;
When the confirmation means confirms that the policy violation in the first management enhancement target terminal is resolved, the first management enhancement target terminal is excluded from the management enhancement target, and the policy violation in the second management enhancement target terminal is resolved. An exclusion means for switching the second management enhancement target terminal to the first management enhancement target terminal when confirmed,
A management server characterized by comprising: Management that allows a computer to function as a management server that is connected to a plurality of user terminals so as to be able to communicate with each other and manages the plurality of user terminals in accordance with a policy definition predetermined as an operating environment to be protected by the user terminals. A program,
Environment information collection agent file transmission for transmitting an environment information collection agent file that causes each of the plurality of user terminals to collect environment information and notify the management server of the collection result to the plurality of user terminals means,
Environment information receiving means for receiving the environment information transmitted from each user terminal;
By comparing the environment information collected by the environment information receiving unit with the environment information and a policy definition relating to security set in advance, the user terminal and policy violation whose operating environment violates the policy definition A comparison means for identifying the contents of the operating environment ,
Storage means for storing a comparison result by the comparison means;
Based on the comparison result stored in the storage means, a user terminal having 1 to a predetermined number of policy violations or a user terminal having 1 to a predetermined number of policy violations is a first management enhancement target terminal On the other hand, specifying means for specifying, as a second management enhancement target terminal, a user terminal in which the number of policy violations exceeds the predetermined number, or a user terminal in which the number of policy violations exceeds the predetermined number,
Blocking means for blocking the second management enhancement target terminal specified by the specifying means from a system to which the plurality of user terminals belong while maintaining a connection state with the management server;
Electronic education control means for causing the second management strengthening target terminal to execute electronic education according to the content of the policy violation in a state where it is blocked by the blocking means;
Whether or not the policy violation in the second management enhancement target terminal has been resolved by operating the environmental information collection unit and the comparison unit after the electronic education control unit executes the electronic education in the second management enhancement target terminal. Confirmation means for confirming, and
Exclusion means for switching the second management enhancement target terminal to the first management enhancement target terminal when the confirmation means confirms that the policy violation in the second management enhancement target terminal has been resolved,
A management program for causing the computer to function as Management that allows a computer to function as a management server that is connected to a plurality of user terminals so as to be able to communicate with each other and manages the plurality of user terminals in accordance with a policy definition predetermined as an operating environment to be protected by the user terminals. A program,
Environment information collection agent file transmission for transmitting an environment information collection agent file that causes each of the plurality of user terminals to collect environment information and notify the management server of the collection result to the plurality of user terminals means,
Environment information receiving means for receiving the environment information transmitted from each user terminal;
By comparing the environment information collected by the environment information receiving unit with the environment information and a policy definition relating to security set in advance, the user terminal and policy violation whose operating environment violates the policy definition A comparison means for identifying the contents of the operating environment ,
Storage means for storing a comparison result by the comparison means;
Based on the comparison result stored in the storage means, a user terminal having 1 to a predetermined number of policy violations or a user terminal having 1 to a predetermined number of policy violations is a first management enhancement target terminal On the other hand, specifying means for specifying, as a second management enhancement target terminal, a user terminal in which the number of policy violations exceeds the predetermined number, or a user terminal in which the number of policy violations exceeds the predetermined number,
Blocking means for blocking the second management enhancement target terminal specified by the specifying means from a system to which the plurality of user terminals belong while maintaining a connection state with the management server;
Electronic education control means for causing the first management strengthening target terminal and the second management strengthening target terminal specified by the specifying means to execute electronic education according to the content of the policy violation;
After the electronic education control unit executes electronic education in the first management strengthening target terminal and the second management strengthening target terminal, the environmental information collecting unit and the comparing unit are operated to operate the first management strengthening target terminal. And a confirmation means for confirming whether or not the policy violation in the second management strengthening target terminal has been resolved, and
When the confirmation means confirms that the policy violation at the first management enhancement target terminal is resolved, the first management enhancement target terminal is excluded from the management enhancement target, and the policy violation at the second management enhancement target terminal is resolved. An exclusion means for switching the second management enhancement target terminal to the first management enhancement target terminal when confirmed,
A management program for causing the computer to function as

Images