JP4904466B2 - Information processing apparatus, information processing apparatus control method, program, and recording medium - Google Patents

Description

  The present invention relates to a filtering rule change setting in an information processing apparatus that performs filtering processing of e-mail sent from an internal network to an external network.

  In recent years, leakage of personal information and confidential information has been affecting corporate trust. Information leakage may occur due to unauthorized access from the outside, but most are caused by carelessness of people inside the company. Information leakage may occur due to careless file transmission using e-mail. Since the Personal Information Protection Law was enforced in 2005, it has become an urgent task for companies to take measures against information leakage.

  Therefore, when an e-mail is sent from an internal network to an external network, countermeasures against information leakage are introduced by introducing an e-mail audit system that decides whether or not to allow delivery according to the contents of the e-mail. I have taken.

  In addition, emails sent from corporate mail servers can be saved as log data, and in the unlikely event that a leak occurs, it is possible to investigate afterwards what kind of situation has occurred. I am doing so.

  In such a system, keyword etc. is set and mail that uses the keyword is made undeliverable, or delivery is permitted or not permitted to the superior (administrator) of the employee who sent the e-mail In general, a notification is issued and mail transmission is controlled according to the selection by the administrator.

  However, in such a system, setting a keyword is laborious for the auditor. That is, unless appropriate keyword setting is performed, an e-mail that should not be sent to the outside is sent to the outside without being audited.

  In view of this point, in the technique as disclosed in Patent Document 1, the keyword setting load of the auditor who sets the filtering rule is reduced by setting the keyword condition using an existing document. Yes.

  In addition, the decision whether or not to send an e-mail hit by a keyword or the like is finally made by human visual inspection. For this reason, if the number of emails to be checked increases, the load of checking by the administrator increases.

Therefore, Patent Document 2 discloses a technique for reducing the burden of inspection by an administrator by creating a summary of an email to be checked.
JP 2002-290469 A JP 2006-85642 A

  However, if the keyword setting is appropriate, the check load by the administrator's inspection is reduced. The increase in load as described above is caused by the fact that the keyword setting is not appropriate and the number of emails to be audited increases.

  In the technique disclosed in Patent Document 1, since the keyword setting is left to the system, it is unclear whether or not a really valid search keyword has been created. In setting such keywords, it is important to accurately reflect the know-how of auditors.

  When setting keywords for search formulas, if the conditions for sending emails to the outside are strict, the number of emails that must be pre-checked will inevitably increase. The burden on the administrator performing the audit increases. On the other hand, if the conditions for sending e-mail to the outside are made loose, there is a problem that e-mail that should not be sent is not listed as a candidate for advance check and may be sent. It was.

  Therefore, it is desirable that the system can support the setting of the filtering rules such as the inspector's keyword more accurately with respect to the setting of the keyword. For this purpose, it is desirable to be able to set a search expression that accurately reflects the judgment made in the past, such as permission / denial of mail transmission by the administrator.

  The present invention has been made to solve the above-described problems, and an object of the present invention is to provide filtering rules including keywords, recipient / broadcaster addresses, etc. in an email body in an email auditing system. It is intended to provide a mechanism that supports the setting by simulating the filtering result of the newly set filtering rule and the current filtering rule at the time of change, and presenting an index of the filtering rule.

In order to solve the above problems, an electronic mail auditing apparatus according to the present invention has the following configuration. That is, the present invention, the e-mail communication to apply the communication control rule of order was relaying or interrupted, the communication control processing of the electronic mail to a line power sale information processing apparatus, a communication control process of the electronic mail A first storage means for storing a first rule used as the communication control rule, a communication control means for executing an electronic mail communication control process using the first rule, and the communication control means. first receiving means for receiving an electronic mail communication control processing is performed, and second storage means for storing together with the results of the communication control processing, the input of the second rule that is different from said first rule by When a filtering means for performing a communication control simulation processing using the second rule for e-mail stored in the second storage means, said communication control means Result of the communication control processing in that it comprises, a first display information generating means for generating a first display information for result of the communication control simulation processing to display the information relating to different e-mail by the filtering means Features.

  According to the present invention, when filtering rules are changed, the filtering result of the rule to be changed is simulated and compared with the filtering result of the current rule, so that an index for keyword setting can be presented.

  Therefore, there is an effect that it is possible to support filtering rule setting in a manner reflecting the past final judgment of the administrator who performs the audit of the electronic mail.

  Hereinafter, the present invention will be described in detail according to preferred embodiments with reference to the accompanying drawings.

  FIG. 1 is a diagram showing an example of a system configuration showing an embodiment of the present invention.

  In FIG. 1, reference numeral 101 denotes an electronic mail audit server. The e-mail audit server 101 stores e-mail storage processing instructed to be transmitted from the network 105 to the wide area network 120, transmission permission / holding / holding determination processing, transmission permission / prohibition and holding conditions.・ Has a function to change. Also, the email audit server 101 records a group configuration table and its representative in time series (a group information table 1402, a management target definition information table 1403 shown in FIG. 10B described later), and according to the data It also has a function to determine the administrator who conducts an email audit.

  Reference numeral 102 denotes an electronic mail server. This e-mail server 102 transmits / receives mail between the information processing device 104-1 and the information processing device 104-2, and is a device outside the information processing device 104-1 and the local area network 105 (in FIG. This device manages transmission / reception of mail to / from the device 114), and as is well known, performs processing for transmitting mail to a destination specified by a mail address. Since such a series of processes performed by the e-mail server 102 is well known, further explanation is omitted.

  Reference numeral 103 denotes an LDAP (Lightweight Directory Access Protocol) server, which manages corporate directory information, that is, corporate directory information such as information on mail addresses and organizations of users using the network (LDIF (LDAP Interchange shown in FIG. 11 described later)). Directory service). The directory service applicable to the present invention is not limited to LDAP, but may be other services. For example, it may be Active Directory or NDS (NetWare Directory Service).

  Reference numerals 104-1 and 104-2 denote information processing apparatuses, which are ordinary computers, have an electronic mail transmission / reception function, and operate as Web service clients.

  On the other hand, an information processing device 114 and an e-mail server 112 are connected to the local area network 115, which are the same as the information processing device 104, the e-mail server 102, and the local area network 105, respectively. Description is omitted.

  FIG. 2 is a block diagram showing a basic configuration of the electronic mail audit server 101 shown in FIG.

  In FIG. 2, reference numeral 201 denotes a CPU that controls the entire electronic mail audit server 101 using programs and data stored in the RAM 202 and the ROM 203, and executes processes described later performed by the electronic mail audit server 101.

  A RAM 202 includes an area for temporarily storing programs and data loaded from the HDD 204 and the recording medium drive 206, and data received via the network I / F (interface) 205. A work area to be used when executing processing is provided.

  A ROM 203 stores setting data, a boot program, and the like of the e-mail audit server 101.

  Reference numeral 204 denotes an HDD, which stores an OS (operating system) and programs and data for causing the CPU 201 to execute each process described later performed by the e-mail audit server 101, part or all of which is performed by the CPU 201. The electronic mail audit server 101 executes each process described below by being loaded into the RAM 202 in accordance with the control, and using the CPU 201 to perform the process.

  Reference numeral 205 denotes a network I / F for connecting the e-mail audit server 101 to the local area network 105, and the e-mail audit server 101 performs data communication with an external device via the network I / F 205. Can do.

  Reference numeral 206 denotes a recording medium drive device that reads a program or data recorded on a storage medium such as a CD-ROM, CD-R / RW, DVD-ROM, DVD-R / RW, or DVD-RAM and outputs it to the RAM 202. The reading operation is controlled by the CPU 201.

  A keyboard 207 can input various instructions to the CPU 201. A pointing device 208 such as a mouse can input various instructions to the CPU 201.

  Reference numeral 209 denotes a video I / F (interface) which functions as an I / F for supplying an image to be displayed on the display device 210 to the display device 210 as a signal.

  A display device 210 includes a CRT, a liquid crystal screen, and the like, and can display a processing result by the CPU 201 using an image, text, or the like.

  A peripheral device I / F 211 includes a USB port, an IEEE 1394 port, and the like, and can be connected to the peripheral device via the peripheral device I / F 211. The connection form with the peripheral device may be wired or wireless. A bus 212 connects the above-described units.

  The electronic mail servers 102 and 112, the LDAP server 103, and the information processing apparatuses 104 and 114 shown in FIG. 1 have the same configuration.

<Pre-audit by e-mail audit server>
In the following, with reference to FIG. 3, an e-mail transmission permission determination process performed by the e-mail audit server 101 will be described.

  FIG. 3 is a flowchart showing an example of a first control processing procedure according to the present invention, which corresponds to the e-mail transmission permission determination process performed by the e-mail audit server 101. This process is performed by the CPU 201 according to control by a program recorded in the HDD 204. Also, in the HDD 204 of the email audit server 101, a transmission prohibition filtering rule setting for searching for a plurality of emails that cannot be sent (transmission impossible condition), and email transmission are temporarily suspended and a group administrator permits transmission. A hold filtering rule setting (transmission hold condition) and the like for searching for an e-mail to be transmitted in this case is stored. Although the details will be described later, the filtering rule is set by the processing shown in FIGS. 17 to 20 or 21 and stored in the HDD 204. The HDD 204 of the e-mail audit server 101 stores group management information (group information 1402 shown in FIG. 10B described later) and manager information (managed object definition information 1403 shown in FIG. 10B described later). The group to which the sender belongs and the manager of the group can be specified.

  First, the CPU 201 acquires an electronic mail (SMTP packet) sent from the network 105 to the wide area network 120 (step S301).

  Next, the CPU 201 determines whether or not the e-mail acquired in step S301 matches the transmission disabled condition among the filtering rules stored in the HDD 204 (step S302).

  If the CPU 201 determines that the e-mail acquired in step S301 matches the transmission disabling condition (YES in step S302), the CPU 201 moves the process to step S308 and stops transmitting the e-mail ( Step S308). At this time, the CPU 201 may of course perform processing such as sending an e-mail message indicating that the e-mail message was not sent because the e-mail sender address was matched to the sending disable condition. .

  On the other hand, if it is determined in step S302 that the e-mail acquired in step S301 does not match the transmission disabling condition (NO in step S302), the CPU 201 matches the e-mail acquired in step S301 with the transmission hold condition. It is determined whether or not to perform (step S303).

  In step S303, if the CPU 201 determines that the e-mail acquired in step S301 does not match the transmission suspension condition (NO in step S303), the CPU 201 sends the e-mail acquired in step S301 to the wide area network 120. It is sent out (step S309).

  On the other hand, if it is determined in step S303 that the transmission hold condition is met (YES in step S303), the CPU 201 suspends (holds) the e-mail transmission process acquired in step S301 (step S304). ), The process proceeds to step S305. Here, the hold state corresponds to a case where the administrator of the e-mail sender instructs to determine whether transmission is possible / not possible after visual confirmation. Further, the above-mentioned “transmission permitted” is called “relay”, and the above-mentioned “transmission impossible” case and “hold” case may be collectively called “interruption”.

  Next, in step S305, the CPU 201 specifies the sender of the mail. The sender of the mail is specified by acquiring the sender address of the electronic mail and specifying the user to whom the mail address is assigned.

  After specifying the e-mail sender, the CPU 201 specifies the administrator of the e-mail sender (step S306). This is based on the group management information stored in the HDD 204 (group information 1402 shown in FIG. 10B described later) and the administrator information (management target definition information 1403 shown in FIG. 10B described later). This is done by specifying the group manager.

  Next, the CPU 201 notifies the administrator specified in step S306 to perform a pre-audit of mail (step S307). If this notification is made by means such as sending an email indicating that a pre-audit is to be performed to the email address (obtained from the group information 1402 shown in FIG. Good. Further, when the administrator logs in, a message may be displayed so that a pre-audit of mail is performed.

  Then, after any one of steps S307, S308, and S309, the CPU 201 saves the e-mail acquired in step S301 in the HDD 204, and also transmits the e-mail transmission status data (send / hold / delete). Is set (stored in the HDD 204) (step S310). Then, the process ends.

  Note that the e-mail whose transmission status data is “pending” may be configured such that the administrator information specified in step S307 is linked to the e-mail and stored in the HDD 204.

  Of course, the e-mail itself may be saved at the timing when the data is acquired in step S301.

<Pre-audit by administrator>
Hereinafter, with reference to FIG. 4, a process performed by the e-mail audit server 101 when the group administrator performs an e-mail pre-audit will be described.

  FIG. 4 is a flowchart showing an example of a second control processing procedure according to the present invention, and corresponds to the processing performed by the email audit server 101 when the group administrator performs email preliminary audit. This process is performed by the CPU 201 according to control by a program recorded in the HDD 204. Further, group information 1402, management target definition information 1403 and the like shown in FIG. 10B described later are stored in the HDD 204 of the e-mail audit server 101.

  First, the CPU 201 of the e-mail audit server 101 determines whether or not a request for determining whether or not to hold mail can be received from the information processing apparatus 104 (step S401). If it is determined that a request has not been received (NO in step S401), the CPU 201 continues to wait for a request.

  On the other hand, if it is determined in step S401 that a request for determining whether or not to hold mail can be received (YES in step S401), the CPU 201 determines that the user's management target person's hold mail is the requesting information processing apparatus 104. It is displayed on the display device (step S402). Specifically, the CPU 201 first checks the authority of the user who has made the request. Here, the CPU 201 has the group administrator authority based on the management target definition information recorded in the HDD 204 (shown in 1403 in FIG. 10B described later) (either past or present). It is determined whether the user is a group manager. If the CPU 201 determines that the requesting user is not a group manager (not a group manager in the past or the present), the CPU 201 ends the process (not shown).

  On the other hand, if it is determined that the user who has requested the hold mail transmission permission determination process is a group manager, the CPU 201 stores group information (shown in 1402 in FIG. 10B described later) recorded in the HDD 204. On the basis of the HDD 204, an e-mail sent by another user who is a management target for the user within the management target period (valid period) whose transmission status data is in the “pending” state is acquired from the HDD 204. Then, the list (FIG. 5) is displayed on the display device of the information processing apparatus that has requested the pending mail transmission permission / inhibition determination process. An example of the display is as shown in FIG. If the “pending” e-mail and the administrator are already associated and stored in step S310 in FIG. 3, the “pending” electronic mail associated with the administrator who has received the processing request in step S401. You may comprise so that mail may be acquired and the list may be displayed.

  FIG. 5 is a diagram illustrating an example of a screen used when a group administrator of the sender of the email performs an audit in advance for the email whose transmission is suspended by the email audit server 101.

  Through the operation via this screen 1000, the group administrator gives an instruction to transmit / delete (not transmit) the suspended mail.

  On this screen, the CPU 201 controls the display device to display a mail content confirmation screen (not shown) by clicking the mail address 1002 of the sender (sender) in the mail sender column. In response to an instruction from the input unit by the group administrator who determines whether or not transmission is possible based on the content of the text displayed on the mail content confirmation screen, the attached file, or the like, the CPU 201 performs transmission / deletion processing of the mail. Become. When mail transmission / deletion processing is performed, the administrator checks the check box 1001 and performs an operation of selecting “send” / “delete” from the operation selection menu 1003.

  The screen 1000 also displays an e-mail management ID (MSGID) 1007, a transmission date and time 1008, and an attached file size 1009.

  Hereinafter, the description returns to the flowchart of FIG.

  Next, the CPU 201 receives an e-mail selection change instruction (instructing to check the check box 1001), and when the change instruction is made, the e-mail to be sent / deleted based on the instruction is sent. It designates and memorize | stores in RAM202 (step S403).

  Next, the CPU 201 determines whether or not there is a transmission instruction (“Send” is selected and selected in the operation selection menu 1003) in accordance with an operation instruction via the user's screen (step S404). If it is determined that there is a transmission instruction (YES in step S404), the CPU 201 transmits the electronic mail specified based on the selection change in step S403 (the electronic mail whose check box 1001 is checked). Is performed (step S405).

  Then, the CPU 201 changes the transmission status data (stored in the HDD 204) of the e-mail that has been subjected to the transmission process in step S405 to “send after suspension” (step S406).

  Next, the CPU 201 determines whether or not there has been a deletion instruction (“Delete” has been selected in the operation selection menu 1003) in accordance with an operation instruction via the user's screen (step S407).

  If the CPU 201 determines that there is an instruction to delete (YES in step S407), the transmission status of the email specified based on the selection change in step S403 (the email whose check box 1001 is checked). The data (stored in HDD 204) is changed to “delete after hold” (step S408).

  Then, the CPU 201 determines whether or not there is an end instruction based on an operation by the user via the screen. Note that the termination instruction is, for example, an instruction to close the screen illustrated in FIG. 5 or an instruction to log out.

  If the CPU 201 determines that there is no end instruction yet (NO in step S409), the CPU 201 returns the process to step S403 and repeats the e-mail preliminary audit.

  On the other hand, if the CPU 201 determines that there has been an end instruction (YES in step S409), the CPU 201 ends the process.

  The operation selection menu 1003 is further provided with selection items of “Move to Send BOX” and “Move to Delete BOX”, and according to an operation instruction via the user's screen, an instruction to move to the transmission BOX (in the operation selection menu 1003 When “move to transmission BOX” is selected, the CPU 201 sends an email (check box 1001 is checked) that is designated based on the selection change in step S403 from the pending BOX 1004. On the other hand, when there is an instruction to move to the delete BOX (“move to delete BOX” is selected in the operation selection menu 1003), the CPU 201 changes the selection in step S403. E-mail specified based on the e-mail (check box 1001 is checked) When the sending BOX 1005 / deletion BOX 1006 is instructed to send / delete, the CPU 201 executes the processing of S405 to S406 / S408 to S409, and executes the processing in the BOX. The electronic mail may be configured to be sent / deleted.

  In addition, only an administrator with a certain authority or higher (an administrator who manages a group with a certain hierarchy or higher) is controlled so that the items “send” and “delete” can be selected in the operation selection menu 1003, and management with less than a certain authority is performed. The administrator (administrator managing a group below a certain level) controls the items “Send” and “Delete” to be unselectable in the operation selection menu 1003, and “Move to Send BOX” and “To Delete BOX”. The item “movement” may be controlled to be selectable. As a result, for example, an administrator who is less than the general manager selects mail sent by “move to send BOX” or “move to delete BOX”. It is also possible to send / delete.

  In the above-described configuration, the example in which the preliminary audit is performed on the outgoing mail has been described. However, the preliminary audit may be performed on both the incoming mail and the transmitted / received mail. When auditing a received mail, a plurality of received addresses are described, and when the plurality of received addresses straddle a plurality of groups, the received mail is configured to be audited by a plurality of managers. In this case, the evaluation value of the mail set as a result of the audit is determined based on the evaluation values by the plurality of administrators (for example, the maximum value, the minimum value, and the average of the evaluation values by the plurality of administrators). Etc. may be used as the evaluation value of the mail.

<Post-audit by the administrator>
Hereinafter, with reference to FIG. 6, processing performed by the email audit server 101 at the time of post-audit of email performed in the present system will be described.

  FIG. 6 is a flowchart showing an example of a third control processing procedure according to the present invention, and corresponds to the processing performed by the email audit server 101 at the time of post-audit of email. This process is performed by the CPU 201 according to control by a program recorded in the HDD 204.

  First, the CPU 201 is in a waiting state for a post-audit execution request from a group manager using the information processing apparatus 104 (step S501). If the CPU 201 determines that a post-audit execution request has been received from the group manager (YES in step S501), the CPU 201 performs processing for selecting / displaying an email to be audited by the group manager (step S502). . Details of this processing will be described below with reference to FIG.

  FIG. 7 is a flowchart showing an example of a fourth control processing procedure in the present invention, and corresponds to the mail data selection / display processing in step S502 of FIG. This process is performed by the CPU 201 according to control by a program recorded in the HDD 204.

  Prior to the description of FIG. 7, a brief description will be given of how the administrator for auditing electronic mail is determined in the electronic mail auditing system.

  In this system, group e-mails of users belonging to a group are audited by the group manager of the group. However, the group configuration and its manager will change over time. Therefore, in this system, group information and its manager information are managed in chronological order, and the group manager of the group to which the sending user of the e-mail belongs at the time when the e-mail is sent is audited.

  First, the creation of such information (group information managed in time series and manager information thereof) will be briefly described with reference to FIGS.

  FIG. 8 is a flowchart showing an example of the fifth control processing procedure in the present invention, and corresponds to the management target definition information update processing performed by the e-mail audit server 101. This process is performed by the CPU 201 according to control by a program recorded in the HDD 204.

  First, the CPU 201 of the e-mail audit server 101 makes an inquiry to the LDAP server 103 having the latest group administrator information periodically (for example, once a day) and manages it by the LDAP server 103. The company directory information (for example, FIG. 11) is acquired, the company directory information is searched from the acquired information using the directory search formula in the group definition information 1401 (FIG. 10B), and the group manager information is acquired (step S801).

  Next, the CPU 201 acquires each newest management target definition information in the management target definition information table 1403 (FIG. 10B) recorded in time series in the HDD 204 of the email audit server 101 (step S802).

  Furthermore, the CPU 201 compares the content acquired by the inquiry in step S801 with the management target definition information acquired in step S802, and confirms whether there has been a change since the previous main processing (step S803). If it is determined that there is no change from the previous time (that is, the content acquired in step S801 corresponds to the management target definition information acquired in step S802) (NO in step S803), the CPU 201 ends this process. .

  On the other hand, if it is determined that there has been a change since the last time (that is, the content acquired in step S801 does not correspond to the management target definition information acquired in step S802) (YES in step S803), the CPU 201 has changed. The “valid period” of the management target definition information is set to “end” (step S804), and the process proceeds to step S805.

  In step S805, the CPU 201 newly creates management target definition information based on the changed content (the start of the valid period is the current date or the specified date), and the management target definition information table in the HDD 204 is created. 1403 (FIG. 10B), and the process is terminated.

  By performing such processing, when the information of the LDAP server 103 is changed, the e-mail monitoring server 101 holds the management target definition information 1403 in time series based on the changed information. It becomes possible.

  Note that due to the operational convenience of the data update timing of the enterprise directory of the LDAP server 103, the actual change date and the difference are also expected. In addition, the organizational structure itself is expected to change. Therefore, on the e-mail monitoring server 101 side, the organization information (group name) in the management target definition information table 1403 in which the organization (group) is associated with the responsible manager, the validity period, etc. To make adjustments and edits possible. That is, the management object definition information table 1403 changed based on the data of the LDAP server 103 can be adjusted and changed by the administrator of the e-mail audit server 101 by the process shown in FIG.

  As a result, the effective period of the management target group corresponding to a certain administrator ID can be changed or deleted to enable flexible operation according to the company policy.

  That is, the start, end date and time, and time settings of the effective period can be adjusted according to actual operation, or can be adjusted at the end of the month or the beginning of the month. In addition, when the management of the effective period is managed in units of dates and is changed to the morning of the actual organization implementation date, the effective period of the management target definition information can be set to the previous day. Alternatively, when the company directory information is changed to the night before the actual organization change date, the effective period of the new management target definition information can be started on the next day.

  Further, the management target definition information whose valid period is older than a predetermined period may be configured to be deleted from the management target definition information table 1403 by the CPU 201.

  FIG. 9 is a flowchart showing an example of a sixth control processing procedure according to the present invention, and corresponds to the group definition information update processing performed by the electronic mail audit server 101. This process is performed by the CPU 201 according to control by a program recorded in the HDD 204.

  First, the CPU 201 of the email audit server 101 periodically (for example, once a day) makes an inquiry to the LDAP server 103 having the latest group configuration information, and manages the company managed by the LDAP server. Directory information (for example, FIG. 11) is acquired, and group configuration information is acquired from the acquired information using a directory search formula in group definition information 1401 (FIG. 10B) (step S901).

  Next, the CPU 201 obtains each newest group information in the group information table 1402 (FIG. 10B) recorded in time series in the HDD 204 of the e-mail audit server 101 (step S902).

  Furthermore, the CPU 201 compares the content acquired by the inquiry in step S901 with the group information acquired in step S902, and confirms whether there has been a change since the previous main processing (step S903). If it is determined that there is no change from the previous time (that is, the content acquired in step S901 corresponds to the group information acquired in step S902) (NO in step S903), the CPU 201 ends this process.

  On the other hand, if it is determined that there has been a change since the last time (that is, the content acquired in step S901 does not correspond to the group information acquired in step S902) (YES in step S903), the CPU 201 It is confirmed whether there is any change in the existing group (step S904).

  If there is a change in the existing group (YES in step S904), the CPU 201 sets “end” of the “valid period” of the group (step S905), and the process proceeds to step S906.

  On the other hand, when there is no change in the existing group (NO in step S904), the CPU 201 proceeds with the process to step S906 as it is.

  In step S906, the CPU 201 newly creates group information based on the changed content, registers it in the group information table 1402 (FIG. 10B) in the HDD 204, and ends the process. When creating a new group, the system administrator creates group definition information, and registers the created group definition information in the group definition information table 1401 (FIG. 10B) in the HDD 204.

  In this way, when there is a change in the group information of the LDAP server 103, the e-mail monitoring server 101 adds new group data while saving the history.

  That is, the e-mail audit server 101 stores group information and history of management target definition information in the HDD 204, and the CPU 201 acquires a directory acquired from an external device (here, the LDAP server 103) that manages the directory information. The group information and the management target definition information are updated based on the information.

  Note that due to the operational convenience of the data update timing of the enterprise directory of the LDAP server 103, the actual change date and the difference are also expected. In addition, the organizational structure itself is expected to change. Accordingly, the administrator of the email audit server 101 can adjust and edit the group name and the validity period in the group information table 1402 in which the organization (group) and the group members are associated with each other on the email monitoring server 101 side. Constitute. In other words, the group information table 1402 changed based on the data of the LDAP server 103 can be adjusted and changed by the administrator of the e-mail audit server 101 by the processing shown in FIG.

  As a result, the effective period of the group corresponding to a certain administrator ID can be changed or deleted to enable flexible operation according to the company policy.

  That is, the start, end date / time, and time settings of the effective period can be adjusted according to actual operation, or at the end of the month or the beginning of the month. Further, when the management of the effective period is managed in units of date and is changed to the morning of the actual organization implementation date, the diversion of the effective period of the group information can be set to the previous day. Alternatively, when the company directory information is changed to the night before the actual organization change date, the effective period of the new group information can be started on the next day.

  Further, the group information whose effective period is older than a predetermined period may be configured to be deleted from the group information table 1402 by the CPU 201.

  The management target definition information and group information created by the processes shown in FIGS. 8 and 9 are as shown in 1403 and 1402 in FIG. 10B, for example.

  10A and 10B are diagrams illustrating examples of a group definition information table, a group information table, and a management target definition information table stored in the HDD 204 of the e-mail audit server 101.

  First, in FIG. 10A, as shown in 1400, there are two organizations whose organization information is Group-A and Group-B. In “January 1, 2006”, Group-A has “Alice” and “Bob”. , “Cab” is included, and Group-B includes “Dunn” and “Eric”, and the managers are Admin-A1 and Admin-B1, respectively. “Bob” has changed from Group-A to Group-B, and the “Group-A” administrator has been changed to Admin-A2 on “July 1, 2006”.

  At this time, the group information and how the management target definition information changes are shown in the group information table 1402 shown in the <Group information> column shown in FIG. 10B and <management target definition information. The management target definition information table 1403 shown in the> column.

  In addition, a group definition information table 1401 is prepared in order to link information managed on the LDAP server 103 and group information managed on the e-mail audit server 101.

  The group definition information table 1401 has information indicating how the history of group information managed by the e-mail audit server 101 is managed by the LDAP server 103. The CPU 201 of the e-mail audit server 101 searches the information (FIG. 11) managed on the LDAP server 103 by “ou = groupA” described in the “directory search expression” of the group definition information table 1401. The group information managed on the LDAP server 103 can be acquired.

  FIG. 11 is a diagram illustrating an example of information (LDIF; LDAP Interchange Format) managed on the LDAP server 103.

  In FIGS. 10A and 10B, as shown in 1400, for example, group information is transferred to both Group-A and Group-B as “Bob” has been moved from Group-A to Group-B on April 1. A change has occurred. Therefore, changes are made to both group information at the timing of April 1st.

  Therefore, the group information table 1402 has two records each for Group-A and Group-B (there is a record with serial number “000” and a record with “001” respectively), and a record with serial number “000”. Group-A and B each have information indicating the group structure before March 31, 2006 (the validity period ends on March 31, 2006), and the record whose serial number is “001” is 2006 Information indicating the group configuration after April 1 is registered (the effective period starts on April 1, 2006).

  Further, regarding the management target definition information table 1403, the administrator of Group-A is changed from “Admin-A1” to “Admin-A2” on “July 1, 2006”. There is no administrator change for Group-B.

  Correspondingly, in the management object definition information table 1403, for each administrator based on the change of the administrator, Admin-A1 has a management group of Group-A and an effective period of January 1, 2006. The record for June 30 is Admin-B1, the management group is Group-B, and the effective period is January 1, 2006 (no end date), and the record for Admin-A2 is July 1, 2006 Since it is an administrator of Group-A from the date, records with a management target group of Group-A and a validity period of July 1, 2006 to (no end date) are registered.

  As described above, the CPU 201 of the e-mail monitoring server 101 creates copy information for the corporate directory information managed on the LDAP server 103, and stores and manages the history, thereby the LDAP server 103. This eliminates the need for double registration and management of the corporate directory information on both the electronic mail monitoring server 101 side and the electronic mail monitoring server 101 side, and can greatly reduce the labor of registration and maintenance by the administrator.

  This completes the description of the group and its manager in the present invention.

  Hereinafter, the flowchart of FIG. 7 will be described.

  First, when an e-mail post-audit request is received from the group manager, the CPU 201 defines the management target group and the period of the group administrator who made the e-mail post-audit request in step S501 in FIG. Obtained from the information (1403 in FIG. 10B) (step S1601).

  Then, a screen 1100 as shown in FIG. 12 is displayed on the display of the information processing apparatus 104 used by the group manager, and an instruction input for the search target period is accepted (step S1602).

  FIG. 12 is a diagram illustrating an example of an e-mail search screen that is displayed on the display device of the information processing apparatus 104 used by the group manager when the group manager performs a post-audit of the e-mail.

  This screen 1100 is created by the CPU 201 of the e-mail audit server 101 based on a request from the information processing apparatus 104 and transmitted to the information processing apparatus 104.

  Through this screen 1100, the group manager can search for e-mails by entering not only the period of post-audit but also the conditions such as sender's e-mail address, recipient / broadcaster address, mail size, etc. Is also possible. This screen 1100 is provided with a “determine” button (not shown). When this “determine” button is instructed by a pointing device or the like of the information processing apparatus 104, an instruction input such as a search target period is confirmed. Then, the information is transmitted from the information processing apparatus 104 to the e-mail audit server 101.

  Returning to the flowchart of FIG.

  When the search target period is input from the screen shown in FIG. 12 (YES in step S1602), the CPU 201 of the e-mail audit server 101 sets the search target period in the RAM 202 with the input content (step S1602). S1603). If no search target period is set, the search target period is the entire period.

  Thereafter, the CPU 201 acquires e-mail data within the search target period one by one from e-mail log data (stored in the HDD 204) as shown in FIG. 13 (step S1604).

  FIG. 13 is a diagram illustrating an example of details of the email log data.

  As shown in FIG. 13, in this embodiment, as e-mail log data, an ID for uniquely identifying an e-mail, e-mail transmission date and time, e-mail address of the e-mail sender, e-mail address of the recipient The group information and the like of the e-mail sender at the time of e-mail transmission is stored and managed in the HDD 204 of the e-mail monitoring server 101. The CPU 201 determines a group manager who audits the mail based on the group information and the e-mail transmission date / time information. Details will be described later.

  Returning to the flowchart of FIG.

  Next, in step S1605, the CPU 201 determines whether group information has already been set in the email data acquired in step S1604 (whether there is information indicating a group in the “group information” column of the email log data shown in FIG. 13). ). Note that this group setting may be performed by nighttime batch processing or the like.

  If no group has been set in the e-mail data acquired in step S1604 (NO in step S1605), the CPU 201 sets the group to which the mail sender belonged at the time of mail transmission date and time. (Step S1606). Specifically, the CPU 201 sets the group name (1402 in FIG. 10B) by acquiring the group name to which the sender of the e-mail belonged at the e-mail transmission date and time. Then, the process proceeds to step S607.

  On the other hand, if the CPU 201 determines that group information has already been set in the e-mail data acquired in step S1604 (YES in step S1605), the process proceeds to step S1607 as it is.

  Next, in step S1607, the CPU 201 determines that the group administrator acquires the e-mail data acquired in S1604 from the management target group of the group administrator acquired in step S1601, the period, the e-mail transmission date and time, and the group information. It is determined whether the electronic mail is to be audited (step S1607). Note that the CPU 201 acquires the group managed by the group administrator based on the management target definition information (1403 in FIG. 10B) at the transmission date and time of the electronic mail acquired in step S1604. If the group set in the mail is the same, it is determined that the electronic mail is an audit target of the group manager. Here, when the post-audit has already been completed for the mail, it may of course be controlled not to be audited. When the audit target is selected, a change in the audit result is accepted.

  If it is determined that the email data acquired in S1604 is an email to be audited by the group manager (YES in step S1607), the CPU 201 determines that the email data acquired in S1604 It is determined whether or not the other search conditions input via the 12 screens are met (step S1608).

  If it is determined in step S1608 that they match (YES in step S1608), the CPU 201 uses the email data acquired in step S1604 as display target email data in a predetermined storage area in the RAM 202. (Step S1609), and the process proceeds to step S1610.

  In step S1610, the CPU 210 performs an evaluation process on the email data added to the display target email in step S1609. More specifically, the CPU 210 performs a similar sentence search of the e-mail data by using a well-known similar search technique, and previously evaluated e-mail data stored in the HDD 204 (evaluation values are shown in FIG. 16 described later). (Stored in the HDD 204 as shown). Then, the evaluation of e-mail data having a certain degree of similarity or higher is acquired from the e-mail data evaluated in the past, and averaged (may be inclined and distributed according to the degree of similarity). Guess the evaluation. The estimated evaluation is added to a predetermined storage area in the RAM 202 in association with the e-mail data. For example, an e-mail that has been evaluated in the past having a similarity of 20% or more with the e-mail has an evaluation of 100 with a similarity of 90%, an evaluation of 100 with a similarity of 60%, an evaluation of 50 with a similarity of 50, and a similarity of 20% If the evaluation is 50, the evaluation value of the e-mail is estimated to be “75” when averaged.

  When the evaluation process in step S1610 ends, the CPU 201 advances the process to step S1611.

  On the other hand, when it is determined by the group manager that the email data acquired in S1604 is not an email to be audited (NO in step S1607), the email data acquired in S1604 is displayed via the screen of FIG. If it is determined that the other search conditions input in step S1608 do not match (NO in step S1608), the CPU 201 proceeds to step S1611 as it is.

  Thereafter, in step S1611, the CPU 201 repeats the processing in steps S1604 to S1610 until there is no unprocessed e-mail in the search target period (NO in step S1611). After the processing for all mails is completed (that is, when the CPU 201 determines that there is no unprocessed e-mail in the search target period) (YES in step S1611), the CPU 201 stores the display target mail data in the group. The information is displayed on the display of the information processing apparatus 104 used by the administrator (step S1612). For example, an image of a screen 1200 as shown in FIG. Here, the data are sorted and displayed in descending order of evaluation value. In the present embodiment, the higher the evaluation value, the lower the evaluation (there is a high possibility that transmission will be impossible).

  Note that it is highly likely that the CPU 201 determines that an e-mail whose evaluation 1206 is higher than a certain value (threshold value included in the operation condition) is higher than a certain value (that is, the evaluation is bad and transmission is impossible) based on the set operation condition. It may be configured such that only the e-mail is displayed on the screen 1200 and the administrator evaluates (audits) only an e-mail whose estimated evaluation is higher than a certain value (threshold). As a result, it is possible to narrow down the emails to be audited.

  With the above processing, even if the stored data of the e-mail is long-term and the managed person or administrator is moved on the way, the affiliation of the sender at the time of e-mail transmission and the affiliation When the administrator who manages the e-mail is specified and the e-mail is sent, the administrator who has managed the group to which the e-mail sender belongs is easily identified and the e-mail is audited (FIG. 14). ) Can be created.

  As described above, the CPU 201 of the e-mail audit server 101 receives the e-mail from the stored and stored e-mail when there is an e-mail audit process request from any administrator defined in the management target definition information. The administrator at the time of the e-mail transmission of the group to which the e-mail sender belongs specified based on the e-mail address of the e-mail of the e-mail is the administrator who made the e-mail audit processing request. The administrator extracts the electronic mail to be audited, and makes the administrator input the audit information for the extracted electronic mail.

  Therefore, during the post-audit of e-mail, it is possible to have the administrator of the e-mail sender at the time of e-mail transmission audit the e-mail, so when the e-mail is sent due to the change of e-mail sender or administrator Even after a change is made to the auditor, the audit by other administrators is no longer performed, and the information that could not be accessed is not accessed, resulting in information leakage due to the spread of information It becomes possible to reduce the risk of occurrence.

  Therefore, a supervisor who is an administrator who audits an employee's e-mail can only access information issued by the employee to be managed, and is not allowed to access other information. Access rights can be managed.

  Also, similar sentence search is performed from past evaluation results to estimate the evaluation of unaudited mail, and the priority order of mail to be audited is presented based on the estimated evaluation value, or mail to be audited is not audited. It is possible to classify good mail.

  As described above, the CPU 201 of the email audit server 101 acquires an email similar to the extracted email from the HDD 204, and the post-audit audit result DB (the audit information of the acquired email stored in the HDD 204 ( 16), based on the acquired similar electronic mail audit information, the evaluation of the extracted e-mail is estimated, the estimated evaluation is presented to the administrator, and the extracted Audit information for an e-mail is input to the administrator.

  Further, the CPU 201 of the electronic mail audit server 101 causes the administrator to input audit information for the extracted electronic mail in the order based on the estimated evaluation.

  In addition, the CPU 201 of the email audit server 101 causes the administrator to input audit information for an email whose estimated evaluation exceeds a predetermined threshold.

  The above is a flowchart showing details of the mail data selection / display processing.

  FIG. 14 is a diagram showing an example of a search result list screen 1200 for displaying results based on the e-mail selection / display process shown in FIG.

  In this screen 1200, for the emails that match the search conditions, the post-audit implementation status (audit status) 1201, email title 1202, sender address 1203, recipient / broadcaster address 1204, transmission date and time 1205, evaluation 1206 Etc. are displayed.

  As described above, this evaluation 1206 is performed by, for example, searching for an e-mail similar to the e-mail in advance using a known similar sentence search technique or the like, and determining that the e-mail is determined to have a certain degree of similarity (similarity). This is an estimated evaluation value obtained by calculating an evaluation value (estimated evaluation value) based on an evaluation of another group manager for (e-mail) (an evaluation value determined when audited). In the evaluation 1206 column, the more ■, the lower the evaluation (the evaluation value is high), indicating that it is necessary to actively audit.

  Of course, it is possible to sort the e-mails displayed on this screen 1200. Therefore, when the estimated evaluation values (evaluation 1206) are sorted in descending order, it becomes possible to pre-audit e-mails that are likely to be unable to be sent preferentially, and other group managers thereafter It becomes possible to accumulate data that can be used as an index when conducting a follow-up audit earlier.

  Note that, by default, the CPU 201 performs control so that the e-mails displayed as a list on the screen 1200 are sorted and displayed in descending order of the estimated evaluation values indicated in the evaluation 1206 (that is, in ascending order of evaluation).

  Items other than the evaluation 1206, that is, items such as the audit status 1201, the mail title 1202, the sender address 1203, the receiver / broadcast address 1204, the transmission date 1205, and the like may be configured to be sortable. In FIG. 12, all emails are displayed regardless of whether auditing is completed or not. However, only audited emails are set to be displayed, and only unaudited emails are displayed. Setting is also possible. Further, for unaudited mails, when an estimated evaluation value is instructed to be clicked, control may be performed so that the audited mail used for calculating the estimated evaluation value of the mail is displayed.

  Further, the CPU 201 of the e-mail audit server 101 detects this by giving a click instruction to the e-mail title shown in the e-mail title 1202 column on this screen 1200 with the pointing device of the information processing apparatus 104 used by the group manager. Then, a detail confirmation screen 1300 as shown in FIG. 15 can be displayed on the display of the information processing apparatus 104 used by the group manager.

  The evaluation input on the detailed confirmation screen 1300 is based on the result of the post-audit for similar emails. For example, the evaluation input as shown in 1301 is “0”, “check required” The evaluation is digitized as “50” for those evaluated as “cannot be said” and “100” for those determined as “not transmittable”. In addition, this numerical example is an example and can be arbitrarily adjusted. Further, the categories such as “transmittable” and “not transmittable” are not limited to this, and can be arbitrarily set.

  Returning to the flowchart of FIG.

  When the mail data selection / display process (FIG. 7) in step S502 is completed, the CPU 201 requests a detailed display of mail data (click instruction for each mail title in the mail title 1202) via the screen shown in FIG. In step S503, if it is determined that an instruction has been received (YES in step S503), the details of the instructed mail are displayed on the display of the information processing apparatus 104 used by the group manager. It is displayed (step S504). At that time, a screen as shown in FIG. 15 is displayed.

  FIG. 15 is a diagram showing an example of a post-audit screen 1300 for e-mails.

  On this screen 1300, the group manager indicates to which e-mail address the e-mail address (TO), broadcast address (CC), BCC, etc. has been sent, the contents of the text, and attached to the e-mail. Check the contents of the file, etc., and enter how the mail should actually be handled (sendable / not sendable / check required / cannot say either) into the radio button in the evaluation input field 1301, By pressing a “confirm” button 1302, the post-audit of the e-mail is completed.

  Note that the administrator can confirm the contents of the attached file not only by the text 1303 but also by giving an instruction to click the attached file with a pointing device in the attached 1304.

  Returning to the flowchart of FIG.

  If the CPU 201 determines that an audit end instruction input has been received via the screen as shown in FIG. 15 (the “confirm” button 1302 has been pressed) (step S505), the audit result data is stored in the HDD 204. Is stored in the post-audit result DB (FIG. 16).

  The processes in S503 to S506 are performed until an end instruction is received from the group manager (until the “end” button 1207 in FIG. 14 is clicked).

  That is, the CPU 201 determines whether or not there is an end instruction based on an operation by the user via the screen. Note that the termination instruction is, for example, an instruction to close the screen illustrated in FIG. 14 or an instruction to log out.

  If the CPU 201 determines that there is no end instruction yet (NO in step S507), the process returns to step S503.

  On the other hand, if the CPU 201 determines that an end instruction has been given (YES in step S507), the CPU 201 ends the process.

  FIG. 16 is a diagram illustrating an example of a configuration of a post-audit result DB that registers a post-audit result in an email.

  As shown in FIG. 16, ID information for uniquely identifying an e-mail, audit execution date, auditor, evaluation, and the like are registered in the post-audit result DB.

  For example, “0” is registered in the evaluation column for “transmission enabled”, “100” for transmission impossible, “50” for “check required”, and “50” for “neither”. In addition, this numerical example is an example and can be arbitrarily adjusted. Further, the categories such as “transmittable” and “not transmittable” are not limited to this, and can be arbitrarily set.

  If the sender of the e-mail belongs to multiple groups, the post-audit will be performed by the group administrator of each group, so there will be multiple post-audit data for one mail. There is also.

  Through the above-described post-audit processing, each management determines whether the audit was valid separately from the audit based on the filtering rule by the e-mail audit server that can send (send) / hold / cannot send (delete) Data is accumulated by the person who makes the judgment at the time of the ex-post audit. Once a rule has been set, it cannot be used as it is in the future, so it is necessary to determine the validity of the rule at a certain timing and make changes. In the present invention, a support process for changing a rule is prepared so that the rule can be changed based on the validity of the rule.

  Further, post-audit can be performed not only by the administrator of the mail sender but also by the administrator of the mail receiver. In that case, not only the sender of the email but also the group to which the recipient of the email belongs is set as the group setting of the email.

  By doing so, more check data not only based on mechanical checks but also based on human judgment is accumulated in the post-audit result DB of the e-mail of the e-mail audit server 101. In this system, these data are used effectively to support the processing of the system administrator that occurs when the filtering rule is changed.

  In the present embodiment, the e-mail auditing right has been described as an example. However, by changing the e-mail sender and the transmission date and time to the information creator and the creation date and time, the access right for general information is given. Can be managed.

  With this configuration, an administrator who is an administrator can manage access rights that are accessible only to information issued by employees to be managed and are not allowed to access other information. it can.

  When an information audit is performed, it is possible to have the administrator at the time of information creation perform the audit, so even after changes have been made to the information creator and the auditor due to changes in the information creator or administrator, Auditing by other managers is no longer performed, and information that could not be accessed is never accessed, and as a result, the risk of information leakage due to the spread of information can be reduced. .

<Change of filtering rule>
FIG. 17 is a flowchart showing an example of a seventh control processing procedure according to the present invention, which corresponds to the filtering rule setting support processing performed by the e-mail audit server 101. This process is performed by the CPU 201 according to control by a program recorded in the HDD 204.

  First, the CPU 201 accepts an input of a new filtering rule by a filtering rule setter (for example, an administrator of the e-mail audit server 101) from the screen 1500 shown in FIG. 18 displayed on the display device of the information processing apparatus 104. (Step S601). The input of a new filtering rule here may be a form in which a change is made to an existing filtering rule, or a form in which a new rule is created. Note that the filtering rule for accepting the input here is not set as a new rule at the time of acceptance.

  FIG. 18 is a diagram showing an example of a mail filtering rule setting / change screen, which is displayed on the display device of the information processing apparatus 104 used by the filtering rule setting person described above.

  Via this screen 1500, the administrator of this system can set e-mail filtering rules.

  In S601 of FIG. 17, the information inspection function setting is also accepted from the screen 2000 shown in FIG.

  FIG. 19 is a diagram illustrating an example of the information inspection function setting screen, which is displayed on the display device of the information processing device 104 used by the filtering rule setting person described above.

  Through this screen 2000, the administrator of this system can set a level (recording level) for holding an e-mail and a level (NG level) for deleting an e-mail using a slider bar 999. That is, as a result of evaluating the e-mail based on the keyword input from the screen 1500 shown in FIG. 18, it is set to which level the e-mail is put on hold or the e-mail is deleted.

  Hereinafter, the description returns to the flowchart of FIG.

  When S601 ends, the CPU 201 performs filtering processing based on the rules for the e-mail (stored in the HDD 204) transmitted in the past certain period based on the keyword received in step S601. (Step S602).

  Then, as a result of step S602, the CPU 201 acquires, among the mails that have been determined not to be transmitted by the group manager in the past, if the rule is applied, the mail that will not be hit by the pre-audit (step S603). . Similarly, the CPU 201 acquires an e-mail that cannot be transmitted or put on hold when the rule is applied, among e-mails that have been determined to be transmittable by the group manager in the past (step S604).

  Then, the CPU 201 calculates an index based on the results of steps S603 and S604 and displays the index on the display device of the information processing device 104 used by the filtering rule setter described above (step S605). The image of the screen is like a screen 1700 in FIG. Here, of course, the processing of steps S603 and S604 may be performed according to a conventional rule, and the result and comparison display may be displayed.

  FIG. 20 is a diagram showing an example of the filtering simulation result screen, which is displayed on the display device of the information processing device 104 used by the filtering rule setter described above.

  In the screen 1700 of FIG. 20, reference numeral 1701 indicates how the result of relaying (sending) / holding / deleting (not sending) past electronic mail changes when the mail filtering rule is changed. In particular, 1701a indicates the number of mails relayed after being held in the filtering rule before the change, and 1701b indicates the number of mails deleted after being held in the filtering rule before the change.

  1702 indicates how many e-mails that have been previously determined to be “deleted” (cannot be sent) are sent to the outside by changing the filtering rule. That is, the number of mails that were originally deleted or deleted as a result of the manager's visual inspection, but are relayed, is a caution and is subject to confirmation.

  Further, reference numeral 1703 indicates how many e-mails that have been “relayed” (sent) until now are caught by the filtering rule and become “deleted” or “hold”. . That is, the number of mails that were originally relayed on hold or deleted is an object of confirmation because it is an indicator of whether or not there is an excessive inspection.

  In addition, when the detailed button 1706 is clicked by the pointing device of the information processing apparatus 104 used by the filtering rule setter described above, this instruction is transmitted to the email audit server 101, and the CPU 201 of the email audit server 101 A list of e-mails is displayed on the display of the information processing apparatus 104 so that the contents of each target e-mail can be confirmed. However, if the filtering rule setter described above is a user who should not see individual mails, the CPU 201 performs control so that the contents of the mails are not displayed.

  Note that it is desirable to reduce the number of “hold” and “delete” emails that may be “relayed” by changing the filtering rule.

  This is because, for example, if an email is put on hold, the group administrator's pre-audit work will occur, so it is desirable to prevent the email from being put on hold as much as possible. It is desirable to prevent a process of creating a new e-mail from being transmitted in order to transmit the information by deleting a possible mail.

  In addition, it should not be possible for an email that was deleted before the keyword change to be sent (relayed) to the outside without hitting the previous audit conditions. Must not.

  Therefore, by changing the settings of these filtering conditions, the system administrator can grasp exactly what kind of change will occur in the email transmission status, and determine the appropriate filtering rule change in a form that identifies the change. Such a screen is prepared so that the system auditor can be performed, and the information is provided.

  Hereinafter, the description returns to the flowchart of FIG.

  In step S606, the CPU 201 determines whether or not a change instruction has been given by the administrator of the e-mail audit server who has seen the simulation result shown in FIG. 20 (the apply button 1705 in FIG. 20 has been instructed). If it is determined that an instruction has been given (YES in step S606), the filtering rule received as the temporary rule in step S601 is applied as the main rule (step S607), and the process is terminated.

  On the other hand, if NO in step S606 (when the apply button 1705 in FIG. 20 is not instructed and the “return” button 1704 is instructed), the CPU 201 repeats the processing from step S601.

  Note that the CPU 201 performs an indexing process on the e-mail data stored in the e-mail log data shown in FIG. 13 by night batch or the like, and an index indicating where the keyword exists in the electronic data. Is stored in the HDD 204. Thus, the CPU 201 can perform keyword search at high speed when performing the filtering process in step S602, and can quickly complete the filtering process.

  As described above, based on the filtering simulation result screen 1700 of FIG. 20, the filtering rule setter (system administrator) described above can grasp the overall tendency and verify the validity of the filtering rule. it can.

  In this way, past evaluations can be used for statistical evaluation when creating filtering rules.

  The above is an example of the filtering rule setting support process.

  That is, the e-mail monitoring server 103 accepts a change in the rule for disabling or holding the transmission of the e-mail stored in the HDD 204 from the screens of FIGS. 14 and 15, and the e-mail filtering result based on the changed rule And the difference information between the filtering result of the e-mail based on the pre-change rule stored in the HDD 204 is displayed on the screens (1701 to 1703) of FIG.

  The difference information includes information (1702) of the number of emails transmitted (relayed) in the rule after the change among the emails suspended (deleted / deleted after the hold) in the rule before the change. Is included.

  Further, the difference information includes information (1703) on the number of emails that are interrupted (suspended / deleted) in the rule after the change among emails sent (relayed) in the rule before the change. It is.

<Create filtering rules>
Next, another form of the filtering rule setting support process will be described with reference to FIG.

  FIG. 21 is a flowchart showing an example of the eighth control processing procedure in the present invention, and corresponds to another form of the filtering rule setting support processing. This process is performed by the CPU 201 according to control by a program recorded in the HDD 204.

  In the filtering rule setting support process shown in FIG. 17, the rule is set only by the administrator of the e-mail audit server 101 or the like, and an indication is provided as to whether the rule is valid. The purpose of this is to improve the rules system. However, in the form shown in FIG. 21, the rule is also set by the e-mail audit server 101 so that the administrator of the e-mail audit server 101 does not have to create a rule.

  First, the CPU 201 acquires e-mail data for creating a filtering rule from the plurality of HDDs 204 (step S701). In this case, the administrator of the e-mail audit server 101 creates e-mail data for creating the filtering rule and records it in the HDD 204 in advance.

  Then, the CPU 201 requests a plurality of group managers to audit the email data acquired in step S701 (step S702). A plurality of group managers who request this audit may be set in advance, or the CPU 201 may select at random from the management target definition information (1403 in FIG. 10B).

  After that, the CPU 201 shifts to an audit response waiting state from a plurality of group managers who have requested the audit (steps S703 to S705).

  The group manager inputs an answer (evaluation) to the email requested to be audited via the screen having the same configuration as the screen shown in FIGS. 14 and 15, and transmits it to the email audit server 101. It will be.

  After that, if the CPU 201 determines that a response to the audit request from the group manager has been received (YES in step S703), the content of the response notification is recorded in the HDD 204 (step S704), and the process proceeds to step S705. Proceed.

  On the other hand, when it is determined that the response to the audit request from the group manager has not been received (NO in step S703), the CPU 201 proceeds the process to step S705 as it is.

  In step S705, the CPU 201 controls to perform the processing in steps S703 and S704 until the time (answer date) set as the reply date is reached (determined as YES in step S705). If it is determined that the determination has been made (YES in step S705), the process proceeds to step S706.

  In step S706, the CPU 201 creates a filtering rule based on the answer notification recorded in the HDD 204, and applies the created rule as a filtering rule (overwrites the HDD 204 and sets the filtering rule) (step S707). . And the process of this flowchart is complete | finished.

  As described above, the CPU 201 of the email audit server 101 requests evaluation from a plurality of group managers so that the administrator of the email audit server 101 can save time and effort for rule creation. At the same time, objective rule creation based on evaluations by a plurality of group managers can be performed.

  The above is the filtering rule setting support process performed by the e-mail audit server.

  As described above, it is possible to simulate the filtering result of the filtering rule newly set at the time of setting the search keyword and the current filtering rule and present an index for setting the search keyword.

  In addition, it is possible to support search keyword setting in a manner reflecting the past final judgment of the administrator who has audited the e-mail.

  It should be noted that the configuration and contents of the various data described above are not limited to this, and it goes without saying that the various data and configurations are configured according to the application and purpose.

  Although one embodiment has been described above, the present invention can take an embodiment as, for example, a system, apparatus, method, program, or recording medium, and specifically includes a plurality of devices. The present invention may be applied to a system including a single device.

  The configuration of a data processing program that can be read by the information processing apparatus (e-mail monitoring server 101) according to the present invention will be described below with reference to the memory map shown in FIG.

  FIG. 22 is a diagram for explaining a memory map of a recording medium (storage medium) for storing various data processing programs readable by the information processing apparatus (electronic mail monitoring server 101) according to the present invention.

  Although not specifically shown, information for managing a program group stored in the recording medium, for example, version information, creator, etc. is also stored, and information depending on the OS on the program reading side, for example, a program is identified and displayed. Icons may also be stored.

  Further, data depending on various programs is also managed in the directory. In addition, when a program or data to be installed is compressed, a program to be decompressed may be stored.

  The functions shown in FIGS. 3, 4, 6, 7, 8, 9, 17, and 21 in this embodiment may be performed by a host computer by a program installed from the outside. In this case, the present invention is applied even when an information group including a program is supplied to the output device from a recording medium such as a CD-ROM, a flash memory, or an FD, or from an external recording medium via a network. Is.

  As described above, a recording medium in which a program code of software for realizing the functions of the above-described embodiments is recorded is supplied to the system or apparatus, and the computer (or CPU or MPU) of the system or apparatus is stored in the recording medium. It goes without saying that the object of the present invention can also be achieved by reading and executing the program code.

  In this case, the program code itself read from the recording medium realizes the novel function of the present invention, and the recording medium storing the program code constitutes the present invention.

  As a recording medium for supplying the program code, for example, a flexible disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, DVD-ROM, magnetic tape, nonvolatile memory card, ROM, EEPROM, A silicon disk or the like can be used.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an OS (operating system) or the like running on the computer based on the instruction of the program code. It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Furthermore, after the program code read from the recording medium is written in a memory provided in a function expansion board inserted in the computer or a function expansion unit connected to the computer, the function expansion is performed based on the instruction of the program code. It goes without saying that the case where the CPU or the like provided in the board or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  Further, the present invention may be applied to a system composed of a plurality of devices or an apparatus composed of a single device. Needless to say, the present invention can be applied to a case where the present invention is achieved by supplying a program to a system or apparatus. In this case, by reading a recording medium storing a program represented by software for achieving the present invention into the system or apparatus, the system or apparatus can enjoy the effects of the present invention.

  Furthermore, by downloading and reading out a program represented by software for achieving the present invention from a server, database, etc. on a network using a communication program, the system or apparatus can enjoy the effects of the present invention. It becomes.

  In addition, all the structures which combined each embodiment mentioned above and its modification are also included in this invention.

It is a figure which shows an example of a structure of the system which shows one Embodiment of this invention. It is a block diagram which shows the basic composition of the electronic mail audit server 101 shown in FIG. It is a flowchart which shows an example of the 1st control processing procedure in this invention. It is a flowchart which shows an example of the 2nd control processing procedure in this invention. It is a figure which shows an example of the screen used when the group manager of the originator of the said mail performs an audit beforehand with respect to the mail suspended by the electronic mail audit server 101. It is a flowchart which shows an example of the 3rd control processing procedure in this invention. It is a flowchart which shows an example of the 4th control processing procedure in this invention. It is a flowchart which shows an example of the 5th control processing procedure in this invention. It is a flowchart which shows an example of the 6th control processing procedure in this invention. 6 is a diagram illustrating an example of a group definition information table, a group information table, and a management target definition information table stored in the HDD 204 of the e-mail audit server 101. FIG. 6 is a diagram illustrating an example of a group definition information table, a group information table, and a management target definition information table stored in the HDD 204 of the e-mail audit server 101. FIG. It is a figure which shows an example of the information (LDIF; LDAP Interchange Format) managed on the LDAP server 103. FIG. FIG. 10 is a diagram illustrating an example of an e-mail search screen that is displayed on the display device of the information processing apparatus 104 used by the group manager when the group manager performs a post-audit of the e-mail. It is a figure which shows an example of the detail of electronic mail log data. FIG. 9 is a diagram showing an example of a search result list screen 1200 for displaying results based on the e-mail selection / display process shown in FIG. 7. It is a figure which shows an example of the post-audit screen 1300 of an email. It is a figure which shows an example of a structure of post-audit result DB which registers the result of post-audit in an email. It is a flowchart which shows an example of the 7th control processing procedure in this invention. It is a figure which shows an example of the setting / change screen of a mail filtering rule. It is a figure which shows an example of an information inspection function setting screen. It is a figure which shows an example of a filtering simulation result screen. It is a flowchart which shows an example of the 8th control processing procedure in this invention. It is a figure explaining the memory map of the recording medium (storage medium) which stores the various data processing program which can be read by the information processing apparatus (electronic mail monitoring server 101) which concerns on this invention.

Explanation of symbols

101 Email Audit Server 102 Email Server 103 LDAP Server 104 Information Processing Device 105 Network 120 Wide Area Line

Claims (9)

The e-mail communication to apply the communication control rule of order was relaying or interrupted, the communication control processing of the electronic mail to a line power sale information processing apparatus,
A first storage means for storing a first rule used as the communication control rule when performing the communication control process of the e-mail ;
Communication control means for executing communication control processing of e-mail using the first rule;
Second storage means for storing the e-mail subjected to the communication control process by the communication control means together with a result of the communication control process;
A first receiving means for receiving an input of the second rule that is different from said first rule,
Filtering means for executing communication control simulation processing using the second rule for the e-mail stored in the second storage means;
First display information generating means for generating first display information for displaying information related to an electronic mail in which the result of the communication control process by the communication control means is different from the result of the communication control simulation process by the filtering means; ,
An information processing apparatus comprising: Second accepting means for accepting an instruction to change the first rule;
When a change instruction is received by the second receiving unit, the first rule stored in the first storage unit is updated with the second rule received by the first receiving unit. Updating means to
The information processing apparatus according to claim 1, further comprising: A third accepting means for accepting a detailed display request for an e-mail in which the result of the communication control process by the communication control means is different from the result of the communication control simulation process by the filtering means ;
And a second display information generating unit configured to generate second display information for displaying the content of the e-mail in a confirmable manner when a detailed display request is received by the third receiving unit. The information processing apparatus according to claim 1 or 2. The first display information includes information on the number of e-mails in which the result of the communication control simulation process by the filtering unit is relayed among the e-mails in which the result of the communication control process by the communication control unit is interrupted. The information processing apparatus according to claim 1, wherein the information processing apparatus is an information processing apparatus. The first display information includes information on the number of e-mails in which the result of the communication control simulation process by the filtering unit is interrupted among e-mails in which the result of the communication control process by the communication control unit is relay. The information processing apparatus according to claim 1, wherein the information processing apparatus is an information processing apparatus. The interruption includes a suspension of sending an email,
As a result of the communication control process by the communication control means, an input means for causing the administrator of the sender of the e-mail to input an instruction to enable or disable transmission for an e-mail whose transmission is suspended;
A transmission means for relaying an email whose transmission is suspended when an instruction to enable transmission is input by the input means;
Further comprising
In the first display information, a communication control simulation by the filtering unit is included in the e-mail in which the result of the communication control process by the communication control unit is suspension of transmission and an instruction not to be transmitted is input by the input unit. 6. The information processing apparatus according to claim 1, further comprising information on the number of e-mails whose processing results are relayed . A method for controlling an information processing apparatus including a storage device for storing a first rule is an electronic mail communication control rule of order was relayed or interrupt the communication,
A communication control step of executing an email communication control process using the first rule;
A storage step of storing, in the storage device, the electronic mail that has undergone the communication control process in the communication control step, together with a result of the communication control process ;
A first reception step of receiving the input of the second rule that is different from said first rule,
A filtering step of executing communication control simulation processing using the second rule with respect to the e-mail stored in the storage device;
First display information generation for generating first display information for displaying information about an electronic mail in which the result of the communication control process in the communication control process is different from the result of the communication control simulation process in the filtering process Process,
An information processing apparatus control method comprising:   The program for functioning a computer as an information processing apparatus as described in any one of Claims 1 thru | or 6.   A computer-readable recording medium on which the program according to claim 8 is recorded.

Images