WO2015177832A1 - Dispositif d'aide à la détermination de mesure de sécurité et procédé d'aide à la détermination de mesure de sécurité - Google Patents

Dispositif d'aide à la détermination de mesure de sécurité et procédé d'aide à la détermination de mesure de sécurité Download PDF

Info

Publication number
WO2015177832A1
WO2015177832A1 PCT/JP2014/063158 JP2014063158W WO2015177832A1 WO 2015177832 A1 WO2015177832 A1 WO 2015177832A1 JP 2014063158 W JP2014063158 W JP 2014063158W WO 2015177832 A1 WO2015177832 A1 WO 2015177832A1
Authority
WO
WIPO (PCT)
Prior art keywords
countermeasure
security
information
safety
measure
Prior art date
Application number
PCT/JP2014/063158
Other languages
English (en)
Japanese (ja)
Inventor
佑生子 松原
甲斐 賢
千秋 太田原
Original Assignee
株式会社 日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社 日立製作所 filed Critical 株式会社 日立製作所
Priority to PCT/JP2014/063158 priority Critical patent/WO2015177832A1/fr
Publication of WO2015177832A1 publication Critical patent/WO2015177832A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management

Definitions

  • the present invention relates to a security measure determination support apparatus and a security measure determination support method.
  • a storage means for storing a correspondence table of threats and assets indicating correspondence between threats that cause changes and asset attributes, and a correspondence table of threats and countermeasures indicating possible measures corresponding to each threat.
  • a device that extracts threats corresponding to attribute information from attribute information such as types of components, operations, etc. in a diagnosis target system and a correspondence table of threats and assets, and outputs a countermeasure corresponding to the threat (Patent Literature) 1) is proposed.
  • the security measures are evaluated based on the minimization of the costs related to the introduction and operation of security measures and the suppression of residual risks and derivative risks associated with the implementation of security measures. It is intended to make a proposal.
  • an object of the present invention is to provide a technology that makes it possible to propose a security measure in consideration of the availability of a countermeasure target.
  • the present application includes a plurality of means for solving the above-described problems.
  • each of the threats that affect the security countermeasure target and the security countermeasure candidates that are assumed to be applied to the threat are considered to be applied to the threat.
  • a storage device for storing countermeasure information including information, and safety request information including each information related to a safety level on information security required for the security countermeasure target and a maintenance time of the corresponding safety level, and A figure area corresponding to each side length corresponding to each size of the safety level and the maintenance time of the corresponding safety level indicated by the safety requirement information, and the corresponding security countermeasure candidate indicated by the information of the security countermeasure candidate in the countermeasure information
  • the length of each side in each size of the safety level assumed for the application and the maintenance time of the applicable safety level The corresponding graphic area is collated to determine the cover state of the graphic area corresponding to the safety requirement information by the graphic area corresponding to the countermeasure information, and the evaluation result of the corresponding security countermeasure candidate is determined according to the cover state.
  • a computing device that generates and outputs to the output device; It is characterized by providing.
  • the security measure determination support method of the present invention is required for the measure information including each information related to the threat that affects the security measure target and the potential security measure candidate to be applied to the threat, and the security measure target.
  • a computer having a storage device for storing safety requirement information including information related to a safety level for information security and a maintenance time of the safety level, and the safety level and the safety indicated by the safety requirement information.
  • the reachable safety level assumed for application of the corresponding security countermeasure candidate and the corresponding reached safety indicated by the graphic area in which each side length corresponds to each magnitude of the maintenance time of the level and the information of the security countermeasure candidate in the countermeasure information The graphic area corresponding to each side length corresponding to each level maintenance time is collated, Determining the cover state of the graphic area corresponding to the safety requirement information by the graphic area corresponding to the information, generating an evaluation result of the corresponding security countermeasure candidate according to the cover state, and executing a process to output to the output device; It is characterized by that.
  • FIG. 1 It is a figure which shows the example of a network structure containing the security countermeasure determination assistance apparatus of this embodiment. It is a figure which shows the hardware structural example of the security countermeasure determination assistance apparatus in this embodiment. It is a figure which shows the example of the main flow of the security countermeasure determination support method in this embodiment. It is a figure which shows the example of the risk reference value table
  • Example 5 of the MS figure in this embodiment It is a figure which shows Example 1 of the DMS figure in this embodiment. It is a figure which shows Example 2 of the DMS figure in this embodiment. It is a figure which shows Example 1 of MO area in this embodiment. It is a figure which shows Example 2 of the MO area in this embodiment. It is a figure which shows Example 1 of the EA area in this embodiment. It is a figure which shows Example 2 of the EA area in this embodiment. It is a figure which shows Example 1 of the countermeasure model proposal table creation rule input screen in this embodiment. It is a figure which shows Example 2 of the countermeasure model proposal table creation rule input screen in this embodiment.
  • FIG. 1 is a diagram illustrating an example of a network configuration including a security measure determination support apparatus 100 according to the present embodiment.
  • a security countermeasure determination support apparatus 100 shown in FIG. 1 is a computer that enables a security countermeasure proposal considering availability in a security countermeasure target system.
  • the security measure determination support apparatus 100 according to the present embodiment includes a user terminal 200 used by a designer of a security measure target system and a user terminal 250 used by a security expert via a network 20. It is tied so that it can communicate.
  • These security countermeasure determination support device 100 and user terminals 200 and 250 can be defined as the security countermeasure determination support system 10.
  • a security countermeasure target system for example, a complicated and large-scale power supply system including a plurality of servers including information management servers, subsystems, meters, terminals, and the like is assumed.
  • a security expert who received a request from the system designer described above performs risk analysis of the target system based on the DFD (data flow diagram, hereinafter referred to as DFD) in the target system, and security.
  • DFD data flow diagram
  • a situation is assumed in which the security measure determination support device 100 of the present embodiment is used via the user terminal 250 as a support means for planning measures.
  • Security specialists are not only requirements for system development, but also security for emergency measures prepared in advance to resume normal execution of business flow and system recovery immediately when a risk occurs during system operation. It is necessary to plan measures.
  • a countermeasure group is defined as a combination of a plurality of security measures planned by the security expert using the security measure determination support apparatus 100 of the present embodiment on a predetermined scale based on a certain rule.
  • this countermeasure group is evaluated, and a countermeasure model is obtained by combining the countermeasure groups on a larger scale (the entire system) based on the evaluation result.
  • FIG. 2 is a diagram illustrating a hardware configuration example of the security measure determination support apparatus 100 according to the present embodiment.
  • the security measure decision support device 100 is stored in the storage device 101, a storage device 101 composed of an appropriate non-volatile storage element such as an SSD (Solid State ⁇ Drive) or a hard disk drive, a memory 103 composed of a volatile storage element such as a RAM, and the storage device 101.
  • a storage device 101 composed of an appropriate non-volatile storage element such as an SSD (Solid State ⁇ Drive) or a hard disk drive
  • a memory 103 composed of a volatile storage element such as a RAM
  • the CPU 102 (arithmetic unit) that performs various determinations, computations, and control processes, and performs communication and control with the user terminals 200 and 250 is performed by reading the program 102 to the memory 103 and executing the program 102
  • a communication device 107 that performs processing is provided.
  • the security measure determination support device 100 may include an input device 105 such as a keyboard and a mouse that receives input from the user, and an output device 106 such as a display and a speaker that outputs processing results.
  • the storage device 101 stores data 110 to 127 necessary for various processes in addition to the program 102 for implementing functions necessary for the security measure determination support device 100 of the present embodiment. Details of the data 110 to 127 will be described later.
  • the user terminals 200 and 250 have the same hardware configuration as a general computer and function as computer terminals.
  • Functional example of security measure decision support device ---
  • functions provided in the security measure determination support device 100 of this embodiment will be described. As described above, the functions described below can be said to be implemented by executing the program 102 provided in the security measure determination support apparatus 100, for example.
  • the security measure determination support apparatus 100 includes a communication unit 171, a registration unit 172, a measure list creation unit 173, an input unit 174, a measure evaluation unit 175, a measure model creation unit 176, and specifications. Each function of the entry unit 177 is provided.
  • the communication unit 171 is a function of controlling the communication device 107 to access the network 20 and performing communication processing with external devices such as the user terminals 200 and 250 according to the protocol of the network 20.
  • the registration unit 172 has a function of performing processing for registering data such as various tables and specifications acquired via the input device 105 or the communication device 107 in the storage area of the storage device 101.
  • the countermeasure list creation unit 173 is a function that performs security countermeasure planning processing based on the risk analysis result regarding the countermeasure target system obtained from the user terminal 250 of the security expert, for example.
  • the input unit 174 receives input of the above-described countermeasure group and countermeasure model creation rules from the input device 105 or the user terminal 250 via the communication device 107, and the accepted creation rules are stored in the memory 103 or the storage device. This is a function stored in 101.
  • the measure evaluation unit 175 is a function for evaluating the security measures planned by the measure list creation unit 173.
  • the measure evaluation unit 175 includes a graphic area in which each side length corresponds to each safety level and each maintenance time level of the safety level indicated by a DFD risk reference value table 111 (safety requirement information) described later, The safe level assumed for application of the corresponding security countermeasure candidate and the maintenance time of the corresponding reached safety level indicated by the information of the security countermeasure candidate for the corresponding DFD in the countermeasure list 115 and the countermeasure list detail table 116 (both countermeasure information) described later.
  • the figure area corresponding to each size of each side is compared with the figure area corresponding to each side length to determine the cover state of the figure area corresponding to the corresponding DFD by the figure area corresponding to the corresponding security countermeasure candidate.
  • An evaluation result of the corresponding security countermeasure candidate is generated according to the state and output to the output device 106 or the user terminal 250. It has a function of.
  • the measure evaluation unit 175 selects the side corresponding to the safety level maintenance time among the above-described graphic regions corresponding to the corresponding DFD, and the reached safety level among the above-described graphic regions corresponding to the security measure candidates for the corresponding DFD.
  • a side corresponding to the maintenance time is arranged on a predetermined time axis, and the time zone covered by the graphic region corresponding to the corresponding security countermeasure candidate among the graphic regions corresponding to the above-mentioned DFD, and arrival in the time zone Information on the area defined by the safety level may be specified as the cover state.
  • the countermeasure evaluation unit 175 has an edge corresponding to the maintenance time of the safety level in the graphic area corresponding to the DFD described above, and an edge corresponding to the maintenance time of the reached safety level in the graphic area corresponding to the security countermeasure candidate for the DFD.
  • the above-described cover state is specified by placing the start point at the time when an allowable recovery time has elapsed since the operation stop of the security countermeasure target indicated by the risk reference value table 111 of the corresponding DFD It is good.
  • the countermeasure evaluation unit 175 has a side corresponding to the safety level maintenance time among the graphic areas corresponding to the DFD described above, and a reaching safety level among the plurality of graphic areas corresponding to the security countermeasure candidates for the DFD.
  • An edge corresponding to the maintenance time is arranged on a predetermined time axis, and among the graphic areas corresponding to the DFD described above, a time zone covered by a plurality of graphic areas corresponding to security countermeasure candidates for the DFD, and Information on an area defined by the overlap of reachable safety levels indicated by the plurality of graphic areas in the time zone may be specified as the cover state.
  • the storage device 101 information on security countermeasure candidates for the above-mentioned DFD is applied when development of a system that is a security countermeasure target and is constantly operated, and when a risk occurs during system operation.
  • the above-mentioned countermeasure evaluation unit 175 has a side corresponding to the maintenance time of the safety level in the graphic area corresponding to the above-mentioned DFD.
  • the side corresponding to the maintenance time of the arrival safety level is arranged on a predetermined time axis among the graphic areas corresponding to the countermeasure information of at least one of the countermeasure for development and the countermeasure for first aid described above, Of the graphic area corresponding to DFD, the time covered by the graphic area corresponding to the countermeasure information of at least one of the countermeasures for development and first aid When, it may identify the information of the area defined by the reach safe level in the time zone as a cover state.
  • the countermeasure model creation unit 176 is a function for creating a countermeasure model based on the evaluation result of the security countermeasures by the countermeasure evaluation unit 175.
  • the countermeasure model creation unit 176 functions as a security countermeasure from the input terminal 106 or from the user terminal 250 via the network 20.
  • the above-mentioned security countermeasure candidates are identified as the evaluation results corresponding to the conditions indicated by the user request, the countermeasure model is generated from the identified security countermeasure candidates, and the countermeasure model is output This is a function for outputting to the user terminal 250 via the device 106 or the network 20.
  • each countermeasure model creation unit 176 identifies security countermeasure candidates in order of the degree of correspondence of the evaluation results to the conditions indicated by the above-described user request, and uses the security countermeasure models in order of the degree of correspondence to the conditions of the user request. May be sequentially generated, and each countermeasure model may be output to the output terminal 106 or the user terminal 250 via the network 20.
  • the specification entry unit 177 automatically inserts the requirement definition of the countermeasure list, which is designated to be adopted from the input device 105 or the user terminal 250, into the corresponding portion of the specification file 127 stored in the storage device 101 in advance. This is a function to generate a document.
  • the security measure determination support apparatus 100 having these functions 171 to 177 evaluates security measures based on information received from the system designer and security specialist, formulates and presents a measure model, and adopts a measure model to be adopted. A device that automatically inserts requirement definitions into specifications and outputs them. --- Main flow example --- Hereinafter, the actual procedure of the security measure determination support method in the present embodiment will be described with reference to the drawings.
  • Various operations corresponding to the security countermeasure determination support method described below are realized by a program 102 that the security countermeasure determination support apparatus 100 reads into the memory 103 and executes. And this program 102 is comprised from the code
  • FIG. 3 is a diagram showing an example of the main flow of the security measure determination support method in the present embodiment. In this flow, not only the processing of the security countermeasure determination support apparatus 100 but also the processing in the user terminals 200 and 250 that give information to the security countermeasure determination support apparatus 100 is also shown.
  • the user terminal 200 of the system designer has the DFD 110, the R_SL determination table 119, the R_TP, A_TP determination table 121, the R_TO, A_TO determination table 122, the DFD risk reference value table 111, the system cooperation WBS 123, the application development WBS 124, Are transmitted and registered to the security measure decision support apparatus 100 in accordance with an instruction from the system designer (S3401).
  • the communication unit 171 of the security measure determination support device 100 receives each of the above-mentioned data transmitted from the above-described user terminal 200, passes it to the registration unit 172, and the registration unit 172 stores it in the storage device 101 ( S3402).
  • a security measure is evaluated by defining the concept (numerical index) of “measure strength”. This countermeasure strength is expressed by the following two values.
  • MO The strength of the ability to maintain system operation (execution of business flow) in a certain security measure.
  • EA The strength of a security measure that can withstand external attacks and execute business flows normally.
  • R_SL A safety level that a business flow corresponding to a certain DFD should satisfy during normal operation.
  • R_TP Time allowed for temporary suspension of the business flow corresponding to a certain DFD.
  • R_TO Minimum operating time required for the business flow corresponding to a certain DFD.
  • A_SL A safety level at which a business flow can be reached by implementing certain security measures.
  • A_TP Time required to prepare for implementation of a certain security measure.
  • A_TO The duration of the effect of a certain security measure.
  • R_SL, R_TP, and R_TO are values that are determined by reflecting the intention of the system designer, and A_SL, A_TP, and A_TO are assigned by security experts from an objective standpoint with respect to the security measures that they have planned. It is the value to hit.
  • R_SL and A_SL are represented by integer values from “0” to “7”
  • R_TP, R_TO, A_TP, and A_TO are represented by integer values from “1” to “10”.
  • R_SL, R_TP, and R_TO are referred to as risk reference values
  • A_SL, A_TP, and A_TO are referred to as countermeasure reference values.
  • the risk reference value is a value given to the information of the DFD 110 registered in the security measure determination support apparatus 100 by the system designer.
  • system cooperation WBS and application development WBS are created in the process of system security design, and are the predecessor of the overall development WBS and development policy definition document included in the final system design requirement definition group.
  • the risk reference value R_SL, R_TP, and R_TO values associated with the ID (DFD_ID) of the corresponding DFD 110 are associated with the DFD risk reference value table 111 described above. It is a collection of records. Each risk reference value stored in the risk reference value table 111 is determined by the system designer's user terminal 200 using the determination tables shown in FIGS. 5, 7, and 8.
  • FIG. 5 is a diagram illustrating a configuration example of the R_SL determination table 119 in the present embodiment.
  • the value of R_SL in the present embodiment is determined by the user terminal 200 with reference to this R_SL determination table 119.
  • the R_SL determination table 119 is created mainly by the system designer, but may be created by a security expert or other related parties in consultation with the system designer.
  • the user terminal 200 determines the value of R_SL as R_SL based on the result of prediction of the impact when the business flow corresponding to the DFD 100 is stopped or abnormally operated (specified by the system designer), for example, “injuring human life / body”.
  • Table 119 is collated, and the corresponding R_SL value “7” is determined.
  • the system designer may input the value of R_SL with the input device of the user terminal 200.
  • FIG. 6 is an example of the A_SL determination table 120 in the present embodiment.
  • the security expert user terminal 250 refers to the A_SL determination table 120 to determine the value of A_SL.
  • the A_SL determination table 120 is created mainly by a security expert, but may be created in consultation with a system designer or other related parties.
  • the user terminal 250 determines the above-described value of A_SL by dividing it into levels according to the degree of recovery of the normal state after implementation of security measures, for example. For example, for the risk that the encryption parameters of encrypted communication will be leaked, if the communication can be resumed as before by tracking and reinforcing the leaked route and changing the encryption parameters, the degree of recovery is 100%, In addition, when using a password encryption means different from the conventional algorithm and taking a temporary measure such as sending the password by another route immediately after message transmission, the degree of recovery is 50%. In some cases, it is necessary to form consensus between the parties regarding the definition of the degree of recovery. The user terminal 250 receives a designation of the degree of recovery after the implementation of the corresponding security measure from the system designer, collates this degree of recovery with the A_SL determination table 120, and determines the value of the corresponding A_SL.
  • FIG. 7 is a diagram illustrating a configuration example of the R_TP and A_TP determination table 121 in the present embodiment.
  • each value of R_TP and A_TP is determined by the system designer's user terminal 200 with reference to the R_TP and A_TP determination table 121.
  • the R_TP and A_TP determination table 121 is created mainly by the system designer, but may be created by a security specialist or other related parties in consultation with the system designer.
  • the user terminal 200 collates the R_TP, A_TP determination table 121 with information on the time specified by the system designer, for example, the time allowed for temporary suspension of the business flow or the time required for preparation of countermeasures, and the corresponding R_TP, Determine the value of A_TP.
  • FIG. 8 is a diagram illustrating a configuration example of the R_TO and A_TO determination table 122 in the present embodiment.
  • the values of R_TO and A_TO are determined by the system designer's user terminal 200 with reference to the R_TO and A_TO determination table 122.
  • the R_TO and A_TO decision table 122 is created mainly by the system designer, but may be created by a security expert or other related parties in consultation with the system designer.
  • the user terminal 200 collates, for example, the minimum operating time required for the business flow or the effective duration of the countermeasure specified by the system designer against the R_TO, A_TO determination table 122, and sets the corresponding R_TO, A_TO values. decide.
  • A_TP and A_TO shall depend on the technical difficulty of countermeasures, the number of approved / known people, environmental facilities, etc.
  • the communication unit 171 of the security measure determination support apparatus 100 relates to the above-described data acquired in step S3401 and stored in the storage device 101 in step S3402 for the security expert user terminal 250.
  • An arrival notification is transmitted (S3403).
  • the security countermeasure determination support apparatus 100 in response to the transmission of the arrival notification, causes the user terminals for the DFD 110, the R_SL determination table 119, the R_TP, A_TP determination table 121, the R_TO, A_TO determination table 122, and the DFD risk reference value table 111. Browsing from 250 is possible.
  • the security measure determination support device 100 notifies the user terminal 250 of a URL indicating the storage location of the corresponding data in the storage device 101.
  • the user terminal 250 is notified of a password for accessing the data storage location.
  • the security expert operates the user terminal 250 to provide the above-described information presented by the security countermeasure determination support apparatus 100, that is, the DFD 110, the R_SL determination table 119, the R_TP, A_TP determination table 121, the R_TO, A_TO determination table 122, Each information in the DFD risk reference value table 111 is browsed, and risk analysis work is performed based on the information.
  • the user terminal 250 provides such a general function for risk analysis to the security expert, and generates the risk analysis table 114 (S3404).
  • the security expert described above uses the countermeasure list table 115 in the user terminal 250.
  • a countermeasure reference value determination work is executed together with the creation work.
  • the user terminal 250 acquires the countermeasure list table 115 thus created and the countermeasure reference value information (S3405).
  • the user terminal 250 transmits the above-described risk analysis table 114, countermeasure list table 115, A_SL determination table 120 (previously held by the user terminal 250), and countermeasure reference values to the security countermeasure determination support apparatus 100 for registration (S3406). ).
  • the communication unit 171 of the security measure determination support apparatus 100 receives the risk analysis table 114, the measure list table 115, the A_SL determination table 120, and the measure reference value transmitted from the user 250, and stores them in the registration unit 172. Then, the registration unit 172 stores the information in the storage device 101 (S3407).
  • the risk analysis table 114 described above includes a DFD (hereinafter, referred to as “risk” extracted at the time of risk analysis, a risk content and a required response level, and a business flow causing the risk occurrence). It is a table including at least each data of information of target DFD, information asset (protection target asset) that causes risk in target DFD, threat analysis, vulnerability analysis, and risk evaluation result.
  • the above-mentioned required response level is a priority for preventing risk occurrence, and is a value determined by a security expert while consulting with the requester (system designer, etc.) as necessary.
  • analysis results are compiled for each type of threat and the location (device, area, etc.) where the threat occurred, and information on information assets targeted by the threat is always included.
  • the target information asset (threat) is extracted from the protection target assets in the target DFD information column.
  • the results are summarized for each location where the vulnerability exists.
  • the results are summarized for each location where the risk exists, and each information of the risk level and the risk case ID is always included.
  • risk cases described above are, for example, “risk generation agents and abusers such as“ an outsider who has entered the information management center exploits the vulnerability of administrator authority settings and alters the device ID ”. This is a risk occurrence situation that clarifies vulnerabilities, occurrence locations, threats, etc. Risk assessment is performed for each risk case. The risk level is the degree of influence of the risk case determined based on the results of threat analysis and vulnerability analysis.
  • the above-described countermeasure list 115 is a list in which risk cases extracted in risk analysis are grouped for each risk occurrence location and threat, each countermeasure is listed, and an ID (measure ID) is given. It is.
  • the countermeasure list 115 a plurality of countermeasures may be listed for each risk case.
  • the security countermeasure with the ID “S003” is repeatedly described in two categories where the risk occurrence location is “information management server” and the threat is “spoofing” and “tampering”.
  • “information assets subject to threat” and “target DFD” in the risk column in the countermeasure list 115 are “target information assets (multiple)” ⁇ “protection” in the risk analysis table 114 (FIG. 9), respectively. It can be created by following “target asset” ⁇ “DFD_ID”.
  • the types of countermeasures are categorized according to whether they belong to functional countermeasures, operational countermeasures, or physical environmental countermeasures, and fall into risk prevention, risk detection, risk reduction, and business recovery. Is described.
  • in the item of type in addition to functions, operations, physical environmental measures, for example, administrative measures, facility measures, and the like may be used.
  • the subordinate items may be, for example, risk avoidance, separation, concentration (combination), and transfer.
  • the countermeasure list creation unit 173 of the security countermeasure determination support apparatus 100 performs the risk analysis table 114, the countermeasure list table 115, the A_SL determination table 120, the countermeasure reference value, and the original information obtained from the user terminal 250.
  • the countermeasure list detail table 116 is created and stored in the storage device 101 (S3408).
  • FIG. 11 is a diagram showing a detailed flow example 1 of the security measure determination support method in the present embodiment.
  • the countermeasure list creation unit 173 of the security countermeasure determination support apparatus 100 refers to the risk reference value table 111 of the DFD, and sets the risk reference value of the target DFD that is described for each threat at the risk occurrence location in the countermeasure list 115.
  • the maximum R_SL, the minimum R_TP, and the maximum R_TO are set in the countermeasure list detail table 116 as risk reference values of the integrated DS diagram (S3501).
  • this integrated DS diagram is created by adopting the maximum R_SL, minimum R_TP, and maximum R_TO of each business flow when there are multiple business flows that are subject to security measures.
  • the DS diagram shows the dangerous state when security measures are not implemented for the business flow that is subject to certain security measures
  • the vertical axis indicates the safety level (SL) of the target system
  • the horizontal axis indicates It is the figure represented by the rectangular area
  • the countermeasure list creation unit 173 of the security countermeasure determination support apparatus 100 refers to the corresponding threat R_SL (determined in S3501) for each countermeasure ID in the countermeasure list 115, and sets the value of this R_SL in the countermeasure reference value column. Is applied to the A_SL calculation formula (R_SL ⁇ 1.0 in the example of FIG. 13), and the A_SL value of each countermeasure ID in the target reference value column of the countermeasure list detail table 116 is calculated (S3502).
  • the countermeasure list creation unit 173 of the security countermeasure determination support apparatus 100 for each countermeasure ID in the target reference value column of the countermeasure list detail table 116, the A_SL obtained in step S3502, and the storage device 101.
  • Each value of A_TP and A_TO quoted from the countermeasure reference values (acquired from the user terminal 250) stored in is set (S3503).
  • the countermeasure list creation unit 173 of the security countermeasure determination support apparatus 100 refers to the countermeasure type table 112 for each of the countermeasure IDs described above, compares the risk reference value and the countermeasure reference value of the integrated DS diagram, and measures the countermeasure type. This countermeasure type and use are set in the corresponding column in the countermeasure column of the countermeasure list detail table 116 (S3504).
  • the above-described countermeasure type table 112 shows the security countermeasures shown in the countermeasure list 115 (FIG. 10) as predetermined types (from the viewpoint of safety, implementation speed, and sustainability).
  • the table is classified into 8 types (M1 to M8).
  • “development” and “emergency” are also designated as security countermeasure applications for each of the types described above.
  • the communication unit 171 of the security measure determination support apparatus 100 transmits a notification of completion of creation of the measure list detail table 116 to the user terminal 200 of the system designer, and the measure list is transmitted from the user terminal 200.
  • the detailed table 116 can be browsed (S3409). This technique for enabling browsing is the same as that performed in accordance with the execution of step S3403 described above.
  • FIG. 13 shows an example of the countermeasure list detail table 116 created by the security countermeasure determination support apparatus 100 and made available for browsing by the user terminal 200.
  • the countermeasure list detail table 116 includes a risk reference value (a maximum value of R_SL, a minimum value of R_TP, a minimum value of R_TO in the target DFD) of an integrated DS diagram corresponding to a risk occurrence location and a threat classification. It is a maximum value, and is a table including each value of the countermeasure reference value for each countermeasure ID, the type, and the usage, obtained from the DFD risk reference value table 111 (FIG. 4).
  • the countermeasure type determination method will be described later in the description of FIG.
  • the system designer operates the user terminal 200, browses the above-described countermeasure list detail table 116, determines a countermeasure group creation rule, and performs an input operation with the input device.
  • the user terminal 200 accepts the input of the countermeasure group creation rule by the system designer described above via the countermeasure group creation rule input screen 1000 provided from the input unit 174 of the security countermeasure determination support apparatus 100. This is transmitted to the security measure decision support apparatus 100 (S3410).
  • FIG. 14 shows an example of the countermeasure group creation rule input screen 100 in this embodiment.
  • a plurality of countermeasures in the countermeasure list 115 are combined based on a certain rule to form a countermeasure group.
  • This rule is specified by the operator of the security measure decision support apparatus 100 (for example, a system designer or a security expert who accesses via the user terminal) from the measure group creation rule input screen 1000.
  • rule items for creating a countermeasure group the number of basic elements serving as a basic value of the number of countermeasure combinations, the minimum unit of countermeasure group application target categories (range for selecting individual countermeasures to be combined)
  • Each setting of the selection condition of the countermeasure type and the presence / absence of the countermeasure selection (duplicate selection) from the same range is accepted.
  • the rule item may be variously set depending on the case, for example, only measures against a specific risk ID are targeted.
  • the measure evaluation unit 175 of the security measure decision support device 100 that has received the input of the measure group creation rule via the measure group creation rule input screen 100 described above saves it in the measure list detail table 116 and its own storage device 101.
  • the countermeasure group evaluation table 117 (FIG. 17) is created and stored in the storage device 101 (S3411).
  • FIG. 15 is a diagram illustrating a detailed flow example 2 of the security measure determination support method according to the present embodiment.
  • the countermeasure evaluation unit 175 of the security countermeasure determination support apparatus 100 creates a plurality of countermeasure groups and countermeasure group IDs for each risk occurrence location and threat category according to the above-described countermeasure group creation rules, that is, under the corresponding rules. All possible combinations of countermeasures are listed and set in the countermeasure group evaluation table 117 (FIG. 17) together with the implementation type and use of each countermeasure (S3601).
  • the above-described implementation type is specified based on the countermeasure implementation type table 113 illustrated in FIG.
  • the measure implementation type table 113 in the present embodiment defines these embodiments for measures classified as the measure type table 112 (FIG. 12).
  • the validity period of M2, M4, M6, and M8 is limited.
  • the countermeasure evaluation unit 175 of the security countermeasure determination support apparatus 100 calculates the MO value for each countermeasure group and sets it as the value in the MO column in the evaluation column of the countermeasure group evaluation table 117 (S3602). Further, the countermeasure evaluation unit 175 of the security countermeasure determination support device 100 obtains the standard deviation of the MO value corresponding to the countermeasure group ID in the category for each threat at the risk occurrence location, and evaluates the countermeasure group evaluation table 117. It is set as the standard deviation value of the MO column in the column (S3603).
  • the countermeasure evaluation unit 175 of the security countermeasure determination support apparatus 100 calculates an EA value for each countermeasure group and sets it as the value of the EA column in the evaluation column of the countermeasure group evaluation table 117 (S3604). Further, the countermeasure evaluation unit 175 of the security countermeasure determination support apparatus 100 obtains the standard deviation of the EA value corresponding to the ID of the countermeasure group in the category for each threat at the risk occurrence location, and evaluates the countermeasure group evaluation table 117. This is set as the standard deviation value of the EA column in the column (S3605).
  • a dangerous state when the measure is not taken is represented by R_SL ⁇ (R_TP + R_TO), where the vertical axis represents the system safety level (SL) and the horizontal axis represents time. ) And is referred to as a DS diagram.
  • the DFD information obtained from the system designer's user terminal 200 includes the values of R_SL, R_TP, and R_TO of the business flow supported by each DFD.
  • the security measure determination support apparatus 100 determines that the R_TP time has elapsed from the origin on the time axis based on the above R_SL, R_TP, and R_TO values obtained from the user terminal 200 (in FIG. 18, “3” time
  • the position of R_TO is set as the start point of R_TO, and the R_SL level (in FIG. 18, in the duration of this R_TO (in FIG. 18, the time period of 8 hours extending from “3” time to “11” time)
  • a rectangular area 500 associated with level “6”) is generated.
  • the above-described rectangular area 500 can be specified by the coordinates of the position of each vertex 505 of the rectangular area 500 on the coordinate space 503 defined by the time axis 501 and the safety level axis 502.
  • the security measure decision support apparatus 100 stores the above-described set of values of the position coordinates of each vertex 505 in the memory 103 or the storage device 101 as information indicating the rectangular area 500 (graphic area) corresponding to each DS diagram. It shall be.
  • the DS diagram is created by adopting the maximum R_SL, the minimum R_TP, and the maximum R_TO of each business flow. This is also referred to as an integrated DS diagram 2200.
  • the degree of safety when security measures are implemented in the business flow to be taken as a countermeasure the time is 0 (system stop time), with the vertical axis representing the system safety level (SL) and the horizontal axis representing time.
  • This is represented by a rectangular area 600 of A_SL ⁇ T_TO starting from the time point when A_TP has elapsed from the time point, and this is called an MS diagram.
  • the calculation formula of A_SL and the values of A_TP and A_TO are simultaneously given.
  • the security measure determination support apparatus 100 creates an MS diagram based on the calculation formula of A_SL and the values of A_TP and A_TO given from the user terminal 250. Note that the value of A_SL depends on the value of R_SL of the business flow to be subjected to security countermeasures (described in the description of FIG. 13).
  • the security measure determination support apparatus 100 calculates the value of A_SL by applying the value of R_SL of the business flow to the above-described calculation formula of A_SL obtained from the user terminal 250, and each value of the A_SL, A_TP, and A_TO Based on the time point 601 on the time axis 601 and the time point A_TP time has passed (the position of time “2” in FIG. 23) is set as the start time point of A_TO, and the duration of A_TO (in FIG. 23, “2 A rectangular area 600 in which the level of A_SL (level “7” in FIG. 23) is associated with “10 hours from“ time ”to“ 12 ”hours) is generated.
  • the above-described rectangular area 600 can be specified by the coordinates of the position of each vertex 605 of the rectangular area 600 on the coordinate space 603 defined by the time axis 601 and the safety level axis 602.
  • the coordinates of the position of each vertex time , Safety level
  • (2, 0), (2, 7), (12, 7), and (12, 0) are obtained.
  • the security measure determination support apparatus 100 stores the set of the coordinates of the position of each vertex 605 described above in the memory 103 or the storage apparatus 101 as information indicating the rectangular area 600 (graphic area) corresponding to each MS diagram. It shall be.
  • the value of A_SL is the case where a countermeasure is applied to the business flow that is the creation source of the integrated DS diagram 2200 of FIG.
  • the concept of development and emergency security measures in this embodiment will be described.
  • the safety and sustainability expected after implementing security measures exceed the safety level to be met during normal operation of the business flow to which the security measures are applied and the required minimum operating time.
  • the security measures for development are used. That is, in the superimposition of the integrated DS diagram 2200 of business flows to which security measures are applied and the MS diagram, security measures satisfying A_SL ⁇ R-SL and A_TO ⁇ R-TO are set as security measures for development. In addition, security measures that do not satisfy this requirement are used as emergency security measures. However, security measures for development can also be used for emergency use.
  • FIG. 22 When the integrated DS diagram 2200 of the work flow to which the security measures are applied is shown in FIG. 22, the security measures shown in the MS diagrams 2400, 2500, and 2600 in FIGS. 24, 25, and 26 are emergency, and FIG. The security measure shown in the MS diagram 2700 is for development.
  • the security countermeasure determination support apparatus 100 includes an MS diagram of each countermeasure that is an element of the countermeasure group. , A diagram obtained by superimposing a DS diagram or an integrated DS diagram of a target business flow is used. This figure is called a DMS diagram.
  • the security measure decision support apparatus 100 When creating this DMS diagram, the security measure decision support apparatus 100, when all the elements of the measure group are emergency measures, displays the MS diagram of each measure and the DS diagram or the integrated DS diagram of the business flow to be applied. Overlay as it is. In this superposition process, the values of the coordinates of the positions of the vertices held for the MS diagram, DS diagram, or integrated DS diagram are read from the memory 103 or the storage device 101, and the rectangular region 500 of the DS diagram or integrated DS diagram is read. Then, a rectangular area 600 of the MS diagram is generated, and processing for superimposing the rectangular areas 500 and 600 on the time axis 701 is performed. The generation and superimposition processing of the rectangular areas 500 and 600 may be performed using an existing drawing program. The result of the drawing process may be displayed on the output device 106, the user terminals 200, 250, and the like.
  • the security countermeasure determination support apparatus 100 uses the time axis 701 for the MS diagram of each countermeasure and the DS diagram or the integrated DS diagram of the business flow to be applied.
  • the above overlay process is performed in a state where the start times of R_TO and A_TO are combined.
  • FIG. 28 is an example of the DMS diagram 2800 in the case where a countermeasure is applied to the business flow from which the countermeasure group having elements of FIG. 24, FIG. 25, and FIG.
  • FIG. 29 is an example of the DMS diagram 2900 in the case where a countermeasure is applied to the business flow from which the countermeasure group having elements of FIG. 24, FIG. 25, and FIG. .
  • the security measure determination support apparatus 100 calculates the area occupied by the A_SL ⁇ A_TO portion of the applied MS diagram within the range of R_SL ⁇ R_TO of the applied DS diagram in the above DMS diagram.
  • this is referred to as an MO area.
  • the coordinate range of the rectangular region 500 (DS diagram) the coordinate range of the area closed by the four vertices 505
  • the coordinate range of each of one or more rectangular regions 600 (DS diagram) each A location where the coordinate range of the area closed by the vertex 605 matches is specified, and the area of the region connecting the vertex coordinates of the corresponding location is calculated.
  • An existing algorithm may be adopted as the method for calculating the area of the polygon closed at the vertex.
  • FIG. 30 is an example of a diagram showing a corresponding portion 700 of the MO area in the DMS diagram 2800 of FIG.
  • FIG. 31 is an example of a diagram showing a corresponding portion 700 of the MO area in the DMS diagram 2900 of FIG. The MO value is calculated based on this MO area.
  • the security measure determination support apparatus 100 when all the elements of the measure group are emergency measures, within the range of R_SL ⁇ (R_TP ⁇ R_TO) of the applied DS diagram in the above DMS diagram. To calculate the total area occupied by the A_SL ⁇ (A_TP ⁇ A_TO) portion of each applicable MS diagram.
  • the security countermeasure determination support apparatus 100 uses the A_SL ⁇ of each applied MS diagram within the range of R_SL ⁇ R_TO of the applied DS diagram in the above DMS diagram. Calculate the total area occupied by the A_TO part. Hereinafter, this is called an EA area.
  • FIG. 32 is an example of a diagram showing a corresponding portion 800 of the EA area in the DMS diagram 2800 of FIG.
  • FIG. 33 is an example of a diagram showing a corresponding portion 800 of the EA area in the DMS diagram 2900 of FIG. The EA value is calculated based on this EA area.
  • the countermeasure group evaluation table 117 includes Not set.
  • the function of the safety level of the applied DS diagram within the R_TP time and the function of the safety level of the applied MS diagram outside the R_TP time are f (x), and the function of the safety level of the applied MS diagram is g (x).
  • the formula for calculating the EA value for development is The formula for calculating the MO value for emergency use is The formula for calculating the MO value for development is Can be expressed.
  • Calculating the EA value has the effect of quantifying the degree of risk coverage that can be realized by the implementation of the countermeasure group, and obtaining the MO value has the effect of quantifying the robustness of the countermeasure of the countermeasure group.
  • obtaining each standard deviation has an effect that it is possible to give the countermeasure group superiority by the magnitude of the EA value and the MO value.
  • the communication unit 171 of the security measure determination support apparatus 100 transmits a measure evaluation completion notification to the user terminal 200 of the system designer, and the risk analysis table 114, the measure list 115, and the measure list details.
  • the table 116 can be browsed (S3412). This technique for enabling browsing is the same as that performed in accordance with the execution of steps S3403 and S3409 described above.
  • FIG. 17 shows an example of the countermeasure group evaluation table 117 that can be viewed on the user terminal 200 in this way.
  • the countermeasure group evaluation table 117 includes a plurality of countermeasure groups created for each risk occurrence location and threat category according to the rules input from the countermeasure group creation rule input screen 1000 (FIG. 14), and the evaluation groups. Each column is provided.
  • Each countermeasure group is associated with the countermeasure ID of the combined countermeasure, the implementation type, the usage, the MO value and the EA value, and each standard deviation value within the category using the countermeasure group ID as a key.
  • the system designer determines the countermeasure model proposal table creation rule from the design policy or the like, and inputs it with the input device of the user terminal 250.
  • the user terminal 250 receives the input of the above-described countermeasure model proposal table creation rule via the countermeasure model proposal table creation rule input screen 1100 obtained from the input unit 174 of the security countermeasure decision support device 100, It transmits to the countermeasure determination support apparatus 100 (S3413).
  • FIG. 34 and 35 show specific examples of the countermeasure model proposal table creation rule input screen 1100.
  • FIG. FIG. 34 shows an example of an input screen 1100 for proposing a countermeasure model for development
  • FIG. 35 shows an example of an input screen 1100 for proposing an emergency countermeasure model.
  • a plurality of countermeasure groups described in the countermeasure group evaluation table 117 are combined based on a certain rule to form a countermeasure model. This rule input is accepted, but the input screen is the countermeasure model proposal table creation rule input screen 1100.
  • the “use” column for designating the countermeasure model as a rule item for development or emergency, MO area or EA Each field includes “priority measures to be prioritized” and “suggested options” for selecting which area to focus on.
  • the “proposed option” column is a column for setting additional conditions such as “there is little risk that cannot be covered” and “the time until R_SL is achieved”. Note that such rule items are not limited to the above-described example, and may be variously set according to the case, for example, the number of elements of the countermeasure model is small.
  • the countermeasure model creation unit 176 of the security countermeasure determination support apparatus 100 follows the countermeasure model proposal table creation rule (obtained in the above-described step S3413) and measures group evaluation table
  • the countermeasure model proposal table 118 is created by determining the priority order of the risk occurrence locations and threat categories in 117 in descending order of the standard deviation of the EA value and the MO value (S3414).
  • FIG. 36 is a diagram illustrating a detailed flow example 3 of the security measure determination support method according to the present embodiment.
  • the countermeasure model creation unit 176 of the security countermeasure determination support apparatus 100 sets the MO value in the classification for each countermeasure group ID for each classification of the threat at the risk occurrence location in the countermeasure group evaluation table 117 (FIG. 17). Numbering is performed in order of increasing standard deviation as 1, 2,... (S3701).
  • the countermeasure model creation unit 176 of the security countermeasure determination support apparatus 100 determines, for each countermeasure group ID, the standard deviation of the EA value in each section of the threat at the risk occurrence location in the countermeasure group evaluation table 117. Numbering is performed in the order of 1, 2, ... (S3702).
  • the countermeasure model creation unit 176 of the security countermeasure determination support apparatus 100 refers to the countermeasure list 115 for each category of the risk occurrence location in the countermeasure group evaluation table 117, and for each countermeasure group ID, in the countermeasure group.
  • the risk cases that cannot be covered are listed (S3703).
  • the countermeasure model creation unit 176 of the security countermeasure determination support apparatus 100 follows the countermeasure model proposal table creation rule and the standard deviation number of the EA value and the MO value for each threat at the risk occurrence location in the countermeasure group evaluation table 117. Numbers in ascending order.
  • the countermeasure model proposal table 118 is compiled for each countermeasure group ID having the same number. (S3704).
  • FIG. 37 is a diagram showing an example of the countermeasure model proposal table 118 in the present embodiment.
  • a plurality of countermeasure groups are combined for each location where a risk occurs, that is, where countermeasures are implemented. Create a countermeasure model for the entire system.
  • a plurality of countermeasure models themselves are created, given item numbers, and presented to the requester (system designer, etc.).
  • the location of security countermeasures a summary of IDs of security countermeasures to be adopted, the risk number and threat to be subjected to security countermeasures, the countermeasure group ID to which the security countermeasures to be adopted belong
  • the configuration includes each value of the countermeasure ID (new and existing) and risk cases that cannot be covered.
  • the communication unit 171 of the security measure determination support device 100 transmits a measure model proposal table creation completion notification to the user terminal 200 of the system designer, and enables the user terminal 200 to view the measure model proposal table 118 ( S3415).
  • the technique for enabling browsing is the same as that performed in accordance with the execution of steps S3403, S3409, and S3412 described above.
  • the user terminal 200 of the system designer receives the above-described countermeasure model proposal table 118, displays it on the output device, and provides it for viewing by the system designer.
  • the system designer who has viewed the countermeasure model proposal table 118 determines a countermeasure model to be adopted after conducting various examinations such as implementation costs, and performs an input operation on the input device of the user terminal 200 for the number of the corresponding countermeasure model. Will do.
  • the user terminal 200 receives the number of the countermeasure model designated by the system designer by the input device, and transmits it to the security countermeasure determination support device 100 (S3416).
  • the input unit 174 of the security countermeasure determination support apparatus 100 receives the above-described countermeasure model number from the user terminal 200 and stores it in the memory 103 or the storage device 101 (S3417).
  • the specification entry unit 177 of the security measure determination support device 100 calls the system cooperation WBS 123 and the application development WBS 124 from the storage device 101, and details the requirement definition and design related to the measure model corresponding to the number received from the user terminal 200.
  • the specifications 127 are generated by inserting the corresponding documents in the two documents (system cooperation WBS 123 and application development WBS 124) (S3418).
  • the countermeasure model information 1800 corresponding to the underlined portion in the column “1.4. Security countermeasure mechanism” is inserted into the insertion location 1801.
  • the communication unit 171 of the security measure determination support device 100 transmits a specification entry completion notification to the system designer's user terminal 200, and also includes the completed specification 127, that is, the completed system cooperation WBS 123 and the application development WBS 124. Can be viewed on the user terminal 200 (S3419), and the process ends.
  • the technique for enabling browsing is the same as that performed in accordance with the execution of steps S3403, S3409, S3412, and S3415 described above.
  • each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them, for example, with an integrated circuit.
  • Each of the above-described configurations, functions, and the like may be realized by software by the CPU 104 interpreting and executing a program that realizes each function.
  • Information such as programs, tables, and files for realizing each function can be stored in a recording device such as a memory, a hard disk, an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.
  • control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.
  • the arithmetic device corresponds to the safety requirement information in the determination of the cover state of the graphic region corresponding to the safety requirement information by the graphic region corresponding to the countermeasure information.
  • the side corresponding to the maintenance time of the safety level in the graphic area and the side corresponding to the maintenance time of the reached safety level among the graphic area corresponding to the countermeasure information are arranged on a predetermined time axis, Among the graphic areas corresponding to the safety requirement information, information on the area defined by the time zone covered by the graphic area corresponding to the countermeasure information and the reachable safety level in the time zone is specified as the cover state. It may be a thing.
  • the area of the overlapping area between the graphic areas corresponding to the safety requirement information and the countermeasure information is calculated, and the information of the calculated value, that is, the cover state is presented to the user as reference information for determining the security countermeasure. It is possible to perform processing such as The information of the calculated value presented here corresponds to the time during which the security countermeasure target system is restored by performing security countermeasures and the operation is maintained at a predetermined safety level, that is, availability. Therefore, the user can easily perform the work of comparing the above-mentioned calculated values between the security countermeasure candidates and preferentially determining a security measure with high availability, that is, a large calculated value.
  • the arithmetic unit may determine the graphic corresponding to the safety requirement information in the determination of the cover state of the graphic region corresponding to the safety requirement information by the graphic region corresponding to the countermeasure information.
  • the safety request information indicates, on the predetermined time axis, an edge corresponding to the maintenance time of the safety level in the area and an edge corresponding to the maintenance time of the reached safety level in the graphic area corresponding to the countermeasure information. It is characterized in that the cover state is specified by arranging a point in time when an allowable recovery time has passed since the operation stop of the security countermeasure target as a starting point.
  • the security measure is determined as the cover state under the situation where the security measure is applied according to the start of operation of the corresponding system.
  • the area of the overlapping area between the graphic areas corresponding to the safety requirement information and the countermeasure information is calculated as the cover state information and presented to the user as reference information for determining the security countermeasure.
  • the arithmetic unit may determine the graphic corresponding to the safety requirement information in the determination of the cover state of the graphic region corresponding to the safety requirement information by the graphic region corresponding to the countermeasure information.
  • An edge corresponding to the maintenance time of the safety level and an edge corresponding to the maintenance time of the reachable safety level among the plurality of graphic areas corresponding to the countermeasure information are arranged on a predetermined time axis.
  • the time zone covered by a plurality of graphic regions corresponding to the countermeasure information among the graphic regions corresponding to the safety requirement information and the overlap of the reachable safety level indicated by the plurality of graphic regions in the time zone It is good also as what specifies the information of the area
  • an area that covers a plurality of graphic areas defined by the maintenance time indicated by the countermeasure information and the reached safety level That is, it is possible to perform processing for presenting information about a time zone in which a plurality of security measures are applied at the same time and the safety level thereof to the user as reference information for determining the security measures.
  • the area of the overlapping area between the plurality of graphic areas is calculated as cover state information and presented to the user as reference information for determining security measures.
  • the storage device is applied as a security measure candidate information in the measure information, and is a development measure that is constantly applied and applied during development of the system that is the security measure target.
  • a measure for emergency measures that are applied at the time of risk occurrence during system operation and aiming at functional recovery, and the calculation device is based on a graphic area corresponding to the measure information, In the determination of the cover state of the graphic area corresponding to the safety requirement information, the edge corresponding to the maintenance time of the safety level in the graphic area corresponding to the safety requirement information, and the measures for development and the measures for emergency measures Of the graphic area corresponding to at least one of the countermeasure information of A time zone covered by a graphic area corresponding to the countermeasure information of at least one of the countermeasures for development and the countermeasures for first aid, among the graphic areas corresponding to the safety requirement information, arranged on the axis, and It is good also as specifying the information of the area
  • an emergency phase in which the security target system can be recovered from a stopped state in the shortest possible time even if the safety level indicated by the safety requirement information is not completely satisfied, and the safety level indicated by the safety requirement information is completely satisfied.
  • the normal phase that is normally operated
  • the emergency measures are set for the emergency phase in the time zone within the predetermined time from the stop state
  • the normal phase is Can set a countermeasure for development and specify the above-described cover state.
  • the arithmetic device accepts a user request related to a security measure at an input device, and among the security measure candidates, is an evaluation result corresponding to a condition indicated by the user request.
  • a process of generating a security countermeasure model from the identified security countermeasure candidates and outputting the countermeasure model to an output device may be further executed.
  • the use of security measures eg, emergency measures or development measures
  • the priority of security measures to be prioritized eg, corresponding to measure information in the graphic area corresponding to safety requirement information
  • the priority of security measures to be prioritized eg, corresponding to measure information in the graphic area corresponding to safety requirement information
  • the computing device specifies the security measure candidates in order of the degree of correspondence of the evaluation result to the condition indicated by the user request when generating and outputting the security measure model
  • the security countermeasure models may be sequentially generated using the security countermeasure models in order of the degree of correspondence to the user request conditions, and each security countermeasure model may be output to an output device.
  • the storage device further stores specification data of a system that is a security measure target, and the arithmetic device is employed in accordance with output processing of the security measure model.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

La présente invention permet à un individu de proposer des mesures de sécurité prenant en compte la disponibilité du sujet auquel ces mesures sont appliquées. Un dispositif d'aide à la détermination de mesure de sécurité (100) comporte un dispositif de calcul (104) qui : compare une région graphique correspondant à des informations d'exigence de sécurité à une région graphique correspondant à des informations de mesure, la région graphique correspondant aux informations d'exigence de sécurité comprenant des longueurs de côté, correspondant chacune à un niveau de sécurité, ou à la durée pendant laquelle le niveau de sécurité doit être maintenu, indiquées par les informations d'exigence de sécurité, et la région graphique correspondant aux informations de mesure comprenant des longueurs de côté, correspondant chacune soit à un niveau de sécurité estimé comme étant atteint par l'application d'une mesure de sécurité candidate indiquée par des informations de mesure de sécurité candidate incluses dans les informations de mesure, soit à la durée pendant laquelle le niveau de sécurité atteint est maintenu ; détermine l'état dans lequel la région graphique correspondant aux informations d'exigence de sécurité est couvert par la région graphique correspondant aux informations de mesure ; et génère des résultats d'évaluation de la mesure de sécurité candidate selon l'état de couverture déterminé et délivre les résultats d'évaluation à un dispositif de sortie.
PCT/JP2014/063158 2014-05-19 2014-05-19 Dispositif d'aide à la détermination de mesure de sécurité et procédé d'aide à la détermination de mesure de sécurité WO2015177832A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2014/063158 WO2015177832A1 (fr) 2014-05-19 2014-05-19 Dispositif d'aide à la détermination de mesure de sécurité et procédé d'aide à la détermination de mesure de sécurité

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2014/063158 WO2015177832A1 (fr) 2014-05-19 2014-05-19 Dispositif d'aide à la détermination de mesure de sécurité et procédé d'aide à la détermination de mesure de sécurité

Publications (1)

Publication Number Publication Date
WO2015177832A1 true WO2015177832A1 (fr) 2015-11-26

Family

ID=54553532

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/063158 WO2015177832A1 (fr) 2014-05-19 2014-05-19 Dispositif d'aide à la détermination de mesure de sécurité et procédé d'aide à la détermination de mesure de sécurité

Country Status (1)

Country Link
WO (1) WO2015177832A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6081038B1 (ja) * 2016-06-01 2017-02-15 三菱電機株式会社 セキュリティ管理装置、中央セキュリティ管理装置、セキュリティ管理方法およびセキュリティ管理プログラム

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001101135A (ja) * 1999-09-29 2001-04-13 Hitachi Ltd セキュリティ評価方法および装置、セキュリティ施策の作成支援方法および装置
JP2006331383A (ja) * 2005-04-25 2006-12-07 Hitachi Ltd システムセキュリティ設計・評価支援ツール、システムセキュリティ設計・評価支援方法、およびシステムセキュリティ設計・評価支援プログラム
JP2006350399A (ja) * 2005-06-13 2006-12-28 Hitachi Ltd 重要度取得装置、セキュリティ設計支援システム、関連度取得装置及びプログラム
JP2013025429A (ja) * 2011-07-19 2013-02-04 Mitsubishi Electric Corp セキュリティ評価装置、セキュリティ評価装置のセキュリティ評価方法、セキュリティ評価プログラム

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001101135A (ja) * 1999-09-29 2001-04-13 Hitachi Ltd セキュリティ評価方法および装置、セキュリティ施策の作成支援方法および装置
JP2006331383A (ja) * 2005-04-25 2006-12-07 Hitachi Ltd システムセキュリティ設計・評価支援ツール、システムセキュリティ設計・評価支援方法、およびシステムセキュリティ設計・評価支援プログラム
JP2006350399A (ja) * 2005-06-13 2006-12-28 Hitachi Ltd 重要度取得装置、セキュリティ設計支援システム、関連度取得装置及びプログラム
JP2013025429A (ja) * 2011-07-19 2013-02-04 Mitsubishi Electric Corp セキュリティ評価装置、セキュリティ評価装置のセキュリティ評価方法、セキュリティ評価プログラム

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP6081038B1 (ja) * 2016-06-01 2017-02-15 三菱電機株式会社 セキュリティ管理装置、中央セキュリティ管理装置、セキュリティ管理方法およびセキュリティ管理プログラム
WO2017208403A1 (fr) * 2016-06-01 2017-12-07 三菱電機株式会社 Dispositif de gestion de sécurité, dispositif de gestion de sécurité centrale, procédé de gestion de sécurité et programme de gestion de sécurité

Similar Documents

Publication Publication Date Title
US9692778B1 (en) Method and system to prioritize vulnerabilities based on contextual correlation
JP5803463B2 (ja) セキュリティイベント監視装置、方法およびプログラム
JP2018077597A (ja) セキュリティ対策立案支援システムおよび方法
Kalloniatis Incorporating privacy in the design of cloud-based systems: a conceptual meta-model
Papakonstantinou et al. A zero trust hybrid security and safety risk analysis method
Plósz et al. Combining safety and security analysis for industrial collaborative automation systems
Goluch et al. Integration of an ontological information security concept in risk aware business process management
Alharbi et al. Managing software security risks through an integrated computational method
JP2019219898A (ja) セキュリティ対策検討ツール
Chung et al. An analytical method for developing appropriate protection profiles of Instrumentation & Control System for nuclear power plants
Saltarella et al. Privacy design strategies and the GDPR: A systematic literature review
WO2015177832A1 (fr) Dispositif d'aide à la détermination de mesure de sécurité et procédé d'aide à la détermination de mesure de sécurité
Moonsamy et al. Developing a Comprehensive Risk Management Framework for E-Health Care Delivery
Attaallah et al. Managing Security-Risks for Improving Security-Durability of Institutional Web-Applications: Design Perspective.
Latvala et al. Security risk visualization with semantic risk model
Booth et al. Machine Learning Security and Trustworthiness
Paz Cybersecurity standards and frameworks
Angermeier et al. Supporting risk assessment with the systematic identification, merging, and validation of security goals
Kioskli et al. The supply chain of a Living Lab: Modelling security, privacy, and vulnerability issues alongside with their impact and potential mitigation strategies
Nazarov Estimation of the information safety level of modern infocommunication networks on the basis of the logic-probability approach
Saraf et al. Assessment of barriers impeding the incorporation of blockchain technology in the service sector: a case of hotel and health care
Martins Visualization of security in industrial control systems respecting IEC-62443
Bajan et al. Proposal of Cybersecurity and Safety Co-engineering Approaches on Cyber-Physical Systems
Singh et al. Cyber Physical Systems in Supply Chain Management
US11722511B2 (en) Information processing device and non-transitory computer readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14892631

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14892631

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP