WO2017069020A1 - 情報処理装置、セキュリティ管理システム、セキュリティ対策提示方法、セキュリティ情報配信方法、及びプログラム - Google Patents
情報処理装置、セキュリティ管理システム、セキュリティ対策提示方法、セキュリティ情報配信方法、及びプログラム Download PDFInfo
- Publication number
- WO2017069020A1 WO2017069020A1 PCT/JP2016/080177 JP2016080177W WO2017069020A1 WO 2017069020 A1 WO2017069020 A1 WO 2017069020A1 JP 2016080177 W JP2016080177 W JP 2016080177W WO 2017069020 A1 WO2017069020 A1 WO 2017069020A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- operation information
- countermeasure
- security risk
- type
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Definitions
- the present invention relates to a technology that supports selection of countermeasures for security risks.
- Devices on the network may have security problems (security risks) such as vulnerabilities and threats caused by external attacks. There is a technology for investigating whether or not there is a device having such a vulnerability or threat and presenting a countermeasure for the device having the vulnerability or threat.
- Patent Document 1 An example of such a technique is disclosed in the following patent document, for example.
- a risk value is calculated based on the presence / absence of a vulnerability on the target system and the confidentiality of the document file existing on the target system. If the risk value exceeds the allowable range, the risk value is calculated.
- a technique has been disclosed that presents measures that can satisfy a predetermined condition among various measures that can be within an allowable range.
- Patent Document 2 discloses a technique for collecting operation logs of devices to be managed to determine whether or not a security policy is met, and when it is determined that the policy is violated, a network blocking measure is taken for the device. Is disclosed.
- An object of the present invention is to provide a technology that supports selecting an appropriate countermeasure from a plurality of countermeasures for a device having a security risk.
- the security risk is determined using countermeasure information indicating a countermeasure applicable to a managed device having a security risk, and definition information defining a correspondence relationship between the type of operation information of the managed device and the countermeasure against the security risk.
- An information processing apparatus includes definition information distribution means for distributing definition information that defines the type of operation information of a management target apparatus for each security risk countermeasure to an external management apparatus.
- a system comprising a management device and a server device,
- the server device Provided with definition information distribution means for distributing definition information that defines the type of operation information of a managed device for each security risk measure to an external management device,
- the management device Identification means for identifying the type of operation information corresponding to the countermeasure applicable to the management target device having the security risk, using the countermeasure information indicating the countermeasure applicable to the management target device having the security risk and the definition information
- a security management system is provided.
- the security risk is determined using countermeasure information indicating a countermeasure applicable to a managed device having a security risk, and definition information defining a correspondence relationship between the type of operation information of the managed device and the countermeasure against the security risk. Identify the type of operation information corresponding to the action applicable to the managed device you have, Obtain the specified type of operation information, The acquired operation information is displayed on a display device in association with a measure applicable to the management target device having the security risk.
- a security countermeasure presentation method including the above is provided.
- a security information distribution method including distributing definition information that defines the type of operation information of a management target apparatus for each countermeasure against security risk to an external management apparatus.
- the security risk is determined using countermeasure information indicating a countermeasure applicable to a managed device having a security risk, and definition information defining a correspondence relationship between the type of operation information of the managed device and the countermeasure against the security risk.
- a program for functioning as a server is provided.
- Computer A program is provided for functioning as definition information distribution means for distributing definition information that defines the type of operation information of a managed device for each security risk countermeasure to an external management device.
- an appropriate countermeasure can be selected from a plurality of countermeasures for a device having a security risk.
- FIG. 1 is a diagram conceptually showing the processing configuration of the management apparatus 10 according to the first embodiment of the present invention.
- the management apparatus 10 is an example of an information processing apparatus according to the present invention.
- the management apparatus 10 according to the present embodiment includes a specifying unit 110, an acquisition unit 120, and a display processing unit 130.
- the identifying unit 110 uses handling information indicating a countermeasure applicable to the management target device having a security risk, and definition information that defines a correspondence relationship between the type of operation information of the management target device and the countermeasure against the security risk, The type of operation information corresponding to the countermeasure applicable to the management target device having the security risk is specified.
- managed devices are various devices that are connected to the management device 10 via a network (not shown) and whose security status is monitored.
- the management target device is not only a communication device such as a client terminal, a server terminal, a switch or a router on the network, but also anything having a function to connect to the network or a means for communicating through the network (so-called IoT (Internet of Things). Included).
- IoT Internet of Things
- security risk includes vulnerabilities existing in managed devices or threats caused by external attacks on managed devices.
- Correction response (response) is a measure to eliminate, avoid, or reduce vulnerabilities and threats.
- Applicable response refers to measures taken on managed devices during measures against vulnerabilities and threats. It means measures that can be performed.
- FIG. 2 is a diagram exemplifying information indicating a countermeasure applicable to each management target device with respect to a certain security risk (vulnerability A). Specifically, the information in FIG.
- a storage unit that stores information indicating a countermeasure applicable to each management target device may be provided in the management device 10 or may be provided in another device that is communicably connected to the management device 10. Also good.
- “Operation information” means information indicating the history of operations and processes actually performed on the managed device (operation history information), or information indicating operations and processes scheduled to be performed on the management device in the future (operation schedule). Information).
- the operation information is generated by each managed device in response to execution of a predetermined operation or process in each managed device or an input of a predetermined operation or process execution schedule, and is stored in the storage unit of the managed device.
- the “type of operation information” means a classification to which each operation information belongs. For example, specific examples of “type of operation history information” include “patch application history”, “restart history”, “continuous operation time”, “port usage history”, “process operation history”, “application usage history”. Etc.
- specific examples of “type of scheduled operation information” include “scheduled patch application date”, “scheduled restart date”, “scheduled application startup date”, and the like. However, the type of operation information is not limited to the examples given here.
- FIG. 3 is a diagram illustrating an example of definition information according to the first embodiment.
- information on the operation information of the managed device which is helpful when deciding whether to deal with a security risk “Vulnerability A” (Countermeasure A to D) and whether to apply the measure, Types are stored in association with each other.
- the storage unit that stores the definition information may be provided in the management apparatus 10 or may be provided in another apparatus that is connected to the management apparatus 10 so as to be communicable.
- the identifying unit 110 determines for each managed device.
- the applicable countermeasure and the type of operation information associated with it are specified. Specifically, the identifying unit 110 identifies that “Correction A”, “Countermeasure B”, “Countermeasure C”, and “Countermeasure D” are applicable to the device A based on the information in FIG. Then, the identification unit 110 identifies the types of operation information related to “Countermeasure A” as “patch application history”, “restart history”, and “continuous operation time” based on the information in FIG.
- the identifying unit 110 identifies the type of operation information related to “Countermeasure B” as “Operation History of Process ZZZ” based on the information in FIG. 3. Further, the identifying unit 110 identifies the type of operation information related to “Countermeasure C” as “usage history of port 1027” based on the information in FIG. Further, the identifying unit 110 identifies the type of operation information related to “Countermeasure D” as “Usage history of application XXXX” based on the information in FIG. 3. Similarly to the device A, the specifying unit 110 specifies a measure applicable to the device B (only “handling B”) and the type of operation information (“usage history of the process ZZZ”) associated therewith.
- the acquisition unit 120 acquires the type of operation information specified by the specification unit 110. For example, as illustrated below, the acquisition unit 120 acquires the type of operation information specified by the specification unit 110 from the operation information of the management target device having a security risk.
- the acquisition unit 120 notifies the management target device of the type of operation information specified by the specification unit 110, and receives the type of operation information as a response from the management target device.
- the acquisition unit 120 may acquire the operation information stored in the management target device and extract the type of operation information specified by the specifying unit 110 from the operation information.
- the acquisition unit 120 may acquire necessary operation information from all the operation information stored in the management target device, or may be necessary from operation information within a predetermined period (for example, one month). Operation information may be acquired.
- the acquisition unit 120 acquires information as shown in FIG. FIG. 4 is a diagram illustrating an example of information acquired by the acquisition unit 120. Based on the type of operation information identified by the identifying unit 110 using the information in FIG. 2 and FIG. Operation information of “history” and “continuous operation time” is acquired from apparatus A. Further, the acquisition unit 120 sets “operation history of the process ZZZZ” for “coping B” applicable to the device A based on the type of operation information specified by the specifying unit 110 using the information of FIGS. 2 and 3. Operation information is acquired from device A. In addition, the acquisition unit 120 determines “use history of the port 1027” for “handling C” applicable to the device A based on the type of operation information specified by the specification unit 110 using the information in FIGS.
- the acquisition unit 120 uses the “application XXXX usage history” for “coping D” applicable to the device A based on the type of operation information specified by the specification unit 110 using the information in FIGS. 2 and 3. Operation information is acquired from device A. Similarly to the device A, the acquisition unit 120 acquires the operation information of “process ZZZ usage history” from the device B for the “handling B” applicable to the device B as well.
- the display processing unit 130 displays the operation information acquired by the acquisition unit 120 on a display device (not shown) in association with a countermeasure applicable to the management target device having a security risk that has a correspondence relationship with the operation information.
- the display processing unit 130 generates, for example, the screen illustrated in FIG. 5 using information acquired from each management target device illustrated in FIG. 4 and causes the display device to display the screen.
- FIG. 5 is a diagram illustrating an example of a screen displayed on the display device by the display processing unit 130 according to the first embodiment.
- FIG. 5 is merely an example, and the screen displayed by the display processing unit 130 is not limited to this example.
- the display processing unit 130 associates a countermeasure applicable to each management target device with operation information (“reference information” in the example of FIG. 5) that serves as a reference when determining whether to apply the countermeasure. Is displayed on the display device. Further, as illustrated in FIG. 5, the display processing unit 130 may acquire information such as the name of the security risk and its outline and display the information on the display device.
- FIG. 6 is a diagram conceptually illustrating the hardware configuration of the management apparatus 10 according to the first embodiment.
- the management apparatus 10 includes a processor 101, a memory 102, a storage 103, an input / output interface (input / output I / F) 104, a communication interface (communication I / F) 105, and the like.
- the processor 101, the memory 102, the storage 103, the input / output interface 104, and the communication interface 105 are connected by a data transmission path for transmitting / receiving data to / from each other.
- the processor 101 is an arithmetic processing unit such as a CPU (Central Processing Unit) or a GPU (Graphics Processing Unit).
- the memory 102 is a memory such as a RAM (Random Access Memory) or a ROM (Read Only Memory).
- the storage 103 is a storage device such as an HDD (Hard Disk Drive), an SSD (Solid State Drive), or a memory card.
- the storage 103 may be a memory such as a RAM or a ROM.
- the storage 103 stores a program that realizes the functions of the processing units including the specifying unit 110, the acquiring unit 120, and the display processing unit 130 included in the management apparatus 10.
- the processor 101 implements the functions of the processing units by executing these programs.
- the processor 101 may execute the programs after reading them onto the memory 102 or without reading them onto the memory 102.
- the input / output interface 104 is connected to the display device 1041, the input device 1042, and the like.
- the display device 1041 is a device that displays a screen corresponding to the drawing data processed by the processor 101, such as an LCD (Liquid Crystal Display) or a CRT (Cathode Ray Tube) display.
- the input device 1042 is a device that receives an operator's operation input, and is, for example, a keyboard, a mouse, a touch sensor, or the like.
- the display device 1041 and the input device 1042 may be integrated and realized as a touch panel.
- the communication interface 105 transmits / receives data to / from an external device.
- the communication interface 105 communicates with an external device (for example, a management target device or an external server device) via a wired network or a wireless network.
- the hardware configuration of the management apparatus 10 is not limited to the configuration shown in FIG.
- FIG. 7 is a flowchart illustrating a processing flow of the management apparatus 10 according to the first embodiment.
- the identification unit 110 identifies a countermeasure applicable to each management target device based on the information as shown in FIG. 2 (S101), and further applicable according to the information as shown in FIG.
- the type of operation information to be acquired for handling is specified (S102). For example, for the “Correction A” that can be applied by the device A, the identifying unit 110 uses the operation information of “patch application history”, “restart history”, and “continuous operation time” as various operation information of the device A. It is specified as the type of operation information acquired from inside. Then, the acquisition unit 120 acquires the type of operation information specified by the specifying unit 110 from the operation information of each managed device (S103). Then, the display processing unit 130 generates a screen (for example, a screen as illustrated in FIG. 5) that indicates applicable management and operation information acquired for each management in association with each management target device. (S104).
- a screen for example, a screen as illustrated in FIG. 5
- the screen that associates the countermeasure applicable to the management target device with the operation information of the management target device that is used as a reference when selecting each countermeasure is displayed on the management device via the display device. It is presented to 10 operators (security managers). Thereby, the security administrator can determine which countermeasure should be applied to each management target device with reference to the operation information displayed in association with each countermeasure.
- the security administrator can make the following determination regarding the device A (in this case, the security administrator confirms the screen shown in FIG. 5 as of May 27, 2015. ). Specifically, the latest trace using the process ZZZ can be read from the reference information of “Countermeasure 2”. From this, the security administrator can determine that “some problem may occur if the process ZZZZ is stopped”. Further, from the reference information of “Countermeasure 3”, it can be read that the port 1027 has been used most recently and that the connection source is from the same network. From this, the security administrator can determine that “if the port 1027 is blocked, some influence may occur”. Further, it can be read from the reference information of “Countermeasure 4” that the application XXXX is periodically executed every week.
- the security administrator can determine that “the application XXXX should not be uninstalled”. On the other hand, it can be seen from the various reference information of “Countermeasure 1” that the patch A is regularly applied every Thursday morning and the apparatus A is restarted. From this, the security administrator can determine, for example, “It is appropriate to execute the countermeasure 1 for applying the patch AAAA in the morning on Thursday”.
- the security administrator can grasp the periodic patch application timing (that is, the timing at which there is no influence or little influence even if the countermeasure A is taken) from the “patch application history”.
- the security administrator can grasp the approximate time interval until the reboot and the approximate time interval for applying the patch from the “restart history” and “patch application history”. Based on the “time”, it is also possible to predict a timing at which there is little or no influence even if the countermeasure A is taken. That is, by referring to the reference information displayed in association with the countermeasure, it is possible to easily determine an appropriate timing at which the security administrator should take the countermeasure.
- the management apparatus 10 of this embodiment has the same configuration as that of the first embodiment.
- FIG. 8 is a diagram illustrating an example of definition information according to the second embodiment.
- “patch application history”, “reboot history”, and “continuous operation time” associated with “handling A” are “second place”, “first place”, and “ A priority of “3rd place” is determined in advance.
- the display process part 130 of this embodiment controls at least any one of the display order of each operation
- the display processing unit 130 generates a screen as shown in FIG. 9 or 10 based on the priority for each type of operation information defined in FIG. 8, and displays the screen on the display device.
- 9 and 10 are diagrams illustrating examples of screens that the display processing unit 130 according to the second embodiment displays on the display device.
- FIG. 9 illustrates a screen that displays operation information in order of priority (in order of “restart history”, “patch application history”, and “continuous operation time”).
- FIG. 10 illustrates a screen that highlights and displays the operation information of the “restart history” having the highest priority.
- the screen which the display process part 130 displays based on the priority according to the kind of operation information is not restrict
- the management apparatus 10 of this embodiment has the same configuration as that of the first embodiment. Moreover, the management apparatus 10 of this embodiment may further include the configuration of the second embodiment.
- the display processing unit 130 determines operation information that satisfies a predetermined condition, and causes the display device to display the operation information that satisfies the condition in an identifiable state.
- the “predetermined condition” is a condition for narrowing down more useful information in the operation information of the management target device acquired by the acquiring unit 120.
- “predetermined condition” "Operation information” and "operation information on a predetermined day of the week”.
- Information indicating such conditions is preset in the display processing unit 130, for example.
- FIG. 11 is a diagram illustrating an example of a screen displayed on the display device by the display processing unit 130 according to the third embodiment. As shown in FIG. 11, the display processing unit 130 generates a screen that highlights the operation history and operation schedule information for one week before and after May 27, 2015, and displays the screen on the display device.
- operation information that satisfies a predetermined condition for narrowing down more useful information is displayed on the display device in a highlighted state.
- the security administrator can identify at a glance which information is more useful when determining which measures should be applied to each managed device.
- FIG. 12 is a diagram conceptually showing the configuration of the security management system 1 of the fourth embodiment.
- the security management system 1 includes a management device 10, a server device 20, a management target device 30, and an administrator terminal 40.
- the administrator terminal 40 is a stationary PC (Personal Computer) operated by a security administrator, or a portable terminal such as a tablet terminal or a smartphone. Further, the management target device 30 is as described in the first embodiment.
- PC Personal Computer
- the server apparatus 20 includes a definition information distribution unit 210 that distributes to the management apparatus 10 definition information including at least information indicating a correspondence relationship between the type of operation information of the management target apparatus 30 and the handling of the security risk.
- FIG. 13 shows an example of definition information distributed from the definition information distribution unit 210.
- the definition information of this embodiment includes various information classified into three categories of “basic information”, “survey method”, and “countermeasure”.
- the “basic information” is basic information including the names and outlines of the vulnerabilities and threats provided by devices and software vendors having security risks such as vulnerabilities and threats.
- “Investigation method” includes information indicating the preconditions for applying each method for investigating the presence of vulnerabilities and threats, information collected from devices when the preconditions are satisfied, and conditions for determining the presence of vulnerabilities. Contains information to indicate.
- Countermeasures is information indicating conditions for determining whether each countermeasure can be applied, information indicating specific countermeasures for resolving, avoiding, or reducing vulnerabilities and threats, and applying each countermeasure It includes information defining the type of operation information that is used as a reference when the operator decides whether or not to do so.
- the management apparatus 10 of this embodiment includes a definition information acquisition unit 140, a definition information storage unit 142, an information collection unit 150, a security risk determination unit 160, and a display processing unit 130. Prepare.
- the definition information acquisition unit 140 acquires definition information distributed from the definition information distribution unit 210 of the server device 20 as illustrated in FIG. 13, and stores the acquired definition information in the definition information storage unit 142.
- the information collection unit 150 collects various data from the management target device 30 based on the definition information stored in the definition information storage unit 142. As will be described in detail later, the information collection unit 150 also plays a role corresponding to the specification unit 110 and the acquisition unit 120 of the above-described embodiments.
- the security risk determination unit 160 determines whether or not the management target device 30 has a security risk based on the data collected from the management target device 30.
- the display processing unit 130 generates a screen as described in the above embodiments and causes the display device 1041 to display the screen.
- FIG. 14 is a diagram conceptually illustrating the hardware configuration of the security management system 1 according to the fourth embodiment.
- the management apparatus 10 has the same hardware configuration as that in FIG. Similar to the first embodiment, the storage 103 stores programs for realizing the functions of the processing units including the definition information acquisition unit 140, the information collection unit 150, and the security risk determination unit 160 of the present embodiment. As the processor 101 executes each program, each processing unit of the present embodiment is realized.
- the storage 103 also serves as the definition information storage unit 142 of this embodiment.
- the server device 20 includes a processor 201, a memory 202, a storage 203, a communication interface (communication I / F) 204, and the like.
- the processor 201, the memory 202, the storage 203, and the communication interface 204 are connected by a data transmission path for transmitting / receiving data to / from each other.
- the processor 201 is an arithmetic processing unit such as a CPU or a GPU.
- the memory 202 is a memory such as a RAM or a ROM.
- the storage 203 is a storage device such as an HDD (Hard Disk Drive), an SSD (Solid State Drive), or a memory card.
- the storage 203 may be a memory such as a RAM or a ROM.
- the storage 203 stores a program that realizes the functions of the processing units including the definition information distribution unit 210 included in the server device 20.
- the processor 201 executes the program stored in the storage 203, thereby realizing the functions of each processing unit.
- the processor 201 may execute the programs after reading them onto the memory 202 or without reading them onto the memory 202.
- the storage 203 stores definition information as shown in FIG.
- the communication interface 204 transmits / receives data to / from an external device via a wired network or a wireless network.
- the server apparatus 20 distributes definition information stored in the storage 203 to the management apparatus 10 via the communication interface 204.
- the server device 20 receives the latest definition information via the communication interface 204 and updates the definition information stored in the storage 203.
- the hardware configuration of the security management system 1 is not limited to the configuration shown in FIG.
- FIG. 15 is a sequence diagram illustrating a processing flow of the security management system 1 according to the fourth embodiment.
- definition information distributed by the definition information distribution unit 210 of the server device 20 is acquired by the definition information acquisition unit 140 of the management device 10 and stored in the definition information storage unit 142 (S200).
- the information collection part 150 of the management apparatus 10 reads the definition information memorize
- the trigger of this process is not particularly limited. For example, when a security administrator inputs an instruction to investigate a specific security risk to the management apparatus 10, or a definition related to a new security risk from the definition information distribution unit 210. A case where information is distributed and stored in the definition information storage unit 142 can be considered.
- the information collection unit 150 of the management apparatus 10 transmits an instruction (information collection instruction) for collecting various information to the management target apparatus 30 based on the read definition information (S202).
- the information collection instruction transmitted from the information collection unit 150 of the management apparatus 10 includes “investigation method” and “countermeasure” of the definition information in FIG.
- each managed device 30 Upon receiving the information collection instruction, each managed device 30 collects information as shown in FIG. 16, for example, using “investigation method” and “countermeasure” included in the information collection instruction (S203).
- FIG. 16 is a diagram illustrating an example of information collected by each management target device 30 in response to an instruction from the information collection unit 150.
- Each managed device 30 determines “investigation method” that satisfies “prerequisites”, and specifies “determination information” to be collected for use in determining whether there is a security risk.
- Each managed device 30 collects the identified “determination information”. In FIG.
- each managed device 30 determines whether or not each “measure” can be applied based on the “application condition” of each “measure”. Then, each management target device 30 collects the operation information collected from the operation information stored by itself based on the “type of operation information” associated with the “countermeasure” determined to be applicable. Identify the type of and collect operational information of that type. In FIG.
- the operation information is collected. Specifically, operation information of “patch application history”, “restart history”, and “continuous operation time” is collected for “Correction A”, and “Operation History of Process ZZZ” for “Correction B”. Operation information is collected. And the management object apparatus 30 transmits each information collected as mentioned above to the management apparatus 10 (S204).
- the security risk determination unit 160 of the management device 10 determines in which managed device 30 the security risk exists based on the “determination information” collected from each managed device 30 (S205).
- the display processing unit 130 of the management device 10 applies applicable countermeasures from the information collected from each management target device 30 (for example, FIG. 16) for each management target device 30 determined to have “security risk”.
- Data of a screen (for example, FIG. 5) that displays the operation information collected as information related to handling in association with each other is generated and transmitted to the administrator terminal 40 (S206).
- the manager terminal 40 Based on the screen data acquired in S206, the manager terminal 40 displays a screen that displays an applicable measure and operation information collected as information related to each measure in association with each other. (S207).
- the definition information is distributed from the server device 20 and stored in the definition information storage unit 142 of the management device 10.
- the definition information stored in the definition information storage unit 142 is used to determine the management target apparatus 30 having a security risk and various types of information collected from the management target apparatus 30.
- the information collection unit 150 of the management apparatus 10 collects information necessary for determining whether or not the “applicable condition” defined by the definition information is satisfied from each management target apparatus 30, and each management target apparatus At 30, it is determined which of the applicable measures is applicable.
- the security risk determination unit 160 of the management apparatus 10 determines whether or not there is a security risk has been described.
- the management target device 30 determines whether there is a security risk by comparing the “determination information” collected in S203 with the “determination condition”, and transmits the result to the management device 10 in S204.
- FIG. 17 is a diagram conceptually showing the processing configuration of the management apparatus 10 of the fifth embodiment. As illustrated in FIG. 17, the management apparatus 10 according to the present embodiment includes a display processing unit 130.
- the display processing unit 130 is handling information indicating a countermeasure applicable to a management target apparatus having a security risk, and operation information of the management target apparatus, and corresponds to a countermeasure applicable to the management target apparatus.
- the operation information of the type to be displayed is displayed in association with the display device.
- the “type corresponding to the countermeasure applicable to the managed device (operation information)” is a definition that defines the correspondence between the type of operation information and the countermeasure against the security risk, for example, as shown in FIG. Identified using information.
- the management apparatus 10 of this embodiment has a hardware configuration as shown in FIG. 6, for example.
- the storage 103 stores a program that realizes the function of the display processing unit 130 of the present embodiment, and the display processing unit 130 of the present embodiment is realized by the processor 101 executing this program.
- the display processing unit 130 of the present embodiment operates as follows.
- an external device that is communicably connected to the management device 10 investigates measures that can be applied to the management target device, and collects operation information of a type specified by using definition information as shown in FIG.
- the display processing unit 130 acquires the processing result.
- the display processing unit 130 can display a screen as shown in FIG. 5 on the display device based on the information acquired from the external device, for example.
- the display processing unit 130 is not limited to this, and may acquire only the investigation result of the countermeasure applicable to the management target device from the external device. In this case, after receiving the investigation result, the display processing unit 130 uses the definition information as illustrated in FIG.
- the display processing unit 130 acquires the specified type of operation information from the management target device, and displays the countermeasure applicable to the management target device and the operation information corresponding to the countermeasure in association with each other.
- the display processing unit 130 may acquire the type of operation information specified using the definition information from the storage unit.
- the “storage unit that collects and accumulates operation information of the management target device” may be provided in the management device 10 or may be provided in an external device that is communicably connected to the management device 10.
- the “predetermined storage unit” may be provided in the management device 10 or may be provided in an external device connected to the management device 10 so as to be communicable.
- an execution button or the like that causes each management target device 30 to execute the countermeasure selected on the screens exemplified in the above-described embodiments may be arranged.
- the management device 10 When the button is pressed, the management device 10 generates a command for causing each management target device 30 to execute a countermeasure according to the content selected on the screen, and outputs the command to each management target device 30.
- the management device 10 When the button is pressed, the management device 10 generates a command for causing each management target device 30 to execute a countermeasure according to the content selected on the screen, and outputs the command to each management target device 30.
- the security risk is determined using countermeasure information indicating a countermeasure applicable to a managed device having a security risk, and definition information defining a correspondence relationship between the type of operation information of the managed device and the countermeasure against the security risk.
- a specifying means for specifying the type of operation information corresponding to a measure applicable to the managed device having;
- Obtaining means for obtaining the specified type of operation information;
- Display processing means for displaying the acquired operation information on a display device in association with a measure applicable to the management target device having the security risk;
- An information processing apparatus comprising: 2. It further comprises definition information acquisition means for acquiring the definition information from an external server device. 1. The information processing apparatus described in 1. 3.
- the display processing means includes Control at least one of the display order or display state of each operation information based on the priority of each type of operation information. 1. Or 2. The information processing apparatus described in 1. 4).
- the display processing means includes Determining operation information that satisfies a predetermined condition, and causing the display device to display the operation information that satisfies the condition, 1. To 3.
- the operation information includes at least one of an operation history or an operation schedule of the managed device. 1. To 4.
- An information processing apparatus comprising definition information distribution means for distributing definition information that defines the type of operation information of a management target apparatus for each security risk countermeasure to an external management apparatus.
- a system comprising a management device and a server device,
- the server device Provided with definition information distribution means for distributing definition information that defines the type of operation information of a managed device for each security risk measure to an external management device,
- the management device Identification means for identifying the type of operation information corresponding to the countermeasure applicable to the management target device having the security risk, using the countermeasure information indicating the countermeasure applicable to the management target device having the security risk and the definition information
- Comprising display processing means for displaying the acquired operation information on a display device in association with a measure applicable to the management target device having the security risk; Security management system. 8).
- the display processing means includes Control at least one of the display order or display state of each operation information based on the priority of each type of operation information. 7). Security management system described in 1. 9.
- the display processing means includes Determining operation information that satisfies a predetermined condition, and causing the display device to display the operation information that satisfies the condition, 7). Or 8. Security management system described in 1. 10.
- the operation information includes at least one of an operation history or an operation schedule of the managed device. 7). To 9. The security management system according to any one of the above. 11.
- the security risk is determined using countermeasure information indicating a countermeasure applicable to a managed device having a security risk, and definition information defining a correspondence relationship between the type of operation information of the managed device and the countermeasure against the security risk. Identify the type of operation information corresponding to the action applicable to the managed device you have, Obtain the specified type of operation information, The acquired operation information is displayed on a display device in association with a measure applicable to the management target device having the security risk.
- Security measure presentation method 12 Computer Obtaining the definition information from an external server device; Further includes: Security measure presentation method described in 1. 13. Priorities are predetermined for each type of operation information, The computer is Control at least one of the display order or display state of each operation information based on the priority of each type of operation information. Further includes: Or 12.
- the computer is Determining operation information that satisfies a predetermined condition, and causing the display device to display the operation information that satisfies the condition, Further includes: To 13. The security measure presentation method according to any one of the above. 15. The operation information includes at least one of an operation history or an operation schedule of the managed device. 11. To 14. The security measure presentation method according to any one of the above. 16. Computer A security information distribution method including distributing definition information that defines the type of operation information of a managed device according to security risk countermeasures to an external management device. 17.
- the security risk is determined using countermeasure information indicating a countermeasure applicable to a managed device having a security risk, and definition information defining a correspondence relationship between the type of operation information of the managed device and the countermeasure against the security risk.
- the computer Definition information acquisition means for acquiring the definition information from an external server device; For further functioning.
- Priorities are predetermined for each type of operation information
- the computer Means for controlling at least one of the display order or the display state of each operation information based on the priority of each type of operation information; For further functioning. Or 18.
- the program described in. 20. The computer, Means for determining operation information satisfying a predetermined condition and displaying the operation information satisfying the condition on the display device in a identifiable state; For further functioning. To 19.
- the operation information includes at least one of an operation history or an operation schedule of the managed device. 17.
- An information processing apparatus comprising:
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Debugging And Monitoring (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、管理対象装置の稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定する特定手段と、
前記特定した種類の稼働情報を取得する取得手段と、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる表示処理手段と、
を備える情報処理装置が提供される。
管理対象装置の稼働情報の種類をセキュリティリスクへの対処別に定義する定義情報を外部の管理装置に配信する定義情報配信手段を備える情報処理装置が提供される。
管理装置とサーバ装置とを備えるシステムであって、
前記サーバ装置は、
管理対象装置の稼働情報の種類をセキュリティリスクに対する対処別に定義する定義情報を外部の管理装置に配信する定義情報配信手段を備え、
前記管理装置は、
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と前記定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定する特定手段と、
前記特定した種類の稼働情報を取得する取得手段と、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる表示処理手段を備える、
セキュリティ管理システムが提供される。
コンピュータが、
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、管理対象装置の稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定し、
前記特定した種類の稼働情報を取得し、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる、
ことを含むセキュリティ対策提示方法が提供される。
コンピュータが、
管理対象装置の稼働情報の種類をセキュリティリスクへの対処別に定義する定義情報を外部の管理装置に配信することを含むセキュリティ情報配信方法が提供される。
コンピュータを、
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、管理対象装置の稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定する特定手段、
前記特定した種類の稼働情報を取得する取得手段、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる表示処理手段、
として機能させるためのプログラムが提供される。
コンピュータを、
管理対象装置の稼働情報の種類をセキュリティリスクへの対処別に定義する定義情報を外部の管理装置に配信する定義情報配信手段として機能させるためプログラムが提供される。
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、前記管理対象装置の稼働情報であって、稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報を用いて特定される、前記管理対象装置に適用可能な対処に対応する種類の稼働情報と、を対応付けて表示装置に表示させる表示処理手段、
を備える情報処理装置が提供される。
図1は、本発明の第1実施形態の管理装置10の処理構成を概念的に示す図である。管理装置10は、本願発明の情報処理装置の一例である。図1に示されるように、本実施形態の管理装置10は、特定部110と、取得部120と、表示処理部130とを備える。
図6は、第1実施形態の管理装置10ハードウエア構成を概念的に示す図である。
図7を用いて、本実施形態の管理装置10の動作について説明する。図7は、第1実施形態の管理装置10の処理の流れを示すフローチャートである。
以上、本実施形態によれば、管理対象装置に適用可能な対処と、各対処を選択する際に参考となる管理対象装置の稼働情報とを対応付けた画面が、表示装置を介して管理装置10のオペレータ(セキュリティ管理者)に提示される。これにより、セキュリティ管理者は、対処別に対応付けて表示される稼働情報を参照して、各管理対象装置についてどの対処を適用すべきかを判断することができる。
〔処理構成〕
本実施形態の管理装置10は、第1実施形態と同様の構成を有する。
以上、本実施形態によれば、各対処を選択する際に参考となる管理対象装置の稼働情報が複数ある場合に、その中で優先度が高い稼働情報が識別可能な状態で表示装置に表示される。これにより、セキュリティ管理者は、各管理対象装置についてどの対処を適用すべきかを判断する際、より有用な情報がどれであるかを一目で識別することができる。
本実施形態の管理装置10は、第1実施形態と同様の構成を有する。また、本実施形態の管理装置10は、第2実施形態の構成を更に含んでいてもよい。
以上、本実施形態によれば、より有益な情報を絞り込むために予め定められた条件を満たす稼働情報が強調された状態で表示装置に表示される。これにより、セキュリティ管理者は、各管理対象装置についてどの対処を適用すべきかを判断する際、より有用な情報がどれであるかを一目で識別することができる。
本実施形態では、上述の各実施形態の管理装置10を含むセキュリティ管理システム1について説明する。
図12は、第4実施形態のセキュリティ管理システム1の構成を概念的に示す図である。セキュリティ管理システム1は、管理装置10、サーバ装置20、管理対象装置30および管理者用端末40を含んで構成される。管理者用端末40は、セキュリティ管理者が操作する据え置き型のPC(Personal Computer)、又は、タブレット端末やスマートフォンといった携帯端末などである。また管理対象装置30は第1実施形態で説明したとおりである。
本実施形態のセキュリティ管理システム1のハードウエア構成を、図14を用いて説明する。図14は、第4実施形態のセキュリティ管理システム1のハードウエア構成を概念的に示す図である。
管理装置10は、図6と同様のハードウエア構成を有する。第1実施形態と同様に、ストレージ103は、本実施形態の定義情報取得部140、情報収集部150、セキュリティリスク判定部160を含む各処理部の機能を実現するためのプログラムを記憶しており、プロセッサ101が各プログラムを実行することにより、本実施形態の各処理部が実現される。また、ストレージ103は、本実施形態の定義情報記憶部142の役割も果たす。
サーバ装置20は、プロセッサ201、メモリ202、ストレージ203、及び通信インタフェース(通信I/F)204などを備える。プロセッサ201、メモリ202、ストレージ203、通信インタフェース204は、相互にデータを送受信するためのデータ伝送路で接続されている。
図15を用いて、本実施形態のセキュリティ管理システム1の動作例について説明する。図15は、第4実施形態のセキュリティ管理システム1の処理の流れを示すシーケンス図である。
以上、本実施形態では、サーバ装置20から定義情報が配信され、管理装置10の定義情報記憶部142に格納される。管理装置10では、定義情報記憶部142の定義情報を用いて、セキュリティリスクを有する管理対象装置30、及び、管理対象装置30から収集する各種情報を判定する。これにより、本実施形態では、セキュリティリスクに関する最新の情報をサーバ装置20から取得し、上述の各実施形態で説明したような画面を生成してセキュリティ管理者に提示することが可能となる。
〔処理構成〕
図17は、第5実施形態の管理装置10の処理構成を概念的に示す図である。図17に示されるように、本実施形態の管理装置10は表示処理部130を備える。
本実施形態の管理装置10は、例えば図6に示されるようなハードウエア構成を有する。ストレージ103は、本実施形態の表示処理部130の機能を実現するプログラムを格納しており、プロセッサ101がこのプログラムを実行することによって本実施形態の表示処理部130が実現される。
本実施形態の表示処理部130は、例えば、次のように動作する。一例として、管理装置10と通信可能に接続された外部装置が、管理対象装置に適用可能な対処の調査と、図3に示されるような定義情報を用いて特定される種類の稼働情報の収集とを実行し、表示処理部130はその処理結果を取得する。この場合、表示処理部130は、外部装置から取得した情報を基に、例えば図5に示されるような画面を表示装置に表示させることができる。またこれに限らず、表示処理部130は、管理対象装置に適用可能な対処の調査結果のみを外部装置から取得してもよい。この場合、表示処理部130は、その調査結果を受け取った後、図3に示されるような定義情報を用いて、管理対象装置に適用可能な対処に対応する稼働情報の種類を特定する。そして、表示処理部130は、特定した種類の稼働情報を管理対象装置から取得し、その管理対象装置に適用可能な対処と、その対処に対応する稼働情報とを対応付けて表示する。また、管理対象装置の稼働情報を収集および蓄積する記憶部が存在する場合、表示処理部130は、定義情報を用いて特定した種類の稼働情報をその記憶部から取得してもよい。この「管理対象装置の稼働情報を収集および蓄積する記憶部」は、管理装置10に備えられていてもよいし、管理装置10と通信可能に接続された外部装置に備えられていてもよい。また、表示処理部130は、図13に示されるような情報が所定の記憶部に格納されている場合、その情報を用いて、管理対象装置に適用可能な対処の調査を併せて実行することもできる。この「所定の記憶部」は、管理装置10に備えられていてもよいし、管理装置10と通信可能に接続された外部装置に備えられていてもよい。
本実施形態によっても、第1実施形態と同様に、管理対象装置に適用可能な対処と、その対処に対応する稼働情報とを対応付けて表示する画面をセキュリティ管理者に提示することができる。これにより、第1実施形態と同様の効果を得ることができる。
1.
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、管理対象装置の稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定する特定手段と、
前記特定した種類の稼働情報を取得する取得手段と、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる表示処理手段と、
を備える情報処理装置。
2.
前記定義情報を外部のサーバ装置から取得する定義情報取得手段を更に備える、
1.に記載の情報処理装置。
3.
前記稼働情報の種類別に優先度が予め定められており、
前記表示処理手段は、
前記稼働情報の種類別の優先度に基づいて、各稼働情報の表示順序または表示状態の少なくともいずれか一方を制御する、
1.または2.に記載の情報処理装置。
4.
前記表示処理手段は、
予め定められた条件を満たす稼働情報を判定し、当該条件を満たす稼働情報を識別可能な状態で前記表示装置に表示させる、
1.から3.のいずれか1つに記載の情報処理装置。
5.
前記稼働情報は、前記管理対象装置の稼働履歴または稼働予定の少なくとも一方を含む、
1.から4.のいずれか1つに記載の情報処理装置。
6. 管理対象装置の稼働情報の種類をセキュリティリスクへの対処別に定義する定義情報を外部の管理装置に配信する定義情報配信手段を備える情報処理装置。
7.
管理装置とサーバ装置とを備えるシステムであって、
前記サーバ装置は、
管理対象装置の稼働情報の種類をセキュリティリスクに対する対処別に定義する定義情報を外部の管理装置に配信する定義情報配信手段を備え、
前記管理装置は、
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と前記定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定する特定手段と、
前記特定した種類の稼働情報を取得する取得手段と、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる表示処理手段を備える、
セキュリティ管理システム。
8.
前記稼働情報の種類別に優先度が予め定められており、
前記表示処理手段は、
前記稼働情報の種類別の優先度に基づいて、各稼働情報の表示順序または表示状態の少なくともいずれか一方を制御する、
7.に記載のセキュリティ管理システム。
9.
前記表示処理手段は、
予め定められた条件を満たす稼働情報を判定し、当該条件を満たす稼働情報を識別可能な状態で前記表示装置に表示させる、
7.または8.に記載のセキュリティ管理システム。
10.
前記稼働情報は、前記管理対象装置の稼働履歴または稼働予定の少なくとも一方を含む、
7.から9.のいずれか1つに記載のセキュリティ管理システム。
11.
コンピュータが、
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、管理対象装置の稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定し、
前記特定した種類の稼働情報を取得し、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる、
ことを含むセキュリティ対策提示方法。
12.
コンピュータが、
前記定義情報を外部のサーバ装置から取得する、
ことを更に含む11.に記載のセキュリティ対策提示方法。
13.
前記稼働情報の種類別に優先度が予め定められており、
前記コンピュータが、
前記稼働情報の種類別の優先度に基づいて、各稼働情報の表示順序または表示状態の少なくともいずれか一方を制御する、
ことを更に含む11.または12.に記載のセキュリティ対策提示方法。
14.
前記コンピュータが、
予め定められた条件を満たす稼働情報を判定し、当該条件を満たす稼働情報を識別可能な状態で前記表示装置に表示させる、
ことを更に含む11.から13.のいずれか1つに記載のセキュリティ対策提示方法。
15.
前記稼働情報は、前記管理対象装置の稼働履歴または稼働予定の少なくとも一方を含む、
11.から14.のいずれか1つに記載のセキュリティ対策提示方法。
16.
コンピュータが、
管理対象装置の稼働情報の種類をセキュリティリスクへの対処別に定義する定義情報を外部の管理装置に配信することを含むセキュリティ情報配信方法。
17.
コンピュータを、
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、管理対象装置の稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定する特定手段、
前記特定した種類の稼働情報を取得する取得手段、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる表示処理手段、
として機能させるためのプログラム。
18.
前記コンピュータを、
前記定義情報を外部のサーバ装置から取得する定義情報取得手段、
として更に機能させるための17.に記載のプログラム。
19.
前記稼働情報の種類別に優先度が予め定められており、
前記コンピュータを、
前記稼働情報の種類別の優先度に基づいて、各稼働情報の表示順序または表示状態の少なくともいずれか一方を制御する手段、
として更に機能させるための17.または18.に記載のプログラム。
20.
前記コンピュータを、
予め定められた条件を満たす稼働情報を判定し、当該条件を満たす稼働情報を識別可能な状態で前記表示装置に表示させる手段、
として更に機能させるための17.から19.のいずれか1つに記載のプログラム。
21.
前記稼働情報は、前記管理対象装置の稼働履歴または稼働予定の少なくとも一方を含む、
17.から20.のいずれか1つに記載のプログラム。
22.
コンピュータを、
管理対象装置の稼働情報の種類をセキュリティリスクへの対処別に定義する定義情報を外部の管理装置に配信する定義情報配信手段として機能させるためプログラム。
23.
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、前記管理対象装置の稼働情報であって、稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報を用いて特定される、前記管理対象装置に適用可能な対処に対応する種類の稼働情報と、を対応付けて表示装置に表示させる表示処理手段、
を備える情報処理装置。
Claims (12)
- セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、管理対象装置の稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定する特定手段と、
前記特定した種類の稼働情報を取得する取得手段と、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる表示処理手段と、
を備える情報処理装置。 - 前記定義情報を外部のサーバ装置から取得する定義情報取得手段を更に備える、
請求項1に記載の情報処理装置。 - 前記稼働情報の種類別に優先度が予め定められており、
前記表示処理手段は、
前記稼働情報の種類別の優先度に基づいて、各稼働情報の表示順序または表示状態の少なくともいずれか一方を制御する、
請求項1または2に記載の情報処理装置。 - 前記表示処理手段は、
予め定められた条件を満たす稼働情報を判定し、当該条件を満たす稼働情報を識別可能な状態で前記表示装置に表示させる、
請求項1から3のいずれか1項に記載の情報処理装置。 - 前記稼働情報は、前記管理対象装置の稼働履歴または稼働予定の少なくとも一方を含む、
請求項1から4のいずれか1項に記載の情報処理装置。 - 管理対象装置の稼働情報の種類をセキュリティリスクへの対処別に定義する定義情報を外部の管理装置に配信する定義情報配信手段を備える情報処理装置。
- 管理装置とサーバ装置とを備えるシステムであって、
前記サーバ装置は、
管理対象装置の稼働情報の種類をセキュリティリスクに対する対処別に定義する定義情報を外部の管理装置に配信する定義情報配信手段を備え、
前記管理装置は、
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と前記定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定する特定手段と、
前記特定した種類の稼働情報を取得する取得手段と、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる表示処理手段を備える、
セキュリティ管理システム。 - コンピュータが、
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、管理対象装置の稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定し、
前記特定した種類の稼働情報を取得し、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる、
ことを含むセキュリティ対策提示方法。 - コンピュータが、
管理対象装置の稼働情報の種類をセキュリティリスクへの対処別に定義する定義情報を外部の管理装置に配信することを含むセキュリティ情報配信方法。 - コンピュータを、
セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、管理対象装置の稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報とを用いて、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応する稼働情報の種類を特定する特定手段、
前記特定した種類の稼働情報を取得する取得手段、
前記取得した稼働情報を、前記セキュリティリスクを有する管理対象装置に適用可能な対処に対応付けて表示装置に表示させる表示処理手段、
として機能させるためのプログラム。 - コンピュータを、
管理対象装置の稼働情報の種類をセキュリティリスクへの対処別に定義する定義情報を外部の管理装置に配信する定義情報配信手段として機能させるためプログラム。 - セキュリティリスクを有する管理対象装置に適用可能な対処を示す対処情報と、前記管理対象装置の稼働情報であって、稼働情報の種類と前記セキュリティリスクに対する対処との対応関係を定義する定義情報を用いて特定される、前記管理対象装置に適用可能な対処に対応する種類の稼働情報と、を対応付けて表示装置に表示させる表示処理手段、
を備える情報処理装置。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2017546508A JP6760300B2 (ja) | 2015-10-19 | 2016-10-12 | 情報処理装置、セキュリティ管理システム、セキュリティ対策提示方法、及びプログラム |
SG11201803280QA SG11201803280QA (en) | 2015-10-19 | 2016-10-12 | Information processing apparatus, security management system, security measure providing method, security information distribution method, and program |
US15/769,248 US10699019B2 (en) | 2015-10-19 | 2016-10-12 | Information processing apparatus, security management system, security measure providing method, security information distribution method, and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015205493 | 2015-10-19 | ||
JP2015-205493 | 2015-10-19 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017069020A1 true WO2017069020A1 (ja) | 2017-04-27 |
Family
ID=58557488
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2016/080177 WO2017069020A1 (ja) | 2015-10-19 | 2016-10-12 | 情報処理装置、セキュリティ管理システム、セキュリティ対策提示方法、セキュリティ情報配信方法、及びプログラム |
Country Status (5)
Country | Link |
---|---|
US (1) | US10699019B2 (ja) |
JP (2) | JP6760300B2 (ja) |
SG (1) | SG11201803280QA (ja) |
TW (1) | TWI672604B (ja) |
WO (1) | WO2017069020A1 (ja) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10757140B2 (en) * | 2018-08-30 | 2020-08-25 | Nec Corporation | Monitoring event streams in parallel through data slicing |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009110177A (ja) * | 2007-10-29 | 2009-05-21 | Ntt Data Corp | 情報セキュリティ対策決定支援装置及び方法ならびにコンピュータプログラム |
WO2009116173A1 (ja) * | 2008-03-21 | 2009-09-24 | 富士通株式会社 | 対策選択プログラム、対策選択装置および対策選択方法 |
JP2015130152A (ja) * | 2013-12-06 | 2015-07-16 | 三菱電機株式会社 | 情報処理装置及びプログラム |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3883869B2 (ja) * | 1999-11-10 | 2007-02-21 | 三菱電機株式会社 | 情報端末、サーバ、情報表示システムおよび情報表示方法 |
JP2003162504A (ja) * | 2001-11-26 | 2003-06-06 | Hitachi Ltd | 障害分析支援システム |
US7519996B2 (en) | 2003-08-25 | 2009-04-14 | Hewlett-Packard Development Company, L.P. | Security intrusion mitigation system and method |
JP4852309B2 (ja) * | 2005-12-27 | 2012-01-11 | 株式会社日立製作所 | 資産管理装置及び資産管理方法 |
JP5304243B2 (ja) | 2006-07-06 | 2013-10-02 | 日本電気株式会社 | セキュリティリスク管理システム、装置、方法、およびプログラム |
JP2008198090A (ja) | 2007-02-15 | 2008-08-28 | Hitachi Software Eng Co Ltd | セキュリティ管理システム |
TW201122895A (en) | 2009-12-30 | 2011-07-01 | Trade Van Information Services Co | Security operation and instant messaging system, its union defense system and union defense method. |
KR101295709B1 (ko) * | 2011-08-24 | 2013-09-16 | 주식회사 팬택 | 백그라운드 프로세스에 대한 보안 정보 제공 장치 및 방법 |
TW201512862A (zh) | 2013-09-26 | 2015-04-01 | Chunghwa Telecom Co Ltd | 一種與資訊安全風險評鑑結合的隱私衝擊分析方法 |
US9298936B2 (en) | 2014-06-25 | 2016-03-29 | Airwatch Llc | Issuing security commands to a client device |
TWI627597B (zh) | 2014-09-11 | 2018-06-21 | 吳富堯 | 風險管理之專家分析系統及其操作方法 |
-
2016
- 2016-10-12 WO PCT/JP2016/080177 patent/WO2017069020A1/ja active Application Filing
- 2016-10-12 JP JP2017546508A patent/JP6760300B2/ja active Active
- 2016-10-12 SG SG11201803280QA patent/SG11201803280QA/en unknown
- 2016-10-12 US US15/769,248 patent/US10699019B2/en active Active
- 2016-10-17 TW TW105133368A patent/TWI672604B/zh not_active IP Right Cessation
-
2020
- 2020-07-20 JP JP2020123483A patent/JP2020184372A/ja active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009110177A (ja) * | 2007-10-29 | 2009-05-21 | Ntt Data Corp | 情報セキュリティ対策決定支援装置及び方法ならびにコンピュータプログラム |
WO2009116173A1 (ja) * | 2008-03-21 | 2009-09-24 | 富士通株式会社 | 対策選択プログラム、対策選択装置および対策選択方法 |
JP2015130152A (ja) * | 2013-12-06 | 2015-07-16 | 三菱電機株式会社 | 情報処理装置及びプログラム |
Also Published As
Publication number | Publication date |
---|---|
TW201717079A (zh) | 2017-05-16 |
JP2020184372A (ja) | 2020-11-12 |
TWI672604B (zh) | 2019-09-21 |
US10699019B2 (en) | 2020-06-30 |
JP6760300B2 (ja) | 2020-09-23 |
SG11201803280QA (en) | 2018-05-30 |
JPWO2017069020A1 (ja) | 2018-08-09 |
US20180307842A1 (en) | 2018-10-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10552610B1 (en) | Adaptive virtual machine snapshot update framework for malware behavioral analysis | |
US9507936B2 (en) | Systems, methods, apparatuses, and computer program products for forensic monitoring | |
US20080229149A1 (en) | Remote testing of computer devices | |
US9542213B2 (en) | Method and system for identifying virtualized operating system threats in a cloud computing environment | |
JP2018163537A (ja) | 情報処理装置、情報処理方法、プログラム | |
JP2007164465A (ja) | クライアントセキュリティ管理システム | |
US11822671B2 (en) | Information processing device, information processing method, and non-transitory computer readable medium for identifying terminals without security countermeasures | |
JP7255636B2 (ja) | 端末管理装置、端末管理方法、およびプログラム | |
JP2020184372A (ja) | 情報処理装置、セキュリティ情報配信方法、及びプログラム | |
CN104461741A (zh) | 基于图形设备接口的计算设备优化方法及装置 | |
EP3318973A1 (en) | Electronic device | |
JP6746084B2 (ja) | 情報処理装置、情報処理方法、プログラム | |
JP7226819B2 (ja) | 情報処理装置、情報処理方法、プログラム | |
US20160224990A1 (en) | Customer health tracking system based on machine data and human data | |
JPWO2018168822A1 (ja) | セキュリティリスク管理装置、セキュリティリスク管理方法およびセキュリティリスク管理プログラム | |
EP4361860A1 (en) | Program, information processing device, and method | |
WO2020240766A1 (ja) | 評価装置、システム、制御方法、及びプログラム | |
JP2024022321A (ja) | セキュリティ対策システム、構築装置、実行管理装置、セキュリティ対策方法、及びプログラム | |
JP2021018462A (ja) | 機器管理装置および機器管理方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16857335 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2017546508 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15769248 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11201803280Q Country of ref document: SG |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16857335 Country of ref document: EP Kind code of ref document: A1 |