WO2024069875A1 - Evaluation device, terminal, evaluation system, evaluation method, and recording medium - Google Patents

Evaluation device, terminal, evaluation system, evaluation method, and recording medium Download PDF

Info

Publication number
WO2024069875A1
WO2024069875A1 PCT/JP2022/036509 JP2022036509W WO2024069875A1 WO 2024069875 A1 WO2024069875 A1 WO 2024069875A1 JP 2022036509 W JP2022036509 W JP 2022036509W WO 2024069875 A1 WO2024069875 A1 WO 2024069875A1
Authority
WO
WIPO (PCT)
Prior art keywords
evaluation
network
trustworthiness
inspection
trust
Prior art date
Application number
PCT/JP2022/036509
Other languages
French (fr)
Japanese (ja)
Inventor
一彰 中島
衣緒 古山
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2022/036509 priority Critical patent/WO2024069875A1/en
Publication of WO2024069875A1 publication Critical patent/WO2024069875A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/08Insurance

Definitions

  • This disclosure relates to an evaluation device, a terminal, an evaluation system, an evaluation method, and a recording medium.
  • Patent Document 1 discloses that insurance premiums for computer and related equipment are calculated using information obtained by selecting and assessing each assessment item related to computers, etc.
  • Patent Document 2 discloses that insurance premiums for industrial machinery are calculated based on the reliability rate of the industrial machinery calculated based on a reliability index that indicates the degree to which various functions contribute to the reliability of various elements related to the industrial machinery.
  • the criteria for judging the trustworthiness (reliability) of network devices differ depending on the standpoint and way of thinking of the evaluator.
  • the information that is the basis for calculating insurance premiums is assessed based on the criteria from the standpoint of the evaluator.
  • the trustworthiness required to calculate cyber insurance needs to be evaluated based on the index adopted by the insurance company that sells cyber insurance.
  • One example of the objective of this disclosure is to provide an evaluation device that can evaluate the trustworthiness of a cyber insurance that meets the standards adopted by insurance companies.
  • the evaluation device includes an evaluation index acquisition means for acquiring a trust evaluation index used by an insurance company to evaluate trustworthiness, an equipment information acquisition means for acquiring equipment information of network equipment on a network insured by a user business operator, an inspection means for inspecting the network equipment using the equipment information based on the trust evaluation index, an evaluation means for evaluating trustworthiness based on the inspection results, and an output means for outputting the evaluation results of trustworthiness.
  • the evaluation system is an evaluation system having a device information storage device that stores device information of network devices, and the evaluation device described above.
  • the evaluation device includes an evaluation index acquisition means for acquiring a trust evaluation index used by an insurance company to evaluate trustworthiness, a device information acquisition means for acquiring device information of network devices on a network insured by a user business from the device information storage device, an inspection means for inspecting the network devices using the device information based on the trust evaluation index, an evaluation means for evaluating trustworthiness based on the inspection results, and an output means for issuing a certificate to attest to the trustworthiness evaluation results, attaching an electronic signature to the certificate, and storing it in the device information storage device.
  • a computer acquires a trust evaluation index used by an insurance company to evaluate trustworthiness, acquires device information of network devices on a network insured by a user company, inspects the network devices using the device information based on the trust evaluation index, evaluates trustworthiness based on the inspection results, and outputs the trust evaluation results.
  • the recording medium stores a program that causes a computer to obtain a trust evaluation index used by an insurance company to evaluate trust, obtain device information of network devices on a network that a user business operator insures, inspect the network devices using the device information based on the trust evaluation index, evaluate trust based on the inspection results, and output the trust evaluation results.
  • One example of the effect of this disclosure is the provision of an evaluation device that can evaluate the trustworthiness of a system in accordance with the cyber insurance standards adopted by insurance companies.
  • FIG. 1 is a block diagram showing the configuration of an evaluation system according to the first embodiment.
  • FIG. 2 is a diagram showing a hardware configuration in which the evaluation device according to the first embodiment is realized by a computer device and its peripheral devices.
  • FIG. 3 is a flowchart of the evaluation system according to the first embodiment.
  • the evaluation device 100 in the first embodiment is, for example, a device for an insurance company that takes out cyber insurance on a user company's network to evaluate the trustworthiness indicating the reliability of network devices that constitute the network.
  • the cyber insurance in this embodiment includes liability for damages to third parties due to cyber incidents such as cyber attacks, as well as repair costs required for network recovery.
  • a network device is, for example, a device for relaying or transferring data on a network, such as a router, hub, gateway, or switch.
  • a network in this embodiment refers to a network composed of network devices introduced by a user company.
  • the evaluation system 10 in this embodiment includes an evaluation device 100, an insurance company terminal 200 of an insurance company that requests the evaluation device 100 to evaluate the trustworthiness of a network device, and a device information storage device 300 that stores device information for each network device.
  • the device information storage device 300 is owned by a platform operator that manages the device information for each network device.
  • the insurance company may, for example, request a third-party evaluation agency to evaluate the trustworthiness of a network device through the platform operator.
  • the insurance company terminal 200 includes an evaluation index sending unit 201, a certificate acquisition unit 202, a matching unit 203, and a determination unit 204, which send the trust evaluation index adopted by the user business to the evaluation device 100.
  • the evaluation index sending unit 201 may also send information indicating that the user business has requested the user business to take out cyber insurance.
  • the insurance company terminal 200 is not limited to being a terminal, and may be realized as a server (including the cloud).
  • the device information storage device 300 stores at least the configuration information and inspection information of the network devices as device information.
  • the device information stored in the device information storage device 300 is updated when the network devices are replaced or the software is upgraded.
  • FIG. 1 is a block diagram showing the configuration of an evaluation device 100 in the first embodiment.
  • the evaluation device 100 includes an evaluation index acquisition unit 101, a device information acquisition unit 102, an inspection unit 103, an evaluation unit 104, and an output unit 105.
  • the evaluation device 100 of this embodiment will be described in detail below.
  • the evaluation device 100 in the first embodiment of the present disclosure is realized by a computer device 500 including a processor.
  • the evaluation device 100 includes a CPU (Central Processing Unit) 501, memories such as a ROM (Read Only Memory) 502 and a RAM (Random Access Memory) 503, a storage device 505 such as a hard disk for storing a program 504, a communication I/F (Interface) 508 for network connection, and an input/output interface 511 for inputting and outputting data.
  • the trust evaluation index acquired by the evaluation index acquisition unit 101 is input to the evaluation device 100 via, for example, the communication I/F 508.
  • the CPU 501 runs an operating system to control the entire evaluation device 100 according to the first embodiment of the present invention.
  • the CPU 501 also reads programs and data from a recording medium 506 mounted in, for example, a drive device 507 into memory.
  • the CPU 501 also functions as the evaluation index acquisition unit 101, device information acquisition unit 102, inspection unit 103, evaluation unit 104, output unit 105, and parts of these in the first embodiment, and executes the processes or commands in the flowchart shown in FIG. 3, which will be described later, based on the programs.
  • the recording medium 506 is, for example, an optical disk, a flexible disk, a magneto-optical disk, an external hard disk, or a semiconductor memory.
  • a recording medium that is part of the storage device is a non-volatile storage device, and the program is recorded therein.
  • the program may also be downloaded from an external computer (not shown) that is connected to a communication network.
  • the input device 509 is realized, for example, by a mouse, keyboard, built-in key buttons, etc., and is used for input operations.
  • the input device 509 is not limited to a mouse, keyboard, or built-in key buttons, but may be, for example, a touch panel.
  • the output device 510 is realized, for example, by a display, and is used to check the output.
  • the first embodiment shown in FIG. 1 is realized by the computer hardware shown in FIG. 2.
  • the means for realizing each part of the evaluation device 100 in FIG. 1 is not limited to the configuration described above.
  • the evaluation device 100 may be realized by a single physically combined device, or may be realized by two or more physically separated devices connected by wire or wirelessly.
  • the input device 509 and the output device 510 may be connected to the computer device 500 via a network.
  • the evaluation device 100 in the first embodiment shown in FIG. 1 may also be configured by cloud computing, etc.
  • the evaluation index acquisition unit 101 is a means for acquiring a trust evaluation index used by an insurance company to evaluate its trustworthiness.
  • the evaluation index acquisition unit 101 acquires the trust evaluation index from the evaluation index transmission unit 201 via a network.
  • Trustworthiness refers to the reliability of an entire network consisting of multiple network devices, for example, reliability in maintaining stable operation of the entire network.
  • Trust evaluation indicators are perspectives for evaluating trustworthiness, and include the presence of risks to network devices, countermeasures against risks, the presence or absence of unauthorized functions such as backdoors, inspection status, and the visualization status of device information.
  • trustworthiness is used as a reference by insurance companies when underwriting insurance for user businesses, etc. Since trustworthiness is used for judgment by third parties, including user businesses and insurance companies, it is desirable for it to be expressed in a manner that allows for easy objective judgment.
  • trustworthiness is not limited to numerical values, and may be data in a form other than numerical values, such as A to C. Specifically, trustworthiness can be, for example, as follows:
  • the reliability of the outage risk is the possibility that a network device will be out of service and the predicted outage time in the event of outage.
  • the outage risk is the average outage interval or the average recovery time.
  • the outage risk may be the outage risk of a part of the network device. For example, a network device with a low outage risk is more reliable than a network device with a high outage risk.
  • Information Leakage Risk Trustworthiness regarding information leakage risk is the presence or absence or possibility of information leakage for a network device, and the status of measures against information leakage, etc.
  • the status of measures against information leakage is, for example, that all measures against information leakage have been implemented, that measures against serious information leakage have been implemented, that measures against information leakage have been identified, or that measures are not identified, etc.
  • a network device with a low risk of information leakage is more trustworthy than a network device with a high risk of information leakage.
  • the trustworthiness of a backdoor is the presence or absence of a backdoor in a network device, or the possibility of the existence of a backdoor.
  • the trustworthiness of a backdoor may be the backdoor inspection state, such as the inspection method, inspection range, or inspection time of a backdoor in a network device.
  • the backdoor inspection method is, for example, inspection using an inspection application, binary inspection of a program running on a network device, or source code inspection of a program. For example, a network device that has been inspected for a backdoor has a higher trustworthiness than a network device that has not been inspected for a backdoor.
  • the reliability of risk assessment refers to whether or not a risk assessment inspection of the vulnerability of a network device has been conducted, the inspection results, the implementation status of countermeasures, the time of inspection, or the time elapsed since the inspection, etc.
  • the implementation status of vulnerability countermeasures may be that countermeasures have been implemented for all vulnerabilities, that countermeasures for serious vulnerabilities have been implemented, that countermeasures for vulnerabilities have been identified, or that countermeasures are not identified, etc. For example, a network device that has been inspected for a risk assessment is more reliable than a network device that has not been inspected for a risk assessment.
  • the reliability of an incident response is the defined state of a response when an incident occurs in a network.
  • the reliability of an incident response may include a range of incidents for which responses are defined, such as a response for a major incident being defined.
  • a network device for which an incident response is defined is more reliable than a network device for which an incident response is not defined.
  • the reliability of the performance evaluation test results is the presence or absence of the performance evaluation test results and the performance content in the test results.
  • the reliability of the performance evaluation test results may be the test status of the performance evaluation, such as the test method, test scope, test time, or the elapsed time since the test was conducted. For example, a network device whose performance evaluation has been tested is more reliable than a network device whose performance evaluation has not been tested.
  • the trustworthiness of a business is the state of understanding of the business of a user company and the state of preparation for recovery work for the business.
  • the state of understanding of a business is, for example, the state of understanding of the scope of impact of each business, or the state of understanding of the priority of each business.
  • a network device whose business is understood is more trustworthy than a network device whose business is not understood.
  • the state of preparation for recovery work is, for example, a state of preparation for recovery from a business with a large scope of impact or a business with a high priority when an incident occurs.
  • a network device for which recovery work is prepared is more trustworthy than a network device for which recovery work is not prepared.
  • the trustworthiness of a developer is the state of understanding of the attributes of the developer of a network device.
  • the understanding state may be, for example, that the attributes of all developers are understood, that some attributes are not understood, or that some developers' attributes are not understood.
  • the attributes may be, for example, nationality, affiliation, development location, or past career.
  • the developer attributes are not limited to the attributes of a person such as an individual, but may also be the attributes of a corporation or organization such as a development manufacturer. For example, a network device whose developer attributes are understood is more trustworthy than a network device whose developer attributes are not understood.
  • the trustworthiness of a supply chain is the trustworthiness of companies, etc., related to the supply chain of network devices.
  • Companies related to the supply chain are, for example, companies that design, provide, maintain, and manage network devices.
  • the trustworthiness of a company is, for example, the implementation status of a trustworthiness inspection in each company and the contents of the inspection results.
  • the implementation status of an inspection is whether or not an inspection has been conducted, the extent to which an inspection has been conducted, or the extent to which an inspection has not been conducted. For example, a network device whose trustworthiness has been inspected with respect to companies that make up the supply chain is more trustworthy than a network device whose trustworthiness has not been inspected with respect to companies that make up the supply chain.
  • the trust evaluation index is an evaluation index for evaluating the trustworthiness of network equipment that meets the needs of user operators.
  • the trust evaluation index is an evaluation index for the above-mentioned trust items such as "presence or absence of a backdoor".
  • the trust evaluation index may be a single evaluation index, a collection of multiple evaluation indexes, an integration of multiple evaluation indexes, or an evaluation index calculated using multiple evaluation indexes such as an average.
  • the insurance company may create a trust evaluation index in accordance with the trust required for the network equipment of the user operator, or may obtain a trust evaluation index from a third-party organization or platform operator.
  • the evaluation index acquisition unit 101 outputs the acquired trust evaluation index to the inspection unit 103.
  • the device information acquisition unit 102 is a means for acquiring device information of network devices on a network for which a user operator takes out insurance.
  • the device information acquisition unit 102 acquires device information of the network device to be evaluated from, for example, the device information storage device 300.
  • Device information is information required to evaluate the trustworthiness of a network device, and includes configuration information and inspection information.
  • the device information storage device 300 stores, for example, configuration information and inspection information linked to each network device.
  • Configuration information is, for example, hardware information and software information of network devices.
  • Hardware information is developer information, model numbers of chips, boards, ports, etc. that make up the hardware, and identifiers assigned to the hardware.
  • Software information includes developer information, the OS (Operating System) that processes the hardware, software names such as libraries or applications, version information of that software, and code information of the software.
  • Configuration information is updated when the configuration information is updated, such as when the software is upgraded.
  • Inspection information is information on the results of inspections based on the configuration information of network devices by businesses along the supply chain from procurement of network device parts to delivery. Inspection information includes the above-mentioned backdoor or risk assessment inspections.
  • the device information acquisition unit 102 acquires the device information of the network device to be evaluated, it outputs the information to the inspection unit 103.
  • the inspection unit 103 is a means for inspecting a network device using device information based on a trust evaluation index.
  • a specific inspection method is as follows. That is, the inspection unit 103 creates inspection items for a network device to evaluate the trustworthiness of the network device based on configuration information and a trust evaluation index. For example, the inspection unit 103 creates inspection items for evaluating the trust evaluation index for the network device to be evaluated.
  • the items to be inspected for the above-mentioned trust evaluation indicators (1) to (9) are predetermined, and the inspection unit 103 selects an inspection item according to the trust evaluation indicator selected for the insured network device or network. For example, if the trust evaluation indicator is a backdoor, the inspection unit 103 creates an inspection item to inspect the possibility of a backdoor for the network device to be inspected.
  • the inspection unit 103 may create multiple inspection items for one trust evaluation indicator, or may create one inspection item for multiple trust evaluation indicators.
  • the inspection unit 103 inspects the network device using the evaluation criteria of the trust evaluation index for each created inspection item.
  • the inspection unit 103 may display the inspection result for each trust evaluation index as a binary value of 0 or 100, or may display it as a specific rank such as A to C.
  • the inspection unit 103 may also display the inspection result for each trust evaluation index as a numerical value (score) such as 0 to 100%.
  • the evaluation unit 104 is a means for evaluating the trustworthiness based on the test results.
  • the evaluation unit 104 comprehensively evaluates the trustworthiness of the network device based on the test results of each trust evaluation index.
  • the evaluation unit 104 evaluates the trustworthiness, for example, by calculating the sum or average value of the test results of each trust evaluation index. Furthermore, the evaluation unit 104 may determine that the trustworthiness is not satisfied if the test result of any of the trust evaluation indexes is 0, or that the trustworthiness is not satisfied if the test result of a predetermined trust evaluation index is equal to or lower than a predetermined value. However, the method of evaluating the trustworthiness by the evaluation unit 104 is not limited to these.
  • the output unit 105 is a means for outputting the evaluation result of the trustworthiness of the network device.
  • the output unit 105 displays the evaluation result of the trustworthiness on an output device 510 such as a display.
  • the output unit 105 may also output the evaluation result of the trustworthiness of the network device to a user operator or an insurance company.
  • the output unit 105 may also issue a certificate to certify the evaluation result of the trustworthiness.
  • the certificate is issued to a third party, including the user operator and the insurance company, to certify the evaluation result of the trustworthiness of the network device.
  • the output unit 105 affixes an electronic signature to the certificate describing the evaluation result of the trustworthiness, and stores it in the device information storage device 300 together with the public key.
  • the certificate acquisition unit 202 is a means for acquiring the certificate issued by the evaluation device 100.
  • the certificate acquisition unit 202 acquires the certificate stored in the device information storage device 300.
  • the certificate acquisition unit 202 may also acquire from the user business the certificate that the user business acquired from the device information storage device 300.
  • the certificate acquisition unit 202 outputs the acquired certificate to the comparison unit 203.
  • the matching unit 203 is a means for matching, based on the certificate, whether the network equipment installed in the user operator is the same as the network equipment covered by the insurance. Specifically, the matching unit 203 uses the public key to decrypt the hash value of the electronic signature included in the certificate input from the certificate acquisition unit 202, and compares it with the hash value of the network equipment installed in the user operator to match it with the network equipment installed in the user operator. If the two network devices are not the same, the matching unit 203 again requests a third party to evaluate the trustworthiness of the network equipment that is the same as the network equipment installed in the user operator.
  • the determination unit 204 is a means for determining the insurance premium based on the evaluation result of the trustworthiness.
  • the determination unit 204 increases or decreases the insurance premium from a predetermined standard insurance premium based on the level of trustworthiness for each trust evaluation index. For example, for (4) risk assessment, among the examples of the trust evaluation indexes mentioned above, the determination unit 204 increases the insurance premium from the standard insurance premium if measures against vulnerabilities are not understood. On the other hand, the determination unit 204 decreases the insurance premium from the standard insurance premium if measures against vulnerabilities are understood.
  • the determination unit 204 may determine the degree of increase or decrease from the standard insurance premium based on the degree of understanding of measures against vulnerabilities.
  • the decision unit 204 reduces the insurance premium from the standard premium. On the other hand, if countermeasures against risks are not defined and incident response is difficult, the decision unit 204 increases the insurance premium from the standard premium.
  • the decision unit 204 reduces the insurance premium from the standard insurance premium for (7) business operations if the business is ready to recover from the business scope with a high priority when an incident occurs.
  • the decision unit 204 increases the insurance premium from the standard insurance premium if the business is not ready to recover from the business scope with a high priority when an incident occurs.
  • the determination unit 204 may notify the user operator of the insurance premium for the user operator's network determined in this manner.
  • FIG. 3 is a flowchart showing an overview of the operation of the evaluation device 100 in the first embodiment. Note that the processing according to this flowchart may be executed based on program control by the processor described above.
  • the evaluation index sending unit 201 in the insurance company terminal 200 sends the trust evaluation index used by the insurance company to the evaluation device 100 (step S101).
  • the evaluation index acquisition unit 101 in the evaluation device 100 acquires the trust evaluation index used by the insurance company from the insurance company terminal 200 (step S102).
  • the device information acquisition unit 102 acquires device information of the network devices on the network insured by the user company (step S103).
  • the inspection unit 103 inspects the network devices based on the trust evaluation index (step S104).
  • the evaluation unit 104 evaluates the trust based on the inspection result (step S105).
  • the output unit 105 issues a certificate to certify the trust evaluation result (step S106).
  • the certificate acquisition unit 202 in the insurance company terminal 200 acquires the certificate issued by the evaluation device 100 (step S107).
  • the comparison unit 203 uses the certificate to check whether the network device installed in the user business is the same as the network device covered by the insurance (step S108).
  • the determination unit 204 checks the identity of both network devices, and then determines the insurance premium for the network composed of the network devices based on the results of the trust evaluation (step S109). With this, the evaluation system 10 terminates its operation.
  • the evaluation index acquisition unit 101 acquires the trust evaluation index adopted by the insurance company
  • the inspection unit 103 inspects the network device based on the trust evaluation index
  • the evaluation unit 104 evaluates the trustworthiness based on the inspection results. This makes it possible to evaluate the trustworthiness in accordance with the cyber insurance standards adopted by the insurance company.
  • the output unit 105 issues a certificate by attaching an electronic signature to the trust evaluation result. This ensures the validity of the trust evaluation result.
  • An insurance company that obtains a trust certificate can use the valid trust evaluation result, and can therefore determine cyber insurance premiums for the user operator's network based on the highly reliable trust evaluation result.
  • the inspection unit 103 performs all the inspections to evaluate the trust evaluation index.
  • the network device is inspected only for items that have not been inspected, using the results of the already performed trust evaluation.
  • the inspection unit 103 creates inspection items that have not been performed to evaluate the trust evaluation index.
  • the inspection unit 103 inspects the network device using the evaluation criteria of the trust evaluation index for each created inspection item.
  • the inspection unit 103 omits the creation of an inspection item for the presence or absence of a backdoor.
  • the evaluation unit 104 evaluates the trust based on the inspection results performed by the inspection unit 103 and the inspection results already performed by the user operator. However, even if the user operator has evaluated the trustworthiness of the network device, if the inspection time is before the specified time, the inspection unit 103 may perform all inspections to evaluate the trust evaluation index without using the inspection results performed by the user operator. Note that the configuration of the evaluation device 100 is the same except for the inspection unit 103 and evaluation unit 104.
  • the determination unit 204 in the insurance company terminal 200 determines the insurance premium based on the inspection items inspected by the inspection unit 103. Specifically, the determination unit 204 deducts from the insurance premium calculated based on the results of the trustworthiness evaluation the costs corresponding to the items not inspected by the inspection unit 103.
  • step S106 the output unit 105 issues a certificate to attest to the trust evaluation result.
  • the output unit 105 may simply output the trust evaluation result to the output device 510. In this case, no subsequent processing is performed in the insurance company terminal 200.
  • Evaluation system 100 Evaluation device 101 Evaluation index acquisition unit 102 Device information acquisition unit 103 Inspection unit 104 Evaluation unit 105 Output unit 200 Insurance company terminal 201 Evaluation index transmission unit 202 Certificate acquisition unit 203 Collation unit 204 Determination unit 300 Device information storage device

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Software Systems (AREA)
  • Development Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Human Resources & Organizations (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Educational Administration (AREA)
  • Game Theory and Decision Science (AREA)
  • Technology Law (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

An evaluation device according to the present disclosure comprises: an evaluation index acquisition means that acquires a trust evaluation index for evaluating trustworthiness, the trust evaluation index being employed by an insurance company; an apparatus information acquisition means that acquires apparatus information pertaining to network apparatuses on a network for which a user entrepreneur purchases insurance; an inspection means that, on the basis of the trust evaluation index, inspects the network apparatuses using the apparatus information; an evaluation means that evaluates trustworthiness on the basis of the result of inspection; and an output means that outputs the result of evaluating trustworthiness.

Description

評価装置、端末、評価システム、評価方法、及び記録媒体EVALUATION DEVICE, TERMINAL, EVALUATION SYSTEM, EVALUATION METHOD, AND RECORDING MEDIUM
 本開示は、評価装置、端末、評価システム、評価方法、及び記録媒体に関する。 This disclosure relates to an evaluation device, a terminal, an evaluation system, an evaluation method, and a recording medium.
 ネットワーク機器に対する保険料を算出する手法が検討されている。  Methods for calculating insurance premiums for network devices are being considered.
 例えば、特許文献1には、コンピュータ等に関する各査定項目を選択して査定した情報を用い、コンピュータ及び関連機器の障害保険の保険料を算出することが開示されている。特許文献2には、産業機械に関わる各種要素に対して各種機能がどの程度信頼性に寄与するか、を示す信頼性指標に基づいて算出した産業機械の信頼率により、産業機械に対する保険料を算出することが開示されている。 For example, Patent Document 1 discloses that insurance premiums for computer and related equipment are calculated using information obtained by selecting and assessing each assessment item related to computers, etc. Patent Document 2 discloses that insurance premiums for industrial machinery are calculated based on the reliability rate of the industrial machinery calculated based on a reliability index that indicates the degree to which various functions contribute to the reliability of various elements related to the industrial machinery.
特開2006-235961号公報JP 2006-235961 A 特開2022-011368号公報JP 2022-011368 A
 ところで、セキュリティリスクに対して補償するサイバー保険への需要が高まっている。しかし、サイバー保険料の算出やインシデント発生時の支払い料金の算出が体系的に行われていない場合がある。 Incidentally, there is an increasing demand for cyber insurance, which provides compensation for security risks. However, calculation of cyber insurance premiums and payment fees in the event of an incident are not always done systematically.
 また、ネットワーク機器のトラスト性(信頼性)は、評価する立場や考え方によって判断基準が異なっている。特許文献1及び特許文献2に記載された発明では、評価する側の立場の判断基準により、保険料を算出する基になる情報が査定される。サイバー保険の算出するためのトラスト性は、サイバー保険を販売する保険会社が採用する指標に基づいて評価する必要がある。 In addition, the criteria for judging the trustworthiness (reliability) of network devices differ depending on the standpoint and way of thinking of the evaluator. In the inventions described in Patent Documents 1 and 2, the information that is the basis for calculating insurance premiums is assessed based on the criteria from the standpoint of the evaluator. The trustworthiness required to calculate cyber insurance needs to be evaluated based on the index adopted by the insurance company that sells cyber insurance.
 本開示の目的の一例は、保険会社が採用するサイバー保険の基準に合ったトラスト性を評価できる評価装置を提供することにある。 One example of the objective of this disclosure is to provide an evaluation device that can evaluate the trustworthiness of a cyber insurance that meets the standards adopted by insurance companies.
 本開示の一態様における評価装置は、保険会社が採用するトラスト性を評価するためのトラスト評価指標を取得する、評価指標取得手段と、ユーザ事業者が保険をかけるネットワーク上のネットワーク機器の機器情報を取得する、機器情報取得手段と、トラスト評価指標に基づき、機器情報を用いてネットワーク機器を検査する、検査手段と、検査した結果に基づきトラスト性を評価する、評価手段と、トラスト性の評価結果を出力する出力手段と、を備える。 The evaluation device according to one aspect of the present disclosure includes an evaluation index acquisition means for acquiring a trust evaluation index used by an insurance company to evaluate trustworthiness, an equipment information acquisition means for acquiring equipment information of network equipment on a network insured by a user business operator, an inspection means for inspecting the network equipment using the equipment information based on the trust evaluation index, an evaluation means for evaluating trustworthiness based on the inspection results, and an output means for outputting the evaluation results of trustworthiness.
 本開示の一態様における評価システムは、ネットワーク機器の機器情報を記憶する機器情報記憶装置と、上述した評価装置と、を有する評価システムであって、評価装置は、保険会社が採用するトラスト性を評価するためのトラスト評価指標を取得する、評価指標取得手段と、機器情報記憶装置から、ユーザ事業者が保険をかけるネットワーク上のネットワーク機器の機器情報を取得する、機器情報取得手段と、トラスト評価指標に基づき、機器情報を用いてネットワーク機器を検査する、検査手段と、検査した結果に基づきトラスト性を評価する、評価手段と、トラスト性の評価結果を証明するための証明書を発行し、証明書に電子署名を付して機器情報記憶装置に記憶する、出力手段と、を備える。 The evaluation system according to one aspect of the present disclosure is an evaluation system having a device information storage device that stores device information of network devices, and the evaluation device described above. The evaluation device includes an evaluation index acquisition means for acquiring a trust evaluation index used by an insurance company to evaluate trustworthiness, a device information acquisition means for acquiring device information of network devices on a network insured by a user business from the device information storage device, an inspection means for inspecting the network devices using the device information based on the trust evaluation index, an evaluation means for evaluating trustworthiness based on the inspection results, and an output means for issuing a certificate to attest to the trustworthiness evaluation results, attaching an electronic signature to the certificate, and storing it in the device information storage device.
 本開示の一態様における評価方法は、コンピュータが、保険会社が採用するトラスト性を評価するためのトラスト評価指標を取得し、ユーザ事業者が保険をかけるネットワーク上のネットワーク機器の機器情報を取得し、トラスト評価指標に基づき、機器情報を用いてネットワーク機器を検査し、検査した結果に基づきトラスト性を評価し、トラスト性の評価結果を出力する。 In one aspect of the evaluation method disclosed herein, a computer acquires a trust evaluation index used by an insurance company to evaluate trustworthiness, acquires device information of network devices on a network insured by a user company, inspects the network devices using the device information based on the trust evaluation index, evaluates trustworthiness based on the inspection results, and outputs the trust evaluation results.
 本開示の一態様における記録媒体は、保険会社が採用するトラスト性を評価するためのトラスト評価指標を取得し、ユーザ事業者が保険をかけるネットワーク上のネットワーク機器の機器情報を取得し、トラスト評価指標に基づき、機器情報を用いてネットワーク機器を検査し、検査した結果に基づきトラスト性を評価し、トラスト性の評価結果を出力することをコンピュータに実行させるプログラムを格納する。 In one embodiment of the present disclosure, the recording medium stores a program that causes a computer to obtain a trust evaluation index used by an insurance company to evaluate trust, obtain device information of network devices on a network that a user business operator insures, inspect the network devices using the device information based on the trust evaluation index, evaluate trust based on the inspection results, and output the trust evaluation results.
 本開示による効果の一例は、保険会社が採用するサイバー保険の基準に合ったトラスト性を評価できる評価装置を提供できる。 One example of the effect of this disclosure is the provision of an evaluation device that can evaluate the trustworthiness of a system in accordance with the cyber insurance standards adopted by insurance companies.
図1は、第一の実施形態における評価システムの構成を示すブロック図である。FIG. 1 is a block diagram showing the configuration of an evaluation system according to the first embodiment. 図2は、第一の実施形態における評価装置をコンピュータ装置とその周辺装置で実現したハードウェア構成を示す図である。FIG. 2 is a diagram showing a hardware configuration in which the evaluation device according to the first embodiment is realized by a computer device and its peripheral devices. 図3は、第一の実施形態における評価システムのフローチャートである。FIG. 3 is a flowchart of the evaluation system according to the first embodiment.
 次に、実施形態について図面を参照して詳細に説明する。 Next, the embodiment will be described in detail with reference to the drawings.
 [第一の実施形態]
 第一の実施形態における評価装置100は、例えば、ユーザ事業者のネットワークに対してサイバー保険をかける保険会社が、ネットワークを構成するネットワーク機器への信頼性を示すトラスト性を評価するための装置である。本実施形態におけるサイバー保険は、サイバー攻撃等のサイバーインシデントにより第三者に対する損害賠償責任のほか、ネットワーク復旧のために必要になる補修費用を含む。ネットワーク機器とは、例えば、ルータやハブ、ゲートウェイ又はスイッチ等のネットワーク上でデータを中継や転送等するための機器である。また、本実施形態におけるネットワークとは、ユーザ事業者が導入するネットワーク機器で構成されたネットワークを示す。 [First embodiment]
The evaluation device 100 in the first embodiment is, for example, a device for an insurance company that takes out cyber insurance on a user company's network to evaluate the trustworthiness indicating the reliability of network devices that constitute the network. The cyber insurance in this embodiment includes liability for damages to third parties due to cyber incidents such as cyber attacks, as well as repair costs required for network recovery. A network device is, for example, a device for relaying or transferring data on a network, such as a router, hub, gateway, or switch. In addition, a network in this embodiment refers to a network composed of network devices introduced by a user company.
 本実施形態における評価システム10は、評価装置100と、評価装置100に対して、ネットワーク機器のトラスト性の評価を依頼する保険会社の保険会社端末200と、各ネットワーク機器の機器情報を記憶する機器情報記憶装置300と、を備える。機器情報記憶装置300は、各ネットワーク機器の機器情報を管理するプラットフォーム事業者が所有する。保険会社は、例えば、プラットフォーム事業者を通じて、第三者評価機関にネットワーク機器のトラスト性の評価を依頼してもよい。 The evaluation system 10 in this embodiment includes an evaluation device 100, an insurance company terminal 200 of an insurance company that requests the evaluation device 100 to evaluate the trustworthiness of a network device, and a device information storage device 300 that stores device information for each network device. The device information storage device 300 is owned by a platform operator that manages the device information for each network device. The insurance company may, for example, request a third-party evaluation agency to evaluate the trustworthiness of a network device through the platform operator.
 保険会社端末200は、ユーザ事業者が採用するトラスト評価指標を評価装置100に送信する、評価指標送信部201と、証明書取得部202と、照合部203と、決定部204と、備える。評価指標送信部201は、評価装置100に対してトラスト評価指標を送信する際、ユーザ事業者からサイバー保険の加入を依頼されていることを示す情報を送信してもよい。保険会社端末200は、端末に限らず、サーバ(クラウド含む)で実現されていても構わない。 The insurance company terminal 200 includes an evaluation index sending unit 201, a certificate acquisition unit 202, a matching unit 203, and a determination unit 204, which send the trust evaluation index adopted by the user business to the evaluation device 100. When sending the trust evaluation index to the evaluation device 100, the evaluation index sending unit 201 may also send information indicating that the user business has requested the user business to take out cyber insurance. The insurance company terminal 200 is not limited to being a terminal, and may be realized as a server (including the cloud).
 機器情報記憶装置300は、機器情報として、ネットワーク機器の構成情報、及び、検査情報を少なくとも記憶する。機器情報記憶装置300に記憶された機器情報は、ネットワーク機器の交換又はソフトウェアのバージョンアップに合わせて更新される。 The device information storage device 300 stores at least the configuration information and inspection information of the network devices as device information. The device information stored in the device information storage device 300 is updated when the network devices are replaced or the software is upgraded.
 図1は、第一の実施形態における評価装置100の構成を示すブロック図である。図1を参照すると、評価装置100は、評価指標取得部101、機器情報取得部102、検査部103、評価部104及び、出力部105を備える。以下、本実施形態の評価装置100について詳しく説明する。 FIG. 1 is a block diagram showing the configuration of an evaluation device 100 in the first embodiment. Referring to FIG. 1, the evaluation device 100 includes an evaluation index acquisition unit 101, a device information acquisition unit 102, an inspection unit 103, an evaluation unit 104, and an output unit 105. The evaluation device 100 of this embodiment will be described in detail below.
 図2は、本開示の第一の実施形態における評価装置100を、プロセッサを含むコンピュータ装置500で実現したハードウェア構成の一例を示す図である。図2に示されるように、評価装置100は、CPU(Central Processing Unit)501、ROM(Read Only Memory)502、RAM(Random Access Memory)503等のメモリ、プログラム504を格納するハードディスク等の記憶装置505、ネットワーク接続用の通信I/F(Interface)508、データの入出力を行う入出力インターフェース511を含む。第一の実施形態において、評価指標取得部101が取得するトラスト評価指数は、例えば、通信I/F508を介して評価装置100に入力される。 2 is a diagram showing an example of a hardware configuration in which the evaluation device 100 in the first embodiment of the present disclosure is realized by a computer device 500 including a processor. As shown in FIG. 2, the evaluation device 100 includes a CPU (Central Processing Unit) 501, memories such as a ROM (Read Only Memory) 502 and a RAM (Random Access Memory) 503, a storage device 505 such as a hard disk for storing a program 504, a communication I/F (Interface) 508 for network connection, and an input/output interface 511 for inputting and outputting data. In the first embodiment, the trust evaluation index acquired by the evaluation index acquisition unit 101 is input to the evaluation device 100 via, for example, the communication I/F 508.
 CPU501は、オペレーティングシステムを動作させて本発明の第一の実施の形態に係る評価装置100の全体を制御する。また、CPU501は、例えばドライブ装置507等に装着された記録媒体506からメモリにプログラムやデータを読み出す。また、CPU501は、第一の実施の形態における評価指標取得部101、機器情報取得部102、検査部103、評価部104、出力部105、及びこれらの一部として機能し、プログラムに基づいて後述する図3に示すフローチャートにおける処理または命令を実行する。 The CPU 501 runs an operating system to control the entire evaluation device 100 according to the first embodiment of the present invention. The CPU 501 also reads programs and data from a recording medium 506 mounted in, for example, a drive device 507 into memory. The CPU 501 also functions as the evaluation index acquisition unit 101, device information acquisition unit 102, inspection unit 103, evaluation unit 104, output unit 105, and parts of these in the first embodiment, and executes the processes or commands in the flowchart shown in FIG. 3, which will be described later, based on the programs.
 記録媒体506は、例えば光ディスク、フレキシブルディスク、磁気光ディスク、外付けハードディスク、または半導体メモリ等である。記憶装置の一部の記録媒体は、不揮発性記憶装置であり、そこにプログラムを記録する。また、プログラムは、通信網に接続されている図示しない外部コンピュータからダウンロードされてもよい。 The recording medium 506 is, for example, an optical disk, a flexible disk, a magneto-optical disk, an external hard disk, or a semiconductor memory. A recording medium that is part of the storage device is a non-volatile storage device, and the program is recorded therein. The program may also be downloaded from an external computer (not shown) that is connected to a communication network.
 入力装置509は、例えば、マウスやキーボード、内蔵のキーボタン等で実現され、入力操作に用いられる。入力装置509は、マウスやキーボード、内蔵のキーボタンに限らず、例えばタッチパネルでもよい。出力装置510は、例えばディスプレイで実現され、出力を確認するために用いられる。 The input device 509 is realized, for example, by a mouse, keyboard, built-in key buttons, etc., and is used for input operations. The input device 509 is not limited to a mouse, keyboard, or built-in key buttons, but may be, for example, a touch panel. The output device 510 is realized, for example, by a display, and is used to check the output.
 以上のように、図1に示す第一の実施形態は、図2に示されるコンピュータ・ハードウェアによって実現される。ただし、図1の評価装置100が備える各部の実現手段は、以上説明した構成に限定されない。また評価装置100は、物理的に結合した一つの装置により実現されてもよいし、物理的に分離した二つ以上の装置を有線または無線で接続し、これら複数の装置により実現されてもよい。例えば、入力装置509及び出力装置510は、コンピュータ装置500とネットワークを経由して接続されていてもよい。また、図1に示す第一の実施形態における評価装置100は、クラウドコンピューティング等で構成することもできる。 As described above, the first embodiment shown in FIG. 1 is realized by the computer hardware shown in FIG. 2. However, the means for realizing each part of the evaluation device 100 in FIG. 1 is not limited to the configuration described above. The evaluation device 100 may be realized by a single physically combined device, or may be realized by two or more physically separated devices connected by wire or wirelessly. For example, the input device 509 and the output device 510 may be connected to the computer device 500 via a network. The evaluation device 100 in the first embodiment shown in FIG. 1 may also be configured by cloud computing, etc.
 図1において、評価指標取得部101は、保険会社が採用するトラスト性を評価するためのトラスト評価指標を取得する手段である。本実施形態において、評価指標取得部101は、評価指標送信部201からネットワークを介してトラスト評価指標を取得する。 In FIG. 1, the evaluation index acquisition unit 101 is a means for acquiring a trust evaluation index used by an insurance company to evaluate its trustworthiness. In this embodiment, the evaluation index acquisition unit 101 acquires the trust evaluation index from the evaluation index transmission unit 201 via a network.
 トラスト性とは、複数のネットワーク機器で構成されるネットワーク全体に対する信頼性であって、例えば、ネットワーク全体の安定した稼働維持に対する信頼性を指す。トラスト評価指標は、トラスト性を評価するための観点であって、ネットワーク機器のリスクの存在、リスクに対する対策、バックドア等の不正な機能の有無、検査状態、及び、機器情報の可視化状況を含む。 Trustworthiness refers to the reliability of an entire network consisting of multiple network devices, for example, reliability in maintaining stable operation of the entire network. Trust evaluation indicators are perspectives for evaluating trustworthiness, and include the presence of risks to network devices, countermeasures against risks, the presence or absence of unauthorized functions such as backdoors, inspection status, and the visualization status of device information.
 トラスト性の評価結果は、保険会社がユーザ事業者等についての保険を引き受ける際に、参照するものである。トラスト性は、ユーザ事業者や保険会社を含む第三者においての判断に用いられるために、客観的な判定が容易な態様で表現されることが望ましい。しかし、トラスト性は、数値に限られず、A~Cのような数値とは異なる形式のデータでもよい。トラスト性は、具体的には、例えば、以下のようなものである。 The results of the trustworthiness evaluation are used as a reference by insurance companies when underwriting insurance for user businesses, etc. Since trustworthiness is used for judgment by third parties, including user businesses and insurance companies, it is desirable for it to be expressed in a manner that allows for easy objective judgment. However, trustworthiness is not limited to numerical values, and may be data in a form other than numerical values, such as A to C. Specifically, trustworthiness can be, for example, as follows:
 (1)停止リスク
停止リスクについてのトラスト性は、ネットワーク機器が停止する可能性、及び、停止した場合における予測停止時間等である。あるいは、停止リスクは、平均停止間隔、又は、平均復旧時間等である。停止リスクは、ネットワーク機器の一部における停止リスクでもよい。例えば、停止リスクが低いネットワーク機器は、停止リスクが高いネットワーク機器より、トラスト性が高い。 (1) Outage Risk The reliability of the outage risk is the possibility that a network device will be out of service and the predicted outage time in the event of outage. Alternatively, the outage risk is the average outage interval or the average recovery time. The outage risk may be the outage risk of a part of the network device. For example, a network device with a low outage risk is more reliable than a network device with a high outage risk.
 (2)情報漏洩リスク
情報漏洩リスクについてのトラスト性は、ネットワーク機器についての情報漏洩の有無又は可能性、及び、情報漏洩の対策状態等である。情報漏洩の対策状態は、例えば、全ての情報漏洩の対策を実施済み、重大の情報漏洩の対策を実施済み、情報漏洩の対策を把握済み、又は、対策を把握していない、等である。例えば、情報漏洩リスクが低いネットワーク機器は、情報漏洩リスクが高いネットワーク機器より、トラスト性が高い。 (2) Information Leakage Risk Trustworthiness regarding information leakage risk is the presence or absence or possibility of information leakage for a network device, and the status of measures against information leakage, etc. The status of measures against information leakage is, for example, that all measures against information leakage have been implemented, that measures against serious information leakage have been implemented, that measures against information leakage have been identified, or that measures are not identified, etc. For example, a network device with a low risk of information leakage is more trustworthy than a network device with a high risk of information leakage.
 (3)バックドア
バックドアについてのトラスト性は、ネットワーク機器におけるバックドアの有無、又は、バックドアの存在の可能性である。あるいは、バックドアについてのトラスト性は、ネットワーク機器におけるバックドアの検査手法、検査範囲、又は、検査時期等、バックドアの検査状態でもよい。バックドアの検査手法は、例えば、検査アプリケーションを用いた検査、ネットワーク機器で動作するプログラムのバイナリ検査、又は、プログラムのソースコード検査である。例えば、バックドアが検査されたネットワーク機器は、バックドアが検査されていないネットワーク機器より、トラスト性が高い。 (3) Backdoor The trustworthiness of a backdoor is the presence or absence of a backdoor in a network device, or the possibility of the existence of a backdoor. Alternatively, the trustworthiness of a backdoor may be the backdoor inspection state, such as the inspection method, inspection range, or inspection time of a backdoor in a network device. The backdoor inspection method is, for example, inspection using an inspection application, binary inspection of a program running on a network device, or source code inspection of a program. For example, a network device that has been inspected for a backdoor has a higher trustworthiness than a network device that has not been inspected for a backdoor.
 (4)リスクアセスメント
リスクアセスメントのトラスト性は、ネットワーク機器の脆弱性についてのリスクアセスメントの検査実施の有無、検査結果、対策の実施状態、検査時期、又は、検査の実施からの経過時間等である。脆弱性の対策の実施状態は、全ての脆弱性の対策を実施済み、重大の脆弱性の対策を実施済み、脆弱性の対策を把握済み、又は、対策を把握していない、等である。例えば、リスクアセスメントの検査が実施されたネットワーク機器は、リスクアセスメントの検査が実施されていないネットワーク機器より、トラスト性が高い。 (4) Risk Assessment The reliability of risk assessment refers to whether or not a risk assessment inspection of the vulnerability of a network device has been conducted, the inspection results, the implementation status of countermeasures, the time of inspection, or the time elapsed since the inspection, etc. The implementation status of vulnerability countermeasures may be that countermeasures have been implemented for all vulnerabilities, that countermeasures for serious vulnerabilities have been implemented, that countermeasures for vulnerabilities have been identified, or that countermeasures are not identified, etc. For example, a network device that has been inspected for a risk assessment is more reliable than a network device that has not been inspected for a risk assessment.
 (5)インシデントレスポンス
インシデントレスポンスのトラスト性は、ネットワークにおいてインシデントが発生した場合のレスポンスの定義状態である。インシデントレスポンスのトラスト性は、重大なインシデントのレスポンスは定義されている等、レスポンスが定義されているインシデントの範囲を含んでいてもよい。例えば、インシデントのレスポンスが定義されたネットワーク機器は、インシデントのレスポンスが定義されていないネットワーク機器より、トラスト性が高い。 (5) Incident Response The reliability of an incident response is the defined state of a response when an incident occurs in a network. The reliability of an incident response may include a range of incidents for which responses are defined, such as a response for a major incident being defined. For example, a network device for which an incident response is defined is more reliable than a network device for which an incident response is not defined.
 (6)性能評価の検査結果
性能評価の検査結果のトラスト性は、性能評価の検査結果の有無、及び、検査結果における性能内容である。性能評価の検査結果のトラスト性は、性能評価の検査手法、検査範囲、検査時期、又は、検査の実施からの経過時間等、性能評価の検査状態でもよい。例えば、性能評価が検査されたネットワーク機器は、性能評価が検査されていないネットワーク機器より、トラスト性が高い。 (6) Performance Evaluation Test Results The reliability of the performance evaluation test results is the presence or absence of the performance evaluation test results and the performance content in the test results. The reliability of the performance evaluation test results may be the test status of the performance evaluation, such as the test method, test scope, test time, or the elapsed time since the test was conducted. For example, a network device whose performance evaluation has been tested is more reliable than a network device whose performance evaluation has not been tested.
 (7)業務
業務のトラスト性は、ユーザ事業者の業務の把握状態、及び、業務の復旧作業の準備状態である。業務の把握状態は、例えば、各業務の影響範囲についての把握状態、又は、業務それぞれについての優先度の把握状態である。例えば、業務が把握されているネットワーク機器は、業務が把握されていないネットワーク機器より、トラスト性が高い。復旧作業の準備状態は、例えば、インシデント発生時において、影響範囲の大きい業務又は優先度が高い業務から復旧するための準備状態である。例えば、復旧作業が準備されているネットワーク機器は、復旧作業が準備されていないネットワーク機器より、トラスト性が高い。 (7) Business The trustworthiness of a business is the state of understanding of the business of a user company and the state of preparation for recovery work for the business. The state of understanding of a business is, for example, the state of understanding of the scope of impact of each business, or the state of understanding of the priority of each business. For example, a network device whose business is understood is more trustworthy than a network device whose business is not understood. The state of preparation for recovery work is, for example, a state of preparation for recovery from a business with a large scope of impact or a business with a high priority when an incident occurs. For example, a network device for which recovery work is prepared is more trustworthy than a network device for which recovery work is not prepared.
 (8)開発者
開発者のトラスト性は、ネットワーク機器の開発者の属性についての把握状態である。把握状態は、例えば、全ての開発者についての属性を把握済み、一部の属性を未把握、又は、一部の開発者について属性を未把握等である。属性は、例えば、国籍、所属、開発場所、又は、過去の経歴等である。開発者の属性は、個人等人の属性に限らず、開発メーカー等の法人又は団体の属性でもよい。例えば、開発者の属性が把握されているネットワーク機器は、開発者の属性が把握されていないネットワーク機器より、トラスト性が高い。 (8) Developer The trustworthiness of a developer is the state of understanding of the attributes of the developer of a network device. The understanding state may be, for example, that the attributes of all developers are understood, that some attributes are not understood, or that some developers' attributes are not understood. The attributes may be, for example, nationality, affiliation, development location, or past career. The developer attributes are not limited to the attributes of a person such as an individual, but may also be the attributes of a corporation or organization such as a development manufacturer. For example, a network device whose developer attributes are understood is more trustworthy than a network device whose developer attributes are not understood.
 (9)サプライチェーン
サプライチェーンのトラスト性は、ネットワーク機器のサプライチェーンに関連する企業等のトラスト性である。サプライチェーンに関連する企業は、例えば、ネットワーク機器についての設計、提供、維持、及び、管理等の企業である。また、企業のトラスト性は、例えば、企業それぞれにおけるトラスト性の検査の実施状態、及び、検査結果の内容等である。検査の実施状態は、検査の実施の有無、検査の実施済み範囲の把握、又は、検査の未実施範囲の把握等である。例えば、サプライチェーンを構成する企業についてのトラスト性が検査されているネットワーク機器は、サプライチェーンを構成する企業についてのトラスト性が検査されていないネットワーク機器より、トラスト性が高い。 (9) Supply Chain The trustworthiness of a supply chain is the trustworthiness of companies, etc., related to the supply chain of network devices. Companies related to the supply chain are, for example, companies that design, provide, maintain, and manage network devices. Furthermore, the trustworthiness of a company is, for example, the implementation status of a trustworthiness inspection in each company and the contents of the inspection results. The implementation status of an inspection is whether or not an inspection has been conducted, the extent to which an inspection has been conducted, or the extent to which an inspection has not been conducted. For example, a network device whose trustworthiness has been inspected with respect to companies that make up the supply chain is more trustworthy than a network device whose trustworthiness has not been inspected with respect to companies that make up the supply chain.
 トラスト評価指標は、ユーザ事業者のニーズに対応したネットワーク機器のトラスト性を評価するための評価指標である。例えば、トラスト評価指標は、「バックドアの有無」等上記のトラスト性の項目についての評価指標である。トラスト評価指標は、単独の評価指標でもよいし、複数の評価指標の集合でもよいし、複数の評価指標を統合したものでもよいし、平均等複数の評価指標を用いて算出される評価指標でもよい。保険会社は、ユーザ事業者のネットワーク機器に求めるトラスト性に沿ってトラスト評価指標を作成してもよいし、第三者機関又はプラットフォーム事業者からトラスト評価指標を取得してもよい。評価指標取得部101は、取得したトラスト評価指標を検査部103に出力する。 The trust evaluation index is an evaluation index for evaluating the trustworthiness of network equipment that meets the needs of user operators. For example, the trust evaluation index is an evaluation index for the above-mentioned trust items such as "presence or absence of a backdoor". The trust evaluation index may be a single evaluation index, a collection of multiple evaluation indexes, an integration of multiple evaluation indexes, or an evaluation index calculated using multiple evaluation indexes such as an average. The insurance company may create a trust evaluation index in accordance with the trust required for the network equipment of the user operator, or may obtain a trust evaluation index from a third-party organization or platform operator. The evaluation index acquisition unit 101 outputs the acquired trust evaluation index to the inspection unit 103.
 機器情報取得部102は、ユーザ事業者が保険をかけるネットワーク上のネットワーク機器の機器情報を取得する手段である。機器情報取得部102は、例えば、機器情報記憶装置300から評価対象のネットワーク機器の機器情報を取得する。機器情報とは、ネットワーク機器のトラスト性を評価するために必要な情報であり、構成情報及び検査情報を含む。機器情報記憶装置300には、例えば、ネットワーク機器毎に構成情報及び検査情報が紐づけられて記憶されている。 The device information acquisition unit 102 is a means for acquiring device information of network devices on a network for which a user operator takes out insurance. The device information acquisition unit 102 acquires device information of the network device to be evaluated from, for example, the device information storage device 300. Device information is information required to evaluate the trustworthiness of a network device, and includes configuration information and inspection information. The device information storage device 300 stores, for example, configuration information and inspection information linked to each network device.
 構成情報とは、例えば、ネットワーク機器のハードウェア情報及びソフトウェア情報である。ハードウェア情報とは、開発者情報、ハードウェアを構成するチップ、基板、ポート等の型番やハードウェアに付与された識別子等である。ソフトウェア情報は、開発者情報、ハードウェアを処理するOS(Operating System)、ライブラリ又はアプリケーション等のソフトウェア名、そのソフトウェアのバージョン情報、及び、ソフトウェアのコード情報を含む。構成情報は、ソフトウェアのバージョンアップのタイミング等の構成情報が更新されたタイミングで情報が更新される。 Configuration information is, for example, hardware information and software information of network devices. Hardware information is developer information, model numbers of chips, boards, ports, etc. that make up the hardware, and identifiers assigned to the hardware. Software information includes developer information, the OS (Operating System) that processes the hardware, software names such as libraries or applications, version information of that software, and code information of the software. Configuration information is updated when the configuration information is updated, such as when the software is upgraded.
 検査情報とは、ネットワーク機器の部品の調達から納品に至るまでのサプライチェーン上の事業者において、ネットワーク機器の構成情報に基づいて検査した結果に関する情報である。検査情報としては、上述したバックドア又はリスクアセスメントの検査を含む。機器情報取得部102は、評価対象のネットワーク機器の機器情報を取得すると、検査部103に出力する。 Inspection information is information on the results of inspections based on the configuration information of network devices by businesses along the supply chain from procurement of network device parts to delivery. Inspection information includes the above-mentioned backdoor or risk assessment inspections. When the device information acquisition unit 102 acquires the device information of the network device to be evaluated, it outputs the information to the inspection unit 103.
 検査部103は、トラスト評価指標に基づき、機器情報を用いてネットワーク機器を検査する手段である。具体的な検査手法は以下のとおりである。すなわち、検査部103は、構成情報及びトラスト評価指標に基づいて、ネットワーク機器についてのトラスト性を評価するための、ネットワーク機器の検査項目を作成する。例えば、検査部103は、評価対象のネットワーク機器についてのトラスト評価指標を評価するための検査項目を作成する。 The inspection unit 103 is a means for inspecting a network device using device information based on a trust evaluation index. A specific inspection method is as follows. That is, the inspection unit 103 creates inspection items for a network device to evaluate the trustworthiness of the network device based on configuration information and a trust evaluation index. For example, the inspection unit 103 creates inspection items for evaluating the trust evaluation index for the network device to be evaluated.
 すなわち、上述した(1)~(9)のトラスト評価指標に対して、検査すべき項目が予め決まっていて、検査部103は、保険対象のネットワーク機器又はネットワークに対して選ばれたトラスト評価指標に応じた検査項目を選択する。例えば、トラスト評価指標がバックドアの場合、検査部103は、検査項目として、検査対象のネットワーク機器についてのバックドアの可能性を検査する項目を作成する。検査部103は、一つのトラスト評価指標に対して複数の検査項目を作成してもよいし、複数のトラスト評価指標に対して一つの検査項目を作成してもよい。 In other words, the items to be inspected for the above-mentioned trust evaluation indicators (1) to (9) are predetermined, and the inspection unit 103 selects an inspection item according to the trust evaluation indicator selected for the insured network device or network. For example, if the trust evaluation indicator is a backdoor, the inspection unit 103 creates an inspection item to inspect the possibility of a backdoor for the network device to be inspected. The inspection unit 103 may create multiple inspection items for one trust evaluation indicator, or may create one inspection item for multiple trust evaluation indicators.
 次に、検査部103は、作成された検査項目毎に、トラスト評価指標の評価基準を用いてネットワーク機器を検査する。検査部103は、各トラスト評価指標に対する検査結果を0又は100の2値で示してもよいし、A~C等の特定のランクで示しても構わない。また、検査部103は、各トラスト評価指標に対する検査結果を0~100%等の数値(スコア)で示しても構わない。 Next, the inspection unit 103 inspects the network device using the evaluation criteria of the trust evaluation index for each created inspection item. The inspection unit 103 may display the inspection result for each trust evaluation index as a binary value of 0 or 100, or may display it as a specific rank such as A to C. The inspection unit 103 may also display the inspection result for each trust evaluation index as a numerical value (score) such as 0 to 100%.
 評価部104は、検査結果に基づきトラスト性を評価する手段である。評価部104は、トラスト評価指標の各検査結果に基づいて総合的にネットワーク機器のトラスト性を評価する。 The evaluation unit 104 is a means for evaluating the trustworthiness based on the test results. The evaluation unit 104 comprehensively evaluates the trustworthiness of the network device based on the test results of each trust evaluation index.
 評価部104は、例えば、各トラスト評価指標の検査結果の合計値又は平均値を算出することでトラスト性を評価する。また、評価部104は、いずれかの各トラスト評価指標の検査結果が0であった場合、トラスト性を満たさないとしてもよいし、予め決められたトラスト評価指標の検査結果が所定以下であった場合、トラスト性を満たさないとしてもよい。ただし、評価部104によるトラスト性の評価方法はこれらに限られない。 The evaluation unit 104 evaluates the trustworthiness, for example, by calculating the sum or average value of the test results of each trust evaluation index. Furthermore, the evaluation unit 104 may determine that the trustworthiness is not satisfied if the test result of any of the trust evaluation indexes is 0, or that the trustworthiness is not satisfied if the test result of a predetermined trust evaluation index is equal to or lower than a predetermined value. However, the method of evaluating the trustworthiness by the evaluation unit 104 is not limited to these.
 出力部105は、ネットワーク機器のトラスト性の評価結果を出力する手段である。出力部105は、例えば、トラスト性の評価結果をディスプレイ等の出力装置510に表示する。また出力部105は、ユーザ事業者又は保険会社に対して、ネットワーク機器のトラスト性の評価結果を出力してもよい。また、出力部105は、トラスト性の評価結果を証明するための証明書を発行してもよい。証明書は、ユーザ事業者及び保険会社を含む第三者に、ネットワーク機器のトラスト性の評価結果を証明するために発行される。この場合、出力部105は、トラスト性の評価結果を記載した証明書に対して電子署名を付して、公開鍵と共に、機器情報記憶装置300に記憶する。 The output unit 105 is a means for outputting the evaluation result of the trustworthiness of the network device. For example, the output unit 105 displays the evaluation result of the trustworthiness on an output device 510 such as a display. The output unit 105 may also output the evaluation result of the trustworthiness of the network device to a user operator or an insurance company. The output unit 105 may also issue a certificate to certify the evaluation result of the trustworthiness. The certificate is issued to a third party, including the user operator and the insurance company, to certify the evaluation result of the trustworthiness of the network device. In this case, the output unit 105 affixes an electronic signature to the certificate describing the evaluation result of the trustworthiness, and stores it in the device information storage device 300 together with the public key.
 続いて、保険会社端末200の構成について説明する。保険会社端末200は、出力部105によってトラスト性の評価結果の証明書が発行された場合において、保険料を決定するまでの処理を行う。証明書取得部202は、評価装置100によって発行された証明書を取得する手段である。証明書取得部202は、機器情報記憶装置300に記憶されている証明書を取得する。また、証明書取得部202は、ユーザ事業者が機器情報記憶装置300から取得した証明書を、ユーザ事業者から取得してもよい。証明書取得部202は、取得した証明書を照合部203に出力する。 Next, the configuration of the insurance company terminal 200 will be described. When a certificate of the trust evaluation result is issued by the output unit 105, the insurance company terminal 200 performs processing up to determining the insurance premium. The certificate acquisition unit 202 is a means for acquiring the certificate issued by the evaluation device 100. The certificate acquisition unit 202 acquires the certificate stored in the device information storage device 300. The certificate acquisition unit 202 may also acquire from the user business the certificate that the user business acquired from the device information storage device 300. The certificate acquisition unit 202 outputs the acquired certificate to the comparison unit 203.
 照合部203は、証明書に基づいて、ユーザ事業者に導入されているネットワーク機器が、保険対象のネットワーク機器と同一であるかを照合する手段である。具体的に、照合部203は、証明書取得部202から入力された証明書に含まれている電子署名のハッシュ値を公開鍵によって復号化し、ユーザ事業者に導入されているネットワーク機器のハッシュ値と比較することにより、ユーザ事業者が導入しているネットワーク機器との同一性を照合する。なお、照合部203は、両ネットワーク機器が同一ではない場合は、ユーザ事業者に導入されているネットワーク機器と同一のネットワーク機器のトラスト性の評価を、再度第三者機関に依頼する。 The matching unit 203 is a means for matching, based on the certificate, whether the network equipment installed in the user operator is the same as the network equipment covered by the insurance. Specifically, the matching unit 203 uses the public key to decrypt the hash value of the electronic signature included in the certificate input from the certificate acquisition unit 202, and compares it with the hash value of the network equipment installed in the user operator to match it with the network equipment installed in the user operator. If the two network devices are not the same, the matching unit 203 again requests a third party to evaluate the trustworthiness of the network equipment that is the same as the network equipment installed in the user operator.
 決定部204は、トラスト性の評価結果に基づいて、保険料を決定する手段である。決定部204は、各トラスト評価指標に対するトラスト性の高さに基づいて、予め決められた標準保険料よりも保険料を増額又は減額する。決定部204は、例えば、上述したトラスト評価指標の例のうち、(4)リスクアセスメントについては、脆弱性の対策を把握していない場合は、標準保険料よりも保険料を増額する。一方、決定部204は、脆弱性の対策を把握している場合は、標準保険料より保険料を減額する。なお、決定部204は、脆弱性の対策の把握の度合いに基づいて、標準保険料からの増額又は減額の程度を決定してもよい。 The determination unit 204 is a means for determining the insurance premium based on the evaluation result of the trustworthiness. The determination unit 204 increases or decreases the insurance premium from a predetermined standard insurance premium based on the level of trustworthiness for each trust evaluation index. For example, for (4) risk assessment, among the examples of the trust evaluation indexes mentioned above, the determination unit 204 increases the insurance premium from the standard insurance premium if measures against vulnerabilities are not understood. On the other hand, the determination unit 204 decreases the insurance premium from the standard insurance premium if measures against vulnerabilities are understood. The determination unit 204 may determine the degree of increase or decrease from the standard insurance premium based on the degree of understanding of measures against vulnerabilities.
 また、決定部204は、トラスト性の評価指標の例のうち、(5)インシデントレスポンスについては、リスクに対する対策が定義されており、インシデントレスポンスが容易である場合、標準保険料より保険料を減額する。一方、決定部204は、リスクに対する対策が定義されておらず、インシデントレスポンスが困難である場合、標準保険料より保険料を増額する。 Furthermore, for (5) incident response, one of the examples of the evaluation indexes of trustworthiness, if countermeasures against risks are defined and incident response is easy, the decision unit 204 reduces the insurance premium from the standard premium. On the other hand, if countermeasures against risks are not defined and incident response is difficult, the decision unit 204 increases the insurance premium from the standard premium.
 また、更に、決定部204は、(7)業務については、インシデント発生時に優先度の高い業務範囲から復旧を行える準備ができている場合、標準保険料より保険料を減額する。一方、決定部204は、インシデント発生時に優先度の高い業務範囲から復旧を行える準備ができていない場合、標準保険料より保険料を増額する。 Furthermore, the decision unit 204 reduces the insurance premium from the standard insurance premium for (7) business operations if the business is ready to recover from the business scope with a high priority when an incident occurs. On the other hand, the decision unit 204 increases the insurance premium from the standard insurance premium if the business is not ready to recover from the business scope with a high priority when an incident occurs.
 決定部204は、このように決定したユーザ事業者のネットワークの保険料をユーザ事業者に対して通知してもよい。 The determination unit 204 may notify the user operator of the insurance premium for the user operator's network determined in this manner.
 以上のように構成された評価システム10の動作について、図3のフローチャートを参照して説明する。 The operation of the evaluation system 10 configured as above will be explained with reference to the flowchart in FIG. 3.
 図3は、第一の実施形態における評価装置100の動作の概要を示すフローチャートである。尚、このフローチャートによる処理は、前述したプロセッサによるプログラム制御に基づいて、実行されてもよい。 FIG. 3 is a flowchart showing an overview of the operation of the evaluation device 100 in the first embodiment. Note that the processing according to this flowchart may be executed based on program control by the processor described above.
 図3に示すように、まず、保険会社端末200における評価指標送信部201は、保険会社が採用するトラスト性を評価するためのトラスト評価指標を評価装置100に送信する(ステップS101)。次いで、評価装置100における評価指標取得部101は、保険会社端末200から保険会社が採用するトラスト評価指標を取得する(ステップS102)。次に、機器情報取得部102は、ユーザ事業者が保険をかけるネットワーク上のネットワーク機器の機器情報を取得する(ステップS103)。次に、検査部103は、トラスト評価指標に基づき、ネットワーク機器を検査する(ステップS104)。次に、評価部104は、検査した結果に基づきトラスト性を評価する(ステップS105)。次に、出力部105は、トラスト性の評価結果を証明するための証明書を発行する(ステップS106)。 As shown in FIG. 3, first, the evaluation index sending unit 201 in the insurance company terminal 200 sends the trust evaluation index used by the insurance company to the evaluation device 100 (step S101). Next, the evaluation index acquisition unit 101 in the evaluation device 100 acquires the trust evaluation index used by the insurance company from the insurance company terminal 200 (step S102). Next, the device information acquisition unit 102 acquires device information of the network devices on the network insured by the user company (step S103). Next, the inspection unit 103 inspects the network devices based on the trust evaluation index (step S104). Next, the evaluation unit 104 evaluates the trust based on the inspection result (step S105). Next, the output unit 105 issues a certificate to certify the trust evaluation result (step S106).
 一方、保険会社端末200における証明書取得部202は、評価装置100によって発行された証明書を取得する(ステップS107)。照合部203は、証明書を用いて、ユーザ事業者に導入されているネットワーク機器が保険対象のネットワーク機器と同一であるかを照合する(ステップS108)。最後に、決定部204は、両ネットワーク機器の同一性を照合した後、トラスト性の評価結果に基づいて、ネットワーク機器で構成されるネットワークの保険料を決定する(ステップS109)。以上で、評価システム10は、動作を終了する。 Meanwhile, the certificate acquisition unit 202 in the insurance company terminal 200 acquires the certificate issued by the evaluation device 100 (step S107). The comparison unit 203 uses the certificate to check whether the network device installed in the user business is the same as the network device covered by the insurance (step S108). Finally, the determination unit 204 checks the identity of both network devices, and then determines the insurance premium for the network composed of the network devices based on the results of the trust evaluation (step S109). With this, the evaluation system 10 terminates its operation.
 本実施形態における評価装置100は、評価指標取得部101が、保険会社が採用するトラスト評価指標を取得し、検査部103が、トラスト評価指標に基づいて、ネットワーク機器を検査し、評価部104が、検査結果に基づきトラスト性を評価する。これにより、保険会社が採用するサイバー保険の基準に合ったトラスト性を評価することができる。 In the evaluation device 100 of this embodiment, the evaluation index acquisition unit 101 acquires the trust evaluation index adopted by the insurance company, the inspection unit 103 inspects the network device based on the trust evaluation index, and the evaluation unit 104 evaluates the trustworthiness based on the inspection results. This makes it possible to evaluate the trustworthiness in accordance with the cyber insurance standards adopted by the insurance company.
 また、本実施形態では、出力部105は、トラスト性の評価結果に電子署名を付して証明書を発行する。これにより、トラスト性の評価結果の正当性を担保できる。トラスト性の証明書を取得した保険会社は、正当なトラスト性の評価結果を利用できるので、信頼性の高いトラスト性の評価結果に基づいて、ユーザ事業者のネットワークに対するサイバー保険料を決定することができる。 In addition, in this embodiment, the output unit 105 issues a certificate by attaching an electronic signature to the trust evaluation result. This ensures the validity of the trust evaluation result. An insurance company that obtains a trust certificate can use the valid trust evaluation result, and can therefore determine cyber insurance premiums for the user operator's network based on the highly reliable trust evaluation result.
 本実施形態の変形例について、第一の実施形態と異なる部分を中心に説明する。第一の実施形態では、検査部103がトラスト評価指標を評価するための全ての検査を実施していた。これに対し、変形例では、既に、ユーザ事業者がネットワーク機器のトラスト性の評価を実施している場合を想定する。この場合、既に実施されたトラスト性の評価結果を利用し、検査されていない項目についてのみネットワーク機器を検査する。すなわち、検査部103がトラスト評価指標を評価するために実施されていない検査項目を作成する。次いで、検査部103は、作成された検査項目毎に、トラスト評価指標の評価基準を用いてネットワーク機器を検査する。例えば、トラスト評価指標の検査項目として、バックドアの有無が含まれているが、既に、バックドアの検査を実施している場合、検査部103は、バックドアの有無の検査項目の作成を省略する。また、評価部104は、検査部103で実施した検査結果とユーザ事業者が既に実施した検査結果に基づいて、トラスト性を評価する。ただし、ユーザ事業者がネットワーク機器のトラスト性の評価を実施していても、検査時期が所定時期より前である場合、検査部103は、ユーザ事業者が実施した検査結果を利用せずに、トラスト評価指標を評価するための全ての検査を行ってもよい。なお、評価装置100における検査部103及び評価部104以外の構成は同様である。 A modified version of this embodiment will be described, focusing on the differences from the first embodiment. In the first embodiment, the inspection unit 103 performs all the inspections to evaluate the trust evaluation index. In contrast, in the modified version, it is assumed that the user operator has already performed an evaluation of the trust of the network device. In this case, the network device is inspected only for items that have not been inspected, using the results of the already performed trust evaluation. In other words, the inspection unit 103 creates inspection items that have not been performed to evaluate the trust evaluation index. Next, the inspection unit 103 inspects the network device using the evaluation criteria of the trust evaluation index for each created inspection item. For example, if the presence or absence of a backdoor is included as an inspection item for the trust evaluation index, but an inspection for a backdoor has already been performed, the inspection unit 103 omits the creation of an inspection item for the presence or absence of a backdoor. In addition, the evaluation unit 104 evaluates the trust based on the inspection results performed by the inspection unit 103 and the inspection results already performed by the user operator. However, even if the user operator has evaluated the trustworthiness of the network device, if the inspection time is before the specified time, the inspection unit 103 may perform all inspections to evaluate the trust evaluation index without using the inspection results performed by the user operator. Note that the configuration of the evaluation device 100 is the same except for the inspection unit 103 and evaluation unit 104.
 本変形例において、保険会社端末200における決定部204は、ユーザ事業者がネットワーク機器のトラスト性の評価を実施している場合、検査部103が検査を実施した検査項目に基づいて、保険料を決定する。具体的には、決定部204は、トラスト性の評価結果に基づいて算出した保険料から、検査部103が検査を実施しなかった項目分に対応する費用を保険料から差し引く。 In this modified example, when a user business operator evaluates the trustworthiness of network devices, the determination unit 204 in the insurance company terminal 200 determines the insurance premium based on the inspection items inspected by the inspection unit 103. Specifically, the determination unit 204 deducts from the insurance premium calculated based on the results of the trustworthiness evaluation the costs corresponding to the items not inspected by the inspection unit 103.
 以上、各実施の形態を参照して本発明を説明したが、本発明は上記実施の形態に限定されるものではない。本発明の構成や詳細には、本発明のスコープ内で当業者が理解しえる様々な変更をすることができる。 The present invention has been described above with reference to each embodiment, but the present invention is not limited to the above-mentioned embodiments. Various modifications that can be understood by those skilled in the art can be made to the configuration and details of the present invention within the scope of the present invention.
 例えば、複数の動作をフローチャートの形式で順番に記載してあるが、その記載の順番は複数の動作を実行する順番を限定するものではない。このため、各実施形態を実施するときには、その複数の動作の順番は内容的に支障しない範囲で変更することができる。図3のフローチャートでは、ステップS106において、出力部105がトラスト性の評価結果を証明するための証明書を発行していた。しかし、出力部105は、単に、出力装置510にトラスト性の評価結果を出力するだけでもよい。この場合、保険会社端末200におけるその後の処理は行われない。 For example, although multiple operations are described in sequence in the form of a flowchart, the order of description does not limit the order in which the multiple operations are performed. Therefore, when implementing each embodiment, the order of the multiple operations can be changed to the extent that does not interfere with the content. In the flowchart of FIG. 3, in step S106, the output unit 105 issues a certificate to attest to the trust evaluation result. However, the output unit 105 may simply output the trust evaluation result to the output device 510. In this case, no subsequent processing is performed in the insurance company terminal 200.
 10       評価システム
 100      評価装置
 101      評価指標取得部
 102      機器情報取得部
 103      検査部
 104      評価部
 105      出力部
 200      保険会社端末
 201      評価指標送信部
 202      証明書取得部
 203      照合部
 204      決定部
 300      機器情報記憶装置 REFERENCE SIGNS LIST 10 Evaluation system 100 Evaluation device 101 Evaluation index acquisition unit 102 Device information acquisition unit 103 Inspection unit 104 Evaluation unit 105 Output unit 200 Insurance company terminal 201 Evaluation index transmission unit 202 Certificate acquisition unit 203 Collation unit 204 Determination unit 300 Device information storage device

Claims (9)

  1.  保険会社が採用するトラスト性を評価するためのトラスト評価指標を取得する、評価指標取得手段と、
     ユーザ事業者が保険をかけるネットワーク上のネットワーク機器の機器情報を取得する、機器情報取得手段と、
     前記トラスト評価指標に基づき、前記機器情報を用いて前記ネットワーク機器を検査する、検査手段と、
     前記検査した結果に基づきトラスト性を評価する、評価手段と、
     前記トラスト性の評価結果を出力する出力手段と、を備える、評価装置。     An evaluation index acquisition means for acquiring a trust evaluation index for evaluating the trustworthiness adopted by an insurance company;
    A device information acquisition means for acquiring device information of a network device on a network insured by a user company;
    an inspection means for inspecting the network device using the device information based on the trust evaluation index;
    An evaluation means for evaluating the trustworthiness based on the result of the inspection;
    and an output unit for outputting the evaluation result of the trustworthiness.
  2.  前記出力手段は、前記トラスト性の評価結果を証明するための証明書を発行する、請求項1に記載の評価装置。 The evaluation device according to claim 1, wherein the output means issues a certificate to attest to the trust evaluation result.
  3.  前記検査手段は、前記ユーザ事業者が前記ネットワーク機器のトラスト性の評価を実施している場合、前記トラスト性の評価において検査していない項目についてネットワーク機器を検査する、請求項1又は請求項2に記載の評価装置。 The evaluation device according to claim 1 or claim 2, wherein the inspection means inspects the network device for items not inspected in the trust evaluation when the user operator is conducting an evaluation of the trust of the network device.
  4.  前記機器情報は、前記ネットワーク機器の構成情報及び検査情報を含む、請求項1~3のいずれか一項に記載の評価装置。 The evaluation device according to any one of claims 1 to 3, wherein the device information includes configuration information and inspection information of the network device.
  5.  請求項2~4のいずれか一項に記載された評価装置によって発行された証明書を取得する証明書取得手段と、
     前記証明書に基づいて、ユーザ事業者に導入されているネットワーク機器が、保険対象のネットワーク機器と同一であるかを照合する、照合手段と、
     前記照合した後、トラスト性の評価結果に基づいて、前記ネットワーク機器で構成されるネットワークの保険料を決定する、決定手段と、
     を備える、端末。     A certificate acquisition means for acquiring a certificate issued by the evaluation device according to any one of claims 2 to 4;
    a verification means for verifying whether a network device installed in a user company is identical to a network device covered by the insurance based on the certificate;
    a determination means for determining an insurance premium for the network configured by the network devices based on a result of the evaluation of the trustworthiness after the verification;
    A terminal comprising:
  6.  前記決定手段は、前記ユーザ事業者が前記ネットワーク機器のトラスト性の評価を実施している場合、検査を実施した検査項目に基づいて、保険料を算出する、請求項5に記載の端末。 The terminal according to claim 5, wherein the determining means calculates the insurance premium based on the inspection items inspected when the user operator has evaluated the reliability of the network device.
  7.  前記ネットワーク機器の機器情報を記憶する機器情報記憶装置と、
     請求項1~4のいずれか一項に記載された評価装置と、を有する評価システムであって、
     前記評価装置は、保険会社が採用するトラスト性を評価するためのトラスト評価指標を取得する、評価指標取得手段と、
     前記機器情報記憶装置から、ユーザ事業者が保険をかけるネットワーク上のネットワーク機器の機器情報を取得する、機器情報取得手段と、
     前記トラスト評価指標に基づき、前記機器情報を用いて前記ネットワーク機器を検査する、検査手段と、
     前記検査した結果に基づきトラスト性を評価する、評価手段と、
     前記トラスト性の評価結果を証明するための証明書を発行し、前記証明書に電子署名を付して前記機器情報記憶装置に記憶する、出力手段と、を備える、評価システム。     a device information storage device that stores device information of the network device;
    An evaluation system comprising the evaluation device according to any one of claims 1 to 4,
    The evaluation device includes an evaluation index acquisition means for acquiring a trust evaluation index for evaluating the trustworthiness adopted by an insurance company;
    a device information acquisition means for acquiring device information of a network device on a network insured by a user company from the device information storage device;
    an inspection means for inspecting the network device using the device information based on the trust evaluation index;
    An evaluation means for evaluating the trustworthiness based on the result of the inspection;
    an output means for issuing a certificate for attesting to the evaluation result of the trustworthiness, and storing the certificate in the device information storage device with a digital signature attached thereto.
  8.  コンピュータが、
     保険会社が採用するトラスト性を評価するためのトラスト評価指標を取得し、
     ユーザ事業者が保険をかけるネットワーク上のネットワーク機器の機器情報を取得し、
     前記トラスト評価指標に基づき、機器情報を用いてネットワーク機器を検査し、
     前記検査した結果に基づきトラスト性を評価し、
     前記トラスト性の評価結果を出力する、評価方法。     The computer
    Obtain a trust evaluation index to evaluate the trustworthiness of insurance companies,
    Obtaining device information of network devices on the network that the user company is insuring,
    Inspecting a network device using device information based on the trust evaluation index;
    Evaluating the reliability based on the results of the inspection;
    and outputting the evaluation result of the trust.
  9.  保険会社が採用するトラスト性を評価するためのトラスト評価指標を取得し、
     ユーザ事業者が保険をかけるネットワーク上のネットワーク機器の機器情報を取得し、
     前記トラスト評価指標に基づき、機器情報を用いてネットワーク機器を検査し、
     前記検査した結果に基づきトラスト性を評価し、
     前記トラスト性の評価結果を出力することをコンピュータに実行させるプログラムを格納する記録媒体。     Obtain a trust evaluation index to evaluate the trustworthiness of insurance companies,
    Obtaining device information of network devices on the network that the user company is insuring,
    Inspecting a network device using device information based on the trust evaluation index;
    Evaluating the reliability based on the results of the inspection;
    A recording medium storing a program for causing a computer to execute outputting the evaluation result of the trustworthiness.
PCT/JP2022/036509 2022-09-29 2022-09-29 Evaluation device, terminal, evaluation system, evaluation method, and recording medium WO2024069875A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/036509 WO2024069875A1 (en) 2022-09-29 2022-09-29 Evaluation device, terminal, evaluation system, evaluation method, and recording medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/036509 WO2024069875A1 (en) 2022-09-29 2022-09-29 Evaluation device, terminal, evaluation system, evaluation method, and recording medium

Publications (1)

Publication Number Publication Date
WO2024069875A1 true WO2024069875A1 (en) 2024-04-04

Family

ID=90476877

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/036509 WO2024069875A1 (en) 2022-09-29 2022-09-29 Evaluation device, terminal, evaluation system, evaluation method, and recording medium

Country Status (1)

Country Link
WO (1) WO2024069875A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130174222A1 (en) * 2010-09-13 2013-07-04 Thomson Licensing Method and apparatus for an ephemeral trusted device
JP2016143299A (en) * 2015-02-04 2016-08-08 株式会社日立製作所 Risk evaluation system and risk evaluation method
JP2017517791A (en) * 2014-03-26 2017-06-29 スイス リインシュランス カンパニー リミテッド A system for measuring and automatically accumulating various cyber risks and methods for dealing with them
WO2021029160A1 (en) * 2019-08-09 2021-02-18 日本電気株式会社 Backdoor inspection device, user device, system, method, and non-transitory computer-readable medium
WO2021064792A1 (en) * 2019-09-30 2021-04-08 日本電気株式会社 Insurance review device, insurance review system, insurance review method, and non-transitory computer-readable medium storing program
WO2022046652A1 (en) * 2020-08-24 2022-03-03 CyberCatch, Inc. Automated and continuous cybersecurity assessment with measurement and scoring

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130174222A1 (en) * 2010-09-13 2013-07-04 Thomson Licensing Method and apparatus for an ephemeral trusted device
JP2017517791A (en) * 2014-03-26 2017-06-29 スイス リインシュランス カンパニー リミテッド A system for measuring and automatically accumulating various cyber risks and methods for dealing with them
JP2016143299A (en) * 2015-02-04 2016-08-08 株式会社日立製作所 Risk evaluation system and risk evaluation method
WO2021029160A1 (en) * 2019-08-09 2021-02-18 日本電気株式会社 Backdoor inspection device, user device, system, method, and non-transitory computer-readable medium
WO2021064792A1 (en) * 2019-09-30 2021-04-08 日本電気株式会社 Insurance review device, insurance review system, insurance review method, and non-transitory computer-readable medium storing program
WO2022046652A1 (en) * 2020-08-24 2022-03-03 CyberCatch, Inc. Automated and continuous cybersecurity assessment with measurement and scoring

Similar Documents

Publication Publication Date Title
Sulistyowati et al. Comparative analysis and design of cybersecurity maturity assessment methodology using nist csf, cobit, iso/iec 27002 and pci dss
Geneiatakis et al. A Permission verification approach for android mobile applications
Munaiah et al. Vulnerability severity scoring and bounties: Why the disconnect?
US20140033166A1 (en) System and method to map defect reduction data to organizational maturity profiles for defect projection modeling
Dobaj et al. Towards a security‐driven automotive development lifecycle
CN101398875A (en) Software publisher trust extension application
CN101513008A (en) System for implementing safety of telecommunication terminal
US11888875B1 (en) Subscription and key management system
KR102304237B1 (en) compliance management system through automatic diagnosis of infrastructure asset threat and method therefor
Walter et al. Architectural attack propagation analysis for identifying confidentiality issues
Mansfield-Devine The state of operational technology security
Eckhardt et al. The EU’s cybersecurity framework: the interplay between the Cyber Resilience Act and the NIS 2 Directive
Neupane et al. On the data privacy, security, and risk postures of IoT mobile companion Apps
Farao et al. INCHAIN: a cyber insurance architecture with smart contracts and self-sovereign identity on top of blockchain
Na et al. Enhancing the reliability of IoT data marketplaces through security validation of IoT devices
Habib et al. Trust4App: automating trustworthiness assessment of mobile applications
US9348977B1 (en) Detecting malware in content items
CN117272308A (en) Software security test method, device, equipment, storage medium and program product
Lyvas et al. A hybrid dynamic risk analysis methodology for cyber-physical systems
WO2024069875A1 (en) Evaluation device, terminal, evaluation system, evaluation method, and recording medium
Khan et al. Assessing security properties of software components: A software engineer's perspective
Hadan et al. A holistic analysis of web-based public key infrastructure failures: comparing experts' perceptions and real-world incidents
WO2024069877A1 (en) Evaluation device, company terminal, evaluation system, evaluation method, and recording medium
WO2024069876A1 (en) Evaluation device, evaluation method, and recording medium
Jeong et al. Application of V-model on Safety and Security for Developing Digital I&C Systems

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22960935

Country of ref document: EP

Kind code of ref document: A1