Method and apparatus for establishing a security policy, and method and apparatus for supporting establishment of security policy
First Claim
Patent Images
1. A method of establishing a security policy for a predetermined organization, the method comprising:
- a draft preparation step of preparing a security policy draft;
an analysis step of examining a difference between the security policy draft and realities of the organization; and
an adjustment step of adjusting the security policy draft on the basis of the difference or adjusting operation rules of an actual information system belonging to the organization on the basis of the difference.
1 Assignment
0 Petitions
Accused Products
Abstract
There are provided a method of efficiently establishing a security policy and an apparatus for supporting preparation of a security policy. According to a method of establishing a security policy in six steps, a simple security policy draft is first prepared. The security policy draft is adjusted so as to match realities of an organization, as required, thus completing a security policy stepwise. Therefore, a security policy can be established in consideration of a schedule or budget of the organization.
-
Citations
83 Claims
-
1. A method of establishing a security policy for a predetermined organization, the method comprising:
-
a draft preparation step of preparing a security policy draft;
an analysis step of examining a difference between the security policy draft and realities of the organization; and
an adjustment step of adjusting the security policy draft on the basis of the difference or adjusting operation rules of an actual information system belonging to the organization on the basis of the difference. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 37, 40, 43, 44, 49, 50)
-
-
11. A method of establishing a security policy comprising:
-
a preparation step of preparing inquiries to be submitted to members of an organization;
an inquiry step of submitting the prepared inquiries to the members;
an answer acquisition step of acquiring from the members answers to the inquiries; and
an establishment step of establishing a security policy on the basis of the answers. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 38, 41, 45, 46, 51, 52)
-
-
19. An apparatus of establishing a security policy comprising:
-
inquiry preparation means for preparing inquiries to be submitted to members of an organization;
storage means for storing answers to the inquiries;
answer archival storage means for acquiring from the members the answers to the inquiries and storing the answers into the storage means; and
establishment means for establishing a security policy on the basis of the answers stored in the storage means. - View Dependent Claims (20, 21, 22, 23, 24, 39, 42, 47, 48, 53, 54)
-
-
25. A method of assessing the state of security of an organization, the method comprising:
-
an inquiry preparation step of preparing inquiries to be submitted to members of an organization;
an inquiry step of submitting the prepared inquiries to the members;
an answer acquisition step of acquiring from the members answers to the inquiries; and
a security state assessment step of assessing the state of security on the basis of the answers. - View Dependent Claims (26, 27, 28, 29)
-
-
30. An apparatus of assessing the state of security of an organization, the apparatus comprising:
-
preparation means of preparing inquiries to be submitted to members of the organization;
storage means for storing answers to the inquiries;
answer archival storage means of acquiring from the members the answers to the inquiries and storing the answers into the storage means; and
security maturity preparation means for preparing a security maturity report representing the degree of maturity of security, on the basis of the answers stored in the storage means. - View Dependent Claims (31, 32, 33)
-
-
34. An analyzer for analyzing a difference between a security policy and an information system of an organization, comprising
contradiction inspection means for inspecting whether or not contradiction exists between individual answers in response to inquiries submitted to members of the organization; - and
contradiction output means for outputting information about the inspected contradiction. - View Dependent Claims (35, 36)
- and
-
55. A security policy rigorousness adjustment method for adjusting the level of rigorousness of a security policy, comprising:
-
a rigorousness adjustment step of replacing the rules which have been determined not to match the indicator of rigorousness prescribed by a user with rules matching the indicator; and
a merge and output step of merging the rules matching the indicator of rigorousness from the beginning with the rules that in the rigorousness adjustment step have replaced the rules not matching the indicator and of outputting the merged rules.
-
-
56. A security policy rigorousness adjustment apparatus for adjusting the level of rigorousness of a security policy, comprising:
-
rigorousness adjustment means for replacing the rules which have been determined not to match the indicator of rigorousness prescribed by a user with rules matching the indicator; and
merge and output means for merging the rules matching the indicator of rigorousness from the beginning with the rules which in the rigorousness adjustment means have replaced the rules not matching the indicator and for outputting the merged rules.
-
-
57. A method of establishing a security policy of a predetermined organization, comprising:
-
an inquiry preparation step of generating inquiries which pertain to items required for establishing a security policy of the organization and are to be submitted to members of the organization;
an inquiry step of submitting the generated inquiries to the members;
an answer acquisition step of acquiring from the members answers to the inquiries; and
an establishment step of establishing a security policy draft on the basis of the answers, wherein, in the establishment step, a security policy with in a range of establishment prescribed by the user is established. - View Dependent Claims (58)
-
-
59. A security policy establishment apparatus for establishing a security policy of a predetermined organization, comprising:
-
inquiry preparation means for generating inquiries which pertain to items required for establishing a security policy of the organization and are to be submitted to members of the organization;
storage means for storing answers to the generated inquiries;
answer archival storage means for acquiring answers to the generated inquiries and storing the answers into the storage means; and
establishment means for establishing a security policy within the range of establishment prescribed by the user. - View Dependent Claims (60)
-
-
61. A computer-readable recording medium having recorded thereon a program for causing a computer to perform:
-
inquiry preparation procedures for generating inquiries which pertain to items required for establishing a security policy of the organization and are to be submitted to members of the organization;
answer archival procedures for entering answers to the generated inquiries and storing the answers into storage means; and
establishment procedures for establishing a security policy on the basis of the answers stored in the storage means. - View Dependent Claims (62, 63, 64, 65, 66, 67)
-
-
68. A computer-readable recording medium having recorded thereon a program for causing a computer to perform:
-
inquiry preparation procedures for outputting inquiries which pertain to items required for evaluating the degree of maturity of security of a predetermined organization and are to be submitted to members of the organization;
answer archival procedures for entering answers to the outputted inquiries and storing the answers into storage means; and
security maturity preparation procedures for preparing a security maturity report representing the degree of maturity of security, on the basis of the answers stored in the storage means. - View Dependent Claims (69)
-
-
70. A computer-readable recording medium having recorded thereon a program for causing a computer to perform:
-
contradiction inspection procedures for inspecting whether or not contradiction exists between individual answers submitted in response to inquiries which pertain to items required for ascertaining a difference between a security policy of the predetermined organization and an information system of the organization and which have been submitted to members of a predetermined organization; and
contradiction output procedures for outputting information about the inspected contradiction. - View Dependent Claims (71)
-
-
72. A computer-readable recording medium having recorded thereon a program for causing a computer to perform:
-
rigorousness adjustment procedures for replacing the rules which have been determined not to match the indicator of rigorousness prescribed by a user with rules matching the indicator of rigorousness; and
merge and output procedures for merging the rules matching the indicator of rigorousness from the beginning with the rules which in the rigorousness adjustment procedure have replaced the rules not matching the indicator and for outputting the merged rules.
-
-
73. A program for causing a computer to perform:
-
inquiry preparation procedures for generating inquiries which pertain to items required for establishing a security policy of a predetermined organization and are to be submitted to members of the organization;
answer archival procedures for entering answers to the generated inquiries and storing the answers into storage means; and
establishment procedures for establishing a security policy on the basis of the answers stored in the storage means. - View Dependent Claims (74, 75, 76, 77, 78, 79)
-
-
80. A program for causing a computer to perform:
-
inquiry preparation procedures for outputting inquiries which pertain to items required for evaluating the degree of maturity of security of a predetermined organization and are to be submitted to members of the organization;
answer archival procedures for entering answers to the outputted inquiries and storing the answers into storage means; and
security maturity preparation procedures for preparing a security maturity report representing the degree of maturity of security, on the basis of the answers stored in the storage means.
-
-
81. A program for causing a computer to perform:
-
contradiction inspection procedures for inspecting whether or not contradiction exits between individual answers in response to inquiries which pertain to items required for ascertaining a difference between a security policy of the predetermined organization and an information system of the organization and which have been submitted to members of a predetermined organization; and
contradiction output procedures for outputting information about the inspected contradiction. - View Dependent Claims (82)
-
-
83. A program for causing a computer to perform:
-
level-of-rigorousness inspection procedures for inspecting whether or not individual rules of the security policy match an indicator of rigorousness prescribed by a user;
rigorousness adjustment procedures for replacing the rules which have been determined not to match the indicator in the level-of-rigorousness inspection procedure with rules matching the indicator of rigorousness; and
merge and output procedures for merging the rules matching the indicator of rigorousness from the beginning with the rules which in the rigorousness adjustment procedure have replaced the rules not matching the indicator and for outputting the merged rules.
-
Specification