Information security policy evaluation system and method of controlling the same
First Claim
1. An information security policy evaluation system comprising:
- a first information processing apparatus located on a first site;
a second information processing apparatus located on a second site; and
a third information processing apparatus located on a third site, the first through the third information processing apparatuses being capable of communicating with each other, wherein the second information processing apparatus has a treated threat data storage section for storing treated threat data, the treated threat data being data indicating a threat which an information security policy operated on the second site can counter, the third information processing apparatus has a threat data storage section for storing threat data which is data indicating a threat having occurred in a past, the second information processing apparatus has a treated threat data transmission section for transmitting the treated threat data to the first information processing apparatus, the third information processing apparatus has a threat data transmission section for transmitting the threat data to the first information processing apparatus, the first information processing apparatus has a treated threat data reception section for receiving the treated threat data and a threat data reception section for receiving the threat data, the first information processing apparatus has a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and the treated threat data, and the first information processing apparatus has an effective treated threat data extraction section for extracting a piece of treated threat data to which there is a piece of threat data corresponding in the threat data received by the threat data reception section, out of the treated threat data received by the treated threat data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted treated threat data is described.
1 Assignment
0 Petitions
Accused Products
Abstract
In order to provide an information security policy evaluation system in which information security policies can be efficiently and appropriately defined and operated in an organization, such as a corporation, treated threats operated on a second site 102 are transmitted from a second information processing apparatus 112 on the second site 102 to a first information processing apparatus 111 on a first site 101, threat information is transmitted from a third site 103 collecting information on threats to the first information processing apparatus 111 on the first site 101. The first information processing apparatus 111 extracts treated threats which have been effective for threats having occurred actually, and untreated threats, out of the received treated threat and generates an evaluation report in which these are described. Moreover, a compensation amount of insurance against threats is changed based on the generated evaluation report.
-
Citations
16 Claims
-
1. An information security policy evaluation system comprising:
-
a first information processing apparatus located on a first site;
a second information processing apparatus located on a second site; and
a third information processing apparatus located on a third site, the first through the third information processing apparatuses being capable of communicating with each other, wherein the second information processing apparatus has a treated threat data storage section for storing treated threat data, the treated threat data being data indicating a threat which an information security policy operated on the second site can counter, the third information processing apparatus has a threat data storage section for storing threat data which is data indicating a threat having occurred in a past, the second information processing apparatus has a treated threat data transmission section for transmitting the treated threat data to the first information processing apparatus, the third information processing apparatus has a threat data transmission section for transmitting the threat data to the first information processing apparatus, the first information processing apparatus has a treated threat data reception section for receiving the treated threat data and a threat data reception section for receiving the threat data, the first information processing apparatus has a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and the treated threat data, and the first information processing apparatus has an effective treated threat data extraction section for extracting a piece of treated threat data to which there is a piece of threat data corresponding in the threat data received by the threat data reception section, out of the treated threat data received by the treated threat data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted treated threat data is described. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
2. An information security policy evaluation system comprising:
-
a first information processing apparatus located on a first site;
a second information processing apparatus located on a second site; and
a third information processing apparatus located on a third site, the first to third information processing apparatuses being capable of communicating with each other, wherein the second information processing apparatus has a treated threat data storage section for storing treated threat data, the treated threat data being data indicating a threat which an information security policy operated on the second site can counter, the third information processing apparatus has a threat data storage section for storing threat data which is data indicating a threat having occurred in a past, the second information processing apparatus has a treated threat data transmission section for transmitting the treated threat data to the first information processing apparatus, the third information processing apparatus has a threat data transmission section for transmitting the threat data to the first information processing apparatus, the first information processing apparatus has a treated threat data reception section for receiving the treated threat data and a threat data reception section for receiving the threat data, the first information processing apparatus has a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and the treated threat data, and the first information processing apparatus has an untreated threat data extraction section for extracting a piece of threat data to which there is no piece of treated threat data corresponding in the treated threat data received by the treated threat data reception section, out of the threat data received by the threat data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted threat data is described.
-
-
13. An information security policy evaluation system comprising:
-
a first information processing apparatus located on a first site;
a second information processing apparatus located on a second site; and
a third information processing apparatus located on a third site, the first to third information processing apparatuses being capable of communicating with each other, wherein the second information processing apparatus has a policy data storage section for storing policy data which is data indicating an information security policy operated on the second site, the third information processing apparatus has a threat data storage section for storing threat data which is data indicating a threat having occurred in a past, the second information processing apparatus has a policy data transmission section for transmitting the policy data to the first information processing apparatus, the third information processing apparatus has a threat data transmission section for transmitting the threat data to the first information processing apparatus, the first information processing apparatus has a policy data reception section for receiving the policy data and a threat data reception section for receiving the threat data, the first information processing apparatus has a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and policy data indicating an effective information security policy against a threat indicated by the threat data, and the first information processing apparatus has an effective policy data extraction section for extracting a piece of policy data to which there is a piece of threat data corresponding in the threat data received by the threat data reception section, out of the policy data received by the policy data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted policy data is described.
-
-
14. An information security policy evaluation system comprising:
-
a first information processing apparatus located on a first site;
a second information processing apparatus located on a second site; and
a third information processing apparatus located on a third site, the first to third information processing apparatuses being capable of communicating with each other, wherein the second information processing apparatus has a policy data storage section for storing policy data which is data indicating an information security policy operated on the second site, the third information processing apparatus has a threat data storage section for storing threat data which is data indicating a threat having occurred in a past, the second information processing apparatus has a policy data transmission section for transmitting the policy data to the first information processing apparatus, the third information processing apparatus has a threat data transmission section for transmitting the threat data to the first information processing apparatus, the first information processing apparatus has a policy data reception section for receiving the policy data and a threat data reception section for receiving the threat data, the first information processing apparatus has a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and policy data indicating an effective information security policy against a threat indicated by the threat data, and the first information processing apparatus has an untreated threat data extraction section for extracting a piece of threat data to which there is no piece of policy data corresponding in the policy data received by the policy data reception section, out of the threat data received by the threat data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted threat data is described.
-
-
15. A method of controlling an information security policy evaluation system having a first information processing apparatus located on a first site, a second information processing apparatus located on a second site, and a third information processing apparatus located on a third site, the first to third information processing apparatuses being capable of communicating with each other,
wherein the second information processing apparatus stores treated threat data, the treated threat data being data indicating a threat which an information security policy operated on the second site can counter, the third information processing apparatus stores threat data which is data indicating a threat having occurred in a past, the second information processing apparatus transmits the treated threat data to the first information processing apparatus, the third information processing apparatus transmits the threat data to the first information processing apparatus, the first information processing apparatus receives the treated threat data and the threat data, the first information processing apparatus stores correspondence data which is data indicating correspondence between the threat data and the treated threat data, and the first information processing apparatus extracts a piece of treated threat data to which there is a piece of threat data corresponding in the received threat data, out of the received treated threat data based on the correspondence data, and generates evaluation data in which the extracted treated threat data is described.
-
16. A method of controlling an information security policy evaluation system having a first information processing apparatus located on a first site, a second information processing apparatus located on a second site, and a third information processing apparatus located on a third site, the first to third information processing apparatuses being capable of communicating with each other,
wherein the second information processing apparatus stores treated threat data, the treated threat data being data indicating a threat which an information security policy operated on the second site can counter, the third information processing apparatus stores threat data which is data indicating a threat having occurred in a past, the second information processing apparatus transmits the treated threat data to the first information processing apparatus, the third information processing apparatus transmits the threat data to the first information processing apparatus, the first information processing apparatus receives the treated threat data and the threat data, the first information processing apparatus stores correspondence data which is data indicating correspondence between the threat data and the treated threat data, and the first information processing apparatus extracts a piece of threat data to which there is no piece of treated threat data corresponding in the received treated threat data, out of the received threat data based on the correspondence data, and generates evaluation data in which the extracted threat data is described.
Specification