SECURITY MEASURE PLANNING SUPPORT SYSTEM AND SECURITY MEASURE PLANNING SUPPORT METHOD

To provide a security measure planning support system and method for supporting proposal of an appropriate security design while adopting cost constraint as an evaluation value.SOLUTION: A security measure planning support system 10 includes: a functional decomposition unit 31 which decomposes an in...

Full description

Saved in:
Bibliographic Details
Main Authors YAMAGISHI REI, KATAYAMA TAKAHIRO, SHIGEMOTO MICHIHIRO, KAWAGUCHI NOBUTAKA
Format Patent
LanguageEnglish
Japanese
Published 06.12.2023
Subjects
CALCULATING
COMPUTING
COUNTING
DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FORADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORYOR FORECASTING PURPOSES
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE,COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTINGPURPOSES, NOT OTHERWISE PROVIDED FOR
Online AccessGet full text

Cover

More Information
Summary:To provide a security measure planning support system and method for supporting proposal of an appropriate security design while adopting cost constraint as an evaluation value.SOLUTION: A security measure planning support system 10 includes: a functional decomposition unit 31 which decomposes an information asset existing in an information system where security measures are to be taken, into functions of the information asset; a threat determination unit 32 which determines a threat related to a cyberattack from the functions of the information asset; a risk calculation unit 33 which calculates a risk value of the information system by quantifying threats based on a risk degree; a preferential threat selection unit 34 which selects a threat against which measures are to be taken, based on the risk value; a measure selection unit 35 which selects a measure against the threat; a product selection unit 36 which selects a list of security measure products to implement the measure; and a cost calculation unit 37 which selects a security product that minimizes the risk value based on the constraint of monetary cost, from the list of security measure products.SELECTED DRAWING: Figure 1 【課題】コスト制約を評価値として採用しつつ適切なセキュリティ設計の提案を支援するセキュリティ対策立案支援システム及び方法を提供する。【解決手段】セキュリティ対策立案支援システム10は、セキュリティ対策を実施する情報システムに存在する情報資産を情報資産が有する機能に分解する機能分解部31と、情報資産の機能からサイバー攻撃に関連する脅威を判定する脅威判定部32と、脅威をリスク度合いに基づき数値化して情報システムのリスク値を算出するリスク算出部33と、リスク値に基づいて対策すべき脅威を選定する優先脅威選定部34と、脅威に対する対策を選定する対策選定部35と、対策を実現するセキュリティ対策製品の一覧を選定する製品選定部36と、セキュリティ対策製品の一覧から、金銭コストの制約に基づいてリスク値を最小化するセキュリティ製品を選定するコスト計算部37と、を有する。【選択図】図1
Bibliography:Application Number: JP20220084879