2024-03-28T21:44:20Zhttps://ipsj.ixsq.nii.ac.jp/ej/?action=repository_oaipmhoai:ipsj.ixsq.nii.ac.jp:001756862023-04-27T10:00:04Z01164:05251:08510:08945
基礎自治体の情報セキュリティ~達成度評価による向上策の検討~Information security of the Japanese municipalities ~ Consideration by the achievement degree evaluation methodology of information security measures to improve ~jpn社会・組織と情報セキュリティhttp://id.nii.ac.jp/1001/00175652/Technical Reporthttps://ipsj.ixsq.nii.ac.jp/ej/?action=repository_action_common_download&item_id=175686&item_no=1&attribute_id=1&file_no=1Copyright (c) 2016 by the Information Processing Society of Japan情報セキュリティ大学院大学情報セキュリティ大学院大学須藤, 俊明原田, 要之助住民が一番身近に接する基礎自治体の規模は大小様々であるが,その取り扱う情報には機微性があり,政府機関と同様の情報セキュリティ確保が求められる.しかしながら,多くの基礎自治体の情報セキュリティ確保は十分とはいえない.様々な情報セキュリティインシデントへの対応や,マイナンバー等の新たな制度に対する安全対策は,今後の重要な取り組み課題となっている.基礎自治体の情報セキュリティ向上策の提案を最終目的として,本稿では初めに,基礎自治体の規模の違いや情報システム経費の内容,情報セキュリティ対策などの現状を明らかにした.次に,自治体の情報セキュリティに関する先行研究,及び,情報セキュリティレベルの評価基準や手法を把握した.そのうえで,新たに,情報セキュリティの達成度による評価方法を提案し,全基礎自治体に適用して分析を行った.この評価方法に基づき,組織規模等との相関を確認した.この評価結果からは,インシデントの発生率等との相関が確認され,基礎自治体の情報セキュリティの現状を表していることを確認した.加えて,CISO の任命率は高い相関が確認でき,組織体制の強化が情報セキュリティを高める上で役立つことが分かった.さらに,この評価方法は,使用データの客観性が担保されており,全基礎自治体中の位置づけが把握でき,説明も容易であることから,妥当性があることを確認した.最後に,アンケート調査分析等による今後の研究の進め方について述べる.Regardless of size, every municipality has the obligation to protect residents' information. Those information contains confidentiality. Therefore, any municipality should ensure to keep the same level of security measures-implemented by the Government. However, security measures taken by municipality may not be enough. The security measures for the correspondence to various information security incidents or the new systems such as “My Number” become a more important action issue. The final aim of my study is a proposal of the improvement measures for information security of municipality. Firstly, the difference in organization scale, the content of the information system expense and the present conditions of the information security measures of the municipality are clarified in this paper. Secondly, from a precedent study on information security of the municipality, an evaluation standard and the technique of the information security level are grasped. Based on above, the evaluation methodology by the achievement degree of the information security is developed newly, is applied for all municipalities, and analyzed them. Based on this evaluation methodology, the correlation between the achievement degree and the organization size, etc., is confirmed. The evaluation result, which is confirmed the correlation with incidences of information security incident, etc., expresses the present conditions of the information security in the municipality. Especially, the appointment ratio of CISO has a higher correlation with the degree of achievement, it is confirmed that the reinforcement of the organization system has raised the level of information security. This analysis can secure objectivity from use data, and the result can explain easily as grasp one's position in the municipality. The result of methodology can be confirmed that is validity in this analysis. Finally, mention about the future studies such as questionnaire survey analysis.AA11238429研究報告電子化知的財産・社会基盤(EIP)2016-EIP-7413182016-11-102188-86472016-11-04