{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00010849","sets":["581:638:643"]},"path":["643"],"owner":"1","recid":"10849","title":["セキュリティ対策選定の実用的な一手法の提案とその評価"],"pubdate":{"attribute_name":"公開日","attribute_value":"2004-08-15"},"_buckets":{"deposit":"86778f9e-7fcd-4562-953a-606b865c1fce"},"_deposit":{"id":"10849","pid":{"type":"depid","value":"10849","revision_id":0},"owners":[1],"status":"published","created_by":1},"item_title":"セキュリティ対策選定の実用的な一手法の提案とその評価","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"セキュリティ対策選定の実用的な一手法の提案とその評価"},{"subitem_title":"A Practical Approach for Security Measure Selection Problem and Its Availability","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"特集「プライバシを保護するコンピュータセキュリティ技術」","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2004-08-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"株式会社NTTデータビジネス開発事業本部"},{"subitem_text_value":"中部テレコミュニケーション株式会社"},{"subitem_text_value":"岩手県立大学ソフトウェア情報学部"},{"subitem_text_value":"静岡大学情報学部"},{"subitem_text_value":"静岡大学情報学部"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"IT Business Development Sector, NTT Data Corporation","subitem_text_language":"en"},{"subitem_text_value":"Chubu Telecommunications Co., Inc.","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Software and Information, Iwate Prefectural University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Information, Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Faculty of Information, Shizuoka University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/10849/files/IPSJ-JNL4508023.pdf"},"date":[{"dateType":"Available","dateValue":"2006-08-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL4508023.pdf","filesize":[{"value":"215.4 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"e6bb0621-2e7e-45f3-b81c-1c70816753a5","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2004 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"中村, 逸一"},{"creatorName":"兵藤, 敏之"},{"creatorName":"曽我, 正和"},{"creatorName":"水野, 忠則"},{"creatorName":"西垣, 正勝"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Itsukazu, Nakamura","creatorNameLang":"en"},{"creatorName":"Toshiyuki, Hyodo","creatorNameLang":"en"},{"creatorName":"Masakazu, Soga","creatorNameLang":"en"},{"creatorName":"Tadanori, Mizuno","creatorNameLang":"en"},{"creatorName":"Masakatsu, Nishigaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"近年，情報セキュリティポリシーを策定，運用する組織などが増えつつある．しかし，守るべき資産に対して最も効果的かつ効率的なセキュリティ対策を選択するための具体的な方法論は確立されていない．このため，現在の情報システム開発におけるセキュリティ対策の選択は設計者や開発者の勘と経験に頼って行われていることがほとんどであり，また，選択されたセキュリティ対策の妥当性を客観的に証明することもできないというのが現状である．本論文では，資産・脅威・対策の関係をモデル化し，セキュリティ対策選択問題を定式化することにより，対策の最適な組合せを論理的に求める手法を導出した結果，セキュリティ対策選択問題が離散最適化問題として定式化されることを示す．さらに，実システムにおいて設計者や開発者が勘や経験により実際に選択した対策と本手法が導いた結果を比較，検討し，本手法が十分実用的であることを示す．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Recently, information security management in many organizations is carried out based on a Information Security Policy. However, no effective method of selecting the optimum security measures has established yet. Hence, a security measures selection is now greatly dependent on the knowledge/experience of a system designer, and any objective evaluation of appropriateness of the selected security measures is impossible. To cope with the inconvenience, this paper proposes an approach to formulate the problem for selecting security measures. Then, the availability of our method is evaluated by comparing the security measures that our method has selected with the ones that a system designer has chosen.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"2033","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"2022","bibliographicIssueDates":{"bibliographicIssueDate":"2004-08-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"8","bibliographicVolumeNumber":"45"}]},"relation_version_is_last":true,"item_2_alternative_title_2":{"attribute_name":"その他タイトル","attribute_value_mlt":[{"subitem_alternative_title":"セキュリティと社会"}]},"weko_creator_id":"1"},"id":10849,"updated":"2025-01-23T02:35:58.688326+00:00","links":{},"created":"2025-01-18T22:45:38.641728+00:00"}