{"id":77489,"updated":"2025-01-21T20:53:40.576779+00:00","links":{},"created":"2025-01-18T23:33:03.588727+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00077489","sets":["581:6276:6531"]},"path":["6531"],"owner":"11","recid":"77489","title":["情報セキュリティ対策間の相互依存関係を用いた内部犯行防止対策のための有効性評価手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2011-09-15"},"_buckets":{"deposit":"b2641d17-0727-44ca-b6e5-f859d19247b8"},"_deposit":{"id":"77489","pid":{"type":"depid","value":"77489","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"情報セキュリティ対策間の相互依存関係を用いた内部犯行防止対策のための有効性評価手法","author_link":["0","0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"情報セキュリティ対策間の相互依存関係を用いた内部犯行防止対策のための有効性評価手法"},{"subitem_title":"An Evaluation Method against Insider Threat Based on Interdependent Relationship for Information Security","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"特集：人と共存するコンピュータセキュリティ技術","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2011-09-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"中央大学理工学研究科"},{"subitem_text_value":"産業技術総合研究所情報セキュリティ研究センター"},{"subitem_text_value":"中央大学理工学研究科／産業技術総合研究所情報セキュリティ研究センター"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Science and Engineering, Chuo University","subitem_text_language":"en"},{"subitem_text_value":"Research Center for Information Security (RCIS), National Institute of Advanced Industrial Science and Technology (AIST)","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Science and Engineering, Chuo University / Research Center for Information Security (RCIS), National Institute of Advanced Industrial Science and Technology (AIST)","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/77489/files/IPSJ-JNL5209007.pdf"},"date":[{"dateType":"Available","dateValue":"2013-09-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL5209007.pdf","filesize":[{"value":"265.2 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"197c4c88-5665-4f08-93ae-84f3dde7a39a","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2011 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"鈴木, 智也"},{"creatorName":"田沼, 均"},{"creatorName":"今井, 秀樹"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Tomoya, Suzuki","creatorNameLang":"en"},{"creatorName":"Hitoshi, Tanuma","creatorNameLang":"en"},{"creatorName":"Hideki, Imai","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"情報化が進んだ今日，情報セキュリティに関わる内部犯行も重要な問題である．これに対応するためには内部犯行防止に必要な情報セキュリティ対策を実施し，適切な防御体制を敷く必要がある．本稿ではフォールトツリー分析手法を応用し，内部犯行防止に不足する情報セキュリティ対策を適切に指摘する手法を提案する．本手法では情報セキュリティ対策間の相互依存関係に注目し，内部犯行に対する情報セキュリティ体制（実施している情報セキュリティ対策の集合）の有効性を評価し，不足する情報セキュリティ対策を指摘する．対策指摘の手順は，(1)関連する情報セキュリティ対策の抽出，(2)情報セキュリティ体制の有効性評価，(3)不足する情報セキュリティ対策の指摘，の3つのプロセスからなる．対策間の相互依存関係の分析にあたっては，情報セキュリティ対策集として充実しているISO/IEC 27002を用いる．さらに本手法検証のために，実際の事故事例に対し5つのケーススタディを行い，うち1つを詳細分析した結果，他の情報セキュリティ対策では代替できない1つの不足する情報セキュリティ対策を指摘できた．","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"Information security against insider threat is indispensable in our information society. It has been seriously required to institute sufficient information-security measures against insider threats. In this paper, we propose a method which indicates the missing information-security measures against insider threats. In particular, we focus on the interdependent relationship of information-security measures based on ISO/IEC 27002 to get the effectiveness evaluation of currently used measures for information security. The method uses a fault tree analysis technique and consists of three processes: (1) an extraction of the related information-security measures, (2) an effectiveness evaluation of currently used measures for information security and (3) an indication of the missing information-security measures. The validity of the proposed method is verified by applying it to the actual information-security accidents.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"2585","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"2575","bibliographicIssueDates":{"bibliographicIssueDate":"2011-09-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"9","bibliographicVolumeNumber":"52"}]},"relation_version_is_last":true,"weko_creator_id":"11"}}