地方公共団体における情報セキュリティポリシーの実態調査

抄録

Cyber attack is one of the most serious threats facing many organizations in the Internet era. Technical controls attract attention, but security management is an item that really matter. The fundamental basic of the item is information security policy; documentation of security baseline for administrative control. This paper presents the result of our survey on information security policies of Japanese local governments. As it is promoted for government services for residents and companies, their high level of security is essential and increasingly important. We conducted a survey of the whole 1,741 basic local governments; cities, wards, towns, and villages. Our analysis showed that 64% of them formulated their own security policies. Only about 19% of them are up-to-date with the guideline provided by the Ministry of Internal Affairs and Communications. We also found that the formulation and revision of security policies are directly tied to the scale of the government, i.e. proportional to revenue and population.