As progresses of electronic government systems such as the resident register network system, the electronic application and the others in local governments, electronic risks such as Unauthorized Computer Access, Computer Viruses, Denial of Service Attack and Leakage of the Personal Data is increasing against the local governments, too. Under this situation, local governments must carry out the assessments of assets, threats and risks to maintain the information security levels beyond baseline levels. This is because the useful techniques and examples of risk analysis indispensable to the information security risk management do not exist. Therefore, they make their security policy from the ready-made model, and do not execute the information security audit so much. So in Hyogo Prefectural Government, we constructed the risk management method for guaranteeing safety by the technique consisting mainly of a log analysis and a pseudo attack based on the methods of ISO/IEC 17799 and applied it for three years. As a result, by staff in Hyogo Prefectural Government an effective risk management cycle was able to be constructed in a short term, and the effectiveness of these methods was proved.
抄録全体を表示