摘要 |
<p><P>PROBLEM TO BE SOLVED: To provide a system for evaluating the degree of risk of enterprise information assets, enabling the execution of a risk assessment job without sufficient expertise. <P>SOLUTION: Characteristics in the information assets are represented in four fields, namely, information asset type, confidentiality significance, integrity significance, and availability significance. Each measure to be taken thereto is described in a detailed content field. An information security common criterion master having these fields is prepared in advance. Then, by four field values registered in an information asset ledger table describing the characteristics of the information assets, the information security common criterion master is retrieved. The contents in the detailed content field described in a record obtained by this retrieval become the entire measures to be performed for the information assets concerned. Namely, if only values can be written in the four fields of the information asset ledger table, necessary measures can be determined without expertise on information security. <P>COPYRIGHT: (C)2009,JPO&INPIT</p> |