| 摘要 |
<p><P>PROBLEM TO BE SOLVED: To perform a security audit based on an information security policy without highly specialized knowledge, and to realize the improvement of security level based on the audit result. <P>SOLUTION: In this system, a security audit system for the audit on compliance status of the information security policy is provided with a database 134 for storing the information security policy designated on a procedure level; a database 133 for associating the information security policy with a security log generation program necessary for an audit thereon; and a database 137 in which a condition for presenting an improvement plan for measures for security based on the security log and phrases of the improvement plan are described. On the basis of logs collected by regularly starting up the security log generation program on information equipment of audit object, an audit report generation program 140 probes into the measures for security to be improved, and outputs an improvement plan for the measures for security. <P>COPYRIGHT: (C)2004,JPO&NCIPI</p> |
