動的セキュリティ制御方式の研究

4646
6
(
46
DYNAMIC RISK EVALUATION MODEL AS A SECURITY LEVEL
Masahiko SHIMADU
Abstract—Generally, high security information management leads to high confidentiality. However, high
confidentiality causes low availability. Therefore, we think availability can be increased by choosing the
appropriate security level depending on the changing risk. Thus, this paper proposes a risk evaluation model
in which risk is quantitatively evaluated using the value of information, protection level, and threat level.
1.!
2.!
(
.
2
.
2
2
2
2
3
,
.
.
,
2
2
1
2
3
1 .
ISMS
×
)
,
,
4
.
2
×
n=
2
2
,
23
3
n
4
23
2
2
(
n
,
,
,
,
1
T.
3
1
2
2 4
2 4
2
2
1
235
2
2 2
2
,
,
n
,
1
.
Bluetooth
IDS
2
2 2
1
n
IrDA
,
2
.
4
0
1
0
n
n
2
2
2
1
).
n
n
n
2
2
1
.
2.
3.!
,
×
,
,
,
.
4
T.
I
4
,
4,
.
.
,
2
%, &
1.
T
2
,
,
(2)
.
,
,
,
2
2
.
,
1 %, & =
1
2
,
1
,
%, & !04 , $05
(
(
4
5./ 1,*23+4
1.
).
,
2
1
2
(
4
2.
)
3.
4
3.
1.
23
1
1
4
2
2
4
4
4
4
1
6 %, & = −
5./ 6*)+28+9):4
%, & !;5 , $;5
2.
1
2
3
!" , $"
)
%, &
' %, & =
!0 , $0
,
1
4
n
3
,./ ')*+,,
%, & !", , $",
1
2
)
.
4.
n
n
n
<9=> %, & = ' %, & ∗
@@@@@@@@@@0@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@1 %, & = 0 … (1)
@@@@@@@@@@@@0@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@1 %, & ≤ 6 %, & … (2)
0 H,I J; H,I
0 H,I
@@@@@@@@@@@@@@@@@@@@@1 %, & ≥ 6 %, & … (3)
×
n=
1
×
n
I
4
4
2
7.
7
2
2
2
4
n
n
2
2
6.
,
2
2
4
2
I
n
n
2
2.
.
n
n
,
,
2
2
.
4.!
2,
n
.
1
n
4
.
5.
9.
,
8.9.
,
n
3
n
,
n
6.
6
8.
3
.
2
.
4
n
.
!
8.!
.
3.
,
,
,
1)
,
n
,
,
,
,
,
,
,
,
NTT
n .com
.
Security Master
1.
,
2)
, NTT
,
1
25
1
(2004)
, 2013/07,
http://www.soumu.go.jp/johotsusintokei/whitepaper/h25.ht ml
,
3)
http://www.isms.jipdec.or.jp/isms.html
,“
4)
”,
2.
n
11
(FIT2012)
, 2012/09
n
5)
,“
n
”,
2012
6)
,“
”, 2014
, 2014/01
7)
,
n
I
2013
1.2
,
n
.
6.!
n
,
n
.
2
1
,
2
.
4
,
IrDA
,
n
Bluetooth
2
2.
1
,
1
4
,
3
1
7.!
×
1
2
2
,
,
,
”,
,”
n
, pp.303-307,2013.

Download Report