Cyber-security policy to encourage CSIRTs activities 2002.03.23 Yasuhiro KITAURA Ministry of Economy, Trade and Industry, JAPAN 0. Table of contents 1. Ministry of Economy, Trade and Industry (METI) 2.The importance of CSIRT’s activities 3.The importance of co-operation among CSIRTs 4.METI’s policy on CSIRTs 1. Ministry of Economy, Trade and Industry (METI) METI is dealing with wide range of issues in the field of information security in close collaboration with other institutions such as Cabinet Secretariat. -Information Security Management Schemes (ISO17799 etc) -Information Security Evaluation Schemes (ISO15408, CRYPTREC etc) -Human resource development (Skill-map for Security Engineer etc) -Electronic Transaction (Electronic Signatures Law etc) -Cyber-crime and Cyber-terrorism (Cyber Crime Convention etc) -International Cooperation (G8, OECD, APEC etc) METI gives a high priority to CSIRT’s activities as one of the most important issues in the field of information security. 2.The importance of CSIRT’s activities METI attaches a great importance to the CSIRT’s activities because CSIRTs could carry out the following measures for the purpose of enhancing the information security : 1. The measures for prevention (1) To gather information on internet security issues (2) To issue advisories based on the circumstances surrounding actual attacks and intrusions (3) To disseminate security-related technical information and materials 2.The measures for emergent response (1)To assess the damage based on information provided by the affected site (2)To identify the vulnerabilities (3)To provide relevant technical information 3.The importance of co-operation among CSIRTs METI places also a high value on the establishment and strengthening of Asian regional forum for CSIRTs based on the following reasons: 1. Information sharing among CSIRTs is indispensable for the effective information gathering, analysis, dissemination etc. 2. The existing CSIRTs could support the establishment of CSIRT in a country/area where no CSIRT has existed, which facilitates the more effective information gathering, analysis, dissemination etc. 3. In addition to global forum such as FIRST, the APCERT (Asia-Pacific Computer Emergency Response Team) has been established to promote collaboration among CSIRTs of Asia Pacific region. 4.METI’s policy on CSIRTs METI carries out the following policy on CSIRTs activities. 1. Supporting the activities of JPCERT/CC (1) METI has supported the activities of JPCERT/CC since its establishment in October 1996. (2) In the fiscal year 2003, METI will provide JPCERT/CC with about 5 million US-dollars for supporting its activities. (a) Strengthening its capabilities to gather, analyze and disseminate the information concerned (b) Establishing a fixed-point auto data collecting system 2. Supporting the establishment and strengthening of Asian regional forum for CSIRTs. (1) Asia Pacific Security Incident Response Coordination Conference (March 2002, Tokyo. February 2003, Taipei. Host:JPCERT/CC) (2) Computer Emergency Response Team Awareness Raising and Capability Building Seminar (March 2003, Malaysia. Host:Japan and Australia) 5.Contact Address More Information Mr.Yasuhiro KITAURA Assistant Director IT Security Policy Office Ministry of Economy, Trade and Industry, Japan URL: http://www.meti.go.jp/policy/netsecurity/ E-mail: [email protected] TEL: +81-3-3501-0397 FAX: +81-3-3501-6639
© Copyright 2024 ExpyDoc