政府調達における、ITセキュリティ評価及び認証制度

Cyber-security policy to encourage
CSIRTs activities
2002.03.23
Yasuhiro KITAURA
Ministry of Economy, Trade and Industry, JAPAN
0. Table of contents
1. Ministry of Economy, Trade and Industry (METI)
2.The importance of CSIRT’s activities
3.The importance of co-operation among CSIRTs
4.METI’s policy on CSIRTs
1. Ministry of Economy, Trade and Industry (METI)
METI is dealing with wide range of issues in the field of
information security in close collaboration with other institutions
such as Cabinet Secretariat.
-Information Security Management Schemes (ISO17799 etc)
-Information Security Evaluation Schemes (ISO15408, CRYPTREC etc)
-Human resource development (Skill-map for Security Engineer etc)
-Electronic Transaction (Electronic Signatures Law etc)
-Cyber-crime and Cyber-terrorism (Cyber Crime Convention etc)
-International Cooperation (G8, OECD, APEC etc)
METI gives a high priority to CSIRT’s activities as one of the
most important issues in the field of information security.
2.The importance of CSIRT’s activities
METI attaches a great importance to the CSIRT’s activities
because CSIRTs could carry out the following measures for the
purpose of enhancing the information security :
1. The measures for prevention
(1) To gather information on internet security issues
(2) To issue advisories based on the circumstances surrounding
actual attacks and intrusions
(3) To disseminate security-related technical information
and materials
2.The measures for emergent response
(1)To assess the damage based on information provided by the affected site
(2)To identify the vulnerabilities
(3)To provide relevant technical information
3.The importance of co-operation among CSIRTs
METI places also a high value on the establishment and
strengthening of Asian regional forum for CSIRTs based on the
following reasons:
1. Information sharing among CSIRTs is indispensable for the effective
information gathering, analysis, dissemination etc.
2. The existing CSIRTs could support the establishment of CSIRT in a
country/area where no CSIRT has existed, which facilitates the more
effective information gathering, analysis, dissemination etc.
3. In addition to global forum such as FIRST, the APCERT (Asia-Pacific
Computer Emergency Response Team) has been established to promote
collaboration among CSIRTs of Asia Pacific region.
4.METI’s policy on CSIRTs
METI carries out the following policy on CSIRTs activities.
1. Supporting the activities of JPCERT/CC
(1) METI has supported the activities of JPCERT/CC since its
establishment in October 1996.
(2) In the fiscal year 2003, METI will provide JPCERT/CC with about
5 million US-dollars for supporting its activities.
(a) Strengthening its capabilities to gather, analyze and disseminate the
information concerned
(b) Establishing a fixed-point auto data collecting system
2. Supporting the establishment and strengthening of Asian regional
forum for CSIRTs.
(1) Asia Pacific Security Incident Response Coordination Conference
(March 2002, Tokyo. February 2003, Taipei. Host:JPCERT/CC)
(2) Computer Emergency Response Team Awareness Raising and Capability
Building Seminar (March 2003, Malaysia. Host:Japan and Australia)
5.Contact Address
More Information
Mr.Yasuhiro KITAURA
Assistant Director
IT Security Policy Office
Ministry of Economy, Trade and Industry, Japan
URL: http://www.meti.go.jp/policy/netsecurity/
E-mail: [email protected]
TEL: +81-3-3501-0397
FAX: +81-3-3501-6639