1 / 9

IT Security Policy in Japan

IT Security Policy in Japan. 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN. Outline of the presentation. Security of information systems and networks (1) Best practices (2) Protection of critical infrastructure (3) Cyber-crime and terrorism

tamal
Download Presentation

IT Security Policy in Japan

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN

  2. Outline of the presentation • Security of information systems and networks (1) Best practices (2) Protection of critical infrastructure (3) Cyber-crime and terrorism • Information security (1) Cryptography Policy (2) Electronic signatures and authentication (3) Certification and good security practices

  3. 1.(1) Best practices • The significance of best practices in IT Security. • “Elimination of possibilities of service suspension which may have a great influence upon every day life of the Japanese and their socioeconomic activities (e-Japan Priority Policy Program 2002).” • Need for awareness and understanding of the significance of IT security. Need for best practices in IT security • OECD Security Guidelines. • Japan hosted WS in Tokyo in cooperation with OECD Secretariat and IPA with the view to facilitating the review of the 1992 Security Guidelines. • Japan is promoting the OECD Security Guidelines as best practices. • Electronic government (e-government) • Japan sets goals to make it the world’s most advanced IT nation within 5 years (e-Japan Priority Policy Program 2001) • An e-government, which treats electronic information in the same way as information on papers will be realized by 2003 (e-Japan Priority Policy Program 2001). • IT security evaluation (ISO/IEC 15408) and standardization of cryptographic techniques for procurement by an e-government.

  4. 1.(2) Protection of critical infrastructure • Adoption of Special Action Plan on Fighting Cyber-terrorism against Critical Infrastructure (December 15, 2000) /Follow-up Measures to the Special Action Plan (March 28, 2002) • Target Areas of Critical Infrastructure : • Telecommunications, finance, aviation, railroads, electrical power, gas. • Cyber Terrorism Countermeasures by Government and the Private Sector: • (1) Prevention of damage (raise security level)/(2) Establish and enhance communication and coordination systems between government and the private sector/(3) Detection and emergency response to cyber attacks through cooperation between government and the private sector/(4) Establish foundations of information security/(5) International cooperation • Foundation of National Incident Response Team (NIRT) (March 28, 2002) • Action Plan for Ensuring IT Security of Electronic Government (October 10, 2001) • Establishment of Cyber Force (National Police Agency) (April 1, 2002) • A mobile technical unit in National Police Agency.

  5. 1.(3) Cyber-crime and terrorism • G8 Lyon Group High-tech SG • Japan participate in high-tech SG activities. Japan hosted Industry-Government Joint Conference in Tokyo in April of 2001. LG adopted Traceability recommendation and other documents. • Council of Europe Convention on Cyber-crime. • Japan signed the Convention in November of 2001. It is now preparing for the ratification of the Convention. Password procurement, virus production, child pornography, preservation order, real time tracing, jurisdiction are in question • Business’s need for the confidentiality shall not be sacrificed by the need of law enforcement agency. An appropriate balance between them is to be required.

  6. 2. (1) Cryptography Policy • Adopting a list of recommendable cryptographic techniques • MPHPT and METI should aim at adopting a list concerning recommendable cryptographic techniques for e-government by FY 2002 for the purpose of facilitating procurement by e-government (Action Plan for Ensuring IT Security of Electronic Government (October 10, 2001)). • MPHPT and METI organized CRYPTREC which will have drafted the list until the end of March 2003. • After the adoption of the list, CRYPTREC may deal with issues, such as cryptographic module validation program and monitoring of recommendable cryptographic techniques. • Correspondence with ISO/IEC international standardization • ISO/IEC agreed in April 2001 to standardize cryptography. Japan proposes its own cryptography to the standardization process at ISO/IEC

  7. 2.(2) Electronic signatures and authentication • “Electronic Signatures Law” has entered into force in April 1, 2001 • Aim of “Electronic Signatures Law” • Promote of EC through securing the smooth utilization of electronic signatures • Improving citizen’s quality of life and the sound development of the national economy • Content of “Electronic Signatures Law” • Presumption: To make sure the legal position of electronic signatures • Presumption given when electronic documents are accompanied by electronic signatures • Voluntary accreditation: To ensure the reliability of CA • Voluntary accreditation of certification service (Article 4 to Article 16) • Designated investigating organization (Article 17-32) • Penalties (Article 41-47) • Other items • Support, etc. for certification service (Article 33) • Public education activities and public information activities (Article 34)

  8. 2.(3) Certification and good security practices • ISO/IEC 15408 • Japan has started in April of 2001 the evaluation and certification scheme for government use of IT products to promote secure e-Government. This scheme evaluates security function and quality of the IT products (software, hardware and systems.) • Concerning the scheme, NITE (National Institute of Technology and Evaluation) is in charge of certification. • Japan also plans to participate in Common Criteria Arrangement in 2003, discussing with CC Arrangement members. • IS Management Scheme based on ISO/IEC 17799 • JIPDEC (Japan Information Processing Development Corporation) started ISMS (Information Security Management System), a new accreditation system for any kind of services dealing with information, based on ISO/IEC 17799 in April of 2002, instead of IAS (Information-Processing Accreditation Scheme (IAS) : Japanese original accreditation system for security evaluation of Information-Processing Services) • JIPDEC accredited 3 certification bodies and they issued certifications to 37 companies in 2001 under the pilot project. In April of 2002, JIPDEC started the ISMS officially.

  9. Thankyou

More Related