INFORMATION SECURITY POLICY EVALUATION SYSTEM AND ITS CONTROL METHOD

摘要

PROBLEM TO BE SOLVED: To provide an information security policy evaluation system by which an information security policy in an organization such as an enterprise is efficiently and appropriately decided for operation.;SOLUTION: A second information processor 112 at a second site 102 transmits a measures-taken threat operated by the second site 102 to a first information processor 111 at a first site 101. A third site 103 collecting information on the threat transmits the information on the threat to the first information processor 111 at the first site 101. The first information processor 111 extracts the measures-taken threat effective to the actually caused threat out of the received measures-taken threats or the measures-not taken threat to generate an evaluation report describing them. The compensation amount of an insurance with respect to the threat is changed on the basis of the generated evaluation report.;COPYRIGHT: (C)2005,JPO&NCIPI