IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

Slides:

Advertisements

Similar presentations

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

Advertisements

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

1 ISO/IEC JTC 1 Special Working Group on Accessibility (SWG-A) JTC 1 SWG-A N Document Type: Presentation Title: IT Accessibility Standardization.

Mobile Technology & Cyber Threats Promoting E-Commerce in Ghana Ruby Saakor Tetteh Ministry of Trade & Industry, Ghana Sixth Annual African Dialogue Consumer.

AGENCY FOR PREVENTION OF CORRUPTION AND COORDINATION OF FIGHT AGAINST CORRUPTION mr.sci. Vladica Babić - Assisstent.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Standardization Framework (Myanmar) Ye Yint Win President Myanmar Computer Professionals Association Chair-Standardization Committee, Myanmar Computer.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

Introducing Regulatory Impact Analysis into the Turkish Legal Framework Prime Minister’s Office, Better Regulation Group The Project Implementation Team.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

UK Office for Security & Counter Terrorism Future threats and the potential role of the CBRN Action plan in supporting the BTWC Dr Catherine Terry International.

IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.

Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.

7 March 2013 Counter-terrorism Committee Executive Directorate Facilitating the Provision of Technical Assistance to Member States.

METI Realizing a World-Class “Highly Reliable Society” November 25, 2004 Yutaka Hayami Director, Office of IT Security Policy Ministry of Economy, Trade.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Nuclear Power Plant/Electric Grid Regulatory Coordination and Cooperation - ERO Perspective David R. Nevius and Michael J. Assante 2009 NRC Regulatory.

Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.

Regional Conference Intellectual Property Crime Bahrain April 2008.

Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC)

CAR PROJECT SERBIA FITZ-ROY DRAYTON CRIMINAL ASSET RECOVERY PROJECT IN SERBIA.

Trafficking in human beings in R. Macedonia Maja Varoslija- Open Gate La Strada Macedonia.

Mabito YOSHIDA Director, IT Security Office Ministry of Internal Affairs and Communications (MIC ） JAPAN November 25th 2004 Information Security Policies.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Recent Cyber Attacks and Countermeasures September 2006.

1 Introduction of Research and Development Project Evaluation System at NEDO Momoko OKADA New Energy and Industrial Technology Development Organization(NEDO)

Copyright © 2007 Jiro Tamura. All rights reserved. 1 Japanese Telecommunication Industry - Competition Policy and Enforcement - Jiro Tamura Keio University.

CRYPTREC (Cryptography Research and Evaluation Committees) Office of IT Security Policy Ministry of Economy, Trade and Industry Japan.

INTRODUCTION TO THE INTERNATIONAL LABOUR STANDARDS (ILS) SYSTEM Trade Union Training on Occupational Safety, health and the Environment, with Special Attention.

1 GSC: Standardization Advancing Global Communications ISACC Opening Plenary Presentation GSC-11 SOURCE:ISACC TITLE:ISACC Opening Plenary Presentation.

Cyber-security policy to encourage CSIRTs activities Yasuhiro KITAURA Ministry of Economy, Trade and Industry, JAPAN.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

1 FIRST STAGE OF THE HIGHER EDUCATION REFORM IN CROATIA – TASKS OF AUTHORISED BODIES.

Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.

Cloud Computing, Policy Management and Standardization Europe Identity Conference 2011 John Sabo, Director Global Government Relations, CA Technologies.

THE FINAL ACTS OF THE ITU PLENIPOTENTIARY CONFERENCE, MARRAKESH, MOROCCO 2002 PRESENTATION TO SELECT COMMITTEE ON LABOUR AND PUBLIC ENTERPRISES.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.

What is “national security”?  No longer defined only by threat of arms  It really is the economy  Infrastructure not controlled by the government.

Bologna Process in Croatia Melita Kovačević University of Zagreb Consortia Meeting of the Tempus Project UM-JEP Moving Ahead with the Bologna Process.

Summary of the Open Government Data Strategy The Open Government Data Strategy was adopted as a strategy for intensive implementation of measures to promote.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Infrastructure Security: The impact on Telecommunications.

Council of Europe workshop on the certification of e-voting systems Strasbourg, November 2009.

1 Mutual Acceptance of Conformity Assessment Results - Japan ’ s Experience and Observation - 16 March 2006 Shinji FUJINO Director International Standards.

Office of Special Projects Issues arising from the Second Review Conference on Safety and Security at Chemical Plants and Relationships with CWC stakeholders.

New approach in EU Accession Negotiations: Rule of Law Brussels, May 2013 Sandra Pernar Government of the Republic of Croatia Office for Cooperation.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 28 – Consumer and Health Protection.

The Commonwealth Cybercrime Initiative David Tait, Cybercrime Policy Analyst.

Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

November 19, 2002 – Congress passed the Homeland Security Act of 2002, creating a new cabinet-level agency DHS activated in early 2003 Original Mission.

Enforcement of Shareholders’ Rights: The Case of Bulgaria First South East Europe Corporate Governance Roundtable Bucharest, September 2001 Enforcement.

ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.

Priority Agricultural Policies and Standards to Advance Agricultural Trade and Access to Inputs Regional Feed the Future and Trade Africa Meeting

Civil Society Participation and Contribution to the UNCAC Review Process Towards Transparency – TI National Contact Vietnam UNCAC Self Assessment Process:

ANSI – ESOs meeting Washington February 2017

Johannesburg, South Africa

PRESENTATION OF MONTENEGRO

PRESENTATION OF MONTENEGRO

Miyeon Yoon, Korea Internet & Security Agency

Nick Bonvoisin Secretary to the Convention on the

Promoting Global Cybersecurity

14. “(1) Unless otherwise agreed where the originator has stated that the electronic communication is conditional on receipt of acknowledgment, the electronic.

The e-government Conference main issues

UNODC and CYBERCRIME October 2009.

Presentation transcript:

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN

Outline of the presentation 1Security of information systems and networks (1) Best practices (2) Protection of critical infrastructure (3) Cyber-crime and terrorism 2Information security (1) Cryptography Policy (2) Electronic signatures and authentication (3) Certification and good security practices

1.(1) Best practices The significance of best practices in IT Security. “Elimination of possibilities of service suspension which may have a great influence upon every day life of the Japanese and their socioeconomic activities (e-Japan Priority Policy Program 2002).” Need for awareness and understanding of the significance of IT security. Need for best practices in IT security OECD Security Guidelines. Japan hosted WS in Tokyo in cooperation with OECD Secretariat and IPA with the view to facilitating the review of the 1992 Security Guidelines. Japan is promoting the OECD Security Guidelines as best practices. Electronic government (e-government) Japan sets goals to make it the world’s most advanced IT nation within 5 years (e-Japan Priority Policy Program 2001) An e-government, which treats electronic information in the same way as information on papers will be realized by 2003 (e-Japan Priority Policy Program 2001). IT security evaluation (ISO/IEC 15408) and standardization of cryptographic techniques for procurement by an e-government.

1.(2) Protection of critical infrastructure Adoption of Special Action Plan on Fighting Cyber-terrorism against Critical Infrastructure (December 15, 2000) / Follow-up Measures to the Special Action Plan (March 28, 2002) Target Areas of Critical Infrastructure : Telecommunications, finance, aviation, railroads, electrical power, gas. Cyber Terrorism Countermeasures by Government and the Private Sector: (1) Prevention of damage (raise security level)/(2) Establish and enhance communication and coordination systems between government and the private sector/(3) Detection and emergency response to cyber attacks through cooperation between government and the private sector/(4) Establish foundations of information security/(5) International cooperation Foundation of National Incident Response Team (NIRT) (March 28, 2002) Action Plan for Ensuring IT Security of Electronic Government (October 10, 2001) Establishment of Cyber Force (National Police Agency) (April 1, 2002) A mobile technical unit in National Police Agency.

1.(3) Cyber-crime and terrorism G8 Lyon Group High-tech SG Japan participate in high-tech SG activities. Japan hosted Industry-Government Joint Conference in Tokyo in April of LG adopted Traceability recommendation and other documents. Council of Europe Convention on Cyber-crime. Japan signed the Convention in November of It is now preparing for the ratification of the Convention. Password procurement, virus production, child pornography, preservation order, real time tracing, jurisdiction are in question Business’s need for the confidentiality shall not be sacrificed by the need of law enforcement agency. An appropriate balance between them is to be required.

2. (1) Cryptography Policy Adopting a list of recommendable cryptographic techniques MPHPT and METI should aim at adopting a list concerning recommendable cryptographic techniques for e-government by FY 2002 for the purpose of facilitating procurement by e-government (Action Plan for Ensuring IT Security of Electronic Government (October 10, 2001)). MPHPT and METI organized CRYPTREC which will have drafted the list until the end of March After the adoption of the list, CRYPTREC may deal with issues, such as cryptographic module validation program and monitoring of recommendable cryptographic techniques. Correspondence with ISO/IEC international standardization ISO/IEC agreed in April 2001 to standardize cryptography. Japan proposes its own cryptography to the standardization process at ISO/IEC

2.(2) Electronic signatures and authentication “Electronic Signatures Law” has entered into force in April 1, 2001 Aim of “Electronic Signatures Law” Promote of EC through securing the smooth utilization of electronic signatures Improving citizen’s quality of life and the sound development of the national economy Content of “Electronic Signatures Law” Presumption: To make sure the legal position of electronic signatures Presumption given when electronic documents are accompanied by electronic signatures Voluntary accreditation : To ensure the reliability of CA Voluntary accreditation of certification service (Article 4 to Article 16) Designated investigating organization (Article 17-32) Penalties (Article 41-47) Other items Support, etc. for certification service (Article 33) Public education activities and public information activities (Article 34)

2.(3) Certification and good security practices ISO/IEC Japan has started in April of 2001 the evaluation and certification scheme for government use of IT products to promote secure e-Government. This scheme evaluates security function and quality of the IT products (software, hardware and systems.) Concerning the scheme, NITE (National Institute of Technology and Evaluation) is in charge of certification. Japan also plans to participate in Common Criteria Arrangement in 2003, discussing with CC Arrangement members. IS Management Scheme based on ISO/IEC JIPDEC (Japan Information Processing Development Corporation) started ISMS (Information Security Management System), a new accreditation system for any kind of services dealing with information, based on ISO/IEC in April of 2002, instead of IAS (Information-Processing Accreditation Scheme (IAS) : Japanese original accreditation system for security evaluation of Information-Processing Services) JIPDEC accredited 3 certification bodies and they issued certifications to 37 companies in 2001 under the pilot project. In April of 2002, JIPDEC started the ISMS officially.

Thank you