Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mabito YOSHIDA Director, IT Security Office Ministry of Internal Affairs and Communications (MIC ) JAPAN November 25th 2004 Information Security Policies.

Published byAldous Hutchinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Mabito YOSHIDA Director, IT Security Office Ministry of Internal Affairs and Communications (MIC ) JAPAN November 25th 2004 Information Security Policies."— Presentation transcript:

1 Mabito YOSHIDA Director, IT Security Office Ministry of Internal Affairs and Communications (MIC ) JAPAN November 25th 2004 Information Security Policies in the Telecommunications Field

2 1 Transition of security measures ■From ones by individual companies/organizations to ones by collaboration among wide-range of interested parties ■From ones at a terminal level to ones at the a network level Overview of Policies for Construction Safe and Secure Network Infrastructures safe and secure Construction of safe and secure network infrastructures 4. Human Resources 1. Strengthening of network- side security measures 2. R&D of the security technologies 5. Legislation 3 . Strengthening of user- side security measures

3 2 Management of collected information Members General users Domestic-related information sites (JPCERT, IPA..) ■Role of Telecom-ISAC Japan (1) Exchange of reports and information concerning system vulnerabilities (2) Provision of countermeasures and best practices (3) Provision of information on threats and damages caused by cyber attacks and computer crimes, etc. ■Role of Telecom-ISAC Japan (1) Exchange of reports and information concerning system vulnerabilities (2) Provision of countermeasures and best practices (3) Provision of information on threats and damages caused by cyber attacks and computer crimes, etc. Function of information collection Management of incident information Management of countermeasure information Database of Vulnerability information Foreign related information sites (CERT, ISAC..) (1) Provision of vulnerability information Member Mail, FAX etc. Telecom-ISAC Japan ■Objectives of Telecom-ISAC Japan Collect and analyze information on incidents that occur in the service infrastructures of telecommunications industry, and share the results within the industry. ■Objectives of Telecom-ISAC Japan Collect and analyze information on incidents that occur in the service infrastructures of telecommunications industry, and share the results within the industry. ■Scheme of ISAC Portal sites Security information Related links What’s new Event information Glossary Delivery of urgent information (3)Provision of telecom-related information (2)Delivery of urgent information Mail, FAX etc. NIRT National Incident Response Team For members Vulnerability info.Vulnerability info. telecom-related informationtelecom-related information Technical info.Technical info. (4) Operation of portal sites (5 )Operation of test laboratories (6)Holding technology Forum ① Security measures on network-side Telecom-ISAC Japan Established: July 2002 Members: 9 Leading ISPs (NTT Com., KDDI, Japan Telecom, Powered Com, NEC, IIJ, Nifty, Yahoo, Matsushita), etc. ISAC: Information Sharing and Analysis Center

4 3 To ensure Internet security, the implementation of appropriate security measures by telecommunications carriers is important. ○Guideline Basic and comprehensive guidelines regarding all safety and security measures in telecommunications networks ○Taxation Preferential tax treatment in case where telecommunications carriers obtain facilities which contribute to improved reliability of telecommunications systems ○Security Mark Security mark is given by Internet Access Service Safe and Security Mark Promotion Group(*1) to ISPs which meet certain standards for security measures and user support (*1) composed of the Telecom Service Association and the Japan Internet Providers Association etc. ① Security measures on network-side Support measures

5 4 ( 1 ) Enhancement of capabilities to analyze influence of viruses on network ( 2 ) Strengthening R&D on technologies for ensuring security of telecommunications infrastructures ・ Wide-area monitoring system technologies and high precision trace back technology ( 3 ) Establishment of bases for security technology ・ Establishment of the Information Security Center at the National Institute of Information and Communications Technology (NICT) Wide-area monitoring system ② R&D on security technologies Outline of Measures for Security Technology R&D Portal site for information provision Archive of System logs Log analysis system Wide area monitoring system Center Firewall probe Virus detection probe Infiltration detection probe ISP network Monitoring probe

6 5 Human resources Development On-site security measures ・ Telecom-ISAC Japan ・ JNSA ・ SPREAD ・ CRYPTEC, etc. R&D themes Wide-area monitoring technologies Technologies for enhancing security measures Vulnerability evaluation technologies Cryptographic technologies, etc. ② R&D on security technologies Approach of the National Institute of Information and Communications Technology (NICT) Establishment of the Information Security Center (April 2004) Large-scale R&D facilities Nurturing practical researchers for a short period by cooperation of actual working site Realizing advanced counter- measures based on latest R&D results and facilities Carrying out R&D and preparing facilities A base of collaboration among industry-academia-government sectors and high-level human resources Development

7 6 ③ Security measures on user-side (1) Recommending 3 principles to minimize user risk (2) Arousing awareness of user-side security Enhancement of security education Campaigns for security awareness From MPHPT “ Information Security Sites for the General Public ” (1) Installing virus check software (2) Implementing personal firewall (3) Applying latest security patches Latest virus detection data The update is ready Icon and message to notify of the software update Viruses

8 7 Nurturing security administrators (administration engineers) is indispensable for ensuring information security. At present, there is a serious shortage of security administrator in Japan. Approximate shortage of 120,000 people (from the Telecommunications Software Forum Report (Dec. 2003)) ○Human resources development through certification systems Since 2001, a subject on Information Security has been added to the national examination for “Chief Telecommunications Engineer's licenses for Transmission, Switching technology and Line technology ”. Since 2001, “Network Information Security Manager (NISM)” program has been founded by 7 associations (including the Telecommunications Carrier Association), as a private security certification. ○Support program for human resources development Have implemented the program subsidizing organizations which promote human resources development in telecommunications field since 2001. ○Building bases for human resources development Be implementing a support program for establishment of the Human Resources Development Center for Telecommunications Security in 2004. ④ Human resources

9 8 ○Law Concerning Prohibition of Acts of Illegal Access (enforced February 2000) In addition to specifying the prohibition and penalizing of acts of illegal access, specifies that a duty be placed on access administrators to strive to implement protective measures and aids in the administration of this. ○Law Concerning Digital Signatures and Authentication Bodies (enforced April 2001) In addition to giving the same legal significance to digital signatures as to handwritten signatures and seals, introduce an optional qualification system for authentication bodies. ○Establishment of Domestic Legislation for the Ratification of the European Council Cyber-crimes Treaty Implement the necessary legislation for the early conclusion of the cyber-crimes treaty. In order to ensure information security, it is important to legislate to prohibit actions that threaten the safety of the network and penalize those who contravene the laws. ⑤ Legislation

10 9 medium-term target ○ Realization of network environment to make users use the network without awareness on security measures Ordinary users have their limits to take all countermeasures on the user side. Elimination of DDoS attacks Elimination of illegal access Elimination of spoofing Elimination of viruses and worms Eliminate undesirable communications through packet filtering and virus checks ISP Development of network foundational technologies for enabling everyone to use security-guaranteed communications Packet with a spoofed sender address Virus checks

Download ppt "Mabito YOSHIDA Director, IT Security Office Ministry of Internal Affairs and Communications (MIC ) JAPAN November 25th 2004 Information Security Policies."

Similar presentations

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Dr. Pradnya Saravade Dy.

Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Dr. Pradnya Saravade Dy.
Information Security Policies and Standards

Information Security Policies and Standards
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
UK Office for Security & Counter Terrorism Future threats and the potential role of the CBRN Action plan in supporting the BTWC Dr Catherine Terry International.

UK Office for Security & Counter Terrorism Future threats and the potential role of the CBRN Action plan in supporting the BTWC Dr Catherine Terry International.
Network security policy: best practices

Network security policy: best practices
JPCERT/CC May. 2003. Fixed-Point Auto Data Collecting System Getting more accurate Scan and Prove data to provide more accurate network traffic analysis.

JPCERT/CC May Fixed-Point Auto Data Collecting System Getting more accurate Scan and Prove data to provide more accurate network traffic analysis.
 Road Safety the European Union Policy Carla Hess European Commission, Directorate General for Mobility & Transport Road.

 Road Safety the European Union Policy Carla Hess European Commission, Directorate General for Mobility & Transport Road.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.

Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
Supercomputing Center Jysoo Lee KISTI Supercomputing Center 2003. 8. 23 National e-Science Project.

Supercomputing Center Jysoo Lee KISTI Supercomputing Center National e-Science Project.

Similar presentations

Ads by Google