情報セキュリティマネジメントの国際、国内規格化動向  [in Japanese] Current Trends of the international and national standards on Information Security Management  [in Japanese]

企業の情報システムにおいては、その企業の安全性、健全性を認証できるような証明書が必要となる。このような証明書を持つことにより、他企業とのビジネスを有利に展開することが可能となる。本稿では、安全性、健全性を認証するための技術である「情報セキュリティマネジメント」の国際(ISO/IEC 17799)、および国内(ISMS適合性制度)の最近の規格化の動向について解説する。

Information system, which belongs to an organization, needs to obtain a certification on information security management. Such a certification will be greatly helpful to start businesses with other organizations regarding security and safety of the information system (called Information Security Management System :ISMS). As far as the standardizations of Information security management, ISO/IEC 17799 has been established as an international standard of its code of practice. In Japan, we have developed "ISMS Conformity Assessment Scheme", which is the one for the third party conformity assessment on security management of information systems, under which private bodies take initiative to reflect market mechanisms. This scheme has been developed on the basis of the international standard ISO/IEC 17799. In this paper, ISO/IEC 17799 and ISMS conformity assessment scheme are both introduced as current trends of standardization activities on Information Security Management.