Networking and distribution of computer systems has led to an increasing
emphasis on security for information systems. This has created the need to
evaluate and certify the level of security built into individual information
processing products for database management, firewalls, and IC cards, and
for information processing systems such as Internet banking and authentication services.
(3)IEEE (Institute of Electrical and Electronics Engineers)
The “IEEE (Institute of Electrical and Electronics Engineers)” is a
body that engages in research and development of standards for electronic
components and communications schemes. The “IEEE 802 Committee”
is a subcommittee that develops LAN standards. The “IEEE 802.3 Committee” and “IEEE 802.11 Committee” are subcommittees that develop
standards for Ethernet LANs and wireless LANs respectively.
Reference
Security policy and risk management
Corporate and legal affairs
(2)IEC (International Electrotecnical Commission)
The “IEC (International Electrotechnical Commission)” is a body that
develops international standards in the electrical and electronic fields.
Chapter 1
●ISO/IEC 17799
“ISO/IEC 17799” provides standards for implementing security management, comprising both a standard (international standardization specification) for implementing IT security management, and a system for IT security management.
The British Standards Institute (BSI) developed the BS 7799 standard in
1999, and in response, ISO developed the “ISO/IEC 17799” standard as
an international standard. BS 7799 is a standard specification for information security management systems (ISMS). In Japan, the “JIS X 5080”
standard was developed in 2002 based on guidelines from the ISO specifications.
The Japan Information Processing Development Corporation (JIPDEC)
defines ISMS as “a system for information security (by which) the organization can determine the necessary security level, make up plans
and distribute its assets based on its own risk assessment in addition to
technical countermeasures against each individual issue.” JIPDEC also
operates an “ISMS Conformity Assessment System” in which third party
organizations certify the ISMS of corporations for conformity with ISO/
IEC 17799.
An “ISMS” is a comprehensive framework for corporations and organizations to manage information appropriately, and maintain and improve security through the setting of controls based on a security policy. The ISMS
framework also provides for implementing risk management and engaging
in continuous and regular review of the framework.
Refer to “Chapter 9-5-2 Information security management.”
Reference
IEC
Abbreviation for “International Electrotechnical Commission.”
Reference
IEEE
Abbreviation for “Institute of Electrical
and Electronics Engineers.”
Reference
W3C
Abbreviation for “World Wide Web Consortium,” which is an international organization that develops many Web
standards.
Reference
LAN
Refer to “Chapter 9-4-1 Network systems.”
58