Presentation is loading. Please wait.

Presentation is loading. Please wait.

Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC)

Published byCandice Ford Modified over 8 years ago

Similar presentations

Presentation on theme: "Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC)"— Presentation transcript:

1 Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC) http://www.nisc.go.jp/eng/

2 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 1 The issue of Cyber attack  Cyber attack is “electric attack to Critical Infrastructures using information communications networks and information system”  “Inter-ministry coordination” and “Government Private Partnership” are needed to improve preparedness, and response and recovery capability for large cyber attack

3 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 2 Brief history of Information security policy framework Developing Policy Framework Restructuring Organizations Defacing Web site of Government 911 Blaster Worm 19992000 200 1 200220032004200520062007 2003.08 Implementation 1 st Phase Restructuring Phase Implementation 2 nd Phase Information Security Policy Guidelines Special Action Plan on Countermeasures to cyber-terrorism for Critical Infrastructures Cabinet Secretariat IT Security Office 1. National Information Security Center 2. Information Security Policy Council Standards for Information Security Measures for the Central Government Computer Systems Action Plan on Information Security Measures for Critical Infrastructures The First National Strategy on Information Security on Information Security 2005.05 2006.02 2005.122005.12 2005.04 2000.02 2000.01 2000.07 2000.12 2001.09 Organization Major policies

4 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 3 Establishment of the ‘Information Security Policy Council (ISPC)’ and the ‘National Information Security Center (NISC)’  The National Information Security Center (NISC) was established on April 25, 2005 based on the decision under the IT Strategic Headquarters on December 7, 2004  Information Security Policy Council (ISPC) was set up in IT Strategic Headquarters on May 30, 2005  NISC serves as a coordinator of cross-departmental information security issues  NISC consists of both government officials from related ministries and agencies, and experts from the private sector Est. Feb 2000 July 2004 Apr 2006 -Aug 2007 8 persons 18 52 63  Organizational Transition of staff in Cabinet Secretariat NISC set up in April 2005 Set up ‘IT Security Office’ in Cabinet Secretariat

5 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 4 Information Security Policy Council (ISPC) & National Information Security Center (NISC) Governmental Agencies Critical Infrastructures Individuals (2) Promote comprehensive measures taken by central governments (3) Help central each government agency deal with individual incidents (4) Information security measures for critical infrastructures - Centralize of information exchange and cooperate with foreign countries - Make International confidence-building - Based on “Review of the Role and Functions of the Government in terms of Measures to Address Information Security Issues (decided by the IT Strategic Headquarters on December 7, 2004),” the government is developing essential functions and frameworks toward strengthening its core functions to address information security issues. Central government agencies concerning information security Ministry of Internal Affairs and Communications National Police Agency Ministry of Economy, Trade and Industry Ministry of Defense Decision on fundamental matters such as basic strategy for information security Agencies overseeing critical infrastructure Ministry of Land, Infrastructure and Transport Financial Services Agency Ministry of Economy, Trade and Industry Ministry of Internal Affairs and Communications Ministry of Health, Labour and Welfare National Information Security Center (NISC)Information Security Policy Council (ISPC) IT Strategic Headquarters Gather experts from the public and private sectors * NISC is in Cabinet Secretariat Cabinet Secretariat (1) Formulate basic strategies for information security measures Businesses

6 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 5 Structure and Functions of NISC Director of NISC (Assistant Chief Cabinet Secretary) Deputy Director of NISC Development of Fundamental Strategy Development of Fundamental Strategy Comprehensive measures for governmental agencies Comprehensive measures for governmental agencies Development of Response Capability Development of Response Capability Critical Information Infrastructure Protection Critical Information Infrastructure Protection Advisor on Information Security Advisor on Information Security Critical Infrastructures Governmental Agencies BusinessesIndividuals International Strategy Deputy Director of NISC Foreign Organizations

7 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 6 Overall Picture of “The First National Strategy on Information Security” Basic principles 1 Information security for providing the introduction of Japan as an economic state 2 Information security for more safe, secure, and better lives for the people 3 Information security from a new perspective of ensuring national security  A quarter of Japan’s economic base and commercial transactions depends on IT.  Japan is the world’s largest broadband communication power with 80 million Internet users.  There is a growing need for safety and security measures including disaster control manners.  It is necessary to recognize both new threats to national security regarding IT and strength of Japan. To make Japan an “information security advanced nation” Goals Establish a “new public-private partnership model” in which both public and private play their roles appropriately Primary goal to be achieved in the next three years

8 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 7 “The First National Strategy on Information Security” Central and local governments Critical infrastructures Businesses Individuals Standards for Measures Critical Infrastructures Action Plan Promoting information security technology strategy Developing human resources Promoting international cooperation and collaboration Crime control and protection/remedial measures for rights and interests Giving “Best Practice” for information security measures Ensuring stable supply of their services as the basis of people’s social lives and economic activities Implementing information security measures so as to be highly regarded by the market Raising awareness as main players of IT society Measures promoted by Ministries and Agencies Measures promoted by Ministries and Agencies [Sectoral Plan] Role Priority policies for 2006-2008 (2) (cross-sectoral issues)

9 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 8 Overall Picture of Milestones in the FY 2006 - 2008 Take measures for government agencies Take measures for critical infrastructures Formulate cross-sectoral information security infrastructure for businesses and individuals Achieve continuous improvement according to the overall plan overall process schedule” (National Strategy) and the “sectoral plandevelop Japan into an “information security advanced nation - Through combination of the “overall process schedule” (National Strategy) and the “sectoral plan,” the government aims to develop Japan into an “information security advanced nation,” with clearly identified milestones to be achieved in each fiscal year. FY2006FY2007 FY2008 [Businesses] All public companies should take appropriate measures depending on risk. [Individual] The number of “individuals who feel insecure about IT use” as close as possible to zero. [Central Government] All government agencies should take measures according to the “Standards for Measures [Critical Infrastructure] The number of IT-malfunctions should be reduced as close as possible to zero.

10 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 9 Central government agencies Standards for Information Security Measures for the Central Government Computer Systems ○ To achieve sectoral plan for raising the information security level of the whole government, the government formulates the “Standards for Information Security Measures for the Central Government Computer Systems” ○ Each government agency implements measures according to the Standards for Measures, and the National Information Security Center (NISC) inspects and evaluates the implementation status at the central offices. The Information Security Policy Council (ISPC) makes recommendations for improvement based on the inspection/evaluation results. Information Security Policy Council (ISPC) National Information Security Center (NISC) Make recommendations ・ Review standards of government agency according to the Standards for Measures Inspect and evaluate the implementation status Plan Do Act Check Standards for Measures Recommendations for improvement Plan Do Act Check

11 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 10 Framework of Information Security Measures of the Government Implementation framework Standards for Measures Set of individual manuals (Provided by the NISC) Policies of central government Guidelines for Formulation and Implementation of Standards for Measures Policy for Enhancement of Information Security Measures for the Central Government Computer Systems Formulating the “standards of the government agency” completed by all government agencies in April, 2006. Each Government agency To be established by around the end of the first quarter of FY2006 so that self-inspection can get started from the second quarter. Basic policies of the government agency Standards for measures implemented by the government agency Operation procedures by the government agency Policies of the government agency

12 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 11 Critical Infrastructures Action Plan protect critical infrastructures IT-malfunctions - The Action Plan aims to protect critical infrastructures from (1) cyber attacks but also from (2) suspended services and reduced function caused by dysfunction of IT arising from unintentional factors and (3) those arising from disasters (IT-malfunctions). CEPTOAR-Council CEPTOAR New framework to be built under the Action Plan (supported by the four policies) 分野 B Govern- ment Flow of information Reflecting the analysis results Improving IT-malfunctions response capabilities Sector A Strengthening measures at ordinary times Comprehensive inspections and improvements 4. Cross-sectoral exercises 3. Analyses of interdependency 1. Safety Standards, Guidelines, etc. 2. Information sharing frameworks Sector B Sector C Sector D ・・・・・ ・ 10 Sectors 10 SectorsTelecommunications Finance Civil aviation Railways Electricity Gas Administrative services Medical services Water works Logistics

13 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 12 Cyber attacks IT-malfunctions (unintentional factors) IT- malfunctions (disasters) Realization of more solid and truly dependable IT infrastructures in critical infrastructures through the organic coordination of four measures Action Plan on Information Security Measures for Critical Infrastructures (Adopted by the ISPC on Dec. 13, 2005) 1. “Safety Standards, Guidelines, etc.” 2. Information sharing framework 3. Analysis of interdependence 4. Cross-sector exercises [Four policies] [Objectives] The central government will make efforts aiming to reduce the number of occurrence of IT-malfunctions in critical infrastructures as close as possible to zero by the beginning of FY2009 Framework of Critical Infrastructure Measures ~ Promotion through Organic Coordination of Four Measures ~ Plan Do Act Check Yearly improvement in a spiral manner

14 Copyright (c) 2007 National Information Security Center (NISC). All Rights Reserved. 13 Thank you !  Contact Information National Information Security Center (NISC) Cabinet Secretariat, Government of Japan URL: http://www.nisc.go.jp/http://www.nisc.go.jp/ Contact Person: Masayuki OGATA, Mr. e-Mail: masa@nisc.go.jpmasa@nisc.go.jp

Download ppt "Japanese Government’s Efforts to Address Information Security Issues October, 2007 National Information Security Center (NISC)"

Similar presentations

New Direction of the Reform of the Statistical System in Japan Masahiro HORIE Professor, National Graduate Institute for Policy Studies Former Vice Minister,

New Direction of the Reform of the Statistical System in Japan Masahiro HORIE Professor, National Graduate Institute for Policy Studies Former Vice Minister,
MTEF BUDGET PROCESS – A TOOL FOR MAINSTREAMING MDGS

MTEF BUDGET PROCESS – A TOOL FOR MAINSTREAMING MDGS
STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Thailand National Focal Point for IFCS Chemical Safety Section Food and Drug Administration Ministry of Public Health July 2003.

Thailand National Focal Point for IFCS Chemical Safety Section Food and Drug Administration Ministry of Public Health July 2003.
Panel themes of the International Conference “Europe against Counterfeit Medicines” G.N. Gildeeva, Deputy head of the Department of Registration of Medicines.

Panel themes of the International Conference “Europe against Counterfeit Medicines” G.N. Gildeeva, Deputy head of the Department of Registration of Medicines.
Prospects for the Development Banking System—DBJ’s Case At ALIDE Annual Conference 2001 Kazuyuki Mori International Cooperation Department Development.

Prospects for the Development Banking System—DBJ’s Case At ALIDE Annual Conference 2001 Kazuyuki Mori International Cooperation Department Development.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
National Infrastructure Protection Plan

National Infrastructure Protection Plan
Toward Drastic Reform of Institutional Framework of the National Statistical System in Japan Akihiro Kimoto Director International Statistical Affairs.

Toward Drastic Reform of Institutional Framework of the National Statistical System in Japan Akihiro Kimoto Director International Statistical Affairs.
AGENCY FOR PREVENTION OF CORRUPTION AND COORDINATION OF FIGHT AGAINST CORRUPTION mr.sci. Vladica Babić - Assisstent.

AGENCY FOR PREVENTION OF CORRUPTION AND COORDINATION OF FIGHT AGAINST CORRUPTION mr.sci. Vladica Babić - Assisstent.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Speaker: Tamar Shapatava

Speaker: Tamar Shapatava
Mobile Technology And Cyber Security K. N. ATUAHENE Director, Domestic Trade and Distribution Ministry of Trade and Industry.

Mobile Technology And Cyber Security K. N. ATUAHENE Director, Domestic Trade and Distribution Ministry of Trade and Industry.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
PART FOUR – COMMERCIAL LEGISLATION in the UAE Legislative Structures affecting business in the UAE: An Overview Ch 16.

PART FOUR – COMMERCIAL LEGISLATION in the UAE Legislative Structures affecting business in the UAE: An Overview Ch 16.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Counter-Terrorism Implementation Task Force (CTITF) Open Briefing to Member States 27 July 2010 Conference Room 2 NLB.

Counter-Terrorism Implementation Task Force (CTITF) Open Briefing to Member States 27 July 2010 Conference Room 2 NLB.

Similar presentations

Ads by Google