Automatic Generating System of Information Security Policy

Abstract

Information is indispensable in any organization, and its security must be properly guaranteed. At present, information security in an organization includes not only confidentiality but also integrity and availability, and means a balance between them. Establishing an information security policy is effective as a means for that purpose, but it is considered to be a high hurdle for organizations such as SMEs, which have neither personnel nor financial leeway, to tackle it. We thought that a system to help establish information security policies was necessary, so we proposed a framework and tried to implement it in application programs. At present, the creation process of the basic policy by presenting the template and the creation of the organizational profile are implemented. In this paper, we propose a method to reflect the characteristics obtained from the organization profile not only in the basic policy but also in the following countermeasure standards and implement it in the application program. Keywords: security policy, information asset, ontology, generation system, SMEs