Major Working Group Activity Results for FY2006

Information Security Ranking

Started activities aimed at publishing rankings of corporations based on information security in terms of information security governance structure, communication with stakeholders, information disclosure, social contribution, etc.

Vulnerability Quantification

Compiled data for the most recent two years, resulting in the publication of the “Fiscal 2006 Report on Studies toward Vulnerability Quantification.”

Web Application Security

Sponsored discussions related to the elements necessary for ensuring Web system safety, with the goal of creating Web system safety education content. The final deliverable from these activities is scheduled for completion during fiscal 2007.

Information Security Checksheet

Working on activities for creating a checksheet covering comprehensive information security measures which serves as guidelines for information security measures for small- and mid-sized businesses by evolving the “Personal Information Protection Measures Checksheet” created by the Personal Information Protection Measure Working Group for small- and mid-sized businesses.

Challenge PKI Project

The JNSA bid to conduct a “Basic Survey related to Improving Potential for IC/ID Card Interoperability” in response to a public call from the Information-technology Promotion Agency, Japan (IPA) was accepted. The JNSA accordingly conducted the research, which led to the results being published during the “IC/ID Card Interoperability Potential” technology seminar held on March 28, 2007. The third annual PKI Day event was held during June, where overall issues related to PKI were discussed.

CISSP-Government Information Security

Engaged in activities as the Japanese affiliate responsible for the Japanese language version of the CISSP offered by (ISC) 2. Wrote the official CISSP Government Information Security Certification Exam Guidebook. The guidebook was published on May 23, 2007 by ASCII Corporation under the title “CISSP Government Information Security Certification Exam Official Guidebook.” (600 pgs.)

Information Security Education Demonstration Experiment Project

Under this METI-sponsored project, the JNSA compiled information regarding security education in practice and educational materials creation (guide introducing curriculum examples and lectures; creation of class materials). The results of this project led to the launch of a new Security Lecture series at the Okayama University of Science, and the guide is expected to be adopted in other security lecture series planned by educational and other institutes around Japan.

Other Activities

・Secure Programming Working Group　
・Secure OS Promotion Working Group
・Honeypot Working Group
・Internal Controls Identity Management Working Group

Major Working Group Activity Results for FY2005

Security Accounting Guidelines

Taking the lead from the “Environmental Accounting” movement, the JNSA defined “Information Security Accounting,” creating the “Information Security Accounting Report – Toward Information Security Accounting Guidelines.” This whitepaper summarized a basic approach to information security accounting, serving as a mechanism to recognize, evaluate and communicate (disclose) initiatives at Japan’s corporations related to information security from an accounting perspective.

Secure System Development Guidelines

The JNSA created a β version of the “Web System Security Requirement Specification (RFP)” to be used as a sample when incorporating security measures into RFP (Request for Proposal) from clients.

Spyware Countermeasure Awareness Education

IT crimes using spyware (malicious programs) have made big headlines around the world. The JNSA has engaged in research of the definition and behavior of spyware, publishing a summary via the Internet. This information was made public in cooperation with the Information-technology Promotion Agency, Japan (IPA).

Malicious Program Survey

The JNSA categorized and classified malicious programs, creating “Malicious Program Countermeasure Guidelines Ver.2.0.” These guidelines are a compilation of easy-to-understand solutions, categorized by program type and attack route.

Participation in the IETF (Challenge PKI Project)

The JNSA conducted demonstration tests related to problems and issues encountered when using PKI. The JNSA conducted discussions through the offices of the IETF in 2001 related to interoperability tests incorporating nine CA servers, in 2002 related to PKI environment test suite development/ publication, in 2003 related to time stamp interoperability test suites, in 2004 related to problems of character encoding for certifications (UTF8 problem), and in 2005 related to the present state and likely future of PKI in Japan. Based on the outcome of this series of discussions, the JNSA will be participating in the multi-domain PKI RFC formulations at the IETF.

Information Security Education Recommendations

The JNSA conducted a survey related to information security education and certification standards in Japan, producing a roadmap for efficient information security education.

Security Market Research

As part of a METI-sponsored project, the JNSA conducted a market study, after which the group analyzed questionnaire results, and collected/ analyzed additional data for compilation into a final report.

Other Activities

・Approach to quantifying vulnerability
・Contents promoting awareness of Web application vulnerabilities, research into order processing guidelines, etc.
Research study of the state of information security in Japan’s small- and mid-sized companies subsequent to the formal enactment of the Personal Information Protection Act.

Major Working Group Activity Results for FY2004

IT Security Countermeasure Survey; adoption/ implementation status and related satisfaction levels

The JNSA conducted a questionnaire survey regarding (1) security initiatives, (2) information security governance entrenchment, and (3) adoption of security tools and/ or services to measure the actual state of IT security in Japan’s organizations. The same survey was conducted the following year to allow the JNSA to track changes over time.

Personal Information Protection Act Measures Security Practice Manual, 2005 Edition

The JNSA Seisaku Committee Personal Information Protection Act Guideline Working Group produced a manual in March 2005 on the occasion of the April 2005 enactment of the Personal Information Protection Act. This manual offers a detailed explanation of measures taken within Japanese corporate departments. The appendix to this manual includes pro-forma customer notifications, sample contracts for subcontractors, etc.

Skills Map Research Study and Textbook

Noting the difficulty in attracting the right personnel when attempting to recruit IT security technology specialists, the JNSA classified technology professional skills according to technical requirements, creating a radar chart useful when advertising for personnel and summarizing educational histories. The JNSA wrote and published an IT security textbook reflecting the categories in this skills map.

Major Working Group Activity Results for FY2003

・E-Government Information Security Interoperability Support Technical Development:GPKI Interoperability Framework
・Technology Survey Report related to Security API
・Information Security Skills Map Creation Research Study Report
・Standards/ Systems Reference Chart
・Survey Report - Timestamp Protocol Technologies
・E-Government Information Security Management Standards ver. 0.8

Major Working Group Activity Results for FY2002

・Security Incident Survey Report FY2002
・Challenge PKI 2002 Report
・E-Government Information Security Interoperability Support Technology Development PKI Interoperability Test Suite
・Verification Report regarding Internet VPN Usage in a Wireless Lan or Other Remote Access Environment
・Report on Wireless LAN Interconnectivity Experiments; Research Study related to Information Security Professional Education
・Content Security Guide Security Policy Samples ver. 0.92a and Policy Sample Practical Guide

Major Working Group Activity Results for FY2001

・Survey regarding PKI-related Interoperability IPSec edition
・Critical Points in ST Creation/ Host-based IDS Overview and Application
・PKI-related Interoperability Survey Report
・Information Security Policy Sample ver. 0.91
・Security Incident Damages Survey Report
・JNSA Action Agenda

Major Working Group Activity Results for FY2000

・IPSec Interconnectivity Test Report
・Sample Policy related to External Connectivity ver.0.9
・Documents related to Dynamic Defense