copyright © 2005 独立行政法人情報処理推進機構 avar 2005 – cyber security crimes,...

Copyright © 2005 独立行政法人情報処理推進機構　

AVAR 2005 　–　 Cyber Security Crimes, Symptoms and the Countermeasures

Trends in Information Security and Trends in Information Security and Countermeasures in JapanCountermeasures in Japan 　　

AVAR 2005November 18, 2005

Yasuko KannoYasuko Kanno

Researcher, IT Security CenterResearcher, IT Security Center

Information-Technology Promotion Agency , Japan (IPA)Information-Technology Promotion Agency , Japan (IPA)

2AVAR 2005–Trends in Information Security and Countermeasures in JapanCopyright © 2005 Information-technology Promotion Agency, Japan (IPA) 　

Today’s Agenda

1. Introducing IPA and IT Security CenterIT Security Center

2. Trend in information security in Japan a) Transition of cyber crimes b) Current status of computer virus c) Threat caused by vulnerabilities

3. Countermeasures Countermeasures for secure cyber society a) Transition of Countermeasures with some legal aspect b) Vulnerability information handling - Information security early warning partnership c) Information Security Governance d) Awareness, Training and Education


Introducing IPA

IPA: Information-technology Promotion Agency, JapanIPA: Information-technology Promotion Agency, Japan IPA was established originally as a Specially-Approved Corporation, based on the Law on Promotion of Information Processing (enacted May 22, 1970, Law No. 90). By amendments enacted on December 11, 2002(Law No. 144), IPA was reorganized to an Incorporated Administrative Agency dated January 5, 2004. Promoting the overall information policy that is responsible for the national information strategy from the field of software .

■Software Development Software Development to Promote the Utilization of IT Infrastructure Building for Open-Source Software Next-Generation Software Development Project IT SME Venture Support Project Credit Guarantee Facilities etc.

■Information Security Measures IT Security CenterMeasures Against Vulnerability, Viruses and Unauthorized Computer AccessIT Security Evaluation and Certification, Cryptography technology, Research and Study

■ Developing IT Human Resources IT Skill StandardsInformation Technology Engineers ExaminationExploratory Software ProjectSupporting the Development of Local IT Human Resources

■ Software Engineering Center Strengthening International Competitiveness of Software Industry 　　 Partnerships with International Institutions


Activity of IT Security CenterActivity of IT Security Center

IPA/ISEC IPA/ISEC ((Information-technology SEcurity Center)Mission: IT Security Enhancement in Japan

Establishment: January, 1997 Employees: Approx. 80 6 Groups

IPA/ISEC IPA/ISEC ((Information-technology SEcurity Center)Mission: IT Security Enhancement in Japan

Establishment: January, 1997 Employees: Approx. 80 6 Groups


2. Trend in information security in Japan a) Transition of cyber crimes b) Current status of computer virus c) Threat caused by vulnerabilities


0

2000

4000

6000

8000

10000

H13.3 H16.4

7,800Yen7,800Yen

2,500Yen2,500Yen

17 times users

17 times users

15 million users

15 million users

（円）

（円）

Costs dropped to 1/3

Costs dropped to 1/3

850,000 users

850,000 users

High-Speed Internet environment:

costs and users

2001.3 2004.4

Dissemination of IT and E-commerce development

Source: METI

Dissemination of IT

Source: METIhttp://www.meti.go.jp/policy/it_policy/statistics/outlook/ie_outlook.htm　

2001 2002 2003 2004

(Trillion yen)

(Trillion yen)

Transitions in B to B － EC Market Size

E-Commerce in Japan in 2004 B to B approx.102.7 trillion yen （ 33 ％ increase from the previous year, E-commerce Rate: 14.7 ％）　 B to C approx. 5.6 trillion yen 　（ 28 ％ increase, from the previous year, E-commerce Rate: 2.1 ％）　 C to C （ internet auction ） approx. 7,800 billion yen


2000 2002 2003 20042001

Breach of Unauthorized computer access lawCrime targeted Computer and electromagnetic-recordNetwork Abuse Crime

Source: NPA (National Police Agency)http://www.npa.go.jp/cyber/statics/h16/h16_22.html

Transition of numbers : Cyber crime related arrest


Cyber crime related arrest in 2004: 2,081 arrests

Breach of Unauthorized computer access law : 142 cases. Ca.7% One example; Using other person’s ID, password, exhibit fictitious goods for sale, swindle totally \9million from 76 bidder. (Feb, 2004)

Crime targeted Computer and electromagnetic-record : 55 cases. Ca.3% One example; Commited Unauthorized access into internet auction site, illegally transfer \5.1 million from other person’s account to his bank account under a false name. (Feb, 2004. Breach of unauthorized computer access law also.)

Network Abuse Crime: 1,884 arrested case. Ca.91% of all the arrested cases Many cases are fraud on the internet auction. One example; Exhibit PC for sale on the internet auction site, swindle totally \37million from 162 bidder. (Jan, 2004)

Source: NPA (National Police Agency) http://www.npa.go.jp/cyber/statics/h16/h16_22.html

Note: Under the network abuse crime, following crime are also included > Breach of the copyright law : 174 arrested case, 2times more than that of 2003 > Child prostitute, pornography : 455 arrested case, 1,4times more than that of 2003


OthersUnauthorized access, virusDefamation, slanderSpamSpread of harmful informationInternet auctionFraud

2000 2001 2002 2003 2004

Transition of numbers:Cyber crime related consulting service provided by NPA

Source: NPA (National Police Agency)


Transition of Cyber Crimes

“Tech Freaks” to “Propaganda” to “Fraud on Net”

Attacker’sAttacker’s ObjectivesObjectivesDamagesDamages

Viruses

Worms

BOTs

Phishing

Trojan Horses

ID Frauds

Loss of Data

Systems Compromise

Systems Down

Network Crash

Fun

BecomingSomeone Else

StealingGoods & Money

Web CompromisePolitical

Messaging

Business Halt

ID Theft

Monetary Damages

Fame In the Dark Side

Rea

l Dam

ages

Rea

l Dam

ages

Personalized Attack


Personalized attack to a internet banking user

The goods bought on your site was broken. Please replace it.Confirm the broken goods with the photo attached in this mail !

Internet shopping site owner

the criminal

Attached file:a spyware, not a photo

Swindle from a internet banking account using Spyware (July 2005)

A claim mail was sent to an owner of internet shopping site. The mail claimed that the goods was broken and request to replace it. When the owner opened the attached photo file to confirm the broken goods, there was no photos seen. At the very moment he opened the file a keylogger was installed in his PC. The keylogger collected data, sent the criminal ID and password of the owner’s internet banking account. Using this the criminal swindled ca. \5million yen form the owner’s account. (There are several similar cases)

Claim Mail

A man was arrestedon Nov 2005

A man was arrestedon Nov 2005


Transition in Numbers of Virus Reports by year

The number of virus reports in the year of 2005 is further exceeded than that of 2004.

(Source: http://www.ipa.go.jp/security/english/virus/press/200508/virus200508-e.html)


Computer virus reports (Aug 2005)

Number of Detected Virus Cases 3.37 Million (Aug, 2005)3.79 Million (Jul, 2005 ）

Number of reported virus cases4,470 (Aug, 2005)4,536 (Jul, 2005 ）

Virus detection: All the detected virusesReported number: Same type of virus reported in a same day from same user counted as one case, even if there are many viruses detected


Trend of Top 7 Viruses During Apr.04 –Sep. 05http://www.ipa.go.jp/security/english/virus/press/200509/virus2005-3Q.html

W32/Mytob which possesses bots functionality has been increasing. Now numbers reported for it is rightly after following the W32/Netsky’s.


The Trends of Computer Viruses

1. Viruses proliferate rapidly through massive mailings W32/Netsky spread rapidly using a mass-mailing method and abusing vulnerabilities. This virus grew to the highest (worst) numbers reported for it in the successive 20

months following March 2004. (Recently gradually decreasing)

2. Increasing threat of bots W32/Mytob which posses bots functionality has been increasing. Now numbers reported for it is rightly after following the W32/Netsky’s.

3. Virus increases which steals user's private information　　 or cause information leakage. Try to steal user’s private information by installing a backdoor, key logger, using phishing method, via P to P network (W32/Antinny abuse Winny network)

4. The tactics of viruses to fool users have become more crafty.

5. Many viruses abuse both mail functions and vulnerability.


The worst 10 Viruses Reported in Year 2004 and 2003

Name of Virus 2004 2003 AbuseMail

Function

AbuseVulnerabilities

W32/Netsky 15,895 - Yes Yes

W32/Bagle 4,838 - Yes Yes

W32/Mydoom 4,388 - Yes Yes

W32/Klez 3,498 4,538 Yes Yes

W32/Lovgate 2,569 165 Yes Yes

W32/Swen 1,776 1,673 Yes Yes

W32/Bugbear 1,727 1,602 Yes Yes

W32/Mimail 1,629 883 Yes Yes

W32/Zafi 1,557 - Yes Yes

VBS/Redlof 1,162 803 Yes Yes

Other Viruses 13,112 7,761

Total 52,151 17,425

Source: IPA – Computer Virus Annual Reports for 2004


Majority in client applications

4%

3%

3%

3%

12%

6% (5%)

8% (11%)

10% (9%) 13% (9%)

14% (14%)

24% (31%) Web Brouser

Mail Client SoftwreWeb Application Builder

GropuwareAnti Virus Software

System Admin SoftwareOperating System

SSL-VPN SoftwareReference System

Name Directory ServerOthers

Since initial acceptance of reporting :Jul, 2004 to Sep, 2005(Since initial acceptance of reporting :Jul, 2004 to Sep, 2005(under 77 reports) )

From vulnerability reports received by IPA:Software vulnerability by type

No.1 : Web browserNo.2 : Mail client softwareNo.3 : Web application builder



Vulnerability reports :Threat caused by software vulnerabilities

No.1 Threat :Execution of Voluntary Scripts : 24%No.2 Threat : Spoofing: 13%No.3 Threat : Leakage of Authentication Information: 12%

24%

13%

8%

8%

9%

10% 12%

5%

1%

3%

3%1%

1%1%1%

Execution of Voluntary Scripts - - 24%

Spoofing - - 13%

Leakage of Authentication Information - - 12%

Disabled Services - - 10%

Leakage of Information - - 9%

Application Ends in Anomaly State - - 8%

Access to Voluntary Files - - 8%

Execution of Voluntary Codes - - 5%

Depletion of Source - - 3%

Unavailable to Confirm Certificate - - 3%

Leakage of Information Setup - - 1%

Session High- J acking - - 1%

Alteration of Prices, etc. - - 1%

Unauthorized Communication Relay - - 1%

Execution of Voluntary Commands - - 1%


No.1 : Cross Site Scripting is the most serious issueNo.2 : SQL InjectionNo.3 : Unchecked path parameter


4%

1%

3%

3%

4%

6% (2%)

8% (10%)

42% (46%)

16% (8%)

1%2%

2%

2%

1%1% 1% 1%

1%1% Cross Site Scripting

SQL InjectionUnchecked Path ParameterImproper DNS Server ManagementHTTP Response SplitUnintended File DisclosureAlterable Price or other Values Defect in Session Management Directory TraversalEvadable Access ControlOpen ProxyImproperly changeable security settingsRelay of third party emailsInsecure use of HTTPSCross Site Request ForgeryImproper default apsswordSSI InjectionUnappropriate Error HandlingOthers

Vulnerability reports :Web application vulnerability by type


Vulnerability reports :Threat caused by web application vulnerabilities

Since initial acceptance of reporting :Jul 2004 to Sep 2005(Since initial acceptance of reporting :Jul 2004 to Sep 2005(under 357 reports) )

No.1 Threat : Leakage of cookie information: 26%No.2 Threat : Falsification or destruction of data: 20%No.3 Threat : Presentation of forged information on legitimate site: 15%

3.0%

2.0% 1.0%

2.0%

2.0%

4.0%

6.0%

1.0%

8.0%

10.0%

15.0%

20.0%

26.0%

Leakage of cookie information: 26%

Falsification or destruction of data: 20%

Presentation of forged information onlegitimate site: 15%Leakage of file in web server: 10%

Leakage of personal information: 8%

Insertion of false DNS information: 6%

Replacement of web cashe with falseinformation: 4%Lowering of uers' security levels: 3%

Stepping‐ stone: 2%

Unauthorized utilization of mail system:2%Spoofing : 2%

Leakage of server implementationinformation: 1%Others: 1%


Trends from unauthorized accesses report/ intrusion, phishing, fraud, malicious programs….

Unauthorized access abusing web application vulnerability

1. Web server hijacking Use as phishing site (Phishing sites which spoofs Japanese banks appears) 2. Unauthorized access to web server and installed virus, as the result, use

r download virus just browse the site. Temporary close the site 　 (May, 2005) 　　3. Password cracking to the SSH port, intrusion to the web server

　Many spywares, malicious programs and monetary damage

1. Spyware was installed, IDs and passwords for internet-banking stolen, the money was transferred to the other account.2. Spyware was installed when an image was downloaded from an adult site. Then the email address was stolen, and the demand emails for the payment are continually sent.


Some legal aspect over personal information leakage

Law for the Protection of Personal Information, prescribing the duties for the proper handling of personal information was enacted partially in 2003, and fully enacted on April 2005. Various incident reported on the TV and newspaper:

February 2004: Leakage of ca. 4.6 million pieces of client information from a large internet provider; it sent out \500 vouchers to all of those clients to express an apology. The cost of these vouchers sum up to about \4 billion.

March 2004: Leakage of ca. 300 thousand pieces of client information from a large mail-order house. The company apologized for causing such a big leakage case and temporarily stopped their business activities through TV, etc. The sales loss from this voluntarily restraint was estimated to be about \3 billion.

Causes of identity information leakage: some are identity Causes of identity information leakage: some are identity theft, some are mistakes or negligence of rules in house.theft, some are mistakes or negligence of rules in house.

The result can end up possible bankruptcy of the The result can end up possible bankruptcy of the company.company.The status of information security measures affects the reliability of companies


3. Countermeasures Countermeasures for secure cyber society a) Transition of Countermeasures with some legal aspect b) Vulnerability information handling - Information security early warning partnership c) Information Security Governance 　 d) Awareness, Training and Education


Transitions in purposes of information security countermeasures　 2-3 years ago ： Protect your own information （ Protection from Virus and Unauthorized accesses)

Present ： Compliance with the law Corporate Social Responsibility （ CSR ） , BCP 　 (The necessity for information security measures is being mentioned from the aspect of the proper risk management of companies. Various aspects: technical, organizational management, compliance, BCP...)

Transitions of countermeasures

Law for the Protection of Personal Information: enacted April 2005

Transitions in Attackers’ Objectives 1990s ： Script kiddie, Fame In the Dark Side, Fun　 2000 ～： Attacks Abusing Vulnerability, Damage in Large-scale　 2004 ～： Shifted to Economical and Political Purpose. Fraud, 　　　　　　　 Especially, monetary damages are outstanding recently.


Laws for Controlling Cyber Crimes: Prohibiting Unauthorized Computer Access Law, etc. Law Sustaining Smooth e-Business Transaction: Law for e-Signature Authentication, Law for e-Documentation Privacy Protection : Law for Protecting Personal Information Law for Copyright Protection Restrictive Measures against Unwanted Mails

ＩＴ

ユー

ザの

規模業務効率化

競争優位

2000 年

国家安全保障科学技術計算

安全・高信頼の稼動

商取引経済インフラ

社会・経済・国民生活の

ライフライン

専用システム大型・汎用機 C/S PC・インターネットユビキタス

政府

金融、運輸、エネルギー等

大企業

軍事機密の保護

重要インフラの可用性確保

企業システムの可用性確保

企業のネットワークセキュリティ

電子政府セキュリティ

安全な経済活動安心な社会生活

1950 年

Scales of IT U

sers

業務効率化競争優位

2000 年

国家安全保障科学技術計算

安全・高信頼の稼動

商取引経済インフラ

社会・経済・国民生活の

ライフライン

専用システム大型・汎用機 C/S PC・インターネットユビキタス

金融、運輸、エネルギー等

大企業

軍事機密の保護

重要インフラの可用性確保

企業システムの可用性確保

企業のネットワークセキュリティ

電子政府セキュリティ

安全な経済活動安心な社会生活

1950 年

Efficiency in BusinessAdvantageous in Competition

Yr. 2000

National SecurityScientific Technology Computation

Secured/Highly Confidentialin Operation

Business DealingsEconomic Infrastructure

Lifelines for Socially/Economical National Lives

Exclusive System Large/Versatile Machine C/S PCs/the Internet Ubiquitous

Government

Finances, Logistics, Energies, etc.

Large Enterprises

SMEs

IndividualRoles of Information Security

Directionality in Information Security

Protection of Confidential Military Information

Yr. 1950

Program Organization

Protection of Eletromagnetic Records (Amendment of Criminal Law: 1987)

Copyright Law (Automatic Public Transmission: 1997)

Law for e-Signature Certificatione-Certification/notary SystemLaw for Inhibiting Unauthorized Computer AccessLaw for IT Documentation Collection (2000)

Restrictive Measures against Unwanted Mails (Law for designated trading)e-contract law for consumersLiability law for providersLaw protecting personal informationLaw for e-documentationAmendments for the Act Against Unauthorized Competition (confidentiality in business)Official Personal Certification System

Shift in IT Society and Transition of Legal ResponsesShift in IT Society and Transition of Legal Responses

Source material by METI

Ensuring the Availability of Critical Infrastructure

Ensuring the Availability of Enterprise Systems

EnterpriseNetwork Security

E-GovernmentSecurity

Safe Economic ActivitiesSafe social Life


Changes in Information Security and IPA’s Response

1990

2000

2003

2004

2005

・ Spread of PCs・ Criminal display of ability for pleasure・ Restricted damage

・ Spread of the Internet・ Large scale damage・ Progress of attack information sharing

・ Exposure of software vulnerability・ Sophisticated virusesand worms

・ Economic motive　 (pretense, fraud)・ Progress of systematic and distributed attacks・ Advanced and multiple attacks

Report program of virus and unauthorized accessBy circulating damage reports,

expansion of damage is prevented.

Internet Observation System

Real time detection of disorder on the Internet

Enhancement of early warning partnership

Anti-Bot measures,Phishing measures conference

Vulnerability Information Handling

With secure circulation of vulnerability information

among experts, countermeasures are

supplied rapidly to users.

Causes are confirmed after damage. Restriction of damage.

Real time recognition and analysis of causes. Restriction of damage.Recognition of uses in advance. Suppression and restriction of damage.

Teamwork with ISPs.Suppression and restriction of damagewith overall measures.

1st stage

2nd stage

3rd stage

4th stage

Rapid and large scale infection and serious

damage with spread of the Internet

Floppy infection type virus

Bot

Phishing

Vulnerability toviruses and worms

Information scams for economic gain

Homepage manipulationDoS attack

E-mail attached virus

Spread of password decoding tool

Spyware

ThreatThreat PhenomenonPhenomenon AnalysisAnalysis IPA’s ResponseIPA’s Response

Intrusion into specific sites

Attack through systematic,

distributed and multiple methods

Easy acquisition of attacking tools on

the Internet

Crime for pleasureRestricted infection

Extensive infection through the Internet

Source: METISource: METI


Shift in Number for Virus Reports by Year

52,151

4,880

17,425

20,352

24,261

11,109

3,6452,0352,391

7556681,1278972535714

0

10,000

20,000

30,000

40,000

50,000

60,000

1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005

Netsky virus variants emerged over and over. Virus variants which exploit security holes emerged as well.

Viruses (MSBlaster, Welchia) exploiting security holes emerged and spread rapidly.

Viruses (Klez) exploiting security 　 holes 　 spread rapidly. 　 Viruses using Japanese 　 into subject 　 (Fbound) emerged. 　

Virus and Unauthorized Access Report Program

IPA was designated as the formal organization to receive reports on computer viruses and unauthorized access from throughout Japan by "The Computer Virus Prevention Guidelines" and "The Unauthorized Computer Access Prevention Guidelines".

Assessing the damage caused by computer viruses and unauthorized access

Monthly press release of information about reports and countermeasures

http://www.ipa.go.jp/security/index-e.html

◇ Virus & Unauthorized Access Countermeasures Group

Consulting [email protected]


0

5000

10000

15000

20000

25000

30000

35000

40000

45000

50000

Other1025(TCP)4899(TCP)137(UDP)Ping(ICMP)1433(TCP)1027(UDP)1026(UDP)139(TCP)445(TCP)135(TCP)

Transition of Transition of unwanted (one-sided) accessaccess numbers per port numbers per port (April to September, 2005)pril to September, 2005)

the Internet Monitoring System (TALOT2: Trend/Analysis/Logging/Observation/Tool)


65%

19%

4%

3%

3%

0%0%

2%2% 1%1%

J apanChinaKoreaUnited StatesHong KongTaiwanGermanySpainIndiaFranceOther

Percentage of Percentage of unwanted (one-sided) access per nationaccess per nation (April to September, 2005)pril to September, 2005)

the Internet Monitoring System


1. Promote vulnerability fixing effort by software developers and web owners2. Control untreated vulnerability information or inappropriate disclosure3. Prevent outage of critical systems and privacy information theft

1. Promote vulnerability fixing effort by software developers and web owners2. Control untreated vulnerability information or inappropriate disclosure3. Prevent outage of critical systems and privacy information theft

Effects:Effects:

Discoverer

Discoverer

　　　

　　　S

oftware

Softw

are D

eveloperD

eveloper

Report suspected

vulnerability

Coordi-nation

Evaluate reported

vulnerability

　　　　S

ystems Integrator

System

s Integrator

AnnounceVulnerability

andhow to fix

Reception Reception AgencyAgency

SPREADothers

IPAIPA

Release date fixing,

International cooperation

JPCERTJPCERT/CC/CC

CoordinationCoordinationAgencyAgency

UsersUsers

Government,Corporations,Consumers,

Web SiteWeb SiteOperatorOperator

Evaluate, Fix

Announce in case of

privacy theft

IPAIPAJPCERT/CCJPCERT/CC

Vul Info PortalVul Info Portal(JVN)(JVN)Forward

reported vulnerability

Report suspected

vulnerability Forward reported vulnerability

Software VulnerabilitiesSoftware Vulnerabilities

Web Site VulnerabilitiesWeb Site Vulnerabilities

Vulnerability Information Handling Program- Information Security Early Warning Partnership

Initiated by METI, Policy announcement in July, 2004


Partnership and Standards for Vulnerability Information Handling

Standards of Software Vulnerability

Information Handling （ METI notification ）

＜ Notified on 7th, Jul. ＞

・ Basic structure of vulnerability associated information・ Asking for requested roles of persons concerned

Guidelines for Information Security Early Warning Partnership

【 IPA,JPCERT/CC,JNSA,JEITA,JISA,JPSA 】

＜ Announced on 8th, Jul. ＞

Lines of the roles of persons concerned and industries concerned that participate in the system.

2. Promotion of Industry Participation 2. Promotion of Industry Participation

Guideline for Industry

Presentation of the way of dealing with vulnerability associated information at the practical level.

Guideline for Products Developer【 JEITA, JISA 】

In-company system, the person in charge, treatment of vulnerability associated information, , countermeasure methods announce and contacting system etc.

SpreadingImpacts

Guideline for Other Industries

Gov Pri

1. Supporting the Government and the Private Cooperation 1. Supporting the Government and the Private Cooperation

IPA JPCERT/CC (Japan Computer Emergency Response Team Coordination Center)JEITA (Japan Electronics and Information Technology Association)JISA (Japan Information Technology Services Industry Association)JPSA (Japan Personal Computer Software Association)JNSA (Japan Network Security Association)


Vulnerabilities Reported on Software Products

16

20

41(12)

17

29

12(1)

3

11

24 17(11)

4

6

0 10 20 30 40 50 60 70 80 90 100

Sep2005

J un2005

Mar2005

Publicezed In Process

Total 44

20

Not Vulnerable ReceptionDenied

Concluded 53(13)：

Total 62

40

Total 94 Vuls

Publicized Responding status against vulnerabilities being publicized in JVN

Not Vulnerable Determined as non-vulnerability by a product developer

Report not accepted As not within the framework of vulnerability information Handling Scheme

Since initial acceptance of reporting :Jul, 2004 to Sep, 2005 (Since initial acceptance of reporting :Jul, 2004 to Sep, 2005 (under 77 reports) )


Vulnerabilities Reported on Web pages

Corrected Vulnerability was repaired by the web owner: “Confirmed” : correction confirmed by the reporter

Not Vulnerable Determined as non-vulnerability by the web page owner

Workaround Vulnerability not repaired but covered at operation level

Communication Impossible Coordinator cannot reach the owner or operator of the vulnerable web site

Report not accepted As not within the framework of vulnerability information Handling Scheme

124

91

16

15

4

4

9

8

85

56

27

29

12

8

177(53)29

(13)612(3)

10231(4)

22(10)

0 50 100 150 200 250 300 350 400

Sep2005

J un2005

Mar2005

Corrected In Process

Total 211

118

Total379

153

Concluded 224(SQ'05:71)：

Total277

Confirmed 63 8（）

Not Vulnerable Workaround Page Deleted CommunicationImpossible

Reception Denied

Corrected13

Deleted 7

Uncorrected/ Unknown 11

Since initial acceptance of reporting :Jul 2004 to Sep 2005 (Since initial acceptance of reporting :Jul 2004 to Sep 2005 (under 357 reports) )


“JVN” Web Site for Vulnerability Information & Countermeasures Status

http://jvn.jp/


Information Security BenchmarkInformation Security Benchmark Self-Assessing Benchmarking Tool developed by IPA

25 questions in 5 categories such as;- Does your company provide and comply with Information Security Policy or Management Regulations?- Are critical documents and storing media appropriately controlled?- Is protection against malicious codes (virus and worms) implemented?

Part 1: Information Security: Countermeasures Scoring

Part 2: Classification of Business Nature and Social Impact 15 questions in following area; - Business Size, corporate profiles - Industry Classification - Business Impact to customer life, health, wealth and honor - Dependency on IT System - Percentage of critical information in operations

Your companies position can be checked on IPA web sitehttp://www.ipa.go.jp/security/benchmark/index.html


Self-Assessing Benchmarking Plotting by 2 Factor Scoring

Score

Volatility of Business Nature against Information Security + Significance of Social Involvement

X: Information Security is not immediately requisite

: Moderate level of Information Security is expected

: High level of Information Security is required

25 items for Information SecurityCountermeasures

15 items for-Corporate Profiles -Vulnerabilities on Business Configuration-Social Influence

XYou are You are herehere

Provides total scoring and recommended approaches

Provides total scoring and recommended approaches

40 Items for EvaluationYou will answer questions;


Awareness, Training and Education

Various information of countermeasures • Leaflet (countermeasures against Bots, Spyware)

• Anti-Virus School (CD-ROM)

• Anti-Virus Movie

• New Virus Information, Virus DB

• Investigation and report

Trends in information security, StatisticsBest Current Practice for IT users in Japan

• The seven basic anti-virus measures for PC Users

• The five instructions against spyware

• The Five Instructions When Opening Attachment Files

• The Dangers of Downloading

2 2 millionmillionss web page web page accesses accesses to IPA/ISEC peto IPA/ISEC per monthr month


Awareness, Training and EducationResearch and International CollaborationInformation Security Seminar• Every year• More than 15 locations across Japan• 2 day seminar, free of charge• 3 courses : Technical, Management and Basic• More than 3, 000 attendees

The Information Security Reader: 500 yen (approx. US$ 4.00) a must book for every computer user. Text book for basic course http://www.ipa.go.jp/security/publications/dokuhon/index.html

Various reports of research and investigation/survey 　　 http://www.ipa.go.jp/security/products/products.html

• Electronic Signature Laws, PKI Projects and Time Stamping Technology in the European Union and Germany (written in English)• Skill map for information security engineer (written in Japanese)• Survey on biometrics product’s accuracy evaluation (written in Japanese)

International collaboration with various countries


IIPA/ISEC Web page

　 Web site http://www.ipa.go.jp/security/index-e.html

Information about emergency countermeasures on Web site, when new virus or vulnerability are found.


IPA http://www.ipa.go.jp/

Email : [email protected]

2-28-8 HonKomagome, Bunkyo-ku,

Tokyo 113-6591 Japan

Yasuko KANNO

Researcher, Global Alliance GroupIT Security Center, IPA Japan

Contact Information

copyright © 2005 独立行政法人 情報処理推進機構 avar 2005 – cyber security crimes,...

Documents

copyright © 2005 独立行政法人情報処理推進機構 avar 2005 – cyber security crimes,...