METI HOME > Information Policy HOME > Information Security   Information Security Information security is absolutely necessary for the development of advanced information-communication network society, and for the safe utilization of IT. However, the increase in damages caused by computer virus attacks and information leaks are posing threats on our IT society. “Comprehensive Strategy on Information Security,” which was established by the Industrial Structure Council’s Information Security Committee of METI (The Ministry of Economy, Trade and Industry) in October 2003, forms the base of the security countermeasures. The goal is to establish the “Highly Trusted Society” at the highest global standards through establishing a public-private partnership by cooperating with “Information-technology Promotion Agency, Japan” and “Japan Computer Emergency Response Team Coordination Center.” Contact / Office of IT Security Policy +83-3-3501-0397   Information Security Comprehensive Strategy Report Summary   Information-technology Promotion Agency, Japan   Japan Computer Emergency Response Team Coordination Center Activities by METI METI has developed the early-warning plan to minimize the computer damage through analyzing and publicizing the notified/observed data. The implementation of “Computer Virus and Illegal Access Notification Program” in 1990, and “Internet Fixed-Point Observation Program” in 2003 account for this development. However, recent computer viruses are becoming more and more powerful, and the spreading speed of the damage is now far beyond the manageable level of the users. With this situation in mind, the following topics were chosen as the target of the early-warning plan by METI: Software Products Vulnerability of the Web Applications. The planning and executing of the countermeasures were made possible through the public-private partnership. These led to the establishment of “Framework of Software Vulnerability Related Information Transfer (Information Security Early-Warning Partnership),” to prevent the computer damages from happening. The merit of this system is the utilization of the software/application vulnerability data found by the software users and producers. The data are quickly transferred to the software producers, while keeping its secrecy, and utilized for the prevention of information abuse (such as using those data to produce a computer virus). METI formulated “Software Vulnerability Related Information Handling Measures” in July 2004. This regulates the basic handling of the software/application vulnerability data, and rules of conduct of those people involved (founder, data receiving institution, coordination institution, software producers, website managers). The regulation specifies Information-technology Promotion Agency, Japan (IPA) as the data receiving institution, and Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) as the coordination institution to cooperate with software producers. This enables smooth and sophisticated operation of the system. Promotion of Systematic Information Security Countermeasures Internal factors (information leak from within) take a large portion of the information security accidents in companies, and thus, systematic countermeasures in companies are becoming very important. METI worked to popularize the information security auditing system and Conformity Assessment Scheme for Information Security Management Systems (ISMS). ISMS is a system that rates each company whether they maintain the systematic structure or not. Furthermore, in order to establish the information security governance, risk quantification methods are being studied, along with the promotion to increase the societal interest on the information security governance. The goal is to create a society with the market that appraises employers’ effort toward the information security.  LINK >> ISMS Promotion Office Information Security Department Japan Information Processing Development Corporation   Report of Research Group on Corporate Information Security Governance (Overview) (PDF file:100KB)   Development of Information Security Countermeasure Technology In order to have a safe and secured IT society, it is necessary to spread the use of safe IT products in the society. METI develops and utilizes the rating system for software technology, encoding technology, and IT products equipped with those technologies, to provide those leading-edge information security technology to the businesses. In addition to the technologies mentioned, METI is researching on resolving the problems regarding to the fundamental information security, and on developing more highly secured electronic authentication system for advanced secured identification.  LINK >> Japan Information Technology Security Evaluation and Certification Scheme（JISEC）  LINK >> Cryptography Research and Evaluation Committee (CRYPTREC)   Promotion of Information Security Countermeasures on the Fields of Power and Energy As the advanced information-communication network society develops at a tremendous speed, so as the dependency on the information system by the Japanese economic society. Threats of the IT damage not only pose a problem on the economy, but also on the fields of power and energy, which is one of the most important infrastructures of our society. METI is assuming that the Japanese power system information security will apply an international/industry standard multipurpose technology on the power supply regulation system, which results in providing lower distribution cost and interoperability. Since the field of power and energy is a very important infrastructure, a high level of reliability (stable and secured supply of power) must be secured by implementing these multipurpose technologies. METI is developing a model for the power supply regulation system, to prepare for unknown and inexperienced IT attacks. The development of the model system leads to the implementation of security rating system, and the research of the effect on the multipurpose regulation system by the security countermeasures. Page Top