We set basic way of thinking of information security countermeasures in the prefecture and policy, and Saga information security basic policy (we say "basic policy" as follows.) is intended that we maintain secrecy, integrity of information assets and availability.
The staff (we include the staff of a school, Administrative Staff and temporary worker.who develops network and information system, and applies basic policy or uses We say "the staff" as follows and apply about) and network and development of information system, company (we say "trustee" as follows.) which entrusted with duties such as operation and information assets.
Development of 3 countermeasures standards and conduct procedure
(1) As matter which should observe on carrying out information security countermeasures based on basic policy concretely and standard such as judgments "Saga information security countermeasures standard (say "countermeasures standard" as follows.) We shall devise "particularly.
(2) Based on basic policy and countermeasures standard (say "information security policy" as follows.), determined concrete procedures about individual information system; "Saga information security conduct procedure (include various procedures and manual. We say "conduct procedure" as follows.) We shall devise "particularly.
(3) Countermeasures standard and conduct procedure are serious for administrative administration of the prefecture by being released; because might affect, do with secrecy.
In the basic policy, signification of term listed in the following items depends on what to set of each issue concerned.
Communications network to connect computer (hardware and software) to mutually
(2) Information system
Structure to be comprised of computer, network, recording medium, and to handle duties
(3) Information assets
Annette work and information system
Information (information output to materiality such as electromagnetic record and paper) pertaining to development of inettowaku and information system and operation
Information (information output to materiality such as electromagnetic record and paper) to deal with in unettowaku and information system
(4) Information security
Maintain secrecy, integrity of information assets and availability.
Ensure that only permitted person can have the access to information as far as it was admitted.
Guarantee information and the disposal method being exact and that you are complete.
When permitted person is required, ensure that you can access information.
Duty such as 5 staff
The staff and trustee understand purpose of information security policy and must observe.
6 information security regimes
We shall establish regime to observe information security policy.
Classification of 7 information assets
We shall classify information assets depending on importance to carry out information security countermeasures.
Threat to 8 information assets
Threats assumed for information assets are as follows.
(1) Destruction, wiretapping, theft, manipulation, removal of information assets by invasion, unauthorized access of outsider
(2) Data leaks by terminal connection of destruction, wiretapping, theft, manipulation, removal by inappropriateness management of carrying out, erroneous operation of information assets by the staff or trustee, the certification information for access or password, intentional unauthorized access or illegal act and nonrecognition
(3) Computer virus, earthquake, thunderbolt, disasters such as fires and accident, administrative services by trouble and suspension of business
9 information security countermeasures
We shall lecture on the next information security countermeasures to protect information assets from 8 threats.
(1) Physical security countermeasures
We take physical measures to protect from unjust entrance to facility setting up information system, destruction of information assets, accidents such as theft and disaster.
(2) Human security countermeasures
We take necessary human measures so that we publicize authority and responsibility about information security and matter that you should observe to fate, the staff and trustee and are thorough, and enough education and enlightenment are performed.
(3) Technical security countermeasures
To protect information assets from unjust access appropriately, such as access control, network management to information assets take technical measures.
(4) Security countermeasures in operation
We take measures in management of information assets, grasp of the observance situation of information security policy and monitoring and operation such as crisis management countermeasures in Emergencies.
We carry out inspection regularly to confirm that information security is secured.
11 evaluations and review
We carry out review of basic policy, countermeasures standard and conduct procedure as needed to evaluate the situation of information security countermeasures by results of information security inspection, and to cope with turn of eventss to surround information security.
This basic policy takes effect on February 20, 2006.