« JIPDEC 外部委託におけるISMS適合性評価制度の活用ガイド | Main | Internal Control over Financial Reporting — Guidance for Small Public Companies »

2006.07.07

US Department of Homeland Security released "National Infrastructure Protection Plan 2006"

 こんにちは、丸山満彦です。米国Department of Homeland Security からNational Infrastructure Protection Plan (国家インフラ保護計画)が公表されていますね。

 
米国 国土安全保障省 Department of Homeland Security

・2006.07.06 DHS Completes National Infrastructure Protection Plan
National Infrastructure Protection Plan(国家インフラ保護計画)

●報告書
 ・全文 5.0MB
 ・・要約 0.3MB
 ・・本文(添付資料なし) 3.8MB

 そのほか、National Response Plan(国家対応計画)とNational Incident Management System(国家インシデントマネジメントシステム)についての報告書もありますね。。。
 
■参考
National Response Plan
 ●報告書
 ・全文 (2004.12) 4.0MB
 ・変更 (2006.05) 0.4MB
 ・リファレンス (2006.05) 0.3MB

National Incident Management System 2004.03.01
 ●報告書
 ・全文 (7.6MB)


日本は・・・
内閣官房 情報セキュリティセンター (NISC)
活動内容
・・重要インフラ対策チーム
・・・2006.02.02 重要インフラにおける情報セキュリティ確保に係る「安全基準等」策定にあたっての指針
・・・2005.12.13 重要インフラの情報セキュリティ対策に係る行動計画
・・・2005.09.15 重要インフラの情報セキュリティ対策に係る基本的考え方
・・・2005.04.22 IT戦略本部情報セキュリティ専門調査会情報セキュリティ基本問題委員会第2次提言


=====
National Infrastructure Protection Plan (国家インフラ保護計画)
=====
目次(要約)

1. Introduction
1.1 Purpose
1.2 Scope
1.3 Applicability
1.4 Threats to the Nation’s CI/KR
1.5 All-Hazards and CI/KR Protection
1.6 Planning Assumptions
1.7 Special Considerations
1.8 Achieving the Goal of the NIPP

2. Authorities, Roles, and Responsibilities
2.1 Authorities
2.2 Roles and Responsibilities

3. The Protection Program Strategy: Managing Risk
3.1 Set Security Goals
3.2 Identify Assets, Systems, Networks, and Functions
3.3 Assess Risks
3.4 Prioritize
3.5 Implement Protective Programs
3.6 Measure Effectiveness
3.7 Using Metrics and Performance Measurement for Continuous Improvemen

4. Organizing and Partnering for CI/KR Protection
4.1 Leadership and Coordination Mechanisms
4.2 Information Sharing: A Network Approach
4.3 Protection of Sensitive CI/KR Information
4.4 Privacy and Constitutional Freedom

5. Integrating CI/KR Protection as Part of the Homeland Security Mission
5.1 A Coordinated National Approach to the Homeland Security Mission
5.2 The CI/KR Protection Component of the Homeland Security Mission
5.3 Relationship of NIPP and SSPs to Other CI/KR Plans and Programs
5.4 CI/KR Protection and Incident Management

6. Ensuring an Effective, Efficient Program Over the Long Term
6.1 Building National Awareness
6.2 Enabling Education, Training, and Exercise Programs
6.3 Conducting Research and Development and Using Technology
6.4 Building, Protecting, and Maintaining Databases, Simulations, and Other Tools
6.5 Continuously Improving the NIPP and the SSPs

7. Providing Resources for the CI/KR Protection Program
7.1 The Risk-Based Resource Allocation Process
7.2 Federal Resource Allocation Process for DHS, the SSAs, and Other Federal Agencies
7.3 Federal Resources for State and Local Government Preparedness
7.4 Other Federal Grant Programs That Contribute to CI/KR Protection
7.5 Setting an Agenda in Collaboration With CI/KR Protection Security Partners

Appendixes
Appendix 1: Special Considerations
Appendix 2: Authorities, Roles, and Responsibilities
Appendix 3: Managing Risks
Appendix 4: Organizing and Partnering for CI/KR Protection: Existing Coordination Mechanisms
Appendix 5: Integrating CI/KR Protection as Part of the Homeland Security Mission
Appendix 6: Research and Development to Improve CI/KR Protection Capabilities

=====
【参考】このブログ
・2006.03.18 米国政府 情報セキュリティ通知簿2005 2
・2006.03.17 米国政府 情報セキュリティ通知簿2005
・2005.07.15 米 国土安全保障省 サイバーセキュリティ対応を強化
・2005.06.21 政府の情報セキュリティ機関
・2006.05.31 米国会計検査院 国土安全保障省はサイバーセキュリティに無防備と批判

|

« JIPDEC 外部委託におけるISMS適合性評価制度の活用ガイド | Main | Internal Control over Financial Reporting — Guidance for Small Public Companies »

Comments

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/64462/10822020

Listed below are links to weblogs that reference US Department of Homeland Security released "National Infrastructure Protection Plan 2006":

« JIPDEC 外部委託におけるISMS適合性評価制度の活用ガイド | Main | Internal Control over Financial Reporting — Guidance for Small Public Companies »