Senior Fitness - Exercise and Nutrition for Aging Men and Women
FREE Article Feed for your website.
Home Ownership Magazine
Party Planning Information
Article Marketing Resources
Bio-Medical Research Article Database
Informative Articles on Life, Love and Happiness
Tutorials on Business to Writing
Famous Quotes from Famous People
Song Lyric Information
New US Patent Information
Comprehensive List of Content by Category
Online Auctions and Shopping Related Articles
Article Search
Most Recent Articles
Title: 3D face authentication and recognition based on bilateral symmetry analysis
Patent Number: 7,436,988 Issued on 10/14/2008 to Zhang,   et al.

Title: Eye form classifying method, form classification map, and eye cosmetic treatment method
Patent Number: 7,436,987 Issued on 10/14/2008 to Takano,   et al.

Title: Positive patient identification
Patent Number: 7,436,986 Issued on 10/14/2008 to Caldwell

Title: Personal identity authentication process and system
Patent Number: 7,436,985 Issued on 10/14/2008 to Kittler

Title: Method and system for stabilizing video data
Patent Number: 7,436,984 Issued on 10/14/2008 to Auberger

Title: Image recognition apparatus and image recognition program
Patent Number: 7,436,983 Issued on 10/14/2008 to Miyamori

Title: Vehicle surroundings monitoring apparatus
Patent Number: 7,436,982 Issued on 10/14/2008 to Taniguchi,   et al.

Title: Apparatus and method for processing video data
Patent Number: 7,436,981 Issued on 10/14/2008 to Pace

Title: Graphical object models for detection and tracking
Patent Number: 7,436,980 Issued on 10/14/2008 to Sigal,   et al.

Title: Method and system for image processing
Patent Number: 7,436,979 Issued on 10/14/2008 to Bruce,   et al.

Title: System and method for applying watermarks
Patent Number: 7,436,978 Issued on 10/14/2008 to Wadhwa,   et al.

Title: Embedding variable watermark information in halftone screens
Patent Number: 7,436,977 Issued on 10/14/2008 to Wang,   et al.

Title: Digital watermarking systems and methods
Patent Number: 7,436,976 Issued on 10/14/2008 to Levy,   et al.

Title: Image reading apparatus, image reading method and image reading system
Patent Number: 7,436,975 Issued on 10/14/2008 to Shibata

Title: System and method for securing headphone transducers
Patent Number: 7,436,974 Issued on 10/14/2008 to Harper

Title: Structure for earphones with multiple sound tracks
Patent Number: 7,436,973 Issued on 10/14/2008 to Liao

Title: Folded coaxial transmission line loudspeaker
Patent Number: 7,436,972 Issued on 10/14/2008 to Bouvier

Title: Mixing signal-path setting apparatus and program
Patent Number: 7,436,971 Issued on 10/14/2008 to Terada,   et al.

Title: Multi-mode led indicators for recording devices
Patent Number: 7,436,970 Issued on 10/14/2008 to Mercs,   et al.

Title: Method and system for optimizing denoising parameters using compressibility
Patent Number: 7,436,969 Issued on 10/14/2008 to Seroussi,   et al.

Title: Adaptive noise reduction method and device
Patent Number: 7,436,968 Issued on 10/14/2008 to Ozawa

Title: Apparatus and method of limiting power applied to a loudspeaker
Patent Number: 7,436,967 Issued on 10/14/2008 to Neunaber

Title: Secure approach to send data from one system to another
Patent Number: 7,436,966 Issued on 10/14/2008 to Prashanth

Title: Optical out-of-band key distribution
Patent Number: 7,436,965 Issued on 10/14/2008 to Sherman

Title: Synchronization of encryption in a wireless communication system
Patent Number: 7,436,964 Issued on 10/14/2008 to Klingler,   et al.

Title: Process for generating codes for CDMA communications, system and computer program product therefor
Patent Number: 7,436,963 Issued on 10/14/2008 to Lo Iacono,   et al.

Title: Method and apparatus for providing secured communication connections using a secured communication connection object
Patent Number: 7,436,962 Issued on 10/14/2008 to Rodriguez,   et al.

Title: Sentinel synchronization method for enhancing QKD security
Patent Number: 7,436,961 Issued on 10/14/2008 to Mitchell,   et al.

Title: Data recording apparatus and recording method
Patent Number: 7,436,959 Issued on 10/14/2008 to Sako

Title: Method of distributed IPMP device messaging and carriage of rights in MPEG IPMP content
Patent Number: 7,436,958 Issued on 10/14/2008 to Ji,   et al.

Title: Audio cassette emulator with cryptographic media distribution control
Patent Number: 7,436,957 Issued on 10/14/2008 to Fischer,   et al.

Title: Document encryption
Patent Number: 7,436,956 Issued on 10/14/2008 to Banks

Title: Encrypting and decrypting a data stream
Patent Number: 7,436,955 Issued on 10/14/2008 to Yan,   et al.

Title: Security system with an intelligent DMA controller
Patent Number: 7,436,954 Issued on 10/14/2008 to Apostol, Jr.,   et al.

Title: Hacking prevention system
Patent Number: 7,436,953 Issued on 10/14/2008 to Halperin,   et al.

Title: Earset microphone
Patent Number: 7,436,952 Issued on 10/14/2008 to Darbut

Title: Portable interconnection system for incompatible audio communication networks
Patent Number: 7,436,951 Issued on 10/14/2008 to Pflasterer,   et al.

Title: Apparatus and method for real-time power distribution management
Patent Number: 7,436,950 Issued on 10/14/2008 to Chheda,   et al.

Title: Personal ring tone message indicator
Patent Number: 7,436,949 Issued on 10/14/2008 to Weiner

Title: Method and system for timed interaction with an interactive voice response
Patent Number: 7,436,948 Issued on 10/14/2008 to Thenthiruperai

Title: Method and apparatus for automatic notification and response based on communication flow expressions
Patent Number: 7,436,947 Issued on 10/14/2008 to Ordille,   et al.

Title: Reliable call progress indication for SIP
Patent Number: 7,436,946 Issued on 10/14/2008 to Peterson

Title: Rerouting ongoing telecommunications to a user
Patent Number: 7,436,945 Issued on 10/14/2008 to Agrawal,   et al.

Title: Repeating device
Patent Number: 7,436,944 Issued on 10/14/2008 to Yoshida,   et al.

Title: Method and apparatus for managing telephone number, and computer product
Patent Number: 7,436,943 Issued on 10/14/2008 to Oshika,   et al.

Title: System and method for charging in a communication network
Patent Number: 7,436,942 Issued on 10/14/2008 to Hakala,   et al.

Title: Plural-communication-line-containing apparatus, communication line naming program, communication line selection apparatus, and communication line selection program
Patent Number: 7,436,941 Issued on 10/14/2008 to Ohmori

Title: Methods and systems for enabling a reply call to voice mail message
Patent Number: 7,436,940 Issued on 10/14/2008 to Adamczyk,   et al.

Title: Method and system for consolidated message notification in a voice command platform
Patent Number: 7,436,939 Issued on 10/14/2008 to Packingham,   et al.

Title: Method of providing 911 service
Patent Number: 7,436,938 Issued on 10/14/2008 to Savaglio,   et al.

Title: Method and system for the police response dispatch protocol of an emergency dispatch system
Patent Number: 7,436,937 Issued on 10/14/2008 to Clawson

Title: VoIP call through tester
Patent Number: 7,436,936 Issued on 10/14/2008 to Terpstra,   et al.

Title: Qualifying telephone lines for data transmission
Patent Number: 7,436,935 Issued on 10/14/2008 to Faulkner

Title: Reception apparatus and method, and channel response measurement apparatus for receiving an orthogonal frequency divisional multiplexing signal
Patent Number: 7,436,759 Issued on 10/14/2008 to Hayashi,   et al.

Title: Apparatus and method for transmitting/receiving pilot pattern set to distinguish base station in orthogonal frequency division multiplexing (OFDM) communication system
Patent Number: 7,436,758 Issued on 10/14/2008 to Suh,   et al.

Title: Scattered pilot and filtering for channel estimation
Patent Number: 7,436,757 Issued on 10/14/2008 to Wilson,   et al.

Title: Record carrier and apparatus enabling seamless playback
Patent Number: 7,436,756 Issued on 10/14/2008 to Bernsen

Title: Optical information recording medium, recording and reproduction methods using the same, optical information recording device, and optical information reproduction device
Patent Number: 7,436,755 Issued on 10/14/2008 to Takamori,   et al.

Title: Information-recording medium and method
Patent Number: 7,436,754 Issued on 10/14/2008 to Kojima,   et al.

Title: Contact probe storage FET sensor
Patent Number: 7,436,753 Issued on 10/14/2008 to Mejia,   et al.

Title: Method and apparatus for signal equalization in a light storage system
Patent Number: 7,436,752 Issued on 10/14/2008 to He

Title: Disposable article with containment structure
Patent Number: 6,790,202 Issued on 09/14/2004 to Klemp,   et al.

Title: Method and apparatus for securing a computer-based game of chance
Patent Number: 6,790,139 Issued on 09/14/2004 to Walker,   et al.

Title: Compensation for power variation along patient cables
Patent Number: 6,790,206 Issued on 09/14/2004 to Panescu

Title: Methods and apparatus for recirculating air in a controlled ventilated environment
Patent Number: 6,790,136 Issued on 09/14/2004 to Sharp,   et al.

Title: Method and device for transventricular mechanical circulatory support
Patent Number: 6,790,171 Issued on 09/14/2004 to Grundeman,   et al.

Title: Gaming system with individualized centrally generated random number generator seeds
Patent Number: 6,790,143 Issued on 09/14/2004 to Crumby

Title: Adjustable striking bag training apparatus
Patent Number: 6,790,167 Issued on 09/14/2004 to Carlin,   et al.

Title: Flexible shaft plug insert
Patent Number: 6,790,144 Issued on 09/14/2004 to Talesky

Title: Implantable prosthesis
Patent Number: 6,790,213 Issued on 09/14/2004 to Cherok,   et al.

Title: Apparatus for controlling vehicle drive system including engine with turbocharger, and lock-up clutch
Patent Number: 6,790,158 Issued on 09/14/2004 to Tabata

Title: On-vehicle display device
Patent Number: 6,795,757 Issued on 09/21/2004 to Sadahiro

Title: Fixing device controlling method, fixing device, and image forming apparatus for forming fixed images of desired glossiness
Patent Number: 6,795,681 Issued on 09/21/2004 to Onodera,   et al.

Title: Developer regulating member and developing apparatus including the same
Patent Number: 6,795,672 Issued on 09/21/2004 to Yamamoto,   et al.

Title: Safety syringe for taking blood
Patent Number: 6,911,021 Issued on 06/28/2005 to Yang,   et al.

Information security policy evaluation system and method of controlling the same Number:7,415,728 from the United States Patent and Trademark Office (PTO) owispatent

Home    Author Login    Submit Article    Article Search    Add Your Link    Edit Your Link    Contact Us    Advertising    Disclaimer

   

 
Web LinkGrinder.com

Top Breaking News
     Greek, Cypriot Leaders Resume Unification Talks in Nicosia by Nathan Morley
     Indonesia Tobacco Sales Grow, Raising Health Fears
     South Korea Allows Top Defector to Travel Overseas by VOA News

Title: Information security policy evaluation system and method of controlling the same

Abstract: In order to provide an information security policy evaluation system in which information security policies can be efficiently and appropriately defined and operated in an organization, such as a corporation, treated threats operated on a second site are transmitted from a second information processing apparatus on the second site to a first information processing apparatus on a first site, threat information is transmitted from a third site collecting information on threats to the first information processing apparatus on the first site. The first information processing apparatus extracts treated threats which have been effective for threats having occurred actually, and untreated threats, out of the received treated threat and generates an evaluation report in which these are described. Moreover, a compensation amount of insurance against threats is changed based on the generated evaluation report.

Patent Number: 7,415,728 Issued on 08/19/2008 to Morohashi,   et al.

Inventors: Morohashi; Masayuki (Fujisawa, JP), Nagai; Yasuhiko (Tokyo, JP), Aiba; Ritsuko (Tokyo, JP)
Assignee: Hitachi, Ltd. (Tokyo, JP)
Appl. No.: 10/817,054
Filed: April 2, 2004

Foreign Application Priority Data
Oct 01, 2003 [JP] 2003-343480

Current U.S. Class: 726/25 ; 705/4
Current International Class: G06Q 40/00 (20060101); G06F 15/18 (20060101)
Field of Search: 705/4 726/25

References Cited [Referenced By]
U.S. Patent Documents
5621889 April 1997 Lermuzeaux et al.
6240530 May 2001 Togawa
6279113 August 2001 Vaidya
6711127 March 2004 Gorman et al.
6785732 August 2004 Bates et al.
6910135 June 2005 Grainger
7159237 January 2007 Schneier et al.
2002/0040306 April 2002 Sugiyama et al.
2002/0078381 June 2002 Farley et al.
2002/0095317 July 2002 McCabe
2003/0097409 May 2003 Tsai
2004/0006704 January 2004 Dahlstrom et al.
2005/0022021 January 2005 Bardsley et al.
Foreign Patent Documents
2002-288371 Oct., 2002 JP
Primary Examiner: Heneghan; Matthew
Attorney, Agent or Firm: Townsend and Townsend and Crew LLP
Claims


We claim:

1. An information security policy evaluation system comprising: a first information processing apparatus located at a first site; a second information processing apparatus located at a second site; a third information processing apparatus located at a third site; and a fourth information processing apparatus located at a fourth site, the first to fourth information processing apparatuses in data communication with each other, wherein the second information processing apparatus having a treated threat data storage section for storing treated threat data, the treated threat data being data indicating a threat which can be countered by an information security policy operating at the second site, the third information processing apparatus having a threat data storage section for storing threat data which is data indicating a previous occurrence of a threat, and a loss amount data storage section for storing loss amount data, the loss amount data being data which indicates, for each piece of the threat data, a magnitude of a loss occurring in a case where damage is suffered due to a threat, the second information processing apparatus having a treated threat data transmission section for transmitting the treated threat data to the first information processing apparatus, the third information processing apparatus having a threat data transmission section for attaching the loss amount data to the threat data and transmitting the threat data to the first information processing apparatus, the first information processing apparatus having a treated threat data reception section for receiving the treated threat data and a threat data reception section for receiving the loss amount data as well as the threat data, the first information processing apparatus having a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and the treated threat data, and a loss amount data storage section for storing the received loss amount data, the first information processing apparatus having an effective treated threat data extraction section for extracting a piece of treated threat data to which there is a piece of threat data corresponding in the threat data received by the threat data reception section, out of the treated threat data received by the treated threat data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted treated threat data is described, the fourth information processing apparatus having a compensation amount storage section for storing a compensation amount of insurance which an organization operating the second site has taken out and which compensates a loss occurring in a case where damage due to a threat is suffered, the first information processing apparatus having an evaluation data transmission section for transmitting the evaluation data generated by the evaluation data generation section to the fourth information processing apparatus, the fourth information processing apparatus having an evaluation data reception section for receiving the evaluation data, the fourth information processing apparatus having a compensation amount setting section for resetting the stored compensation amount to the compensation amount determined in accordance with the evaluation data received by the evaluation data reception section.

2. The information security policy evaluation system according to claim 1 wherein the loss amount data storing section of the third information processing apparatus stores a monetary damage amount indicating, for said each piece of the threat data, a magnitude of a loss occurring in a case where damage is suffered due to a threat.

3. The information security policy evaluation system according to claim 1, wherein the first information processing apparatus has a loss amount data storage section for storing loss amount data, the loss amount data being data which indicates, for said each piece of the threat data, a magnitude of a loss occurring in a case where damage is suffered due to a threat, and the evaluation data generation section has a consideration priority sort section for generating the evaluation data in which the threat data extracted by the untreated threat data extraction section is sorted and described in descending order of the loss amount data.

4. The information security policy evaluation system according to claim 1, wherein the threat data transmission section of the third information processing apparatus attaches the loss amount data to the threat data and transmits the loss amount data to the first information processing apparatus, the threat data reception section of the first information processing apparatus receives the loss amount data as well as the threat data, and the loss amount data storage section of the first information processing apparatus stores the received loss amount data.

5. The information security policy evaluation system according to claim 1 wherein the third information processing apparatus has a threat data update section for updating the threat data and the threat data transmission section transmits the updated threat data to the first information processing apparatus in a case where the threat data has been updated by the threat data update section.

6. An information security policy evaluation system comprising: a first information processing apparatus located at a first site; a second information processing apparatus located at a second site; and a third information processing apparatus located at a third site, a fourth information processing apparatus located at a fourth site, the first to fourth information processing apparatuses in data communication with each other, wherein: the second information processing apparatus has a treated threat data storage section for storing treated threat data, the treated threat data being data indicating a threat which an information security policy operated on the second site can counter, the third information processing apparatus has a threat data storage section for storing threat data which is data indicating a threat having occurred in a past, and a loss amount data storage section for storing loss amount data, the loss amount data being data which indicates, for each piece of the threat data, a magnitude of a loss occurring in a case where damage is suffered due to a threat, the second information processing apparatus has a treated threat data transmission section for transmitting the treated threat data to the first information processing apparatus, the third information processing apparatus has a threat data transmission section for attaching the loss amount data to the threat data and transmitting the threat data to the first information processing apparatus, the first information processing apparatus has a treated threat data reception section for receiving the treated threat data and a threat data reception section for receiving the loss amount data as well as the threat data, the first information processing apparatus has a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and the treated threat data, and a loss amount data storage section for storing the received loss amount data, the first information processing apparatus has an untreated threat data extraction section for extracting a piece of threat data to which there is no piece of treated threat data corresponding in the treated threat data received by the treated threat data reception section, out of the threat data received by the threat data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted threat data is described, the fourth information processing apparatus has a compensation amount storage section for storing a compensation amount of insurance which an organization operating the second site has taken out and which compensates a loss occurring in a case where damage due to a threat is suffered, the first information processing apparatus has an evaluation data transmission section for transmitting the evaluation data generated by the evaluation data generation section to the fourth information processing apparatus, the fourth information processing apparatus has an evaluation data reception section for receiving the evaluation data, and the fourth information processing apparatus has a compensation amount setting section for resetting the stored compensation amount to the compensation amount determined in accordance with the evaluation data received by the evaluation data reception section.

7. The information security policy evaluation system according to claim 6 wherein the loss amount data storing section of the third information processing apparatus stores a monetary damage amount indicating, for said each piece of the threat data, a magnitude of a loss occurring in a case where damage is suffered due to a threat.

8. The information security policy evaluation system according to claim 6 wherein the third information processing apparatus has a threat data update section for updating the threat data and, the threat data transmission section transmits the updated threat data to the first information processing apparatus in a case where the threat data has been updated by the threat data update section.

9. An information security policy evaluation system comprising: a first information processing apparatus located at a first site; a second information processing apparatus located at a second site; and a third information processing apparatus located at a third site, the first to third information processing apparatuses being capable of communicating with each other, wherein the second information processing apparatus has a policy data storage section for storing policy data which is data indicating an information about a security policy operated on the second site, wherein the third information processing apparatus has a threat data storage section for storing threat data which is data indicating a threat having occurred in a past, wherein the second information processing apparatus has a policy data transmission section for transmitting the policy data to the first information processing apparatus, wherein the third information processing apparatus has a threat data transmission section for transmitting the threat data to the first information processing apparatus, wherein the first information processing apparatus has a policy data reception section for receiving the policy data and a threat data reception section for receiving the threat data, wherein the first information processing apparatus has a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and policy data indicating an effective information security policy against a threat indicated by the threat data, and wherein the first information processing apparatus has an effective policy data extraction section for extracting a piece of policy data to which there is a piece of threat data corresponding in the threat data received by the threat data reception section, out of the policy data received by the policy data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted policy data is described.

10. An information security policy evaluation system comprising: a first information processing apparatus located on a first site; a second information processing apparatus located on a second site; and a third information processing apparatus located on a third site, the first to third information processing apparatuses being capable of communicating with each other, wherein the second information processing apparatus has a policy data storage section for storing policy data which is data indicating an information about a security policy operated on the second site, the third information processing apparatus has a threat data storage section for storing threat data which is data indicating a threat having occurred in a past, the second information processing apparatus has a policy data transmission section for transmitting the policy data to the first information processing apparatus, the third information processing apparatus has a threat data transmission section for transmitting the threat data to the first information processing apparatus, the first information processing apparatus has a policy data reception section for receiving the policy data and a threat data reception section for receiving the threat data, the first information processing apparatus has a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and policy data indicating an effective information security policy against a threat indicated by the threat data, and the first information processing apparatus has an untreated threat data extraction section for extracting a piece of threat data to which there is no piece of policy data corresponding in the policy data received by the policy data reception section, out of the threat data received by the threat data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted threat data is described.

11. A method of controlling an information security policy evaluation system having a first information processing apparatus located on a first site, a second information processing apparatus located on a second site, a third information processing apparatus located on a third site, a fourth information processing apparatus located on a fourth site, the first to fourth information processing apparatuses being capable of communicating with each other, the method comprising: the second information processing apparatus storing treated threat data, the treated threat data being data indicating a threat which an information security policy operated on the second site can counter, the third information processing apparatus storing threat data which is data indicating a threat having occurred in a past and loss amount data, the loss amount data being data which indicates, for each piece of the threat data, a magnitude of a loss occurring in a case where damage is suffered due to a threat, the second information processing apparatus transmitting the treated threat data to the first information processing apparatus, the third information processing apparatus attaching the loss amount data to the threat data and transmitting the threat data to the first information processing apparatus, the first information processing apparatus receiving the treated threat data, the threat data, and the loss amount data as well as the threat data, the first information processing apparatus storing correspondence data which is data indicating correspondence between the threat data and the treated threat data, and the received loss amount data, the first information processing apparatus extracting a piece of treated threat data to which there is a piece of threat data corresponding in the received threat data, out of the received treated threat data based on the correspondence data, and generating evaluation data in which the extracted treated threat data is described, the fourth information processing apparatus storing a compensation amount of insurance which an organization operating the second site has taken out and which compensates a loss occurring in a case where damage due to a threat is suffered, the first information processing apparatus transmitting the evaluation data generated by the evaluation data generation section to the fourth information processing apparatus, the fourth information processing apparatus receiving the evaluation data and resetting the stored compensation amount to the compensation amount determined in accordance with the evaluation data received by the evaluation data reception section.

12. A method of controlling an information security policy evaluation system having a first information processing apparatus located on a first site, a second information processing apparatus located on a second site, a third information processing apparatus located on a third site, a fourth information processing apparatus located on a fourth site, the first to fourth information processing apparatuses being capable of communicating with each other, the method comprising: the second information processing apparatus storing treated threat data, the treated threat data being data indicating a threat which an information security policy operated on the second site can counter, the third information processing apparatus storing threat data which is data indicating a threat having occurred in a past and loss amount data, the loss amount data being data which indicates, for each piece of the threat data, a magnitude of a loss occurring in a case where damage is suffered due to a threat, the second information processing apparatus transmitting the treated threat data to the first information processing apparatus, the third information processing apparatus attaching the loss amount data to the threat data and transmitting the threat data to the first information processing apparatus, the first information processing apparatus receiving the treated threat data and the loss amount data as well as the threat data, the first information processing apparatus storing correspondence data which is data indicating correspondence between the threat data and the treated threat data and the received loss amount data the first information processing apparatus extracting a piece of threat data to which there is no piece of treated threat data corresponding in the received treated threat data, out of the received threat data based on the correspondence data, and generating evaluation data in which the extracted threat data is described, the fourth information processing apparatus storing a compensation amount of insurance which an organization operating the second site has taken out and which compensates a loss occurring in a case where damage due to a threat is suffered, the first information processing apparatus transmitting the evaluation data generated by the evaluation data generation section to the fourth information processing apparatus, the fourth information processing apparatus receiving the evaluation data and resetting the stored compensation amount to the compensation amount determined in accordance with the evaluation data received by the evaluation data reception section.
Description


CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority based on a Japanese patent application, No. 2003-343480 filed on Oct. 1, 2003, the entire contents of which are incorporated herein by reference.

BACKGROUND OF THE INVENTION

The present invention relates to an information security policy evaluation system and a method of controlling the same. In particular, the present invention relates to technologies for efficiently and appropriately defining and operating information security policies in an organization such as a corporation.

With the advances of IT related industries, threats for information processing systems have become problems. In organizations, such as corporations, countermeasures against these threats are being advanced. Organizations promoting information security management which is compliant with BS7799 (British information security management standard) are increasing. The information security management system (ISMS) conformity assessment scheme and the like promoted by the Japan Information Processing Development Corporation (JIPDEC) are drawing attention, and information security policies have come to be defined and operated in many organizations.

SUMMARY OF THE INVENTION

The effectiveness of information security policies defined and operated in organizations, such as corporations, is judged based on information grasped when the information security policies have been defined. Accordingly, it is impossible to know whether information security policies already defined and operated will be necessarily effective in the future. This is because the types and contents of threats affecting information processing systems are constantly changing with the advance in technology and the change in physical and human environments surrounding the information processing systems. Therefore, organizations, such as corporations, have to evaluate or review the validity of defined and operated information security policies as needed. Here, in order to appropriately perform such evaluation and review, the collection of information on threats including information on unauthorized access having occurred in the past on communication networks needs to be performed, and a wealth of knowledge and experience in information security is also required.

However, collecting information on threats and maintaining a technical level required to perform evaluation and review by organizations themselves, such as corporations, are heavy burdens to the organizations. Moreover, in the case where an organization, such as a corporation, performs evaluation and review by itself, objectivity is lost, and appropriate judgment may not be made.

In Japanese Laid Open Patent Publication No. 2002-288371, a maintenance fee and premium setting system is disclosed in which a user of mechanical equipment can reduce the payment of a maintenance fee and a premium depending on the maintenance of the mechanical equipment, in which a maker can reduce the payment of maintenance costs, and in which an insurance company can reduce the payment of insurance. In this technology, a maintenance evaluation system obtains maintenance information on the mechanical equipment through a communication line, and determines the maintenance fee based on a maintenance contract and the maintenance information. Here, in order to evaluate or review the validity of information security policies, the effectiveness of countermeasures already taken and missing countermeasures need to be grasped. However, in the technology described in the Japanese Laid Open Patent Publication No. 2002-288371, missing countermeasures can be grasped, but it is impossible to know the worth and effectiveness of countermeasures already taken.

The present invention has been accomplished in light of the above background. An object of the present invention is to provide an information security policy evaluation system in which information security policies can be efficiently and appropriately defined and operated in an organization such as a corporation.

One major invention of the present invention for achieving the above object is an information security policy evaluation system including a first information processing apparatus located on a first site, a second information processing apparatus located on a second site, and a third information processing apparatus located on a third site. The first to third information processing apparatuses are capable of communicating with each other. The second information processing apparatus has a treated threat data storage section for storing treated threat data. The treated threat data is data indicating a threat which an information security policy operated on the second site can counter. The third information processing apparatus has a threat data storage section for storing threat data which is data indicating a threat having occurred in a past. The second information processing apparatus has a treated threat data transmission section for transmitting the treated threat data to the first information processing apparatus. The third information processing apparatus has a threat data transmission section for transmitting the threat data to the first information processing apparatus. The first information processing apparatus has a treated threat data reception section for receiving the treated threat data and a threat data reception section for receiving the threat data. The first information processing apparatus has a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and the treated threat data. The first information processing apparatus has an effective treated threat data extraction section for extracting a piece of treated threat data to which there is a piece of threat data corresponding in the threat data received by the threat data reception section, out of the treated threat data received by the treated threat data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted treated threat data is described.

The second site is, for example, a site of a customer who requests the evaluation of the information security policy. The third site is, for example, a site of a threat information provider who provides threat information. The threat information provider is collecting information on threats and providing the information. The first site is, for example, a site of an evaluator who evaluates the information security policy operated on the second site in compliance with a request from the customer.

According to the present invention, the first information processing apparatus extracts a piece of treated threat data to which there is a piece of threat data corresponding in the threat data received by the threat data reception section, out of the treated threat data received by the treated threat data reception section, based on the correspondence data, and generates evaluation data in which the extracted treated threat data is described. Here, the information security policy indicated by the treated threat data described in this evaluation data is an information security policy which has been effective against a threat having occurred actually. Therefore, the validity of the information security policy defined and operated on the second site can be evaluated based on the evaluation data. Thus, the evaluation data indicating the validity of the information security policy on the second site is created on the first site, whereby an organization, such as a corporation, operating the second site does not need to collect information on threats by itself in order to evaluate and review the information security policy defined and operated by itself, and is released from management load of maintaining a technical level required to evaluate and review the information security policy. Therefore, in the organization operating the second site, the evaluation and review of the information security policy can be efficiently performed. Moreover, unlike a report which simply points out untreated threats, in the evaluation report of the invention, the evaluation of effect, worth, effectiveness, and the like of the information security policy which has been already operated is described. Therefore, the evaluation report becomes a useful material which motivates the top management (the president, executives including an information security executive, and the like) and members (employees and the like) of the organization to understand the effect, worth, effectiveness, and the like of the information security policy and obey the information security policy. Utilizing the evaluation report expedites the smooth operation of information security management in the organization. Furthermore, since the information security policy is evaluated and reviewed based on data which is transmitted from the third information processing apparatus and which indicates threats having occurred in the past, objective evaluation is performed, and the information security policy defined and operated on the second site can be appropriately evaluated and reviewed.

Another major aspect of the present invention is an information security policy evaluation system including a first information processing apparatus located on a first site, a second information processing apparatus located on a second site, and a third information processing apparatus located on a third site. The first to third information processing apparatuses are capable of communicating with each other. The second information processing apparatus has a treated threat data storage section for storing treated threat data. The treated threat data is data indicating a threat which an information security policy operated on the second site can counter. The third information processing apparatus has a threat data storage section for storing threat data which is data indicating a threat having occurred in a past. The second information processing apparatus has a treated threat data transmission section for transmitting the treated threat data to the first information processing apparatus. The third information processing apparatus has a threat data transmission section for transmitting the threat data to the first information processing apparatus. The first information processing apparatus has a treated threat data reception section for receiving the treated threat data and a threat data reception section for receiving the threat data. The first information processing apparatus has a correspondence data storage section for storing correspondence data which is data indicating correspondence between the threat data and the treated threat data. The first information processing apparatus has an untreated threat data extraction section for extracting a piece of threat data to which there is no piece of treated threat data corresponding in the treated threat data received by the treated threat data reception section, out of the threat data received by the threat data reception section, based on the correspondence data, and an evaluation data generation section for generating evaluation data in which the extracted threat data is described.

According to the present invention, the first information processing apparatus extracts a piece of threat data to which there is no piece of treated threat data corresponding in the treated threat data received by the treated threat data reception section, out of the threat data received by the threat data reception section, based on the correspondence data, and generates evaluation data in which the extracted threat data is described.

Here, a threat indicated by the threat data described in this evaluation data is a threat having occurred actually, and a threat for which any effective information security policy has not been operated on the second site. Therefore, on the second site, this evaluation data is used as, for example, information indicating a threat which should be preferentially treated at the next time when the information security policy will be revised. Thus, the evaluation data indicating a missing information security policy on the second site is automatically created on the first site, whereby an organization, such as a corporation, operating the second site does not need to collect information on threats by itself in order to evaluate and review the information security policy defined and operated by itself, and is released from management load of maintaining a technical level required to evaluate and review the information security policy. Therefore, in the organization operating the second site, the evaluation and review of the information security policy can be efficiently performed. Moreover, unlike a report which simply points out untreated threats, in the evaluation report of the invention, the evaluation of effect, worth, effectiveness, and the like of the information security policy which has been already operated is described. Therefore, the evaluation report becomes a useful material which motivates the top management (the president, executives including an information security executive, and the like) and members (employees and the like) of the organization to understand the effect, worth, effectiveness, and the like of the information security policy and obey the information security policy. Utilizing the evaluation report expedites the smooth operation of information security management in the organization. Furthermore, since the information security policy is evaluated and reviewed based on data which is transmitted from the third information processing apparatus and which indicates threats having occurred in the past, objective evaluation is performed, and the information security policy defined and operated on the second site can be appropriately evaluated and reviewed.

According to the present invention, information security policies in an organization, such as a corporation, can be efficiently and appropriately defined and operated.

These and other benefits are described throughout the present specification. A further understanding of the nature and advantages of the invention may be realized by reference to the remaining portions of the specification and the attached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a view showing a schematic configuration of an information security policy evaluation system according to a first embodiment.

FIG. 2 is a diagram showing the hardware configuration of each of first to third information processing apparatuses according to the embodiment.

FIG. 3 is a diagram showing various kinds of functions implemented in the first to third information processing apparatuses according to the embodiment.

FIG. 4 is a view showing an example of a treated threat data management table according to the embodiment.

FIG. 5 is a view showing an example of a threat data management table according to the embodiment.

FIG. 6 is a view showing an example of a correspondence data management table according to the embodiment.

FIG. 7 is a view showing an example of an evaluation report (threats on which countermeasures have had large effects when the countermeasures have been taken) according to the embodiment.

FIG. 8 is a view showing an example of an evaluation report (threats which should be considered when policies are revised) according to the embodiment.

FIG. 9 is a diagram showing a flowchart for explaining the flow of a process related to the evaluation of information security policies according to the embodiment.

FIG. 10 is a view showing a schematic configuration of an information security policy evaluation system according to a second embodiment.

FIG. 11 is a diagram showing various kinds of functions implemented in first to fourth information processing apparatuses according to the second embodiment.

FIG. 12 is a diagram for explaining one form of business carried out by using the policy evaluation system according to the second embodiment.

FIG. 13 is a view showing various kinds of functions implemented in first to fourth information processing apparatuses according to a third embodiment.

FIG. 14 is a diagram for explaining one form of business carried out by using a policy evaluation system according to the third embodiment.

DETAILED DESCRIPTION OF THE INVENTION

Hereinafter, embodiments of the present invention will be described in detail in conjunction with the drawings.

First Embodiment

In FIG. 1, a schematic configuration of an information security policy evaluation system (hereinafter also referred to as policy evaluation system), which will be described as a first embodiment of the present invention, is shown. In this drawing, a first site 101 is a site of an evaluator who evaluates information security policies operated on a second site 102 in compliance with a request from a customer. The second site 102 is a site of the customer who requests the evaluator to evaluate the information security policies. A third site 103 is a site of a threat information provider who provides threat information. The threat information provider is collecting information on threats and providing the information. The threat information provider is a source of information on unauthorized access and the like. For example, the Japan Computer Emergency Response Team/Coordination Center (JPCERT/CC), a media center of reports/news or the like, or the like can be the threat information provider.

On the first site 101, a first information processing apparatus 111 is provided. On the second site 102, a second information processing apparatus 112 is provided. On the third site 103, a third information processing apparatus 113 is provided. The first to third information processing apparatuses 111, 112, and 113 are individually connected to a communication network 50, such as the Internet or a dedicated line. The first to third information processing apparatuses 111, 112, and 113 are connected to each other through the communication network 50 such that they can communicate with each other. As the first to third information processing apparatuses 111, 112, and 113, computers including personal computers, office computers, mainframes, and the like are used.

An information security policy, which becomes an evaluation object of the policy evaluation system in the present embodiment, will be described. An information security policy is created by defining a basic policy, action criteria, and the like for information security for ensuring confidentiality, completeness, availability, and the like of an information system in an organization, such as a corporation, in order to protect information assets owned by the organization. With the progression of the IT society, defining and operating information security policies have become social duty of an organization, such as a corporation. In recent years, organizations which do not define appropriate information security policies often cannot participate in open trade markets of B-to-B and the like. Specifically, information security policies are expressed as a document described hierarchically. Basic policies on information security related to external network connections are taken as examples of information security policies. These basic policies include, for example, standards related to the use of the Internet, standards related to external disclosure, standards related to connections using dedicated lines and VPNs, standards related to remote access, standards related to virus countermeasures, standards related to the privacy of customers, standards related to information security education, standards related to penalties, standards related to standard update procedures, and the like. Moreover, the standards related to the use of the Internet include, for example, a standard related to the use of electronic mail, a standard related to the use of the Web, a standard related to account management, and the like. Furthermore, the standard related to the use of electronic mail includes criteria as follows: intracompany electronic mail must not be transferred to external mail servers, classified information must not be transmitted to the outside, mail accounts must not be carelessly disclosed to the outside, the possibility that viruses exist in the attached files of electronic mail must be considered, and the like.

In FIG. 2, a typical hardware configuration of a computer used as each of the first to third information processing apparatuses 111, 112, and 113 is shown. A CPU 201 is intended to control the information processing apparatus, and implements various kinds of functions and the like by executing programs 202c stored on a memory 202, such as a RAM or a ROM, and a storage device 208. A recording-medium reading device 204 is a device for reading a program or data recorded on a recording medium 207. The read program or data are stored on the memory 202 or the storage device 208. Therefore, for example, a program 202c recorded on the recording medium 207 can be read from the recording medium 207 by using the recording-medium reading device 204 to be stored on the memory 202 or the storage device 208. For example, data to be stored on the aforementioned database are stored on the memory 202 or the storage device 208. As the recording medium 207, a flexible disk, a CD-ROM, a DVD-ROM, a semiconductor memory, or the like can be used.

The recording-medium reading device 204 may be contained in the computer 200 or may be externally attached thereto. The storage device 208 is, for example, a hard disk drive, a flexible disk drive, a semiconductor storage device, or the like. An input device 205 is used for data input and the like to the computer 200 by an operator or the like. As the input device 205, for example, a keyboard, a mouse, or the like is used. An output device 206 is a device for outputting information to the outside. As the output device 206, for example, a display, a printer, or the like is used. A communication interface 203 is an interface for connecting the computer 200 to the communication network. The computer 200 can communicate with external devices, such as other computers, through the communication interface 203. Note that each of the first to third information processing apparatuses 111, 112, and 113 does not necessarily need to have all hardware described above.

Next, various kinds of functions implemented by executing programs in the first to third information processing apparatuses 111, 112, and 113 will be described. FIG. 3 shows various kinds of functions implemented in the first to third information processing apparatuses 111, 112, and 113. A treated threat data storage section 301 of the second information processing apparatus 112 is the function of storing treated threat data. The treated threat data is data in which information indicating contents corresponding to information security policies defined and operated on the second site 102 is described. The treated threat data is managed in a treated threat data management table. In FIG. 4, an example of the treated threat data management table is shown. The treated threat data is divided into threat categories to be managed. In the threat data management table 400 shown in this drawing, threat category codes, which are identifiers uniquely given to the threat categories, are set in the column for threat category codes 401. In the column for threat categories 402, character strings indicating the contents of the threat categories are set. In the column 403 for treated threats, identifiers specifying the treated threat data are set. In the column for treated threat lists 404, character strings indicating the contents of the treated threat data are set.

A treated threat data transmission section 302 of the second information processing apparatus 112 is the function of transmitting the treated threat data management table 400 stored in the treated threat data storage section 301 to the first information processing apparatus 111 through the communication network 50. The treated threat data transmission section 302 has the function of accepting operation input by an operator or the like from the input device 205 and scheduling the timing when the second information processing apparatus 112 transmits the treated threat data management table 400 to the first information processing apparatus 111 in accordance with the accepted input. The treated threat data transmission section 302 has the function of automatically transmitting the treated threat data management table 400 to the first information processing apparatus 111 when the scheduled timing has come. Note that, as the transmission timing in this case, for example, immediate execution, every day, every week, every month, designated date and time, or the like can be set.

A threat data storage section 303 of the third information processing apparatus 113 has the function of storing threat data. The threat data is data in which information on threats having occurred in the communication network 50 or in an apparatus connected to the communication network 50 in the past is described. The third information processing apparatus 113 has, for example, a threat data update section 304 for updating the threat data stored in the threat data storage section 303. The threat data update section 304 updates the threat data based on, for example, information which is related to a threat and which has been received through the communication network 50 from an apparatus connected to the communication network 50. Moreover, the threat data update section 304, for example, detects a threat having occurred in the communication network 50 and generates threat data corresponding to the detected threat to store the threat data. Furthermore, the threat data update section 304 accepts the input of information on a threat by an input operation by an operator or the like from the input device 205 or by reading data from the recording medium 207 or the like, and generates threat data corresponding to the accepted information on a threat to store the data.

Threat data is managed in a threat data management table. In FIG. 5, an example of the threat data management table stored in the threat data storage section 303 is shown. In the present embodiment, the threat data is divided into threat categories to be managed. In the threat data management table 500 shown in this drawing, in the column 501 for threat category codes, identifiers uniquely given to the threat categories are set. The correspondence between the threat category and the identifier is similar to that in the case of the aforementioned treated threat data management table 400. In the column 502 for threat categories, character strings indicating the contents of the threat categories are set. In the column 503 for threat codes, identifiers specifying the threat data are set. In the column 504 for threat information, character strings indicating the contents of the threat data are set. In the column 505 for damage amounts, loss amount data, which is data each indicating the magnitude of a loss occurring in the case where damage is suffered due to the relevant threat, is set. As the loss amount data, for example, a damage amount generated in the case where the second site 102 is damaged by a threat is employed.

Each damage amount illustrated in FIG. 5 is a total damage amount which a given site is expected to suffer for a year. This damage amount is found by using, for example, a damage amount generated by a threat suffered because the given site was not operating an effective information security policy, and the occurrence probability of the threat during the past one year on the site. The respective pieces of loss amount data for threats are basically managed on the third site 103 and appropriately notified from an administrator of the third site 103 to an administrator of the first site 101. An operational form may be employed in which loss amount data is not managed in the third information processing apparatus 103 but managed on the first site 101.

A threat data transmission section 305 of the third information processing apparatus 113 transmits the contents of the threat data management table 500 stored in the threat data storage section 303 to the first information processing apparatus 111 through the communication network 50. The threat data transmission section 305 accepts operation input by an operator or the like from the input device 205 and schedules the timing when the second information processing apparatus 112 transmits the threat data management table 400 to the first information processing apparatus 111 in accordance with the accepted input. The threat data transmission section 305 has the function of automatically transmitting threat data to the first information processing apparatus 111 when the scheduled timing has come. As the transmission timing in this case, for example, immediate execution, every day, every week, every month, designated date and time, or the like can be set. The threat data transmission section 305 also has the function of scheduling the automatic transmission of the threat data management table 500 or update differences to the first information processing apparatus 111 in the case where the contents of the threat data management table 500 have been updated by the threat data update section 304.

A correspondence data storage section 310 of the first information processing apparatus 111 is the function of storing a correspondence data management table in which data (hereinafter referred to as correspondence data) indicating the correspondence between threat data and treated threat data indicating effective information security policies against threats indicated by the threat data is described. In FIG. 6, an example of the correspondence data management table 600 is shown. In the correspondence data management table 600, the correspondence between threat data and treated threats, which are effective information security policies against the threat data, is described. In the column 601 for treated threat codes, identifiers specifying treated threat data are set. In the column 602 for treated threat lists, character strings indicating the contents of the treated threat data are set. In the column 603 for threat codes, identifiers specifying threat data corresponding to the treated threat data are set. In the column 604 for threat information, character strings indicating the contents of the threat data corresponding to the treated threat data are set.

A treated threat data reception section 311 of the first information processing apparatus 111 receives the treated threat data management table 400 transmitted from the treated threat data transmission section 302 of the second information processing apparatus 112 and stores the treated threat data management table 400. A threat data reception section 312 of the first information processing apparatus 111 receives the threat data management table 500 transmitted from the threat data transmission section 305 of the third information processing apparatus 113 and stores the threat data management table 500.

An effective treated threat data extraction section 313 of the first information processing apparatus 111 extracts a piece of treated threat data to which there is a piece of threat data corresponding in the threat data received by the threat data reception section 312, out of the treated threat data received by the treated threat data reception section 311, based on the correspondence data. For example, it is assumed that the treated threat data reception section has received the treated threat data management table 400 of FIG. 4, and that the threat data reception section 312 has received the threat data management table 500 shown in FIG. 5. In this case, for the piece of treated threat data "mass access to a Web server" out of the treated threat data (treated threats) of the treated threat data management table 400, there is the corresponding piece of threat data in the threat data management table 500 of FIG. 5. Accordingly, the relevant piece of treated threat data becomes an object of the extraction by the effective treated threat data extraction section 313.

An evaluation data generation section 314 of the first information processing apparatus 111 generates evaluation data in which the treated threat data extracted by the effective treated threat data extraction section 313 is described. Here, in the generation of the evaluation data, the evaluation data generation section 314 sorts the treated threat data extracted by the effective treated threat data extraction section 313 in descending order of the loss amount data for the threat data related to the treated threat data in the aforementioned correspondence data. An evaluation report output section 315 of the first information processing apparatus 111 outputs an evaluation report in which the evaluation data generated by the evaluation data generation section 314 is described, to the output device 206, such as a display, a printer, or the like, of the first information processing apparatus 111. An evaluation report transmission section 316 of the first information processing apparatus 111 transmits the evaluation report to the second information processing apparatus 112 through the communication network 50 by means of electronic mail or the like.

In FIG. 7, an example of the evaluation report is shown. In the column 701 for ranks of effects in the evaluation report 700 shown in this drawing, the ranks of treated threat data sorted in descending order of loss amount data are described. In the column 702 for treated threats, the contents of the information security policies corresponding to the treated threat data are described. In the column 703 for damage amounts when untreated, loss amount data is described. In this drawing, the loss amount data described in the column 703 for damage amounts when untreated is an assumed damage amount.

Here, the information security policies indicated by the treated threat data described in the evaluation report 700 are information security policies which have been effective for threats actually having occurred. Therefore, the validity of information security policies defined and operated on the second site 102 can be evaluated based on the evaluation report. Thus, an evaluation report indicating the validity of information security policies on the second site 102 is created on the first site 101, whereby an organization, such as a corporation or the like, which is a customer and which operates the second site 102 can reduce the labor of collecting information on threats by itself in order to evaluate or review the information security policies which the organization itself is defining and operating. Moreover, the organization operating the second site 102 is released from management load of maintaining a technical level required to evaluate and review information security policies. Therefore, in the organization operating the second site 102, information security policies can be efficiently evaluated and reviewed. Further, information security policies are evaluated or reviewed based on the threat data, which are transmitted from the third information processing apparatus 113 and which is data indicating threats having occurred in the past. Accordingly, the evaluation is objectively performed, and the effect and effectiveness of information security policies defined and operated on the second site 102 can be appropriately evaluated or reviewed. In addition, unlike a report which simply points out untreated threats, in the evaluation report of the present embodiment, the evaluation of effect, worth, effectiveness, and the like of information security policies which has been already operated is described. Therefore, the evaluation report becomes a useful material which motivates the top management (the president, executives including an information security executive, and the like) and members (employees and the like) of the organization to, understand the effect, worth, effectiveness, and the like of the information security policies and obey the information security policies. Utilizing the evaluation report expedites the smooth operation of information security management in the organization. Furthermore, in the evaluation report, the treated threat data is sorted in descending order of the loss amount data. Here, as described previously, the loss amount data is, for example, a damage amount generated in the case where the second site 102 has been damaged by a threat. Since the treated threat data is sorted in descending order of the loss amount data in this way, a customer can easily grasp which information security policy had a large effect by, for example, referring to the evaluation report.

An untreated threat data extraction section 317 of the first information processing apparatus 111 extracts a piece of threat data to which there is no piece of treated threat data corresponding in the treated threat data received by the treated threat data reception section 311, out of the threat data received by the threat data reception section 312, based on the correspondence data. For example, for the piece of threat data "reception of an enormous amount of ICMP packets" out of the threat data in the threat data management table 500 of FIG. 5, there is no corresponding piece of treated threat data in the treated threat data management table 400 of FIG. 4. Accordingly, the relevant piece of threat data becomes an object of the extraction by the untreated threat data extraction section 317.

The evaluation data generation section 314 of the first information processing apparatus 111 generates evaluation data in which the threat data extracted by the untreated threat data extraction section 317 is described. Here, in the generation of the evaluation data, the evaluation data generation section 314 sorts the threat data extracted by the untreated threat data extraction section 317 in descending order of the loss amount data related to the threat data in the aforementioned correspondence data. The evaluation report output section 315 of the first information processing apparatus 111 outputs an evaluation report in which the evaluation data generated by the evaluation data


Free Web Sudoku Puzzles.
Solve with your browser.
1                
6     2       9 4
      5 7 4 6    
    6   1 8     2
        3        
5     9 4   7    
    1 4 9 6      
4 7       3     5
                1
What is it?



Add Your Site · Terms Of Service · Privacy Policy


DISCLAIMER
Linkgrinder is a free service that searches the Internet and indexes all files found so that you may search quickly and easily for shared files. These files are created and made available individually by users whose identity we are not aware of and who we have no control over. In essence we function like a search engine tool; these files ARE NOT STORED OR SERVED BY OUR NETWORK. We are not responsible for any materials obtained by using our service. We do not monitor any of the contents of these files. These files may contain viruses, illegal materials, materials inappropriate for minors, offensive files and the like. BY USING OUR SERVICE, YOU ASSUME FULL RESPONSIBILITY FOR DOWNLOADING THESE MATERIALS AND WILL INDEMNIFY US FOR ANY DAMAGES THAT MAY BE INCURRED.

For More Specific Information VIEW OUR TERMS OF SERVICE.

Thank you and Enjoy!