I. Background

An increasing number of activities in industrial and government circles have come to depend on information systems in recent years, thus accelerating the evolution of information and network societies. The Information Technology (IT) Revolution that represents these trends is expected to help introduce the practice of electronic commerce, and implementation of the "electronic government", where approval and applications for authorization are accepted online by electronic means. We understand, however, that a big prerequisite lies with the implementation of such electronic transactions for various activities. That is, the guarantee of high levels of information security to gain great reliance from users.

The IT Revolution that involves the circulation of multitudes of information at tremendous speeds contributes to the formation of a borderless society. This also means information systems become more vulnerable to attacks from intruders known as hackers1. Hackers steal into target systems, via a network from outside, and tamper, extract, or destroy data inside or even crash the systems, or totally prevent their use. Actually, a number of incidents are being reported, including unauthorized access to systems by hackers, expansion of computer viruses, and many others related to information security.

Another problem that we cannot ignore lies inside the organization. As a general trend, individual employees are working on their own personal computers connected directly to the Internet. They can intentionally disclose the information they handle to the outside, or illegally access other organizations' systems.

A series of attacks on the Web-sites of several government ministries and agencies that occurred in January this year, revealed that the information security measures taken by the Government, were not always sufficient. It is a pressing matter for the Government to establish a strong system that assures security and reliability of information, for the construction of the foundation for the electronic government by fiscal 2003.

The Interagency Director-Generals' Meeting on IT Security2 decided on the "Action Plan for Information Systems Protection against Cyberthreats" on January 21 this year. The plans detail individual actions to be taken against each specific problem conceivable. One of the actions is the proposal of the Guidelines for IT Security Policy by The IT Security Promotion Committee for each government ministry and agency. The ministries and agencies are to study the proposed guidelines and prepare their information security policies by the coming December, so that it will serve as the basis for integrated and systematic information security measures.

These guidelines are intended to provide a reference for creating the information security policy required for the guarantee of information security at each government ministry and agency. To be specific, they describe the basic concept of information security policies for each government ministry and agency, methods of establishing an information security policy, and maintaining and reviewing that policy.


1. The term "hacker" is used in extensive ways. In this guideline, it means computer users who make unauthorized access to computer systems owned by other individuals or organizations.

2. The conference organized at the Advanced Information and Telecommunication Society Promotion Headquarters, for the enhancement of information security measures both in government and private sectors under a tight partnership among related government organizations.

Back