The present invention relates to an information security policy evaluation system and a method of controlling the same. In particular, the present invention relates to technologies for efficiently and appropriately defining and operating information security policies in an organization such as a corporation.
With the advances of IT related industries, threats for information processing systems have become problems. In organizations, such as corporations, countermeasures against these threats are being advanced. Organizations promoting information security management which is compliant with BS7799 (British information security management standard) are increasing. The information security management system (ISMS) conformity assessment scheme and the like promoted by the Japan Information Processing Development Corporation (JIPDEC) are drawing attention, and information security policies have come to be defined and operated in many organizations.