Public Relations

Asgent Wins and Delivers Upon Open Tender for IPA (Information-technology Promotion Agency) for "Information Asset Risk Assessment"
― Risk Assessment and Security Measures Set Referred by all Independent Agencies −

May 10, 2017
Asgent, Inc.
(JASDAQ: 4288)

Asgent, Inc. (JASDAQ: 4288, President & CEO: Takahiro Sugimoto, located in Chuo-ku, Tokyo), a pioneer in network security and operations management solutions, has carried out "ISO/IEC 27005^*1 based Risk Assessment" (Risk Assessment) and "Security Measures Set Design", both of which are being severely tasked upon independent administrative agencies from this year as part of measures to counteract cyber-attacks that are occurring at a high level against government institutions, as well as to handle construction of internal control systems related to revisions to the General Rule Act for Independent Administrative Corporations, on the Information technology Promotion Agency (IPA), which performs awareness and technical development, as well as research related to information security.
  Also, the FY2017 security related budget for the 88 independent agencies is expected to meet 1/3 of the governments requested security budget of 15 billion Yen for this financial year.

[Background]
  Based on revisions to the General Rule Act for Independent Administrative Corporations and the Basic Law for Cyber Security, previously unheard of security strengthening directives and penalties are being tasked upon all independent agencies. As a result of these revisions, each independent agency is compelled to clarify vulnerabilities and important information assets through risk assessment, and operate security measures (products/services) closely linked to those results.
  IPA, which is the reference model independent agency that each other agency looks to for security, issued a procurement order for "Information Asset Risk Assessment" by general tender last August in order to provide a method of handling the directive, and Asgent was assigned the order as a result of the tender.
  Within the IPA "Information Asset Risk Assessment", it was based on the premise that vulnerabilities and important information assets be clarified by sophisticated risk assessment based on the international standard ISO/IEC 27005. On top of this, to create a countermeasure in case of information leakage, security measure (products/services) design and operational design, closely linked to the results of risk assessment, was required in addition to preventing information leaks through automatically blocking communication channels with SIEM^*2 correlative analysis rule based on risk scenarios.

[Essential Requirements]
1. Strong track record and knowhow of risk assessment based on ISO/IEC 27005
2. Knowhow of formulation of risk scenarios from risk assessment results
3. Design of SIEM correlative analysis rules from risk scenarios
4. Automatic firewall blocking and recovery design from correlative analysis rules
5. Strong track record in security measures (products/services) linked to vulnerabilities
6. Strong track record and knowhow in operating SIEM and SOC^*3

[Asgents Background]
1. 19 years of strong track record and knowhow since inception in risk assessment based on GMITS〜ISO/IEC 27005
2. Commendation from METI Industrial Science and Technology Policy and Environment Bureau Director-General for work on industrial standardization of ISMS^*4 founded on ISO/IEC 27000
3. Design knowhow of SIEM correlation analysis rules in internal SOC
4. Possessing methodology for automatic blocking design incorporating SIEM
5. Knowhow of security product integration policy design
6. Strong track record in security measures (products/services)
7. Knowhow and track record in SIEM and SOC operations

Asgent is providing the above accomplishments to each independent agency this financial year.

*1 International standard for risk management in information security formulated jointly by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC).

*2 Security Information Event Management. Collates event information from various network devices and applications, and unifies management to handle threats.

*3 Security Operation Center. Specialist organization to monitor and analyze threats to information systems.

*4 Information Security Management System.