データベース・セキュリティ・コンソーシアム|Database Security Consorsium

　　DataBase Security Consortium 　　　　

Database Security Consortium

Database is a critical repository of confidential information, such as personal information. While there are many experts specializing in either database or security, there are only a few experts who have expertise in both areas and capable of bridging the disciplines of database and security.

Under these circumstances, a voluntary association consisting of ordinary users and system integrators, as well as database and security venders called the "Database Security Consortium" was established in 2005.

Database Security Consortium creates working groups to discuss database security themes such as "forensics", "system design", "access control", "performance", which provides a forum for exchange of knowledge and know-how between database specialists, security specialists, system developers, and network engineers.

◆Deliverable

“Database Security Guideline version 2.0 (English Version)” was released on November 1st, 2010.

In light of the need for security measures that encompass the broad fields of database and security, a guideline that defines the policies and requirements of database security, has been lacking in Japan. To rectify this, Database Security Consortium formed a working group consisting of database and security experts from Database Security Consortium members to discuss and define security controls necessary to incorporate into a guideline, which has been released in November 2007 as the "Database Security Guideline version 1.0". Then, in February 2009, with the update of contents, "Database Security Guideline version 2.0" has been released.

Moreover, in order to contribute to the understanding of database security and to promote the implementation of security controls, not only domestically but also globally, the working group translated the guideline and released the deliverable in February 2010, in order to allow IT engineers around the world to use or refer to the guideline.

The objective of this guideline, which describes the necessity and effectiveness of various database security controls, is to provide a set of guidelines for corporate entities and other organizations to use when implementing said controls.

◇Currently-active WG
- DB Security Guideline WG
- DB Secure Implementation Guideline WG
- DB Security Degree Self Check WG
- DB Security Monitoring Guideline WG
- DB Security Guideline English Version Review & Promotion WG
- Integrated Log WG
- DB Security Guideline Promotion WG

◇Deliverable (Japanese)
“PCI DSS Database Security Guideline Supplemental Version”
“DB Security Degree Self Check Statistics Data (Summary)”
“DB Security Degree Self Check Statistics Data”
“DB Security Guideline Version 2.0”
“Appendix 1 Information Assets’ Importance & Control Level Matrix”
“Appendix 2 DB Security Guideline and Other Security Framework Matrix”
“DB Security Degree Self Check”
“DB Security Product-by-Product Function Matrix”