COP１０の表情

京都議定書の内容は見たことがないが・・・

日本　１９９０年比　６％減

XX　　同　Y%減

このリストがあって、つまり、数値目標

文言は実現の指針が示されている

１．    排出権取引を行う

２．    その他は、各国の手法に委ねる

３．    定期的（３年毎）に、実施の成り行きを報告する

おおざっぱに言えば、こんな感じになっているはず・・・

たしか、カナダは、すでに、目標達成がムリだと公表したはず

もしも、明確な数値を入れないとしたら、権利関係を明らかにしなければならない

DNAなどの生物資源の所有権　＜－＞　加工による生物資源の知的財産権

ここが最大のポイントなのでは？

DNAはある意味で、プログラムである

神が配置したプログラムは自然の摂理から生まれた・・・

インドはまとめたい　＝＞　バイオ先進国、医療検査を空輸で行っている、マシンはIBM（男性）


コートジボアール　＝＞　渋い顔、象牙海岸は奴隷海岸、象牙と奴隷を輸出した（男性）


ガーナ　＝＞　前国連事務総長の出身国、公平が最重要（女性）


数値がなければ？　どうする？


天秤にかける？


仮想天秤で、何を図る、量る、計る？


新潟弁護士会は最初に手を上げた、裁判員制度反対


ロゴは？


かっこいいロゴが消えた　＝＞　サイバンインコの会員になった

やっと見つけた、日弁連

危ないな、みなさん、サイバンインコになった・・・

USAのマルサ？　税務査察官？

testimony

【名-1】《法律》宣誓証言、供述書

・Do you swear that all the testimony you will give in this court will be the truth, the whole truth, and nothing but the truth, so help you God? 《裁判所で》証人は真実を述べることを誓いますか？

・I felt this to be an important part of my testimony. このことは、私の証言の重要な部分であると思いました。

【名-2】〔一般に〕証言、宣誓書

・Prosecutors built their case on the testimony of three men, all of whom later recanted. 検察側は3人の証言を基に事件を立証したが、3人とも後に証言を撤回しました。

【名-3】証拠、証明

【名-4】〔公の場での〕信仰体験の証言、証し

【名-5】《the ～》〔旧約聖書の〕十戒の石板、契約の箱

【＠】テスティモウニ、テスティモニー、【変化】《複》testimonies、【分節】tes・ti・mo・ny

JOINT HEARING BEFORE THE

SUBCOMMITTEE ON GOVERNMENT EFFICIENCY, FINANCIAL
MANAGEMENT AND INTERGOVERNMENTAL RELATIONS

AND

SUBCOMMITTEE FOR TECHNOLOGY AND PROCUREMENT POLICY

COMMITTEE ON GOVERNMENT REFORM
U.S. HOUSE OF REPRESENTATIVES

MAY 2, 2002

H.R. 3844 "FEDERAL INFORMATION AND
SECURITY REFORM ACT OF 2002"

STATEMENT FOR THE RECORD

DAVID C. WILLIAMS
INSPECTOR GENERAL

---

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

Mr. Chairmen, and members of the subcommittees, I appreciate the opportunity to appear today to provide an Inspector General’s (IG) perspective. Government agencies continue to struggle with the appropriate balance between IT security and computing capacity, too often with an overwhelming bias toward speed and ease of operations. The Government Information Security Reform Act (GISRA) has served as an essential beacon urging agencies toward a more balanced course. During Fiscal Year 2001, the GISRA assessments identified substantial vulnerabilities across government that could threaten the security of information systems. These included:

• Formal security training and awareness programs for all employees were frequently ineffective or non-existent. In the Internal Revenue Service, for example, 70 of 100 employees were willing to compromise their passwords, during pretext telephone calls by IG auditors. No matter how strong other controls may be, employees can often be the most vulnerable component of an agency’s IT security program.
• Specific performance measures were often absent, such as the effectiveness of efforts to reduce the impact of computer viruses.
• Oversight of contractors was not sufficient and many had not received the necessary background clearances.
• An unacceptable number of systems and applications critical to the agency missions were not security certified and accredited.
• System intrusion incidents were not consistently reported and shared throughout the government to assist agencies to proactively identify and combat hacking.
• Security controls often seemed to be an afterthought in IT budget and investment decisions, and
• Senior managers often assumed little responsibility for IT security within their programs, deferring entirely to small security offices.

To increase the likelihood of success, agencies need to be held accountable for their security programs. Some agencies have appeared to view the GISRA annual reporting process as a pro forma exercise. To assure GISRA effectiveness, funding requests for IT initiatives should be contingent on the integration of adequate security controls.

• To assist agencies in adhering to GISRA and H.R. 3844 provisions, we offer the following suggestions to improve consistency in conducting and reporting information security assessments and investigations.
• Certain terminology should be clarified to avoid confusion in reporting. Terms such as "programs", "systems", "networks", "mission-critical" and "mission essential" are subject to varying interpretations.
• Agency officials should be required to use the NIST IT security assessment framework.
• Agency and IG reporting requirements should be integrated to reduce duplication of effort.
• The OMB should provide implementation guidance at the beginning of each reporting year.
• Annual submissions should contain a conclusion section on agency compliance with the law and its overall information security posture.
• The IGs should be required to evaluate whether agencies have a process that incorporates information security into their Enterprise Architectures.
• Reporting intrusion incidents to FedCIRC should not be limited to national security incidents, but should also include threats to critical infrastructure, as was the case during the Y2K initiative, and
• Importantly, agencies should identify the IG or another law enforcement organization that will investigate intrusions and refer them for prosecution.
  

In conclusion, while it is still early in the GISRA implementation process, we are optimistic that, if enforced, the GISRA and its successor legislation will ultimately succeed in strengthening information security throughout the government.
I would be happy to answer any questions.