Font Size Change

HOMEIT SecurityMeasures for Information Security VulnerabilitiesIPA/ISEC:Vulnerabilities:IS White Paper 2009, Part 2 “10 Major Security Threats” Released


IT Security

IPA/ISEC:Vulnerabilities:IS White Paper 2009, Part 2 “10 Major Security Threats” Released

Attacking Techniques Become More and More Sophisticated

Jun 25, 2009

IPA (Information-technology Promotion Agency, Chairman Koji Nishigaki) created the document "10 Major Security Threats", based on the information reported or published in 2008, and released it on its Website on Jun 25, 2009.

This document was compiled by the "Information Security Study Group", which consists of 111 people, including those participating in the "Information Security Early Warning Partnership(*1)", information security researchers and those responsible for information security.

We conducted a vote to rank "threats to the secure use of the Internet" that arose in 2008 by asking voters "What threat struck you most?", "What threat do you think had a significant impact on the society?" etc., and selected 10 major security threats.

This year, we classified respondents into three groups: "organizations", "users" and "system administrators/developers". Associated threats were assigned to each group and then compiled information - including the summary of the incident, how it happened, the extent of the damage and how it was dealt with, and what measures were taken.

In recent years, attacking techniques have become diversified (e.g., DNS Cache Poisoning, sophisticated Targeted Attack, diversified viruses and bots that attacks unspecified number of people indiscriminately, defacing legitimate Websites to attack site visitors etc.).

Each personnel within the organization should take necessary steps based on their positions:
Management should consider how the organizational information security should be and communicate it to all the personnel within the organization.
Users should apply software patches and the latest definition files of antivirus software in a timely fashion.
System administrators should obtain information on new threats every day and carry out measures on a continuous basis.
Developers should refer to "How to Secure Your Web Site" and implement their systems with information security in mind.

The "10 Major Security Threats" is a translation of Part 2 of the original Japanese edition of the "Information Security White Paper 2009 (in Japanese)". We hope this will help you understand the situation surrounding information security and work out measures to be taken in the future.

This document can be downloaded at:


(*1)Information Security Early Warning Partnership, a public-private partnership framework pursuant to the METI Directive #235, 2004, has been established to promote software product and web site security and prevent the damage to spread to the vast range of computers due to computer viruses or unauthorized access.


IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)