Corporate information systems are growing larger and larger in scale, and are connecting more and more networks, which together have led to an increase in electronic commerce (e-commerce). Alongside this trend, however, has been the concomitant concerns for information security, due to recurring security problems, such as leakage of customer information from corporate databases. To combat such problems, a new law was drawn up, entitled the “Personal Information Protection Act,” and enacted in April 2005. It subjects companies handling personal information of 5,000 or more individuals (including customers and employees) to stricter regulations on the use of personal information, and punishes those who fail to maintain confidentiality. Once a company is involved in a scandalous incident such as leakage of personal information, immeasurable damage can result, starting with the costs involved in compensation and loss of credibility. Many companies are thus taking a wide range of information security measures including reviewing company regulations. Needless to say, such measures include the improvement of security protection for enterprise information systems that contain and handle a vast amount of personal and confidential data.

Previously, improvement of information security was planned and implemented to protect against external threats, such as invasion and attack through networks in the form of viruses and hacking, and very little attention was paid to security within enterprise networks. However, widespread use of notebook PCs and wireless LANs has opened many paths for unauthorized access, which cannot be closely monitored by network administrators. As a result, the number of cases of leakage of sensitive information and cases of virus infection caused by PCs brought in by employees is on the rise. In addition, many of the recent cases of personal information leakage are said to be caused by insiders taking confidential information, inadvertently or intentionally, out of the company in the form of electronic data or paper documents. In view of this, enhancement of security within enterprise networks is drawing a great deal of attention today.