Política de segurança pública : ciência e gestão na prevenção à criminalidade em Uberlândia-MG

Bonesso, Márcio

30 November 2015

Submitted by Regina Correa (rehecorrea@gmail.com) on 2016-09-12T19:02:46Z No. of bitstreams: 1 TeseMB.pdf: 4776981 bytes, checksum: 6e4d04c6f85004d29352e32ca0c9d3c2 (MD5) / Approved for entry into archive by Marina Freitas (marinapf@ufscar.br) on 2016-09-13T18:11:29Z (GMT) No. of bitstreams: 1 TeseMB.pdf: 4776981 bytes, checksum: 6e4d04c6f85004d29352e32ca0c9d3c2 (MD5) / Approved for entry into archive by Marina Freitas (marinapf@ufscar.br) on 2016-09-13T18:11:40Z (GMT) No. of bitstreams: 1 TeseMB.pdf: 4776981 bytes, checksum: 6e4d04c6f85004d29352e32ca0c9d3c2 (MD5) / Made available in DSpace on 2016-09-13T18:11:49Z (GMT). No. of bitstreams: 1 TeseMB.pdf: 4776981 bytes, checksum: 6e4d04c6f85004d29352e32ca0c9d3c2 (MD5) Previous issue date: 2015-11-30 / Não recebi financiamento / As the main objective of the research, sense connections between social theories and methods of management of public security policies were created, having as study of locus the state policies of crime prevention in the city of Uberlândia in Minas Gerais. The implementation of these new policies in the provincial town had a different reality from where they were planned, the capital city of Belo Horizonte. In this context, as the specific objective of the research, the relationship between the history of city social control with the impact of these state security policies were studied. As an analytical deployment, this research has a theoretical review questioning bonds of social theories and international, national and state interventional programs in the dynamic city of Uberlandia. Regarding the articulation between the axes of qualified repression and social protection, the municipal field of study propiciated the descripition of the macro-implementation of public security policies and micro-social experiences of prevention policies against crime in the suburbs classified as risk areas. Through a comparative analysis the research used different methodological resources to get the desired results: crime statistics, documents of the CPI Drug Trafficking, regulatory manuals on public safety programs and crime prevention, minutes of network meetings, theses, dissertations and scientific articles, land registry cerificates; ethnographic observations on: the utilities and anti utilities markets in the use and trafficking of illegal drugs on the promotion of community networks, art networks, sports networks and workshops of crime prevention programs; and finally, interviews were conducted with residents and supra-local professionals from various locations. The results showed that in Uberlândia there were in some poor neighborhoods a primacy of the axis of qualified repression on the axis of social protection, with the expansion of specialized policing without including compatible employees connected to prevention programs. However, it is noteworthy that the social actions of these officials, although certain structural problems in many micro-social contexts also favored the extension of public services for the population of poor localities. Thus, Uberlandia has become a multifaceted research locus with experiences that moved between conservative and innovative actions, triggered by various individuals and social institutions with multiple motivations. / Como objetivo principal a pesquisa criou conexões de sentido entre teorias sociais e formas de gestão das políticas de segurança pública, tendo como lócus de estudo as políticas estaduais de prevenção à criminalidade em Uberlândia, no interior de Minas Gerais. Planejada em Belo Horizonte a aplicação dessas novas políticas na cidade interiorana contou com uma realidade diferente da capital mineira. Nesse contexto, como objetivo específico a pesquisa estudou a relação da história do controle social da cidade com o impacto dessas políticas estaduais de segurança. Como desdobramento analítico o trabalho fez uma revisão teórica problematizando vínculos das teorias sociais e dos programas intervencionistas internacionais, nacionais e estaduais na dinâmica municipal de Uberlândia. No que tange a articulação entre os eixos da repressão qualificada e da proteção social, o campo de estudo municipal propiciou descrever a aplicação macrossocial das políticas de segurança pública e as experiências microssociais das políticas de prevenção à criminalidade nos bairros periféricos classificados como áreas de risco. Através de uma análise comparativa a pesquisa utilizou variados recursos metodológicos para obter os resultados desejados: estatísticas criminais, documentos da CPI do Narcotráfico, manuais normativos sobre programas de segurança pública e prevenção à criminalidade, atas das reuniões de rede, teses, dissertações e artigos científicos, matrículas vintenárias; observações etnográficas sobre os mercados utilitários e antiutilitários do uso e tráfico de drogas ilícitas, sobre o fomento de redes comunitárias, de redes de arte, de redes de esporte e das oficinas dos programas de prevenção à criminalidade; e por fim, foram realizadas entrevistas com moradores e profissionais supralocais oriundos de várias localidades. Os resultados obtidos demonstraram que em Uberlândia houve em algumas periferias pobres uma primazia do eixo da repressão qualificada sobre o eixo da proteção social, com a expansão do policiamento especializado sem a inclusão compatível dos funcionários ligados aos programas preventivos. Todavia, vale ressaltar que as ações sociais desses funcionários, apesar de certos problemas estruturais, em muitos contextos microssociais também favoreceram a extensão dos serviços públicos para a população de localidades pobres. Assim, Uberlândia tornou-se um lócus de pesquisa multifacetado, com experiências que transitaram entre ações conservadoras e inovadoras, acionadas por vários indivíduos e instituições sociais com múltiplas motivações.

Sociologia

Sociologia da violência

Administração de conflitos

Política de segurança pública

Sociology

Sociology of violence

Conflict management

Anthropology of legal sensitivities

Public Security Policy

CIENCIAS HUMANAS::SOCIOLOGIA

Addressing ambiguity within information security policies in higher education to improve compliance

Buthelezi, Mokateko Portia

06 1900

Information security (InfoSec) policies are widely used by institutions as a form of InfoSec control measure to protect their information assets. InfoSec policies are commonly documented in natural language, which is prone to ambiguity and misinterpretation, thereby making it hard, if not impossible, for users to comply with. These misinterpretations may lead the students or staff members to wrongfully execute the required actions, thereby making institutions vulnerable to InfoSec attacks. According to the literature review conducted in this work, InfoSec policy documents are often not followed or complied with; and the key issues facing InfoSec policy compliance include the lack of management support for InfoSec, organisational cultures of non-compliance, intentional and unintentional policy violation by employees (the insider threat), lack of policy awareness and training as well as the policy being unclear or ambiguous. This study is set in the higher education context and explores the extent to which the non-compliance problem is embedded within the policy documents themselves being affected by ambiguity. A qualitative method with a case study research strategy was followed in the research, in the form of an inductive approach with a cross-sectional time horizon, whereby a selection case of relevant institutional InfoSec policies were analysed. The data was collected in the form of academic literature and InfoSec policies of higher education institutions to derive themes for data analysis. A qualitative content analysis was performed on the policies, which identified ambiguity problems in the data. The findings indicated the presence of ambiguity within the policy documents, making it possible to misinterpret some of the policy statements. Formal methods were explored as a possible solution to the policy ambiguity. A framework was then proposed to address ambiguity and improve on the clarity of the semantics of policy statements. The framework can be used by policy writers in paying attention to the presence of ambiguity in their policies and address these when drafting or revising their policy documents. / School of Computing

Formal methods

Policy ambiguity

Usable security

Policy clarity

Policy human aspects

Security policy compliance

507.12

Information policy

Compliance

Ambiguity

Science -- Study and teaching (Higher)

大學圖書館館藏遺失損毀與資料安全防治政策 / Study on Collection Lost, Mutilation and Security Policy for University Libraries

洪欣宜, Hung, Hsin-Yi

Unknown Date

本研究之目的為：(一)探討大學圖書館館藏遺失損毀現況。(二)探討大學圖書館館藏資料安全防護措施與政策。(三)比較大學圖書館主管與館員及使用者對館藏安全看法與態度，並據以進行分析整理，以作為圖書館館藏安全措施與政策未來發展建議。 本研究以相關文獻為基礎，並採用深度訪談法做為研究工具，綜合研究結果與分析，整理研究結論如下： 一、因公德心低落，大學圖書館館藏遺失損毀問題以錯架、註記居多 二、期刊比其他館藏容易遺失，經費與驗收狀況需彈性處理 三、制訂讀者違規處理辦法，有助於減少館藏遺失損毀的發生 四、圖書安全系統目前仍是維護館藏安全最普遍設備 五、偷竊館藏行為目前仍無強硬措施 六、政策執行著重分層負責與溝通 七、圖書館使用者在意館藏遺失問題，希望多舉辦政策推廣活動 由研究結論歸納建議如下，期能供大學圖書館及未來之研究者做進一步研究之參考。 一、館藏安全管理層面 (一)圖書館需重視館藏遺失與損毀事前預防工作(二)加裝多層防護裝置(三)多元化的人力運用(四)善用科技減少人力成本(五)建立政策溝通管道。 二、行政執行層面： (一)成立館藏安全維護工作小組並制訂政策(二)訂定館藏安全工作手冊(三)政策修訂與時俱進(四)政策執行著重分層負責與溝通(五)期刊建議以經常門編列或以系統驗收(六)處理違規行為應以教育為目的(七)保留館藏安全事件完整紀錄(八)透過實質合作加強圖書館與其他單位之互動關係(九)運用社群媒體與推廣活動宣導政策與服務(十)推廣公德心教育與使用者建立良善互動。 / The purposes of this research are: 1) Study the current situation of collections loss and mutilation in University Libraries. 2) Study the collections security policy for University Libraries. 3) Analyze, collate and come up with suggestions for library collections security policy which are based on the comparison of the views and attitudes of University Librarians with users about the library security. On the basis of the relevant literature, we used in-depth interview as the experimental tool to draw the conclusions according to the analysis and results. The study gets results in six aspects: 1.Because low public morality, the majority problem of the collection lost, mutilation for the university library are wrong frames and notes. 2.Periodicals are less likely to be lost than other collections, so budgetary and acceptance methods need flexibility. 3.Formulating rules for readers' violation help to reduce library collection lost and mutilation. 4.Library Security System is still the most common equipment for maintaining library security. 5.There are still no tough measures to steal the collection and without any deterrent effect of punishment. 6.Library policy implementation should focus on stratified responsibility and good communication. 7.Library users care about the loss of the collection, and hope library to hold more policy promotion activities. The conclusion obtained from this research has led to the suggestions below that we hope to provide the University Library and later researchers a reference. 1.The Aspect of Collections Security Management 1) Library shall attach importance to the pre prevention work for the loss and mutilation of library collection. 2) Add an extra protective device for special collection. 3) Human resource utilization diversification. 4) Making good use of science and technology to reduce human cost. 5) Establishing a policy communication pipeline. 2.The Aspect of Administration and Execution 1) The library should set up the group for security maintenance working amd draw up a policy for collection security. 2) Set up the collection security handbook, 3) Revise the policy regularly to keep up with the times. 4) Policy implementation should emphasize that stratified librarians communicate and take responsibilities. 5) Periodical budget suggest for using current account fund, and check and accept by library OPAC, 6) Handling of irregularities should be used for the purpose of education, 7) Keep a complete record of the collection security events, 8) Strengthening the interaction between Library and other units through substantive cooperation, 9) promotion policies and services by social media and library promotion activities, 10) Promoting public moral education and establish the good interaction with library users.

館藏遺失

館藏損毀

館藏安全政策

Collection lost

Collection mutilation

Collection security policy

Threats in Information Security : Beyond technical solutions. - Using Threat Tree Analysis / Hot mot Informationssäkerhet : Bortom tekniska lösningar. - Använda Hotträdsanalys

Olandersson, Sandra, Fredsson, Jeanette

January 2001

To be able to protect an organisation's resources, it is important to understand what there is to protect and what to protect it from. The first step is to try to analyse the security threats that exist against an organisation's resources to explore the risks. Threats have to be identified, for the organisation to protect its resources and find where the optimal placement against threats is. This thesis analysis whether it is possible to obtain a Threat Tree Analysis that is useful for developing an information security policy for the municipality in Ronneby, using the SS 62 77 99-1 standard. A co-operation between the technical solutions and the administrative security is necessary to achieve information security, together with ordinary common sense. True, each of these can help improve security, but none of them is a complete solution. Security is not a product - it is a process. Threat trees form the basis of understanding that process. In this thesis, we have been using a qualitative method. The analysis method is a case study at the Social Department, at the municipality in Ronneby. Through interviews it has come us to hand, that the organisation has not established an information security policy which should give the code of practice for how the work of information security will pursue within the organisation. The organisation does neither use a model for structuring threats nor a method for collecting threats against information today. Through the structure of possible threats, the personnel generates an understanding of the organisation and takes active part finding adequate threats within the Social Department. As users understand the importance of security, how to use it, and where to report suspected violations, they can do a great deal to reduce the risk to loose information. Important to remember is that the education is an ongoing process, new users need training and trained users need reminding, especially when new technologies or processes are introduced. Thus, Threat Tree Analysis is useful for continuing towards developing an information security policy according to SS 62 77 99-1 standard. / För att kunna skydda en organisations resurser är det viktigt att förstå vad organisationen behöver skydda och vad den ska skydda det ifrån. Det första steget är att analysera hot mot organisationens resurser för att uppskatta riskerna. Hot måste identifieras för att organisationen ska kunna skydda sina resurser och hitta den optimala placeringen av åtgärder mot hot. Denna uppsatsen undersöker om det är möjligt att skapa en hotträdsanalys som är användbar för skapandet av en informationssäkerhetspolicy för Ronneby kommun, genom att använda standarden SS 62 77 99-1. Vi betonar i uppsatsen att ett samarbete mellan existerande tekniska lösningar och administrativ säkerhet är nödvändigt för att uppnå informationssäkerhet. Visst kan var och en av dessa hjälpa till att förbättra säkerheten, men ingen av dem är ensam den kompletta lösningen. Säkerhet är inte en produkt - det är en process. Hotträd formar grunden för en förståelse av den processen. I denna uppsats har vi använt en kvalitativ metod. Analysmetoden är en fallstudie på Socialförvaltningen i Ronneby kommun. Genom intervjuer har vi fått fram att organisationen inte har etablerat en informationssäkerhetspolicy, vilken ska ge riktlinjer för hur säkerhetsarbetet ska fullföljas inom organisationen. Organisationen använder varken en modell för att identifiera hot mot information eller en metod för att strukturera hoten. Genom strukturen av möjliga hot, genererar personalen en förståelse för organisationen och tar aktivt del i att identifiera hot mot Socialförvaltningen. Detta medför att alla användare förstår hur viktigt det är med säkerhet, vart de ska rapportera misstänkta händelser och de kan göra mycket för att minska risken att förlora information. Det är viktigt att komma ihåg att utbildning är en pågående process, nya användare behöver utbildning och utbildade användare behöver vidareutbildning, speciellt när nya tekniker eller processer introduceras. Därför är hotträdsanalysen en användbar modell för arbetet mot att skapa en informationssäkerhetspolicy enligt standarden SS 62 77 99-1. / Sandra Olandersson Blåbärsvägen 27 372 38 RONNEBY 0457 / 12084 Jeanette Fredsson Villa Viola 372 36 RONNEBY 0457 / 26616

Information security

Administrative security

Information technology security

Resources

Vulnerability

Security awareness

Risk assessments

Threats

Threat tree analysis

Information security policy

Computer Sciences

Datavetenskap (datalogi)

How companies manage IT security : A comparative study of Pakistan and Sweden

Qureshi, Mustafa Ali, Khalid, Farhan

January 2013

IT security provides comprehensive picture both internally and externally by act of ensuring that data is not lost when critical issues arise. In spite of the world has now been replaced with an imperative approach. The companies are using widely desktop computers, laptops, ipads, smart phones and workstation. The sum of all this has been influence to the IT based information and communication system in companies.   The purpose is to do research by taking a critical look at how different kind of business and non-business companies manage their IT security in Pakistan and Sweden with specific emphasis on the administrative controls. As the IT security has a list of steps but the authors focused on three major functions: IT security policy, IT security plan and IT security risk analysis.   As soon as the topic was selected the emphasis was laid on collecting and reading material related to the IT security. It became clear that the most relevant and interesting task was not merely to investigate how different companies in Pakistan and Sweden manage their IT security but infact try to understand what kind of steps and measures lies behind to achieve them. The method was adopted qualitative because it fulfil the requirements which authors want to achieve in the form of deeper understanding how different companies manage IT security in two different countries.   This study concluded that Pakistani companies in terms of IT security policy should focus on data ware houses by implementing policies for securing of exploiting the data and in case of Swedish company IT managers should implement policies for securing of personal data. Evaluation techniques are missing from the companies of Pakistan and Sweden in IT security plan. Enhancing the performing of IT risk analysis to countermeasure the threat. Pakistani companies should focus on business model of information asset. In case of Swedish company higher level and more detailed analysis can apply to core areas of the IT system. These proposed points for improvements could also help in more understanding of IT security in Pakistan and Sweden.

Information systems

IT security

IT security Policy

IT security Planning

Perform IT security risk analysis

IT security Bulletin

Information Systems

Sécurité d'accès dans les Systèmes d'Information Coopératifs : modélisation et Implémentation à l'aide d'agents / Access security in Cooperative Information Systems : an agent-based design and implementation

Huin, Leslie

05 April 2012

Le partage entre sources indépendantes hétérogènes et distribuées peut être résolu par la construction d’un système d’information coopératif (SIC). Un SIC est un ensemble de composants plus ou moins autonomes, souvent préexistants qui travaillent de manière synergique en échangeant information, expertise et en coordonnant leurs activités. Cela implique notamment la prise en compte de l’interopérabilité liée aux différences de description des données et de représentation de la sémantique. La gestion des données est alors assurée sans recours à un schéma global complet pour respecter l’autonomie des bases locales.Dans ce contexte, nous avons choisi de traiter le thème de la sécurité d’accès dans le but de garantir la confidentialité et l’intégrité des données de la coopération. La sécurité ajoute de nouveaux problèmes d’hétérogénéité et de résolution de conflits à ceux déjà existants en terme de coopération de données. Nous utilisons deux modèles canoniques proposés par l’équipe MODEME, permettant de représenter de manière unifiée les schémas locaux de données et de sécurité. Nous construisons un système pour la gestion de l’interopération des données et des politiques de sécurité, ainsi que la résolution sécurisée de requêtes globales. Nous avons choisi d’implémenter notre système en suivant le paradigme multi-agents avec une approche par médiation et intégration de schémas. Deux protocoles sont définis au regard des deux fonctionnalités du système : - Un protocole de gestion des connaissances permettant de traiter le problème d’interopérabilité entre les différents modes de représentation des données et des modèles de sécurité, et de générer les appariements entre ces différents modèles. - Un protocole de résolution de requêtes à partir des connaissances globales construites a priori, dont l’objectif est de présenter des résultats sémantiquement cohérents et sécurisés. Les agents sont décrits dans leur buts, leurs interactions, leurs connaissances en définissant leur rôle pour chaque protocole, avec notamment le rôle clé de médiateur de sécurité. Un scénario d’expérimentation permet d’illustrer sur un cas concret la génération des connaissances à partir des schémas locaux ainsi que le développement complexe du protocole pour le contrôle d’accès. / Sharing heterogeneous and distributed independent data sources can be solved by building a Cooperative Information System (CIS). A CIS is a set of components, exchanging information, expertise and coordinating their activities. This must consider interoperability related to differences of data description and semantic. Data management is provided without using a comprehensive global scheme to respect the autonomy of local databases.In this context, we chose to treat access security in order to ensure confidentiality and data integrity in a cooperation. This adds new security issues regarding heterogeneity and conflict resolution, on top of those in terms of data cooperation. We use two canonical models proposed by the MODEME team, to represent the local schemas and security policies in a unified way.We build a system to manage the interoperation of data and security policies, and the resolution of secure global queries. We have chosen to implement our system using the multi-agent paradigm, with an schema integration and mediation approach. Two protocols have been defined related to the features of the system: - A knowledge management protocol to address the problem of interoperability between different modes of data representation and security models, and to generate the matches between these different models. - A query resolution protocol using the global knowledge, which aims to present the results semantically consistent and secure. Agents are described in their goals, their interactions, their knowledge by defining their role for each protocol, including the key role of security mediator. An experimental scenario illustrates the knowledge generation from local schemas and the development of protocol for access control.

Système d’Information Coopératif

Interopérabilité

Contrôle d’accès

Politique de sécurité

Système Multi-Agents

Cooperative Information System

Interoperability

Access Control

Security Policy

Multi-Agent Systems

005

Interoperability and Negotiation of Security Policies / Interopérabilité et négociation des politiques de sécurité

Li, Yanhuang

24 November 2016

Suite au développement des technologies de l'information, et en particulier au déploiement d'infrastructures telles que le Cloud Computing, de plus en plus d'applications et plateformes coopèrent en échangeant des données et des services. Cette tendance renforce l'importance de la gestion de la sécurité. Afin d'assurer la sécurité des données et de l'interaction de service une politique de sécurité doit être appliquée. Dans cette thèse, nous nous intéressons aux politiques de contrôle d'accès. Ce type de politique spécifie les privilèges de l'utilisation des ressources et est implémentée par différents modèles selon différents scénarios. Notre objectif ici est d'aider le client du service à bien exprimer ses exigences de sécurité et à choisir les fournisseurs de services qui peuvent la déployer. La première partie de cette thèse est dédiée à la sélection des fournisseurs de service. Dans le cas où les politiques de sécurité du fournisseur sont accessibles au client, nous proposons une méthode pour mesurer la similarité entre les politiques de sécurité. Dans le cas où les politiques de sécurité ne sont pas accessibles au client ou ne sont pas explicitement spécifiées, nous proposons un cadre à base de règles permettant la dérivation à partir des exigences de sécurité aux politiques de sécurité concrètes. La seconde partie de la thèse porte sur la négociation de politiques de sécurité. Nous étudions le processus permettant aux parties en négociation de parvenir à un accord par une série d'échanges d'offres et de contre-offres. Lorsque le résultat de la négociation est positif, un contrat incluant la politique de sécurité acceptée par les parties est généré. / Security policy provides a way to define the constraints on behavior of the members belonging to a system, organization or other entities. With the development of IT technology such as Grid Computing and Cloud Computing, more and more applications and platforms exchange their data and services for cooperating. Toward this trend, security becomes an important issue and security policy has to be applied in order to ensure the safety of data and service interaction. In this thesis, we deal with one type of security policy: access control policy. Access control policy protects the privileges of resource's utilization and there exist different policy models for various scenarios. Our goal is to ensure that the service customer well expresses her security requirements and chooses the service providers that fit these requirements.The first part of this dissertation is dedicated to service provider selection. In case that the security policies of the service provider are accessible to the service customer, we provide a method for measuring the similarity between security policies. Another case is that security policies are not accessible to the service customer or not specified explicitly. Our solution is proposing a policy-based framework which enables the derivation from attribute-based security requirements to concrete security policies. The second part of the dissertation focuses on the security policy negotiation. We investigate the process of reaching agreement through bargaining process in which negotiators exchange their offers and counter offers step by step. The positive result of the negotiation generates a policy contract.

Politique de sécurité

Evaluation

Informatique en nuage

Négociation

Interopérabilité

Contrôle d'accès

Fournisseur de services

Courtage

Security policy

Evaluation

Cloud computing

Negotiation

Interoperability

Access control

Service provider

Broker

004

Zavádění bezpečnostní politiky ve firmě / Security policy implementation in a selected company

Doležalová, Eliška

January 2017

This diploma thesis examines the process of preparation and implementation of a security policy as a means of information asset security management. The theoretical part describes security policies as an important part of information security management systems in a company and discusses the issue of virtual teams in terms of safety risks they pose for information security. This theoretical knowledge is applied in the practical part of the thesis where a security policy is composed for a small IT company with virtual team organization.

Metamorphosis of the US foreign security policy in the 21st century / Proměny americké zahraniční bezpečnostní politiky ve 21. století

Pospíšil, Tomáš

January 2009

The dissertation identifies and analyzes metamorphosis of the US foreign security policy in the 21st century. The main aim is also to identify whether the United States entered a new era with the attacks of 9/11 and whether so called the Bush doctrine was an appropriate reaction to the global terrorism. The thesis is divided into three chapters. The first chapter describes the US security strategies since WWII. In the second chapter, foreign security policy of George W. Bush and its metamorphosis is analyzed. The last chapter is devoted to the security strategies of Barack Obama.

Aktivní pacifismus v japonské zahraniční politice z pohledu defenzivního realismu / Active pacifism in Japanese foreign policy from the perspective of defensive realism

Buřič, Lukáš

January 2013

In recent years, Japan has shifted its security policy towards something we could call an "active pacifism". It can be noted for an increasing engagement of Japan Self-Defense Forces in multilateral operations and an effort to assume a position of a responsible member of the international community and an ally of the USA regarding the keeping of peace and security not only in the region, but also in a global scope. If Japan is, however, an actor whose goal is the maximisation of its own security, the exacerbation of its Self-Defense Forces could be perceived negatively by its neighbour states and its impacts could thus be counterproductive. The thesis applies the theoretical movement of defensive realism on this issue and on its basis, it evaluates the rationality of Japanese security policy, especially of active pacifism.