Information Security Management

In order to develop more effective information security management system, we took firstly a literature survey mainly focusing on the ISMS standards which has been rapidly developed since around 2000. At the same time, we also made an investigation of actual practices by making enquires and interviews upon large sized commercial companies in Japan. Based on these preliminary surveys, underlying requirements, problems and our research focus for information security management are identified.
In addition, we examined international Enterprise Architecture standards and their consideration in information security to apply its intrinsic holism characteristic of EA as we thought the study of EA would enrich our research.
A mathematical risk analysis method and tangible governance process were developed as a result of these considerations, since we understood that the two prevalent key problems in this field are lack of objective risk analyses and malfunctions of senior officers’ roles in information security management. Existing information security standards, related researches, actual information security system and incidents in Japan and U.S. government are also reviewed to verify our discussion.
On the ground of the above, we proposed a novel systemic approach of information security governance. Our result fills the gap which resides among existing standards, researches and practices. It clarifies the importance of information security to business, and provides a mean to complement the weaknesses of technology based security solutions.