A Proposal of Information Security Policy Agreement Method for Merger and Acquisition Using Assurance Case and ISO 27001

Nobuyuki Kobayashi, Aki Nakamoto, Maki Kawase, Makoto Ioki, Seiko Shirasaka

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

This study proposes an assurance case description method, based on the framework of Information Security Management System (ISMS; ISO 27001), for agreeing to information security policies through co-creation of values between a parent company and its subsidiary or subsidiaries which are merged or acquired. Information security policy varies among companies. Parent companies need to agree with their merged or acquired companies on the information security policies in order to maintain the existing business of the subsidiaries while the parent companies continue to use the current IT infrastructure and network. This study first structuralizes ISO 27001 by using an assurance case. We then show the items that a parent company and its subsidiary do not agree to information security policies based on each company's policy. As a result, this study will: 1) Clarify the range of agreement and disagreement between the two companies' information security policies; and 2) show how two companies mutually conclude a final agreement for the entire range using the assurance case created. We asked them how three experts in information security evaluate the Understanding, Utility and Effectiveness of the proposed assurance case description method, which the studied participants used to create the assurance case.

Original languageEnglish
Title of host publicationProceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages727-733
Number of pages7
ISBN (Electronic)9781728126272
DOIs
Publication statusPublished - 2019 Jul
Event8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019 - Toyama, Japan
Duration: 2019 Jul 72019 Jul 11

Publication series

NameProceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019

Conference

Conference8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019
CountryJapan
CityToyama
Period19/7/719/7/11

Keywords

  • Assurance Case
  • Co-creation
  • Dependability Case
  • Information security policy
  • M&A

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Information Systems and Management
  • Social Sciences (miscellaneous)

Fingerprint Dive into the research topics of 'A Proposal of Information Security Policy Agreement Method for Merger and Acquisition Using Assurance Case and ISO 27001'. Together they form a unique fingerprint.

  • Cite this

    Kobayashi, N., Nakamoto, A., Kawase, M., Ioki, M., & Shirasaka, S. (2019). A Proposal of Information Security Policy Agreement Method for Merger and Acquisition Using Assurance Case and ISO 27001. In Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019 (pp. 727-733). [8992720] (Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IIAI-AAI.2019.00150