A Proposal of Information Security Policy Agreement Method for Merger and Acquisition Using Assurance Case and ISO 27001

Nobuyuki Kobayashi, Aki Nakamoto, Maki Kawase, Makoto Ioki, Seiko Shirasaka

研究成果: Conference contribution

抄録

This study proposes an assurance case description method, based on the framework of Information Security Management System (ISMS; ISO 27001), for agreeing to information security policies through co-creation of values between a parent company and its subsidiary or subsidiaries which are merged or acquired. Information security policy varies among companies. Parent companies need to agree with their merged or acquired companies on the information security policies in order to maintain the existing business of the subsidiaries while the parent companies continue to use the current IT infrastructure and network. This study first structuralizes ISO 27001 by using an assurance case. We then show the items that a parent company and its subsidiary do not agree to information security policies based on each company's policy. As a result, this study will: 1) Clarify the range of agreement and disagreement between the two companies' information security policies; and 2) show how two companies mutually conclude a final agreement for the entire range using the assurance case created. We asked them how three experts in information security evaluate the Understanding, Utility and Effectiveness of the proposed assurance case description method, which the studied participants used to create the assurance case.

本文言語English
ホスト出版物のタイトルProceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019
出版社Institute of Electrical and Electronics Engineers Inc.
ページ727-733
ページ数7
ISBN(電子版)9781728126272
DOI
出版ステータスPublished - 2019 7
イベント8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019 - Toyama, Japan
継続期間: 2019 7 72019 7 11

出版物シリーズ

名前Proceedings - 2019 8th International Congress on Advanced Applied Informatics, IIAI-AAI 2019

Conference

Conference8th IIAI International Congress on Advanced Applied Informatics, IIAI-AAI 2019
CountryJapan
CityToyama
Period19/7/719/7/11

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Information Systems and Management
  • Social Sciences (miscellaneous)

フィンガープリント 「A Proposal of Information Security Policy Agreement Method for Merger and Acquisition Using Assurance Case and ISO 27001」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル