Proposal for a Risk Communication-Based Approach to IT Risk
Tokyo Denki University
5 Senju-Asahi-Cho, Adachi-ku, Tokyo
With society’s increasing dependence on information technology (IT) systems, it is becoming increasingly difficult to resolve safety problems related to IT systems through conventional information security technology alone. Accordingly, under the heading of “IT risk” research, we have been investigating ways to address broader safety problems that arise in relation to IT systems themselves, along with the services and information they handle, in situations that include natural disasters, malfunctions, and human error, as well as risks arising from wrongdoing. Through our research, we confirmed that a risk communication-based approach is essential for resolving IT risk problems, and clarified five issues that pertain to a risk-based approach. Simultaneously, as tools to support problem resolution, we developed a multiple risk communicator (MRC) for consensus formation within organizations, along with Social-MRC for social consensus formation. The results of our research are detailed in this paper.
-  R. E. Lundgren and A. H. McMakin, “Risk Communication: A Handbook for Communicating Environmental, Safety, and Health Risks,” Wiley, 2009.
-  T. Kikkawa, “Communication to Risks,” Yuhikaku, 2000 (in Japanese).
-  R. Sasaki, Y. Hidaka, T. Moriya, M. Taniyama, H. Yajima, K. Yaegashi, Y. Kawashima, and H. Yoshiura, “Development and applications of a multiple risk communicator,” Sixth International Conference on RISK ANALYSIS 2008, pp. 241-249, 2008.
-  R. Sasaki, S. Sugimoto, H. Yajima, H. Masuda, H. Yoshiura, and M. Samejima, “Proposal for Social-MRC: Social Consensus Formation Support System Concerning IT Risk Countermeasures,” International Journal of Information Processing and Management, Vol.2, No.2, pp. 48-58, 2011.
-  R. Sasaki, “Considerations on Risk Communication for IT Systems and Development of Support Systems,” Journal of Information Processing, Vol.20, No.4, pp. 814-822, 2012, https://www.jstage.jst.go.jp/article/ipsjjip/20/4/20_814/_article [accessed Sep. 4, 2017]
-  S. Initiative, “Development of Technology System to Support Safety and Dependability of Information Society – Demanding New Dependability,” Japan science and Technology Agency, CRDS-FY2006-SP-07 (in Japanese).
-  Society of Risk Analysis: Japan-Section, “Handbook of Risk Research Revised and Enlarged Edition,” Hankyu Communications, 2006 (in Japanese).
-  Ulrich Beck (Translated by Ren Higashi and Midori Ito), “Risk Society: Towards a New Modernity,” Publishing Division of Hosei University, 1998 (in Japanese).
-  T. Hijikata and A. Nassehi, “Risk, Paradox of Control,” Sinsensha, 2002 (in Japanese).
-  G. Mikami, “ Consideration of Society – Risk, Surveillance and Personization,” Gakubunsya, 2010 (in Japanese).
-  F. Knight, “Risk, Uncertainty and Profit,” 1921, ISBN 978-0-9840614-2-6, http://www.econlib.org/library/Knight/knRUPCover.html [accessed Sep. 4, 2017]
-  N. N. Taleb, “The Black Swan: Second Edition: The Impact of the Highly Improbable: With a new section: “On Robustness and Fragility”,” Random House Trade Paperbacks, 2010.
-  R. Sasaki, “How to Deal with IT Risk,” Iwanami, 2008 (in Japanese).
-  ISO 31000 – Risk management – Principles and guidelines, 2009.
-  National Research Council (U.S.), “Improving Risk Communication,” The National Academies Press, 1989.
-  K. Nakayachi, “Measure of Risk,” NHK Books, 2006 (in Japanese).
-  H. Ogawa, “A proposition of a new structure model for risk communication based upon “3 boundaries” model : a case study of BSE program revision,” Japan Information-Culturology Society, Vol.13, No.2, pp. 47-54, 2006.
-  M. Kawakami, H. Yasuda, and R. Sasaki, “Development of an E-Learning Content-Making System for Information Security (ELSEC) and Its Application to Anti-Phishing Education,” Proceedings of 2010 International Conference on e-Business, e-Management and e-Learning, pp. 7-11.
-  M. Taniyama, Y. Hidaka, M. Arai, S. Kai, H. Igawa, H. Yajima, and R. Sasaki, “Application of “Multiple Risk Communicator” to Personal Information Leakage Problem,” The Fifth International Conference on Security and Safety of Complex Systems, 2008.
-  R. Sasaki, “Trial Application of the Multiple Risk Communicator to Internal Control Problems,” International Journal of Information Processing and Management (IJIPM), Vol.4, No.6, pp. 40-49, 2013.
-  H. Hijikata and R. Sasaki, “Application of Multiple Risk Communicator for consensus of personal information leakage measures considering Digital Forensics,” ICIMT 2010 2nd International Conference on Information and Multimedia Technology, 2010.
-  M. Ohkawara, K. Takakusaki, H. Yajima, H. Masuda, R. Sasaki, and T. Kobayash,” Application of Social Consensus Support System for IT Risk measure “Social-MRC” to The Information Filtering Issue for Children,” 3rd International Conference on e-Education e-Business, e-Management and e-Learning, pp. 158-167, 2012.
-  H. Ando, H. Masuda, and R. Sasaki, “Development and evaluation of functions for automatic classification of information given to opinion leaders in social consensus formation support system for problems,” Second ATISR 2012, 2012.
-  I. Matsunaga and R. Sasaki, “Development and Evaluation of a Continuity Operation Plan Support System for an Information Technology System,” International Journal of Cyber-Security and Digital Forensics (IJCSDF), Vol.4, No.2, pp. 327-338, 2015 (ISSN: 2305-0012).
-  R. Aihara, R. Ishii, and R. Sasaki, “Proposal of an Improved Event Tree and Defense Tree Combined Method for Risk Evaluation with Common Events,” The Third International Conference on Digital Security and Forensics (DigitalSec2016), Malaysia.
-  Y. Umehara, H. Ando, and R. Sasaki, “Proposal for combinatorial optimization technology in consideration of the dynamic characteristic of IT risks,” COMPSAC2015, 2015.
-  S. Fukushima and R. Sasaki, “Application and Evaluation of Method for Establishing Consensus on Measures Based on Cybersecurity Framework,” The Third International Conference on Digital Security and Forensics (DigitalSec2016), Malaysia.
-  L. J. Hoffman, et al., “Trust beyond security: an expanded trust model,” Communications of the ACM, Vol.49, No.7, pp. 94-101, 2006.