Top > JDR > Proposal for a Risk Communication-Based Approach to IT Risk

single-dr.php

JDR Vol.12 No.5 pp. 1040-1049
(2017)
doi: 10.20965/jdr.2017.p1040

Paper:

Views over last 60 days: 752

Proposal for a Risk Communication-Based Approach to IT Risk

Ryoichi Sasaki

Tokyo Denki University
5 Senju-Asahi-Cho, Adachi-ku, Tokyo

Received:
November 16, 2016
Accepted:
July 4, 2017
Online released:
September 27, 2017
Published:
October 1, 2017
Creative Commons License
Keywords:
IT risk, risk management, risk communication, consensus formation, Social MRC (Multiple Risk Communicator)
Abstract

With society’s increasing dependence on information technology (IT) systems, it is becoming increasingly difficult to resolve safety problems related to IT systems through conventional information security technology alone. Accordingly, under the heading of “IT risk” research, we have been investigating ways to address broader safety problems that arise in relation to IT systems themselves, along with the services and information they handle, in situations that include natural disasters, malfunctions, and human error, as well as risks arising from wrongdoing. Through our research, we confirmed that a risk communication-based approach is essential for resolving IT risk problems, and clarified five issues that pertain to a risk-based approach. Simultaneously, as tools to support problem resolution, we developed a multiple risk communicator (MRC) for consensus formation within organizations, along with Social-MRC for social consensus formation. The results of our research are detailed in this paper.

Cite this article as:
R. Sasaki, “Proposal for a Risk Communication-Based Approach to IT Risk,” J. Disaster Res., Vol.12 No.5, pp. 1040-1049, 2017.
Data files:
References
  1. [1] R. E. Lundgren and A. H. McMakin, “Risk Communication: A Handbook for Communicating Environmental, Safety, and Health Risks,” Wiley, 2009.
  2. [2] T. Kikkawa, “Communication to Risks,” Yuhikaku, 2000 (in Japanese).
  3. [3] R. Sasaki, Y. Hidaka, T. Moriya, M. Taniyama, H. Yajima, K. Yaegashi, Y. Kawashima, and H. Yoshiura, “Development and applications of a multiple risk communicator,” Sixth International Conference on RISK ANALYSIS 2008, pp. 241-249, 2008.
  4. [4] R. Sasaki, S. Sugimoto, H. Yajima, H. Masuda, H. Yoshiura, and M. Samejima, “Proposal for Social-MRC: Social Consensus Formation Support System Concerning IT Risk Countermeasures,” International Journal of Information Processing and Management, Vol.2, No.2, pp. 48-58, 2011.
  5. [5] R. Sasaki, “Considerations on Risk Communication for IT Systems and Development of Support Systems,” Journal of Information Processing, Vol.20, No.4, pp. 814-822, 2012, https://www.jstage.jst.go.jp/article/ipsjjip/20/4/20_814/_article [accessed Sep. 4, 2017]
  6. [6] S. Initiative, “Development of Technology System to Support Safety and Dependability of Information Society – Demanding New Dependability,” Japan science and Technology Agency, CRDS-FY2006-SP-07 (in Japanese).
  7. [7] Society of Risk Analysis: Japan-Section, “Handbook of Risk Research Revised and Enlarged Edition,” Hankyu Communications, 2006 (in Japanese).
  8. [8] Ulrich Beck (Translated by Ren Higashi and Midori Ito), “Risk Society: Towards a New Modernity,” Publishing Division of Hosei University, 1998 (in Japanese).
  9. [9] T. Hijikata and A. Nassehi, “Risk, Paradox of Control,” Sinsensha, 2002 (in Japanese).
  10. [10] G. Mikami, “ Consideration of Society – Risk, Surveillance and Personization,” Gakubunsya, 2010 (in Japanese).
  11. [11] F. Knight, “Risk, Uncertainty and Profit,” 1921, ISBN 978-0-9840614-2-6, http://www.econlib.org/library/Knight/knRUPCover.html [accessed Sep. 4, 2017]
  12. [12] N. N. Taleb, “The Black Swan: Second Edition: The Impact of the Highly Improbable: With a new section: “On Robustness and Fragility”,” Random House Trade Paperbacks, 2010.
  13. [13] R. Sasaki, “How to Deal with IT Risk,” Iwanami, 2008 (in Japanese).
  14. [14] ISO 31000 – Risk management – Principles and guidelines, 2009.
  15. [15] National Research Council (U.S.), “Improving Risk Communication,” The National Academies Press, 1989.
  16. [16] K. Nakayachi, “Measure of Risk,” NHK Books, 2006 (in Japanese).
  17. [17] H. Ogawa, “A proposition of a new structure model for risk communication based upon “3 boundaries” model : a case study of BSE program revision,” Japan Information-Culturology Society, Vol.13, No.2, pp. 47-54, 2006.
  18. [18] M. Kawakami, H. Yasuda, and R. Sasaki, “Development of an E-Learning Content-Making System for Information Security (ELSEC) and Its Application to Anti-Phishing Education,” Proceedings of 2010 International Conference on e-Business, e-Management and e-Learning, pp. 7-11.
  19. [19] M. Taniyama, Y. Hidaka, M. Arai, S. Kai, H. Igawa, H. Yajima, and R. Sasaki, “Application of “Multiple Risk Communicator” to Personal Information Leakage Problem,” The Fifth International Conference on Security and Safety of Complex Systems, 2008.
  20. [20] R. Sasaki, “Trial Application of the Multiple Risk Communicator to Internal Control Problems,” International Journal of Information Processing and Management (IJIPM), Vol.4, No.6, pp. 40-49, 2013.
  21. [21] H. Hijikata and R. Sasaki, “Application of Multiple Risk Communicator for consensus of personal information leakage measures considering Digital Forensics,” ICIMT 2010 2nd International Conference on Information and Multimedia Technology, 2010.
  22. [22] M. Ohkawara, K. Takakusaki, H. Yajima, H. Masuda, R. Sasaki, and T. Kobayash,” Application of Social Consensus Support System for IT Risk measure “Social-MRC” to The Information Filtering Issue for Children,” 3rd International Conference on e-Education e-Business, e-Management and e-Learning, pp. 158-167, 2012.
  23. [23] H. Ando, H. Masuda, and R. Sasaki, “Development and evaluation of functions for automatic classification of information given to opinion leaders in social consensus formation support system for problems,” Second ATISR 2012, 2012.
  24. [24] I. Matsunaga and R. Sasaki, “Development and Evaluation of a Continuity Operation Plan Support System for an Information Technology System,” International Journal of Cyber-Security and Digital Forensics (IJCSDF), Vol.4, No.2, pp. 327-338, 2015 (ISSN: 2305-0012).
  25. [25] R. Aihara, R. Ishii, and R. Sasaki, “Proposal of an Improved Event Tree and Defense Tree Combined Method for Risk Evaluation with Common Events,” The Third International Conference on Digital Security and Forensics (DigitalSec2016), Malaysia.
  26. [26] Y. Umehara, H. Ando, and R. Sasaki, “Proposal for combinatorial optimization technology in consideration of the dynamic characteristic of IT risks,” COMPSAC2015, 2015.
  27. [27] S. Fukushima and R. Sasaki, “Application and Evaluation of Method for Establishing Consensus on Measures Based on Cybersecurity Framework,” The Third International Conference on Digital Security and Forensics (DigitalSec2016), Malaysia.
  28. [28] L. J. Hoffman, et al., “Trust beyond security: an expanded trust model,” Communications of the ACM, Vol.49, No.7, pp. 94-101, 2006.

Creative Commons License  This article is published under a Creative Commons Attribution-NoDerivatives 4.0 Internationa License.

*This site is desgined based on HTML5 and CSS3 for modern browsers, e.g. Chrome, Firefox, Safari, Edge, Opera.

Last updated on Apr. 22, 2024