A preview of this full-text is provided by Springer Nature.
Content available from SN Computer Science
This content is subject to copyright. Terms and conditions apply.
Vol.:(0123456789)
SN Computer Science (2023) 4:211
https://doi.org/10.1007/s42979-023-01691-7
SN Computer Science
ORIGINAL RESEARCH
Enhancement ofaCompany‑Wide Information Security Management
System Through Incident Learning
HiroshiHorikawa1 · HisamichiOhtani2· YujiTakahashi3· TakehisaKato4· FumihikoMagata5·
YoshimiTeshigawara6· RyoichiSasaki3· MasakatsuNishigaki1
Received: 15 March 2022 / Accepted: 12 January 2023 / Published online: 17 February 2023
© The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd 2023
Abstract
We propose the Delta ISMS method that strengthens the company-wide information security management system (ISMS)
through incident learning. International standards of ISMS have been established to provide useful guidelines for informa-
tion security risk management to organisations so they can respond appropriately to information security incidents. When
the ISMS is first introduced to an organisation, the organisation is strengthened by introducing standard requirements.
However, predicting everything and implementing a perfect ISMS may not be possible for each organisation. Thus, even in
ISMS-certified organisations, information security incidents do not always diminish. This indicates that these organisations
do not effectively carry out the PDCA cycle of the ISMS. We recognise that ISMS requires feedback and learning from
incidents, while a sufficient explanation of learning procedures is not provided. Also, the Cyber Security Incident Response
Team guidelines do not provide specific procedures for ‘incident learning’ explicitly. For incident learning, regularising
informal knowledge (the formalisation of experience data) and double-loop learning (acquisition of company-wide knowl-
edge from incident responses) is effective. Therefore, this study aims to develop detailed procedures for incident learning
to run the second and subsequent rounds of the ISMS’s PDCA cycles. We propose an incident database operation method
for regularising informal knowledge and a gold–silver–bronze communication method for implementing double loops.
The procedures are routinely applied by headquarters under the supervision of the Chief Information Security Officer. By
changing the safety factor in the damage reduction rate, it is possible to obtain multiple countermeasure candidate sets by
considering the investment effect.
Keywords Incident learning· Information security management system (ISMS)· Incident database· Information security
incident· Chief Information Security Officer (CISO)
Introduction
Today, organisations are tasked with managing many differ-
ent types of knowledge. Almost all organisations are already
connected to the Internet. However, in recent years, digital
transformation has finally exposed every part of these organ-
isations to the threat of cyber incidents. This implies that it
has become necessary for all organisations to possess and
manage cyber security knowledge on a company-wide basis.
A typical cybersecurity knowledge management system
in organisations is the information security management sys-
tem (ISMS) [1]. In ISMS, the assets in each target depart-
ment of organisation are identified, threats to be protected
against are determined (risk assessment), and necessary
countermeasures are decided on (countermeasure selec-
tion). When the ISMS is first introduced to an organisation,
* Hiroshi Horikawa
hholy0403@gmail.com
1 Faculty ofInformatics, Shizuoka University, 3-5-1, Johoku
Naka-ku, HamamatsuCity432-8011, Japan
2 Information Security Office, NTT DATA Corporation,
Koto-kuTokyo135-6033, Japan
3 The Research Institute ofScience andTechnology,
Tokyo Denki University, 5, Senjuasahicho,
Adachi-ku,Tokyo120-8551, Japan
4 Hitachi, Ltd., Chiyoda-ku,Tokyo100-8280, Japan
5 NTT Communications Corporation, 2-3-1, Otemachi,
Chiyoda-ku,Tokyo100-8019, Japan
6 Soka University, 1-236, Tangimachi,
HachiojiCity,Tokyo192-8577, Japan
Content courtesy of Springer Nature, terms of use apply. Rights reserved.