Hisamichi Ohtani’s research while affiliated with NTT DATA Corporation and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (1)


ISMS and Delta ISMS
COF tables for risk assessment
Overview of the Delta ISMS method
COF for the primary loop
Example of reduction in damage by choosing countermeasure

+1

Enhancement of a Company-Wide Information Security Management System Through Incident Learning
  • Article
  • Publisher preview available

February 2023

·

106 Reads

·

2 Citations

SN Computer Science

Hiroshi Horikawa

·

Hisamichi Ohtani

·

Yuji Takahashi

·

[...]

·

Masakatsu Nishigaki

We propose the Delta ISMS method that strengthens the company-wide information security management system (ISMS) through incident learning. International standards of ISMS have been established to provide useful guidelines for information security risk management to organisations so they can respond appropriately to information security incidents. When the ISMS is first introduced to an organisation, the organisation is strengthened by introducing standard requirements. However, predicting everything and implementing a perfect ISMS may not be possible for each organisation. Thus, even in ISMS-certified organisations, information security incidents do not always diminish. This indicates that these organisations do not effectively carry out the PDCA cycle of the ISMS. We recognise that ISMS requires feedback and learning from incidents, while a sufficient explanation of learning procedures is not provided. Also, the Cyber Security Incident Response Team guidelines do not provide specific procedures for ‘incident learning’ explicitly. For incident learning, regularising informal knowledge (the formalisation of experience data) and double-loop learning (acquisition of company-wide knowledge from incident responses) is effective. Therefore, this study aims to develop detailed procedures for incident learning to run the second and subsequent rounds of the ISMS’s PDCA cycles. We propose an incident database operation method for regularising informal knowledge and a gold–silver–bronze communication method for implementing double loops. The procedures are routinely applied by headquarters under the supervision of the Chief Information Security Officer. By changing the safety factor in the damage reduction rate, it is possible to obtain multiple countermeasure candidate sets by considering the investment effect.

View access options

Citations (1)


... The advantage of the approach for data processing as a condition for business agility (quality) is that managers are fully aware of the data as they directly collect it, which speeds up analytics (Chen et al., 2023;Curnin et al., 2023). The advantage of data preservation (resilience) is the low risk of data leakage due to the disparate nature of the data and the difficulty of copying it from different media (Ameri et al., 2023;Horikawa et al., 2023). ...

Reference:

DATASET APPROACH TO MANAGEMENT INFORMATION SYSTEMS TO SUPPORT QUALITY AND AGILITY OF INDUSTRY 4.0 BUSINESSES
Enhancement of a Company-Wide Information Security Management System Through Incident Learning

SN Computer Science