Positive Analysis on Vulnerability, Information Security Incidents, and the Countermeasures of Japanese Internet Service Providers
This paper includes a positive analysis to quantitatively grasp the relationship among vulnerability, information security incidents, and the countermeasures by using data based on a 2007 questionnaire survey for Japanese ISPs (Internet Service Providers). To grasp the relationships, logistic regression analysis is used. The results clarify that there are relationships between information security incidents and the countermeasures. Concretely, there is a positive relationship between information security incidents and the number of information security systems introduced as well as a negative relationship between information security incidents and information security education. It is also pointed out that (especially, local) ISPs do not execute efficient information security countermeasures/ investment concerned with systems, and it is suggested that they should positively execute information security education. In addition, to further heighten the information security level of Japanese telecommunication infrastructure, the necessity and importance of the government to implement policy to support the countermeasures of ISPs is insisted.
[1] E. Brynjolfsson, L. Hitt and S. Yang, "Intangible assets: how the interaction
of computers and organizational structure affects stock market
valuations," Brookings Papers on Economic Activity: Macroeconomics,
vol.1, pp.137-199, 2002
[2] T. Takemura, Economic analysis on information and communication
technology. Tokyo: Taga-shuppan, 2008.
[3] Information-technology Promotion Agency, Information security white
paper 2008. Tokyo: Jikkyo Shuppan, 2008.
[4] H. Ebara, A. Nakaniwa, T. Takemura and M. Yokomi, Empirical analysis
for internet service providers. Tokyo: Taga-shuppan, 2006.
[5] T. Takemura, "The 2nd investigation of actual conditions report on
information security countermeasures for internet service providers,"
Kansai University, 2007.
[6] Information-technology Promotion Agency (2000, January). Investigation
report: case study of information security countermeasures in critical
infrastructure. [Online]. Available: http://www.ipa.go.jp/security/fy11/
report/contents/intrusion/infrasec pts/infrasec pj.pdf
[7] S. Yamaguchi (2007, February). Expectation for academic society.
JSSM Security forum distributed material. (Online). Available:
http://www.jssm.net/
[8] National Information Security Center (2008, June). Secure Japan 2008:
concentrated approach for strengthening information security base. (Online).
Available: http://www.nisc.go.jp/active/kihon/pdf/sj 2008 draft.pdf
[9] H. Tanaka and K. Matsuura, "Empirical analysis at firm level on economical
incentive of information security investment," Research investigation
reports (The Telecommunications Advancement Foundation), vol.21, pp.9-
16, 2006.
[10] L. A. Gordon and M. P. Loeb, "The Economics of Information Security
Investment," in ACM Transactions on Information and System Security,
vol.5, pp.438-457, 2002.
[11] H. R. Varian, "System Reliability and Free Riding," in ACM Transactions
on Information and System Security, vol.5, pp.355-366, 2002.
[12] L. A. Gordon, M. P. Loeb and W. Lycyshyn, "Sharing information on
computer systems security: an economic analysis," Journal of Accounting
and Public Policy, vol.22 (6), pp.461-485, 2003.
[13] L. A. Gordon and M. P. Loeb, "Expenditures on competitor analysis and
information security: a managerial accounting perspective," in Management
Accounting in the Digital Economy, A. Bhimni Ed., Oxford: Oxford
Univ Press, 2003, pp.95-111.
[14] H. Tanaka, K. Matsuura and O. Sudoh, "Vulnerability and information
security investment: an empirical analysis of e-local government in
Japan," Journal of Accounting and Public Policy, vol.24 (1), pp.37-59,
2005.
[15] W. Liu, H. Tanaka and K. Matsuura, Empirical-analysis methodology for
information-security investment and its application to reliable survey of
Japanese firms, Information Processing Society of Japan Digital Courier,
vol.3, pp.585-599, 2007.
[16] H. Tanaka, "Information security as intangible assets: a firm level empirical
analysis on information security investment, Journal of information
studies (The University of Tokyo), vol.69, pp.123-136, 2005.
[17] T. Takemura, "Proposal of information security policy in telecommunication
infrastructure," in What is socionetwork strategies, T. Murata and
S. Watanabe Eds. Tokyo: Taga-shuppan, 2007, pp.103-127.
[18] H. Nagaoka and T. Takemura, "A business continuity plan to heighten
enterprise value," in the Proceedings of 55th National Conference (Japan
Society for Management Information), Nagoya, Japan, 2007, pp.149-152.
[19] Japan Network Security Association (2008, July). Fiscal
2006 information security incident survey report (information
leakage: projected damages and observations). (Online). Available:
http://www.jnsa.org/en/reports/incident.html
[20] Y. Ukai and T. Takemura (2007, March). Spam mails impede economic
growth. The Review of Socionetwork Strategies, vol.1 (1), pp.14-22.
(Online). Available: http://www.springerlink.com/
[21] T. Takemura and H. Ebara, "Spam mail reduces economic effects," in the
Proceedings of the 2nd International Conference on the Digital Society,
Martinique, 2008, pp.20-24.
[22] T. Takemura and H. Ebara, "Economic loss caused by spam mail in
each Japanese industry," presented at the 1st International Conference on
Social Science, Izmir, Turkey, 2008.
[23] T. Takemura and H. Ebara, "Estimating economic losses caused by spam
mails through production function approach," Journal of International
Development, to be published.
[24] Nippon Information Communications Association (2008, March). Inspection
slip of Influence That Spam Mail Exerts on Japanese Economy.
[Online]. Available: http://www.dekyo.or.jp/
[25] T. Takemura, M. Osajima and T. Maeda, "The impact of mail security
countermeasure in firms," in the Proceedings of 57th National Conference
(Japan Society for Management Information), Miyazaki, Japan, 2007, to
be published.
[26] M. Yokomi, H. Ebara, A. Nakaniwa and T. Takemura, "Evaluation of
technical efficiency for internet providers in Japan: problems for regional
providers," Journal of Public Utility Economics, vol.56(3), pp.85-94,
2004.
[27] Internet Provider Association, Actual conditions on investigation of
nationwide internet services 2003. Tokyo: Internet Provider Association,
2003.
[28] D. W. Hosmer and S. Lemeshow, Applied Logistic Regression (2nd ed.).
New York: Wiley-Interscience publication, 2000.
[29] T. Takemura and M. Osajima, "About some topics on countermeasures
and policies for information security incidents in Japan," GITI Research
Bulletin 2007-2008, to be published.
[1] E. Brynjolfsson, L. Hitt and S. Yang, "Intangible assets: how the interaction
of computers and organizational structure affects stock market
valuations," Brookings Papers on Economic Activity: Macroeconomics,
vol.1, pp.137-199, 2002
[2] T. Takemura, Economic analysis on information and communication
technology. Tokyo: Taga-shuppan, 2008.
[3] Information-technology Promotion Agency, Information security white
paper 2008. Tokyo: Jikkyo Shuppan, 2008.
[4] H. Ebara, A. Nakaniwa, T. Takemura and M. Yokomi, Empirical analysis
for internet service providers. Tokyo: Taga-shuppan, 2006.
[5] T. Takemura, "The 2nd investigation of actual conditions report on
information security countermeasures for internet service providers,"
Kansai University, 2007.
[6] Information-technology Promotion Agency (2000, January). Investigation
report: case study of information security countermeasures in critical
infrastructure. [Online]. Available: http://www.ipa.go.jp/security/fy11/
report/contents/intrusion/infrasec pts/infrasec pj.pdf
[7] S. Yamaguchi (2007, February). Expectation for academic society.
JSSM Security forum distributed material. (Online). Available:
http://www.jssm.net/
[8] National Information Security Center (2008, June). Secure Japan 2008:
concentrated approach for strengthening information security base. (Online).
Available: http://www.nisc.go.jp/active/kihon/pdf/sj 2008 draft.pdf
[9] H. Tanaka and K. Matsuura, "Empirical analysis at firm level on economical
incentive of information security investment," Research investigation
reports (The Telecommunications Advancement Foundation), vol.21, pp.9-
16, 2006.
[10] L. A. Gordon and M. P. Loeb, "The Economics of Information Security
Investment," in ACM Transactions on Information and System Security,
vol.5, pp.438-457, 2002.
[11] H. R. Varian, "System Reliability and Free Riding," in ACM Transactions
on Information and System Security, vol.5, pp.355-366, 2002.
[12] L. A. Gordon, M. P. Loeb and W. Lycyshyn, "Sharing information on
computer systems security: an economic analysis," Journal of Accounting
and Public Policy, vol.22 (6), pp.461-485, 2003.
[13] L. A. Gordon and M. P. Loeb, "Expenditures on competitor analysis and
information security: a managerial accounting perspective," in Management
Accounting in the Digital Economy, A. Bhimni Ed., Oxford: Oxford
Univ Press, 2003, pp.95-111.
[14] H. Tanaka, K. Matsuura and O. Sudoh, "Vulnerability and information
security investment: an empirical analysis of e-local government in
Japan," Journal of Accounting and Public Policy, vol.24 (1), pp.37-59,
2005.
[15] W. Liu, H. Tanaka and K. Matsuura, Empirical-analysis methodology for
information-security investment and its application to reliable survey of
Japanese firms, Information Processing Society of Japan Digital Courier,
vol.3, pp.585-599, 2007.
[16] H. Tanaka, "Information security as intangible assets: a firm level empirical
analysis on information security investment, Journal of information
studies (The University of Tokyo), vol.69, pp.123-136, 2005.
[17] T. Takemura, "Proposal of information security policy in telecommunication
infrastructure," in What is socionetwork strategies, T. Murata and
S. Watanabe Eds. Tokyo: Taga-shuppan, 2007, pp.103-127.
[18] H. Nagaoka and T. Takemura, "A business continuity plan to heighten
enterprise value," in the Proceedings of 55th National Conference (Japan
Society for Management Information), Nagoya, Japan, 2007, pp.149-152.
[19] Japan Network Security Association (2008, July). Fiscal
2006 information security incident survey report (information
leakage: projected damages and observations). (Online). Available:
http://www.jnsa.org/en/reports/incident.html
[20] Y. Ukai and T. Takemura (2007, March). Spam mails impede economic
growth. The Review of Socionetwork Strategies, vol.1 (1), pp.14-22.
(Online). Available: http://www.springerlink.com/
[21] T. Takemura and H. Ebara, "Spam mail reduces economic effects," in the
Proceedings of the 2nd International Conference on the Digital Society,
Martinique, 2008, pp.20-24.
[22] T. Takemura and H. Ebara, "Economic loss caused by spam mail in
each Japanese industry," presented at the 1st International Conference on
Social Science, Izmir, Turkey, 2008.
[23] T. Takemura and H. Ebara, "Estimating economic losses caused by spam
mails through production function approach," Journal of International
Development, to be published.
[24] Nippon Information Communications Association (2008, March). Inspection
slip of Influence That Spam Mail Exerts on Japanese Economy.
[Online]. Available: http://www.dekyo.or.jp/
[25] T. Takemura, M. Osajima and T. Maeda, "The impact of mail security
countermeasure in firms," in the Proceedings of 57th National Conference
(Japan Society for Management Information), Miyazaki, Japan, 2007, to
be published.
[26] M. Yokomi, H. Ebara, A. Nakaniwa and T. Takemura, "Evaluation of
technical efficiency for internet providers in Japan: problems for regional
providers," Journal of Public Utility Economics, vol.56(3), pp.85-94,
2004.
[27] Internet Provider Association, Actual conditions on investigation of
nationwide internet services 2003. Tokyo: Internet Provider Association,
2003.
[28] D. W. Hosmer and S. Lemeshow, Applied Logistic Regression (2nd ed.).
New York: Wiley-Interscience publication, 2000.
[29] T. Takemura and M. Osajima, "About some topics on countermeasures
and policies for information security incidents in Japan," GITI Research
Bulletin 2007-2008, to be published.
@article{"International Journal of Business, Human and Social Sciences:52934", author = "Toshihiko Takemura and Makoto Osajima and Masatoshi Kawano", title = "Positive Analysis on Vulnerability, Information Security Incidents, and the Countermeasures of Japanese Internet Service Providers", abstract = "This paper includes a positive analysis to quantitatively grasp the relationship among vulnerability, information security incidents, and the countermeasures by using data based on a 2007 questionnaire survey for Japanese ISPs (Internet Service Providers). To grasp the relationships, logistic regression analysis is used. The results clarify that there are relationships between information security incidents and the countermeasures. Concretely, there is a positive relationship between information security incidents and the number of information security systems introduced as well as a negative relationship between information security incidents and information security education. It is also pointed out that (especially, local) ISPs do not execute efficient information security countermeasures/ investment concerned with systems, and it is suggested that they should positively execute information security education. In addition, to further heighten the information security level of Japanese telecommunication infrastructure, the necessity and importance of the government to implement policy to support the countermeasures of ISPs is insisted.
", keywords = "Information security countermeasures, information security incidents, internet service providers, positive analysis", volume = "2", number = "10", pages = "1086-8", }
