Positive Analysis on Vulnerability, Information Security Incidents, and the Countermeasures of Japanese Internet Service Providers
This paper includes a positive analysis to quantitatively grasp the relationship among vulnerability, information security incidents, and the countermeasures by using data based on a 2007 questionnaire survey for Japanese ISPs (Internet Service Providers). To grasp the relationships, logistic regression analysis is used. The results clarify that there are relationships between information security incidents and the countermeasures. Concretely, there is a positive relationship between information security incidents and the number of information security systems introduced as well as a negative relationship between information security incidents and information security education. It is also pointed out that (especially, local) ISPs do not execute efficient information security countermeasures/ investment concerned with systems, and it is suggested that they should positively execute information security education. In addition, to further heighten the information security level of Japanese telecommunication infrastructure, the necessity and importance of the government to implement policy to support the countermeasures of ISPs is insisted.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1331017Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1416
 E. Brynjolfsson, L. Hitt and S. Yang, "Intangible assets: how the interaction of computers and organizational structure affects stock market valuations," Brookings Papers on Economic Activity: Macroeconomics, vol.1, pp.137-199, 2002
 T. Takemura, Economic analysis on information and communication technology. Tokyo: Taga-shuppan, 2008.
 Information-technology Promotion Agency, Information security white paper 2008. Tokyo: Jikkyo Shuppan, 2008.
 H. Ebara, A. Nakaniwa, T. Takemura and M. Yokomi, Empirical analysis for internet service providers. Tokyo: Taga-shuppan, 2006.
 T. Takemura, "The 2nd investigation of actual conditions report on information security countermeasures for internet service providers," Kansai University, 2007.
 Information-technology Promotion Agency (2000, January). Investigation report: case study of information security countermeasures in critical infrastructure.
[Online]. Available: http://www.ipa.go.jp/security/fy11/ report/contents/intrusion/infrasec pts/infrasec pj.pdf
 S. Yamaguchi (2007, February). Expectation for academic society. JSSM Security forum distributed material. (Online). Available: http://www.jssm.net/
 National Information Security Center (2008, June). Secure Japan 2008: concentrated approach for strengthening information security base. (Online). Available: http://www.nisc.go.jp/active/kihon/pdf/sj 2008 draft.pdf
 H. Tanaka and K. Matsuura, "Empirical analysis at firm level on economical incentive of information security investment," Research investigation reports (The Telecommunications Advancement Foundation), vol.21, pp.9- 16, 2006.
 L. A. Gordon and M. P. Loeb, "The Economics of Information Security Investment," in ACM Transactions on Information and System Security, vol.5, pp.438-457, 2002.
 H. R. Varian, "System Reliability and Free Riding," in ACM Transactions on Information and System Security, vol.5, pp.355-366, 2002.
 L. A. Gordon, M. P. Loeb and W. Lycyshyn, "Sharing information on computer systems security: an economic analysis," Journal of Accounting and Public Policy, vol.22 (6), pp.461-485, 2003.
 L. A. Gordon and M. P. Loeb, "Expenditures on competitor analysis and information security: a managerial accounting perspective," in Management Accounting in the Digital Economy, A. Bhimni Ed., Oxford: Oxford Univ Press, 2003, pp.95-111.
 H. Tanaka, K. Matsuura and O. Sudoh, "Vulnerability and information security investment: an empirical analysis of e-local government in Japan," Journal of Accounting and Public Policy, vol.24 (1), pp.37-59, 2005.
 W. Liu, H. Tanaka and K. Matsuura, Empirical-analysis methodology for information-security investment and its application to reliable survey of Japanese firms, Information Processing Society of Japan Digital Courier, vol.3, pp.585-599, 2007.
 H. Tanaka, "Information security as intangible assets: a firm level empirical analysis on information security investment, Journal of information studies (The University of Tokyo), vol.69, pp.123-136, 2005.
 T. Takemura, "Proposal of information security policy in telecommunication infrastructure," in What is socionetwork strategies, T. Murata and S. Watanabe Eds. Tokyo: Taga-shuppan, 2007, pp.103-127.
 H. Nagaoka and T. Takemura, "A business continuity plan to heighten enterprise value," in the Proceedings of 55th National Conference (Japan Society for Management Information), Nagoya, Japan, 2007, pp.149-152.
 Japan Network Security Association (2008, July). Fiscal 2006 information security incident survey report (information leakage: projected damages and observations). (Online). Available: http://www.jnsa.org/en/reports/incident.html
 Y. Ukai and T. Takemura (2007, March). Spam mails impede economic growth. The Review of Socionetwork Strategies, vol.1 (1), pp.14-22. (Online). Available: http://www.springerlink.com/
 T. Takemura and H. Ebara, "Spam mail reduces economic effects," in the Proceedings of the 2nd International Conference on the Digital Society, Martinique, 2008, pp.20-24.
 T. Takemura and H. Ebara, "Economic loss caused by spam mail in each Japanese industry," presented at the 1st International Conference on Social Science, Izmir, Turkey, 2008.
 T. Takemura and H. Ebara, "Estimating economic losses caused by spam mails through production function approach," Journal of International Development, to be published.
 Nippon Information Communications Association (2008, March). Inspection slip of Influence That Spam Mail Exerts on Japanese Economy.
[Online]. Available: http://www.dekyo.or.jp/
 T. Takemura, M. Osajima and T. Maeda, "The impact of mail security countermeasure in firms," in the Proceedings of 57th National Conference (Japan Society for Management Information), Miyazaki, Japan, 2007, to be published.
 M. Yokomi, H. Ebara, A. Nakaniwa and T. Takemura, "Evaluation of technical efficiency for internet providers in Japan: problems for regional providers," Journal of Public Utility Economics, vol.56(3), pp.85-94, 2004.
 Internet Provider Association, Actual conditions on investigation of nationwide internet services 2003. Tokyo: Internet Provider Association, 2003.
 D. W. Hosmer and S. Lemeshow, Applied Logistic Regression (2nd ed.). New York: Wiley-Interscience publication, 2000.
 T. Takemura and M. Osajima, "About some topics on countermeasures and policies for information security incidents in Japan," GITI Research Bulletin 2007-2008, to be published.