A Proposal of Information Security Policy Agreement Method for Merger and Acquisition Using Assurance Case and ISO 27001
| Autor: | Makoto Ioki, Seiko Shirasaka, Aki Nakamoto, Nobuyuki Kobayashi, Maki Kawase |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Process management
business.industry media_common.quotation_subject 05 social sciences Subsidiary Information security Agreement Order (exchange) 0502 economics and business Information technology management Co-creation 050211 marketing Parent company Business 050203 business & management Information security management system media_common |
| Zdroj: | IIAI-AAI |
| DOI: | 10.1109/iiai-aai.2019.00150 |
| Popis: | This study proposes an assurance case description method, based on the framework of Information Security Management System (ISMS; ISO 27001), for agreeing to information security policies through co-creation of values between a parent company and its subsidiary or subsidiaries which are merged or acquired. Information security policy varies among companies. Parent companies need to agree with their merged or acquired companies on the information security policies in order to maintain the existing business of the subsidiaries while the parent companies continue to use the current IT infrastructure and network. This study first structuralizes ISO 27001 by using an assurance case. We then show the items that a parent company and its subsidiary do not agree to information security policies based on each company's policy. As a result, this study will: 1) Clarify the range of agreement and disagreement between the two companies' information security policies; and 2) show how two companies mutually conclude a final agreement for the entire range using the assurance case created. We asked them how three experts in information security evaluate the Understanding, Utility and Effectiveness of the proposed assurance case description method, which the studied participants used to create the assurance case. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|