Title: Proposal and Evaluation of Method for Establishing Consensus on Combination of Measures Based on Cybersecurity Framework

Issue Number: Vol. 5, No. 3
Year of Publication: Nov - 2016
Page Numbers: 155-165
Authors: Shota Fukushima, Ryoichi Sasaki
Journal Name: International Journal of Cyber-Security and Digital Forensics (IJCSDF)
- Hong Kong
DOI:  http://dx.doi.org/10.17781/P002209


Due to the development of our information society in recent years, the number of companies depending on IT systems has increased. However, it has been noticed that executives have not implemented sufficient information security measures, primarily due to the lack of consensus regarding information security between executives and IT administrators in enterprises. Numerous approaches to solving this problem have been formulated and applied. The Cybersecurity Framework developed by the US NIST is one approach. However, the Cybersecurity Framework does not have a function that can be used to enumerate and select an appropriate combination of rectifying measures based on mutual understanding between executives and administrators. Herein, by applying the Cybersecurity Framework and use cases of the framework provided by Intel Corporation, we propose a method that can enumerate measures and obtain an optimal combination of measures that could lead to mutual agreement between executives and administrators. In addition, we have developed a system called Risk Communicator for Tier (RC4T) to support the abovementioned function along with a method for its use. By applying this framework and RC4T to a small example, we were able to select a combination of measures suitable for obtaining mutual consensus between executives and administrators.