- Professor Keiji Takeda
Introduction of the discussion
When a business entity decides whether or not to adopt information security measures, an objective effectiveness evaluation such as cost effectiveness is required.
However, the fact is that the numerical value that is the basis for introducing the probability (incidence rate) into the expected number of security incidents is far from the actual practice.
Methodology for effectiveness assessment is unestablished, and subjective decisions are often made based on past company experience.
This means that academia does not meet the expectation from the business entity.
As an interdisciplinary attempt to fill this gap, there is a study that proposes a framework for evaluating the economic rationality of information security measures that can be used when making decisions on whether or not to adopt security measures.
Finding the problem
When estimating the risk, it is necessary to visualize the management risk that the company should bear when an incident occurs after the security investment is postponed. It is too late to identify the cause of the incident after it occurred and to take preventive measures.
Argument
When a business entity suffers from malware infection or information leakage due to unauthorized software, an apology from the top management alone does not stop the situation, and in the worst case senario, it may affect the survival of the business.
For example, if confidential information or product specifications stored by customers are leaked, huge compensation for damages may occur.
In other words, economic measures required after an incident should be included in the economic rationality assessment as a risk factor.
Conclusion
Therefore, I would like to deepen my research on the economic rationality evaluation method of information security measures. Also, I would like to study detection algorithms that can detect even malware for zero-day-attack.
Examining the conclusion
By studying with Professor Keiji Takeda, who has numerous research achievements on detection methods for malware and malware, I am sure that I could obtain various perspectives regarding my research and it would open up new horizons for me.
Therefore, I believe that Keio University’s Faculty of Environment and Information Studies is the most suitable place for pursuing my research and social contributions, and I am aspiring to enter your school and study in your laboratory.
コメントを残す