Promotion of Information Security Integrated Research - Integration of Technology, Legislation, and Operation Management /CRDS-FY2006-SP-12
Executive Summary

This strategic initiative proposes a new attempt that integrates technology, legislation, and operation management as a R&D method for information security. Specifically, we propose an R&D project formation involving information communication engineers, information system operation administrators, and legal experts to promote the R&D for the assignments extracted by studying the information security issues based on the integrated aspects of the technology, legislation, and operation management.

Information system is closely connected to the society and organization as an important social infrastructure, which is indispensable for our life and social economic activities. Under these circumstances, such information security issues as leakage of important information and individual information from administrative organs and enterprises are becoming a social problem. These problems are detachable from the social and organizational system and must be examined comprehensively including the state of system, regulation, and operation.

However, it is hard to say that there is an organic coordination since the present R&D are independently carried out in terms of technology, legislation, and operation management. Thus, this strategic initiative proposes the promotion of R&D by integrating the technology, legislation, and operation management. In order to make the point of this proposal clear, examples of the service business relating to information security are shown as follows:

(1) A service provider, as a person in charge of promoting the project, who is to promote the service business will organize a project through the integration of the industries, universities, and government for the targeted service under the support of the ministries regulating the service business. In the project, information technology engineers, information system operation administrators (from government and industries), legal experts will extract issues by studying the information security issues together through the integration aspect of technology, legislation, and operation management based on such problems as social system problems and privacy problems that found in the past demonstration test for the services. For the issues extracted, the R&D and the study will be carried out based on respective aspect of technology, legislation, and operation management.

(2) In order to eliminate the uneasiness for the privacy issues, the achievement of R&D will be studied by constructing a prototype system in cooperation with industries, universities, and government, and tightening or relaxing the regulations in a test bed (e.g. specific district).

(3) It is important to continuously carrying out the studies incorporating the changes of social values since the social values and people's mind are expected to change when various services are practiced in the society. Therefore, continuous R&D is proposed, repeating the process as: research, design, and construction; provision and use; evaluation; and re-design.

Although the significance of information security R&D is well recognized, the number of researchers in the field is not enough right now. We propose to train engineers who would be able to study comprehensive information security under the promotion of this strategic initiative.