このたび、京都大学学術情報メディアセンターでは、フィンランド オウル大学のMikko Siponen教授をお招きして「Development of Information Security Policies and Ensuring that Employees Comply with the Information Security Policies」と題した講演会を開催します。情報セキュリティおよびポリシーの実装について興味をもたれている方は、是非お越しください。
学内外を問わず多数の方の参加をお待ちしております。
日時
2009年7月31日(金曜日) 15時30分~17時00分
場所
京都大学 学術情報メディアセンター南館2階 202マルチメディア講義室
(お身体の不自由な方にはエレベーターをご利用いただけますので、事務室にお申し付けください)
参加費用
無料
参加申込み
不要
問い合わせ
京都大学学術情報メディアセンター 上原哲太郎
TEL: 075-753-9051、FAX: 075-753-7450
e-mail: uehara*media.kyoto-u.ac.jp (*を@に変えてください)
学術情報メディアセンターのホームページはこちら
http://www.media.kyoto-u.ac.jp/
備考
定員150名(定員になり次第締め切りとさせていただきます)
主催: 京都大学 学術情報メディアセンター
プログラム
講演者
Prof. Mikko Siponen (University of Oulu, Finland)
講演題目
"Development of Information Security Policies and Ensuring that Employees Comply with the Information Security Policies"
講演概要
This talk addresses two important issues in the area of information security management, that of the development of information security policies and ensuring that employees comply with the information security policies.
Regarding the former, both researchers and scholars agree that good information security policy is the necessary foundation of organizations' information security. In order to develop information security policies for organizations, two extremes exist. At the one extreme, information security policies are developed based on international standards or copied from other organizations. Such a common practice is justified by arguing that international information security standards present best practices and they are developed/validated by "leading experts". Both of these are argued to be fallacious arguments. Also, such "copy-paste" policies, taken from international standards or other organizations, may overlook the fact that different organizations have different business requirements. Hence, their information security requirements may differ. To address these shortcomings, a situational or organizational specific approach is recommended, and an example of such an approach is discussed.
After information security policies and subsequent end user instructions are developed and they are in place, a problem remains that employees hardly comply with these information security policies. In fact, employees' compliance with information security policies is reported as a key information security problem for organization. It even is estimated that over half of all information security breaches are indirectly or directly caused by employees' poor information security compliance. To this end, this talk discusses a number of practices that can be used to improve the employees' compliance with information security policies of their organizations. The talk is practical and do not require any previous knowledge on information security.
講演者プロフィール
Mikko Siponen is a Professor and Director of the IS Security Research Centre in the Department of Information Processing Science at the University of Oulu, Finland. He holds a Ph.D. in philosophy from the University of Joensuu, Finland, and a Ph.D. in Information Systems from the University of Oulu, Finland. His research interests include IS security, IS development, computer ethics, and philosophical aspects of IS. He has 30 published or forthcoming papers in journals such as MIS Quarterly, Journal of the Association for Information Systems, European Journal of Information Systems, Information & Organization, Information Systems Journal, Information & Management, ACM Database, Communications of the ACM, IEEE Computer, and IEEE IT Professional. He has received over 5.4million USD of research funding from corporations and numerous funding bodies. He has served as a senior and associate editor for ICIS and is currently a guest senior editor for the MIS Quarterly special issue entitled 'Information Systems Security in a Digital Economy'. He sits on the editorial boards of the European Journal of Information Systems, Journal of Organizational and End User Computing, and Journal of Information Systems Security.