Risk Management Portfolio for Secure Telework
Abstract
In Japan, telework is attracting renewed attention due to the government-led “work style reform”. The advent of COVID-19 in 2020 has led to the rapid spread of teleworking, and its current state of widespread adoption may be attributed to transient factors as a counter to the spread of COVID-19. A current problem is that dealing with the emergence of risks has been postponed or overlooked because telework was hastily promoted and introduced even though sufficient preparations had not been made. In this work, we conducted a risk assessment from the viewpoints of both companies and employees, identified 28 risk factors, and proposed countermeasures for these factors in order to make teleworking permanently safe and secure in the new normal era. We also proposed the establishment of various systems related to the telework environment and the effective use of cloud computing as measures for both companies and employees. The results of an evaluation of these risk countermeasure proposals using risk values showed that they could reduce risk by approximately 61%. Finally, we constructed a portfolio to identify priorities for the proposed risk measures in terms of practical applicability and to identify the appropriate stepwise introduction of them. The results should contribute to the safe and secure utilization of telework in the new normal era.
References
Y. Ide, “A case of office work (Telework)”, Ergonomics, Vol. 55 Supplement Issue, S2F2-4, Japan Human Factors and Ergonomics Society, 2019(Japanese Edition)
T. Kamei, et al., “Challenges and prescriptions for reforming work styles through telework”, Knowledge of Asset Creation, July 2017 issue, pp.36-49, NRI, 2017, (Japanese Edition)
Ministry of Internal Affairs and Communications, “2019 Report on the Survey of Telecommunications Usage Trends (Enterprise Edition)”, 2019, https://www.soumu.go.jp/johotsusintokei/statistics/pdf/HR201900_002.pdf, (accessed 2022/05/26), (Japanese Edition)
Ministry of Health, Labor and Welfare, “Telework Portal Site Overseas Initiatives”, https://telework.mhlw.go.jp/telework/abr/, (accessed 2021/03/04) , (Japanese Edition)
M. Furuya, “World telework situation 2012”, Japan Telework Society, The 13th Academic Salon, https://www.mlit.go.jp/crd/daisei/telework/docs/H24b_06.pdf, (accessed 2021/03/04), (Japanese Edition)
Ministry of Internal Affairs and Communications, “Realizing a comfortable workplace through telework”, 2021, https://www.soumu.go.jp/johotsusintokei/statistics/pdf/HR201900_002.pdf, (accessed 2022/05/26), (Japanese Edition)
T. Gentle, “Insider Threat Risk Assessment and Telework”, ED-520: Foundations of Insider Threat Management, https://securityawareness.usalearning.gov/cdse/itawareness/documents/TorielloK-NITAM-Essay.pdf, (accessed 2022/05/26), 2021
Y. Huiyi, et al., “Security Risks in Teleworking: A Review and Analysis”, The University of Melbourne, https://minerva-access.unimelb.edu.au/items/c37178db-9b3c-5ff6-89b9-8f264b789555, (accessed 2022/05/26), 2013
P. Pyoria, “Managing telework: risks, fears and rules”, Management Research Review, Vol.34 No. 4, pp. 386-399.,2011
S.Desio, et al., “Telework and its effects on mental health during the COVID-19 lockdown”, European Review for Medical and Pharmacological Sciences, 25, pp.3914-3922, 2021
A. M. Luchena, et al., “Telework and Social Services in Spain during the COVID-19 Pandemic”, Int. J. Environ. Res. Public Health 2021, 18, 725, 2021
S. Frosdick, “The techniques of risk analysis are insufficient in themselves”, Disaster Prevention and Management, Disaster Prevention and Management, Vol. 6, No. 3, pp. 165–177, 1997
Project Risk Coach, How to Use the Delphi Technique, https://projectriskcoach.com/delphitechnique/, (accessed 2023/09/04)
RRC Training, Fault Tree Analysis (FTA) and Event Tree Analysis (ETA), https://www.icao.int/sam/documents/2014-adsafass/fault%20tree%20analysis%20and%20event%20tree%20analysis.pdf, (accessed 2023/09/04).
Manick, “Risk Breakdown Structure”, http://www.justgetpmp.com/2011/12/risk-breakdown-structure-rbs.html, (accessed 2022/05/22)
M. Rasool, et al., Methodology and tools for risk evaluation in construction projects using Risk Breakdown Structure, European Journal of Environmental and Civil Engineering, 16:sup1, s78-s98, DOI: 10.1080/19648189.2012.681959, 2012
Sky , “Awareness Survey on Telework”, https://www.skygroup.jp/news/201019_01/, (accessed 2021/03/04) , (Japanese Edition)
The Tokyo Chamber of Commerce and Industry, Issues that arose when implementing telework, 2021, (Japanese Edition)
H. Koyama, et al., “Risk Assessment of Telework for the New Normal Era”, 2021 IEEE 10th Global Conference on Consumer Electronics, pp.573-574, 2021
H. Koyama, et al., “A Study of Risk Assessment Quantification for Secure Telework,” 2022 11th International Congress on Advanced Applied Informatics (IIAI-AAI), pp.574-580, 2022
S. Tanimoto, et al., “Risk Assessment of BYOD: Bring Your Own Device”, 2016 IEEE 5th Global Conference on Consumer Electronics, pp.511-514, 2016
SCRIBD, “ISMS Risk Assessment Manual v1.4”, https://www.scribd.com/document/202271054/ISMS-Risk-Assessment-Manual-v1-4, 2015
H. Sato, et al., “Information Security Infrastructure”, Kyoritsu Shuppan Co., Ltd., pp.29-32, 2010, (Japanese Edition)
S. Tanimoto, et al., “A Study of Risk Assessment Quantification in Cloud Computing”, 8th International Workshop on Advanced Distributed and Parallel Network Applications (ADPNA-2014), pp. 426-431, 2014
S. Tanimoto, et al.,” Risk Assessment Quantification of Ambient Service”, ICDS 2015 : The Ninth International Conference on Digital Society, pp. 70-75, 2015
J. Wiik, et al., Effectiveness of Proactive CSIRT Services, In 18th Annual FIRST Conference on Computer Security Incident Handling, 2006
Y. Kenmoku, et al., A Study of Assurance Level in Information Security Management - LoA Introducing Method for CSIRT Deployment -, 6th International Conference on Project Management (ProMAC 2012), 2012
