Improving IT Security Through Security Measures: Using Our Game-Theory-Based Model of IT Security Implementation

  • Masashi SugiuraEmail author
  • Hirohiko Suwa
  • Toshizumi Ohta
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9169)


We developed a quantitative model based on game theory related to IT security promotion and implementation in an organization. This model clarified the kinds of organizational conditions in which an employee does or does not carry out security measures. We also clarified the desired and undesired conditions for security implementation in an organization. In addition, we showed that an extremely undesirable dilemma that hitherto has not attracted attention might occur. Then we applied this model to an incident that occurred at a certain school. Using public information and survey data, we calculated the parameters of the model quantitatively. Then we found what kinds of changes to the parameters would be effective for making security improvements. Furthermore, we used the model to show the appropriate order of promoting security measures.


Security Incident Game theory Model Dilemma Organization 


  1. 1.
    Anderson, R., Moore, T.: The economics of information security. Science 314, 610–613 (2006)CrossRefGoogle Scholar
  2. 2.
    Sugiura, M., Komatsu, A., Ueda, M., Yamada, Y.: Challenging to economics of information security. IPSJ Comput. Secur. Symp. 2008, 725–730 (2008). (in Japanese)Google Scholar
  3. 3.
    Komatsu, A., Takagi, D., Matumoto, T.: Experimental study on individual gain and cognitive structure in information security measures. IPSJ J. 51(9), 1711–1725 (2010). (in Japanese)Google Scholar
  4. 4.
    Sugiura, M., Suwa, H., Ohta, T.: Analysis of IT security implementation in an organization by using game theory: a game between IT security section and implementing employee. IPSJ J. 52(6), 2019–2030 (2011). (in Japanese)Google Scholar
  5. 5.
    NPO ISEF: The case study: the study of an example of an information security incident and the correspondence for it in an educational front 2007, p. 13 (2007) (in Japanese)Google Scholar
  6. 6.
    An Editorial Department of The Institute of Labour Administration: The latest actual situation of the information management in the company. ROUSEIJIHO 3777(10.7.9), 51–77 (2010). (in Japanese)Google Scholar
  7. 7.
    Ministry of Economy, Trade and Industry: Present conditions working papers to affect the information security in the elementary and secondary education spot (2003) (in Japanese)Google Scholar
  8. 8.
    Watanabe, T., Kato, J.: A step of the correspondence from the outbreak of the disgraceful affair to a disciplinary measure and a legal point to keep in mind. ROUSEIJIHO 3774(10.5.28), 60–82 (2010). (in Japanese)Google Scholar
  9. 9.
    Ministry of Internal Affairs and Communications: The investigation into about the actual situation salary of local government official (2009) (in Japanese)Google Scholar
  10. 10.
    Sugiura, M., Suwa, H., Ohta, T.: Analysis of an Actual IT-security incident occurred with a PC used by teachers: using IT-security implementation model in an organization. IPSJ J. 53(9), 2160–2170 (2012). (in Japanese)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Masashi Sugiura
    • 1
    Email author
  • Hirohiko Suwa
    • 2
  • Toshizumi Ohta
    • 3
  1. 1.NEC CorporationTokyoJapan
  2. 2.Nara Institute of Science and TechnologyNaraJapan
  3. 3.The Institute of Administrative Information SystemsTokyoJapan

Personalised recommendations