Loading...

Loading...

Compile opinions from cybersecurity policy specialists and formulate policy recommendations

Policy Proposals

  • Realizing a True Digital Society in the Post-Coronavirus Era
    ~ Building a Better Japan~


    Proposal 1: Japan should improve an environment that allows all citizens to access the Internet
    Proposal 2: Japan should establish a scheme for personal authentication in the digital society
    Proposal 3: Japan should allocate sufficient human resources and budget to manage the operation of the entire digital social system
    Proposal 4: Japan should ensure the right of all citizens to user education
    Proposal 5: Japan should avoid the pitfalls of pseudo-digital society

    Policy Proposals

JCIC Thinktank Report

  • The History of Japan's Cybersecurity Policy
    Determination of the Japanese Government to Achieve "Cybersecurity Strategy" with No One Left Behind
    NEW!

    Dr Ikuo Misumi, a well-known expert on cybersecurity policy, digs into a series of Japan's cybersecurity policies. As the kickoff, Dr Misumi talks with Mr Tetsushi Yoshikawa, Deputy Director-General of Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC) who is the key person of the latest cybersecurity strategy of Japan.

    Download PDF

  • Set Internal Security Resources at 0.5% or More NEW!

    A DX with Security strategy is essential to promote DX, to increase companies’ productivity and efficiency, and to avoid financial loss. In order to develop and implement your DX with Security strategy, JCIC recommends you follow the approach below ;
    ● Visualize risks using a cyber-risk estimation model
    ● Develop a DX with Security strategy
     - Use a framework to explain the strategy as a story
     - Security investment should be 0.5% or more of consolidated sales revenue
     - Security personnel should be 0.5% or more of the total number of employees
    ● Set security key performance indicators (KPIs) and monitor them regularly

    ・Probable Maximum Loss” cyber-risk estimation model(Excel)

    Download PDF

  • Realizing DX with Security through "Proactive Plus Security Human Resources"

    The "plus security human resources (person with security knowledge)" is a new concept proposed by JCIC. Now, the necessity of this concept has been recognized, and measures and policies for "plus security" are beginning to be discussed in many places. In addition to the necessity of "plus security human resources development," this report delves into the promotion of the visualization of security human resources and stresses the necessity of this. In order to become a competitive company by realizing DX with Security, which is an aggressive IT investment that takes safety into account in order to achieve a safe and secure society, it is essential to have a new way of thinking, "proactive security," which is not only the traditional realization of defense through regulations and prohibitions, but also a promoter of acceleration.

    Download PDF

  • Rebalancing convenience and security to contend with 2025

    Due to the unexpected advent of COVID-19, many companies and organizations had their workers begin working remotely. As a result, the balance between convenience and security was lost. When JCIC conducted interviews and literature surveys to investigate company trends, it discovered great variation in the ways companies thought about convenience and security control. Each company can be classified as one of four types.

    Download PDF

  • Offensive Plus Security Human Resources

    This report illustrates the necessity of "Offensive Plus Security Human Resources " in the DX era. Offensive Plus Security Human Resources (people who know about information security in addition to their digital innovation work) are required rather than deffensive security human resources.

    Download PDF

  • Corporate Cybersecurity Disclosure Report

    Through panel discussion, professional interviews and research, JCIC summarized the key points of corporate cybersecurity disclosure. JCIC concluded that managements' attitude of dealing with cybersecurity is important to disclose. (Only available for Japanese version)

    Download PDF

  • Cybersecurity KPI Model

    This report illustrates “Cybersecurity KPI Model” as our original model to visualize cybersecurity. Cybersecurity KPI Model is able to identify organization's KPIs according to their maturity level and to objectively evaluate performance and to reduce the potential financial impact.
    ・An Example of Cybersecurity KPIs (Japanese) (PDF)

    Download PDF

  • Shortfall of Human Resources and its Solutions: Plus (+) Security Human Resources

    This report illustrated that the often claimed shortage of human resources in the area of information security is not one of security specialists but rather plus security human resources (people who know about information security in addition to their primary tasks).

    Download PDF

  • Quantifying Cyber Risk Survey

    According to our survey, the stock value index declined by an average of 10% from the day on which a data breach was disclosed, and the companies experienced an average decrease of 21% in net profit. Japanese companies should discuss cyber risks as part of their corporate governance.
    - Cyber-risk estimation model "Probable Maximum Loss"(Excel)

    Download PDF

  • Cybersecurity Information Sharing Survey

    Major countries of the world are encouraging the sharing of information on cybersecurity by enacting national cybersecurity laws and regulations. Japan should maintain a close watch on the status of these countries to see whether these laws and regulations enhance their cybersecurity levels and whether public-private partnerships are being conducted in a successful manner.

    Download PDF

JCIC Commentary

JCIC Columns

  • Global Cybersecurity and Privacy Trends (1st Half of FY2022) NEW!

    JCIC analyzed 137 newsclips distributed in the 1st half of FY2022 and add some comments to the articles that may influence future trends.

    Column

  • How to decipher Harvard Belfer Center’s Cyber Power Index 2022 NEW!

    Belfer Center for Science and International Affairs of Harvard Kennedy School released National Cyber Power Index 2022. Japan stepped down from 9th of the year 2020 to 16th. How to decipher this result? Does Japan need to take it seriously?

    Column

  • SMEs Cybersecurity NEW!

    Large companies need to address cyber risks within their own companies while also looking at risks across their supply chains. However, it is difficult for SMEs , which are the members of supply chain, to invest sufficient funds to develop specialized functions and facilities for digital and security. This column discusses to promote cybersecurity measures for SMEs.

    Column

  • The Real Part of Cybersecurity Countermeasures: Toward the Improvement of Resilience

    JCIC has been advocating the strengthening of cybersecurity measures from management perspective, and has been researching the role of management, HR development & utilization including proactive plus security human resources, and DX with security because of direct linkage between cybersecurity and business. We will continue to research these themes with a particular focus on the strengthening of cybersecurity countermeasures. JCIC will work toward " the improvement of resilience".

    Column

  • Global Cybersecurity and Privacy Trends (2nd Half of FY2021)

    JCIC analyzed 139 newsclips distributed in the 2nd half of FY2021 and add some comments to the articles that may influence future trends.

    Column

  • The Way of Communication of CEOs and Lawmakers at the Review of a Cyber Attack with Serious Impacts on the Society

    When the society is severely affected by a serious cybersecurity attack against a private entity, what does the CEO state and what do lawmakers intend to ask when reviewing? A serious ransomware attack which targeted Colonial Pipeline Company in May, 2021 caused serious damage to the East Coast of the U.S. in terms of fuel provision. We examine the communication between CEO of Colonial Pipeline and lawmakers through the hearing at the Congress in June 2021.

    Column

  • Global Cybersecurity and Privacy Trends (1st Half of FY2021)

    JCIC analyzed 142 newsclips distributed in the 1st half of FY2021 and add some comments to the articles that may influence future trends.

    Column

  • What Country’s Top Leader Talks about Cybersecurity ①U.S.
    ~A Cyber Attack on U.S. Critical Infrastructure Gave a Boost to President Biden~

    Leader’s attitude, whether a company or a country, is always the key factor for tackling challenges. JCIC tries to find what countries’ top leaders think about cybersecurity through their real messages. Messages by the President Joseph Biden of the United States of America will be firstly examined to explore his thoughts on cybersecurity.

    Column

  • Why we talk about "DX with Security" now

    The main theme of this column is "DX with Security". This column was written by Toshinori Kajiura, President of JCIC.

    Column

  • The Inforgraphics of China's Internet Development Trend in 2020

    In order to deepen our understanding of the recent developments and trends in the internet in China, Of the following two reports, one prepared by the China Internet Network Information Center (CNNIC), an organization directly under the jurisdiction of China's State Council (CAC), and the other prepared by China's CSIRT, which was established in 2001,JCIC exctracted information that may be of particular interest to Japanese companies in this document.
    - "The 47th Statistical Report on China's Internet Development" (reported by CNNIC)
    - "Internet security in China Monitoring Data Analysis Report in the first half of 2020" (reported by CN CERT/CC)

    Column

  • Global Cybersecurity and Privacy Trends

    JCIC analyzed 184 newsclip distributed in FY2020 and add some comments to the articles that may influence future trends.

    Column

  • China Personal Information Protection Law (PIPL)

    The main theme of this column is the China Personal Information Protection Law (PIPL) and impact on Japanese Businesses.

    Column

  • Cybersecurity ; Lesson learned from COVID-19

    Cybersecurity has something in common with coronavirus (COVID-19). This column illustrates lesson learned from COVID-19, written by Toshihiro Hirayama, Senior fellow of JCIC.

    Column

  • What is required for cybersecurity disclosure

    In this column, reviewing the discussion about the visualization of cybersecurity countermeasures in Japan, and summarizing the way of thinking of information security / cybersecurity disclosure. This column was written by Yumi Aoki, Senior fellow of JCIC.

    Column

  • OECD Digital Security

    This column aim to summarize OECD Digital Security policy.

    Column

  • 5G Cyber Risks

    The main theme of this column is the cyber risks related to 5G technology. This column was written by Toshinori Kajiura, President of JCIC.

    Column

  • Digital utilization of medical industry and cybersecurity

    Describing digital utilization of medical industry and cybersecurity This column was written by Toshinori Kajiura, President of JCIC.

    Column

  • COVID-19 Data Privacy

    The main theme of this column is COVID-19 Data Privacy policy trend.

    Column

  • Cybersecurity Information Sharing

    Japan should learn from the U.S. Cybersecurity Information Sharing Act (CISA) to improve cybersecurity information sharing. This column was written by Kenji Uesugi, Senior fellow of JCIC.

    Column

  • Supplychain Cyber-risk Guidelines

    Describing about Supplychain Cyber-risk Guidelines. This column was written by Yumi Aoki, Senior fellow of JCIC.

    Column

  • Critical Infrastructure Protection

    The main theme of this column is the global policy trends of critical infrastructure protection against cyber attacks. This column was written by Yumi Aoki, Senior fellow of JCIC.

    Column

  • South Korea's Cybersecurity Strategy

    What should Japan learn from South Korea's Cybersecurity Strategy? It is very useful to understand it in the geopolitical point of view. This column was written by Kenji Uesugi, Senior fellow of JCIC.

    Column

  • Investment in Risk Management

    The main theme of this column is the challenge of investment in risk management. This column was written by Toshinori Kajiura, President of JCIC.

    Column

  • Transformation to become the major industry

    Describing the human development of cybersecurity industry. This column was written by Toshihiro Hirayama, Senior fellow of JCIC.

    Column

  • A paradox of the risk management

    Describing a paradox of the cyber risk management. This column was written by Toshinori Kajiura, President of JCIC.

    Column

JCIC Event Report

JCIC Overseas' News Clip

  • Please see the Japanese website

    Overseas' cybersecurity news are compiled and distributed to the JCIC members on a weekly basis. Please see the Japanese website for the detailed information.

JCIC Working Group

Policy Proposal WG

    To promote private sector’s cybersecurity / More tangible approaches / Practical measures for SMEs

Human Development WG

    To identify effective HR and make proposals for training / To develop HR who lead the global discussion