Skip to main content
Springer Nature Link
Log in

Designing Information System Risk Management Framework Based on the Past Major Failures in the Japanese Financial Industry

  • Conference paper
Critical Information Infrastructures Security (CRITIS 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5141))

  • 1240 Accesses

Abstract

As the financial industry has aggressively implemented ICT (Information and Communication Technology) into their operations, the speed, volume and service areas have also increased dramatically. At the same time, the frequency of information system (IS) related failures have increased and vulnerability has been emerging in the financial industry as one of the critical infrastructure of our society. The paper will define IS risks in the financial industry and discuss designing risk management framework with some indicators through some case studies on the past major information systems failures in the Japanese financial industry, such as the system integration failure due to mega-banks merger in 2002 that caused major service disruption in their settlement and retail payments, the nationwide ATM network failure in 2004 that caused a one-month period of intermittent service disruptions, and the largest stock exchange disruption in 2005 that caused a half-day market closure. The framework defines IS risks with primary risk area (system/operational/ management), risk origin (external, internal), risk nature (static, dynamic), indicator criteria (quantitative, qualitative), and monitoring approach (periodic, event-driven, real-time).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. The Board of Governors of the Federal Reserve System: Draft White Paper on Sound Practices To Strengthen the Resilience of the U.S. Financial System (2002)

    Google Scholar 

  2. The White House: National Plan for Information Systems Protection Version 1.0 (An Invitation to a Dialogue) (2000)

    Google Scholar 

  3. Watanabe, K.: Economical efficiency of outsourcing at bank operations: consideration with “risk-adjusted” point of view. Hitotsubashi Journal of Commerce and Management 37, 39–55 (2002)

    Google Scholar 

  4. Earl, M.: The Risk of Outsourcing IT. Sloan Management Review 37(3), 26–32 (1996)

    Google Scholar 

  5. Watanabe, K.: Emerging System Vulnerability of Important Social Infrastructure and Risk Management. In: Proceedings of the 33rd International Conference on Computer and Industrial Engineering, Session F1.3, Jedu, Korea (2004)

    Google Scholar 

  6. Finne, T.: Information Systems Risk Management: Key Concepts and Business Processes. Computers & Security 19, 234–242 (2002)

    Article  Google Scholar 

  7. Patterson, D.F., Neailey, K.: A Risk Register Database System to aid the management of project risk. International Journal of Project management 20, 265–374 (2002)

    Article  Google Scholar 

  8. Suh, B., Han, I.: The IS risk analysis based on a business model. Information & Management 41, 149–158 (2003)

    Article  Google Scholar 

  9. PricewaterhouseCoopers: Governance, Risk and Compliance - Best Practices and Strategies for Success (2004)

    Google Scholar 

  10. Davies, D.: WORLD TRADE CENTER LESSONS. Computer Law & Security Report 18(2) (2002)

    Google Scholar 

  11. Bryson, K.: Using formal MS/OR modeling to support disaster recovery planning. European Journal of Operational Research 141, 679–688 (2002)

    Article  MATH  Google Scholar 

  12. Phelps, R.: A New Threat to Add to Your Plan: A Pandemic, Spring World 2004 at Orlando (USA), General Session 5, Disaster Recovery Journal (2004)

    Google Scholar 

  13. Zimmerman, R.: Decision-Making and the Vulnerability if Interdependent Critical Infrastructure, CREATE REPORT, Report#04-005 (2004)

    Google Scholar 

  14. Hellström, T.: Critical infrastructure and systemic vulnerability: towards a planning framework. Safety Science 45, 415–430 (2007)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Nagaoka University of Technology, 1603-1 Kamitomiokamachi, Nagaoka, Niigata, 940-2188, Japan

    Kenji Watanabe

  2. Hitachi Ltd., Systems Development Laboratory, 890, Kashimada, Saiwai-ku, Kawasaki-shi, Kanagawa, 212-8567, Japan

    Takashi Moriyasu

Authors
  1. Kenji Watanabe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Takashi Moriyasu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Malaga, 29071, Málaga, Spain

    Javier Lopez

  2. Hochschule Technik und Architektur Luzern (HTA), Bodenhofstraße 29, 6005, Luzern, Switzerland

    Bernhard M. Hämmerli

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Watanabe, K., Moriyasu, T. (2008). Designing Information System Risk Management Framework Based on the Past Major Failures in the Japanese Financial Industry. In: Lopez, J., Hämmerli, B.M. (eds) Critical Information Infrastructures Security. CRITIS 2007. Lecture Notes in Computer Science, vol 5141. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89173-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-89173-4_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-89095-9

  • Online ISBN: 978-3-540-89173-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics