JANE submitted a proposal to government on raising awareness of information security in Japanese companies.

On May 29, Japan Association of New Economy (JANE) submitted a proposal on raising awareness of information security in Japanese companies. The proposal is addressed to the Chief Cabinet Secretary, Minister of Internal Affairs and Communications, and Minister of Economy, Trade and Industry.


*Available only in Japanese

This proposal is based on a discussion at JANE’s Internet Security Working Group. The Internet Security Working Group will be renamed as Information Security Task Force. JANE will continue working on this topic. 

[Outline of the Proposal]

  1. Issues derived from interviews to experts are:
    ・could not make maximum use of security tools in many Japanese companies due to lack of knowledge and experiences,
    ・measures to be taken towards “Shadow IT”, usage of personal IT devises to work without full control of company, are necessary,
    ・information security trainings to raise awareness of employees should be enhanced,
    ・hurdles to recruit information security officer due to unattractiveness in terms of salary, misperception, no role models etc.,
    ・lack of good understanding by management for security activities.
  2. Results of global survey on information security
    ・To grasp current landscape of company’s understanding and attitudes towards information security, a survey was conducted by OWASP (The Open Web Application Security Project) in cooperation with JANE. According to the survey, most of Japanese companies indeed have a vague sense of anxiety on security but hesitate to take steps for further action. In summary, the survey showed that Japanese companies answered the questionnaire are with less actions compared to global companies.
  3. Proposals from JANE
    (1)Persuade management to allocate necessary resources to security measures
    ・Holding educational activities such as information security meetings among CEOs
    ・Developing methods to set common targets on security measures within a company
    ・Encouraging companies to disclose security measures in IR document
    (2)Nurture information security officers (human resources development) with high knowledge, capacity and ethics, and set them as higher positions in the company and foster environment for recruitment
    ・Holding classes at higher education level (high school and university)
    ・Exploring possibility for funding and tax treatment on security trainings in companies
    ・Enhancing active recruitment activity to hire security officers and tax treatment for recruitment results
    ・Setting up qualifying tests on information security (e.g. security version of TOEIC)
    ・Awarding prizes by the prime minister for excellent security officers
    ・Setting CIO (Chief Information Officer), CISO (Chief Information Security Officer) positions in companies
    (3)Create information sharing system among security officers
    ・Setting up information sharing system among information security officers in different companies and businesses by support of business associations with using internet question and answer pages
    (4)Enhance training activities for employees in to raise awareness for information security in companies and public/users in general
    ・Promotion of conducing trainings on information security to company employees
    ・Promotion of periodical security understanding checks to employees
    ・Promotion of educational activities to users in general (e.g. “stop recycling password campaign”)