An Overview of International Cyber-Security Awareness Raising and Educational Initiatives (2011)

Campaign Name:

Secure Japan 2009 – ‘All Entities Should Assume They May be Subject to Accidents’

Organisation:

National Information Security Centre

Main URL:

http://www.nisc.go.jp/eng/

Dates:

2009 – 2011

Costs:

Not available

Topics covered:

– Fostering awareness of online society

– Safe encryption

– Utilisation of safe and reliable IT products

– Information Security governance

– Anti-spam measures

– Malicious websites

– Avoiding malware

Target Audience:

– Government Agencies and Local Governments

– Critical Infrastructure

– Enterprises

– Individuals

Methodology:

– IT should be both managed and a ‘safe work environment’ to be encouraged

– Strategies for response to disasters, rather than solely preventative measures

– education cycle:

‘awareness’ – organisations to recognise that accidents will happen and doing review of counteractions after accidents occur

‘cooperation’ – organisations to look into the possibility of liaising or task sharing security measures with other organisations

‘maturity’ – every organisation to implement actions relevant to them as part of the ‘Accidents Assumed Society’

– additional PR activities linked to human resource development

Evaluation:

Not found

Additional Information:

‘Secure Japan 2009’ is the beginning of the Second National Strategy, and as the name suggests, has been modelled on the basis of successes and failures of the previous First National Strategy starting from ‘Secure Japan 2006’. The main thrust of the new policy is that accidents should be ‘assumed’, that is, breaches in security are unavoidable, and hence more emphasis should be put on response to these crises as well as on preventative measures.

Government agencies are to formulate their own systems and provide an ‘Information Security Annual Report’, including an assessment on whether the ideas they implemented were successful, to be demonstrated using ‘objective indicators such as numerical representation.’

For enterprises, the emphasis of the campaign is to promote information security governance as ‘part of corporate governance’. There is a strong emphasis on audits of information security systems, and third party assessments of them.

The campaign at individuals is targeted at all age groups, both in terms of raising awareness of problems and ‘improving media literacy’. This campaign also has a small international element, in that materials have been provided in English and published online, in the hope of making this sort of strategy known both inside and outside Japan.

Sources:

1. ‘Contents’ National Information Security Centre <http://www.nisc.go.jp/eng/index.html> (accessed 24 June 2010).

2. ‘Secure Japan 2009’ Information Security Policy Council <http://www.nisc.go.jp/eng/pdf/sj2009_eng.pdf> (accessed 24 June 2010).