Maki Kawase scite author profile

This study shows a process of designing and comparing two quantitative evaluation methods for the structure of assurance cases (AC), which use two description methods: Goal Structuring Notation, and Dependability Cases. The International Organization for Standardization has mandated organizations to include AC in ISO 26262 and recommended to include AC in other standards. This study proposes two quantitative evaluation methods designed by authors, and assesses the necessity and effectiveness of the methods based on the results of quantitative evaluation of AC to confirm if the methods are useful for work improvement. We used a questionnaire completed by third party employees who are 1) working in an organization with written work procedures developed in Japanese organizational culture, 2) working in the manufacturing industry, and 3) engaged in daily routine work. These conditions define how written work procedures and documents have been created at each participant's workplace. Since we use these written materials as evidence to evaluate ACs, they satisfy certain conditions for preparation of the written information. After showing previous research on assurance cases and presenting a procedure of quantitative evaluation, we propose two equations for quantitatively evaluating a sub-goal. One equation simply integrates the numbers of Evidence and Monitoring. The second equation takes into account users' opinion on Evidence and Monitoring to quantitatively evaluate an optional sub-goal. We then describe and discuss the results of a questionnaire on the two quantitative evaluation methods for assurance cases, one using Eq. 1 and the other using Eq. 2. Responses were given quantitatively on a seven-point ordinal scale and qualitatively in a free descriptive space. We then assessed effectiveness and necessity of the two methods. The results were statistically significant for both "effectiveness" and "necessity," And we found that Eq.1 suggested more efficacy than Eq.2. This paper concludes with future research topics.

show abstract

Four-Layered Assurance Case Description Method Using D-Case

Kobayashi

Nakamoto

Kawase

et al. 2018

Int J Jpn Assoc Mgt Sys

View full text Add to dashboard Cite

Recently, assurance cases standardized by ISO have received a lot of attention from researchers. A previous study showed that it is appropriate to use assurance case to demonstrate the improved feasibility of accomplishing management vision and management strategy using four models (Management vision model, Management strategy model, Business process model, and IT system model). However, in the previous study, concrete description methods were not discussed. Filling this gap of knowledge, this study aims to show a detailed four-layered assurance case description method using D-Case approach to connect multiple layers of the hierarchical structure of an assurance case. This is an improvement from the previous in that it now focuses on one layer for improving the feasibility of accomplishing both management vision and management strategy. As a result, this study contributes to the existing literature by adding a description method for a four-layered assurance case that includes 30 steps and uses D-Case. This study concludes with future research topics.

show abstract

Evaluation of Assurance Case Description Method using ISO 27001 for Merger and Acquisition

Kobayashi

Nakamoto

Kawase

et al. 2020

View full text Add to dashboard Cite

This study proposes an assurance case description method based on the framework of In-formation Security Management System (ISMS; ISO 27001). The method agrees to information security policies through co-creation of values between a parent company and its merged and acquired subsidiary. Information security policy varies among companies. Parent companies need to agree with their merged or acquired companies on the information security policies. The purpose is to maintain the existing business of the subsidiaries while the parent companies continue to use the current IT infrastructure and network.This study first structuralizes ISO 27001 by using an assurance case. As a result, this study will: 1) Clarify the range of agreement and disagreement between the two companies' information security policies; and 2) show how two companies mutually conclude a final agreement for the entire range using the assurance case created. We also present the quantitatively evaluated results from Goal Structuring Notation (GSN) users' ability to structuralize systems with multiple viewpoints by using GSN. This evaluates the proposed description method. We asked three experts in information security to evaluate the understanding, utility and effectiveness of the proposed assurance case description method. The study participants used the method to create an assurance case.

show abstract

A Proposal of Information Security Policy Agreement Method for Merger and Acquisition Using Assurance Case and ISO 27001

Kobayashi

Nakamoto

Kawase

et al. 2019

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Maki Kawase

Managing a Monolithic System or a System-of-Systems? An Assurance Case Approach to Reach Intra-organizational Consensus

Comparison of Two Quantitative Evaluation Methods for Assurance Cases

Four-Layered Assurance Case Description Method Using D-Case

Evaluation of Assurance Case Description Method using ISO 27001 for Merger and Acquisition

A Proposal of Information Security Policy Agreement Method for Merger and Acquisition Using Assurance Case and ISO 27001

Contact Info

Product

Resources

About