Designing Information System Risk Management Framework Based on the Past Major Failures in the Japanese Financial Industry

  • Kenji Watanabe
  • Takashi Moriyasu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5141)


As the financial industry has aggressively implemented ICT (Information and Communication Technology) into their operations, the speed, volume and service areas have also increased dramatically. At the same time, the frequency of information system (IS) related failures have increased and vulnerability has been emerging in the financial industry as one of the critical infrastructure of our society. The paper will define IS risks in the financial industry and discuss designing risk management framework with some indicators through some case studies on the past major information systems failures in the Japanese financial industry, such as the system integration failure due to mega-banks merger in 2002 that caused major service disruption in their settlement and retail payments, the nationwide ATM network failure in 2004 that caused a one-month period of intermittent service disruptions, and the largest stock exchange disruption in 2005 that caused a half-day market closure. The framework defines IS risks with primary risk area (system/operational/ management), risk origin (external, internal), risk nature (static, dynamic), indicator criteria (quantitative, qualitative), and monitoring approach (periodic, event-driven, real-time).


IS (Information System) risk management business continuity leading indicators 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The Board of Governors of the Federal Reserve System: Draft White Paper on Sound Practices To Strengthen the Resilience of the U.S. Financial System (2002)Google Scholar
  2. 2.
    The White House: National Plan for Information Systems Protection Version 1.0 (An Invitation to a Dialogue) (2000) Google Scholar
  3. 3.
    Watanabe, K.: Economical efficiency of outsourcing at bank operations: consideration with “risk-adjusted” point of view. Hitotsubashi Journal of Commerce and Management 37, 39–55 (2002)Google Scholar
  4. 4.
    Earl, M.: The Risk of Outsourcing IT. Sloan Management Review 37(3), 26–32 (1996)Google Scholar
  5. 5.
    Watanabe, K.: Emerging System Vulnerability of Important Social Infrastructure and Risk Management. In: Proceedings of the 33rd International Conference on Computer and Industrial Engineering, Session F1.3, Jedu, Korea (2004)Google Scholar
  6. 6.
    Finne, T.: Information Systems Risk Management: Key Concepts and Business Processes. Computers & Security 19, 234–242 (2002)CrossRefGoogle Scholar
  7. 7.
    Patterson, D.F., Neailey, K.: A Risk Register Database System to aid the management of project risk. International Journal of Project management 20, 265–374 (2002)CrossRefGoogle Scholar
  8. 8.
    Suh, B., Han, I.: The IS risk analysis based on a business model. Information & Management 41, 149–158 (2003)CrossRefGoogle Scholar
  9. 9.
    PricewaterhouseCoopers: Governance, Risk and Compliance - Best Practices and Strategies for Success (2004)Google Scholar
  10. 10.
    Davies, D.: WORLD TRADE CENTER LESSONS. Computer Law & Security Report 18(2) (2002)Google Scholar
  11. 11.
    Bryson, K.: Using formal MS/OR modeling to support disaster recovery planning. European Journal of Operational Research 141, 679–688 (2002)zbMATHCrossRefGoogle Scholar
  12. 12.
    Phelps, R.: A New Threat to Add to Your Plan: A Pandemic, Spring World 2004 at Orlando (USA), General Session 5, Disaster Recovery Journal (2004)Google Scholar
  13. 13.
    Zimmerman, R.: Decision-Making and the Vulnerability if Interdependent Critical Infrastructure, CREATE REPORT, Report#04-005 (2004)Google Scholar
  14. 14.
    Hellström, T.: Critical infrastructure and systemic vulnerability: towards a planning framework. Safety Science 45, 415–430 (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Kenji Watanabe
    • 1
  • Takashi Moriyasu
    • 2
  1. 1.Nagaoka University of TechnologyNagaokaJapan
  2. 2.Hitachi Ltd., Systems Development LaboratoryKanagawaJapan

Personalised recommendations