This paper reports a study of the key factors that affect ICT risk management using Thai businesses as the data sources. Three hundred and two respondents from listed organisations on the Stock Exchange of Thailand (SET) were surveyed and the data analysed to establish the strength of relationships in a model derived from extant literature and the application of the two most commonly used gover...

This paper examines malicious insider threat and explains the key differences from other types of insider threat and from external threat actors. A phase based “kill-chain” malicious insider threat model is developed and proposed to help inform selection of mitigation countermeasures which are complementary or incremental to a typically implemented traditional ISO 17799/27002 information securi...

With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognize...

Embedded Systems are electronic products that contain one or more than one microprocessor and software either programmable or fixed in capability, designed to perform some dedicated function within a large entity. Embedded Systems are increasingly employed in critical sectors such as in Life Critical Systems, Financial Infrastructure, Information Systems, Transportation Systems, Consumer Produc...

This paper investigates the coexistence of and complementary use of COBIT and ISO 17799 as reference frameworks for Information Security governance. The investigation is based on a mapping between COBIT and ISO 17799 which became available in 2004, and provides a level of 'synchronization' between these two frameworks.

! ABSTRACT Purpose The lack of a security evaluation method might expose organizations to several risky situations. This paper aims at presenting a cyclical evaluation model of information security maturity. Design/methodology/approach This model was developed through the definition of a set of steps to be followed in order to obtain periodical evaluation of maturity and continuous improvement ...

In the complex technological world that healthcare organizations and their business associates operate, there exist security threats and attacks which render individually identifiable health information vulnerable. Laws exist to ensure that healthcare providers take practical measures to address the security and privacy needs of health information. There are also standards that assist healthcar...