Framework for digital data access control from internal threat in the public sector

被引:0
作者
Halim H. [1 ]
Yusof M.M. [2 ]
机构
[1] ICT Consultation Unit, MAMPU, Cyberjaya
[2] Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, Bangi
来源
International Journal of Advanced Computer Science and Applications | 2019年 / 10卷 / 08期
关键词
Control framework; Information security; Informlation management; Internal threats; Personal data access; Risk;
D O I
10.14569/ijacsa.2019.0100809
中图分类号
学科分类号
摘要
Information management is one of the main challenges in the public sector because the information is often exposed to threat risks, particularly internal ones. Information theft or misuse, which is attributed to human factors, affects the reputation of public sector organizations due to the loss of public trust in the security and confidentiality of the information and personal data that are hacked by internal parties. Most studies focus on general problem solving related to internal threats instead of digital personal data protection. Therefore, this study identifies the main security control elements for personal data access in the public sector, including information security management, human resource security, operational security, access control, and compliance. A comprehensive framework is developed based on the identified security control elements and validated using a case study. Data are collected using interview, observation, and document analysis techniques. The findings contribute to the management of information system security through a systematic approach to controlling internal threats in the public sector. This framework can serve as a guideline for the public sector in managing internal threats to reduce security incidents involving unauthorized access to digital personal data. © 2018 The Science and Information (SAI) Organization Limited.
引用
收藏
页码:61 / 67
页数:6
相关论文
共 33 条
[1]  
Pavlov G., Karakaneva J., Information security management system in organization, Trakia J Sci, 9, 4, pp. 20-25, (2011)
[2]  
Mizhera M.A., Sulaiman R., Abdalla A.M.A., An improved simple flexible cryptosystem for 3D objects with texture maps and 2D images, J Inf Sec Appl, 47, pp. 390-409, (2019)
[3]  
Alwi A., Zainol Ariffin K.A., Information Security Risk Assessment for the Malaysian Aeronautical Information Management System, Cyber Resilience Conference, (2018)
[4]  
Kashmar A.H., Hassn A.K., Ismail E.S., Hybrid chaotic keystream generation (HCKG) for symmetric image encryption, J Theor Appl Inf Tech, 97, 3, pp. 984-993, (2019)
[5]  
Jouinia M., Rabaia L.B.A., Ben Aissab A., Classification of security threats in information systems, 5th Intl Conf Ambient Systems, (2014)
[6]  
Legg P.A., Buckley O., Goldsmith M., Creese S.S., Caught in the act of an insider attack: detection and assessment of insider threat, IEEE Int Symposium on Technologies for Homeland Security, (2015)
[7]  
Eggenschwiler J., Agrafiotis I., Nurse J.R.C., Insider threat response and recovery strategies in financial services firms, Comput Fraud Security, 11, pp. 12-19, (2016)
[8]  
Price A., Choi Y.B., Human factors in information security, Int J Comput Inf Tech, 4, 5, pp. 833-847, (2015)
[9]  
Ismail W.W.B., Yusof M.M., Mitigation strategies for unintentional insider threats on information leaks, Int J Secur Appl, 12, 1, pp. 37-46I, (2018)
[10]  
Ismail W.W.H.B., Yusof M.M., Assessing data leakage prevention for data-in-use, Pacific Asia Conference on Information Systems, (2017)
1234