Framework for digital data access control from internal threat in the public sector

Haslidah Halim, Maryati Mohd Yusof

Research output: Contribution to journalArticle

Abstract

Information management is one of the main challenges in the public sector because the information is often exposed to threat risks, particularly internal ones. Information theft or misuse, which is attributed to human factors, affects the reputation of public sector organizations due to the loss of public trust in the security and confidentiality of the information and personal data that are hacked by internal parties. Most studies focus on general problem solving related to internal threats instead of digital personal data protection. Therefore, this study identifies the main security control elements for personal data access in the public sector, including information security management, human resource security, operational security, access control, and compliance. A comprehensive framework is developed based on the identified security control elements and validated using a case study. Data are collected using interview, observation, and document analysis techniques. The findings contribute to the management of information system security through a systematic approach to controlling internal threats in the public sector. This framework can serve as a guideline for the public sector in managing internal threats to reduce security incidents involving unauthorized access to digital personal data.

Original languageEnglish
Pages (from-to)61-67
Number of pages7
JournalInternational Journal of Advanced Computer Science and Applications
Volume10
Issue number8
Publication statusPublished - 1 Jan 2019

Fingerprint

Data privacy
Access control
Human resource management
Security of data
Human engineering
Information management
Information systems

Keywords

  • Control framework
  • Information security
  • Informlation management
  • Internal threats
  • Personal data access
  • Risk

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Framework for digital data access control from internal threat in the public sector. / Halim, Haslidah; Yusof, Maryati Mohd.

In: International Journal of Advanced Computer Science and Applications, Vol. 10, No. 8, 01.01.2019, p. 61-67.

Research output: Contribution to journalArticle

@article{cd9a532231614a5e959881a79f32d6e4,
title = "Framework for digital data access control from internal threat in the public sector",
abstract = "Information management is one of the main challenges in the public sector because the information is often exposed to threat risks, particularly internal ones. Information theft or misuse, which is attributed to human factors, affects the reputation of public sector organizations due to the loss of public trust in the security and confidentiality of the information and personal data that are hacked by internal parties. Most studies focus on general problem solving related to internal threats instead of digital personal data protection. Therefore, this study identifies the main security control elements for personal data access in the public sector, including information security management, human resource security, operational security, access control, and compliance. A comprehensive framework is developed based on the identified security control elements and validated using a case study. Data are collected using interview, observation, and document analysis techniques. The findings contribute to the management of information system security through a systematic approach to controlling internal threats in the public sector. This framework can serve as a guideline for the public sector in managing internal threats to reduce security incidents involving unauthorized access to digital personal data.",
keywords = "Control framework, Information security, Informlation management, Internal threats, Personal data access, Risk",
author = "Haslidah Halim and Yusof, {Maryati Mohd}",
year = "2019",
month = "1",
day = "1",
language = "English",
volume = "10",
pages = "61--67",
journal = "International Journal of Advanced Computer Science and Applications",
issn = "2158-107X",
publisher = "Science and Information Organization",
number = "8",

}

TY - JOUR

T1 - Framework for digital data access control from internal threat in the public sector

AU - Halim, Haslidah

AU - Yusof, Maryati Mohd

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Information management is one of the main challenges in the public sector because the information is often exposed to threat risks, particularly internal ones. Information theft or misuse, which is attributed to human factors, affects the reputation of public sector organizations due to the loss of public trust in the security and confidentiality of the information and personal data that are hacked by internal parties. Most studies focus on general problem solving related to internal threats instead of digital personal data protection. Therefore, this study identifies the main security control elements for personal data access in the public sector, including information security management, human resource security, operational security, access control, and compliance. A comprehensive framework is developed based on the identified security control elements and validated using a case study. Data are collected using interview, observation, and document analysis techniques. The findings contribute to the management of information system security through a systematic approach to controlling internal threats in the public sector. This framework can serve as a guideline for the public sector in managing internal threats to reduce security incidents involving unauthorized access to digital personal data.

AB - Information management is one of the main challenges in the public sector because the information is often exposed to threat risks, particularly internal ones. Information theft or misuse, which is attributed to human factors, affects the reputation of public sector organizations due to the loss of public trust in the security and confidentiality of the information and personal data that are hacked by internal parties. Most studies focus on general problem solving related to internal threats instead of digital personal data protection. Therefore, this study identifies the main security control elements for personal data access in the public sector, including information security management, human resource security, operational security, access control, and compliance. A comprehensive framework is developed based on the identified security control elements and validated using a case study. Data are collected using interview, observation, and document analysis techniques. The findings contribute to the management of information system security through a systematic approach to controlling internal threats in the public sector. This framework can serve as a guideline for the public sector in managing internal threats to reduce security incidents involving unauthorized access to digital personal data.

KW - Control framework

KW - Information security

KW - Informlation management

KW - Internal threats

KW - Personal data access

KW - Risk

UR - http://www.scopus.com/inward/record.url?scp=85072291723&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85072291723&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:85072291723

VL - 10

SP - 61

EP - 67

JO - International Journal of Advanced Computer Science and Applications

JF - International Journal of Advanced Computer Science and Applications

SN - 2158-107X

IS - 8

ER -