Internal threat control framework based on information security management system

Zailawani Mukhtar, Kamsuriah Ahmad

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

This paper focuses on proposing a framework for security control that based on ISO 27001 and ISO 27002, which is a standard of Information Security Management System (ISMS). This framework helps to mitigate internal threats for data centre meant for public sector adoption. The ISMS implementation scope in the public sector normally comprises of data centre and information security services. Previous research indicates that there is no specific framework being develop to mitigate internal threat in the data centre. Findings from the previous study generally show that human resource security, access control, physical and environmental security, and operation and communication security are used to mitigate internal threats. Hence, this paper aims to identify the most important security elements to develop internal threats framework for data centre, as well as to formulate a guideline based on the identified elements. Finally, an internal threats framework based on the elements and the guidelines is developed. A qualitative research technique, such as an interview has been conducted to study the suitability of the identified security control elements. After the result of the first interview, a second interview is conducted to validate the proposed framework. A methodology used to establish the framework includes planning, analysis, design and validation. It is hoped that the establishment of the framework, may guide the public sector to manage internal threats for the data centre, as well as to reduce security incidents which may cause by human factors.

Original languageEnglish
Pages (from-to)316-323
Number of pages8
JournalJournal of Theoretical and Applied Information Technology
Volume70
Issue number2
Publication statusPublished - 2014

Fingerprint

Information Security
Security of data
Data Center
Internal
Public Sector
Human engineering
Access control
Personnel
Planning
Qualitative Research
Human Resources
Framework
Human Factors
Access Control
Methodology

Keywords

  • Data centre
  • Internal threat
  • ISMS
  • ISO27001/27002

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Internal threat control framework based on information security management system. / Mukhtar, Zailawani; Ahmad, Kamsuriah.

In: Journal of Theoretical and Applied Information Technology, Vol. 70, No. 2, 2014, p. 316-323.

Research output: Contribution to journalArticle

@article{a422d778af1946749d5eb5c3225ed7be,
title = "Internal threat control framework based on information security management system",
abstract = "This paper focuses on proposing a framework for security control that based on ISO 27001 and ISO 27002, which is a standard of Information Security Management System (ISMS). This framework helps to mitigate internal threats for data centre meant for public sector adoption. The ISMS implementation scope in the public sector normally comprises of data centre and information security services. Previous research indicates that there is no specific framework being develop to mitigate internal threat in the data centre. Findings from the previous study generally show that human resource security, access control, physical and environmental security, and operation and communication security are used to mitigate internal threats. Hence, this paper aims to identify the most important security elements to develop internal threats framework for data centre, as well as to formulate a guideline based on the identified elements. Finally, an internal threats framework based on the elements and the guidelines is developed. A qualitative research technique, such as an interview has been conducted to study the suitability of the identified security control elements. After the result of the first interview, a second interview is conducted to validate the proposed framework. A methodology used to establish the framework includes planning, analysis, design and validation. It is hoped that the establishment of the framework, may guide the public sector to manage internal threats for the data centre, as well as to reduce security incidents which may cause by human factors.",
keywords = "Data centre, Internal threat, ISMS, ISO27001/27002",
author = "Zailawani Mukhtar and Kamsuriah Ahmad",
year = "2014",
language = "English",
volume = "70",
pages = "316--323",
journal = "Journal of Theoretical and Applied Information Technology",
issn = "1992-8645",
publisher = "Asian Research Publishing Network (ARPN)",
number = "2",

}

TY - JOUR

T1 - Internal threat control framework based on information security management system

AU - Mukhtar, Zailawani

AU - Ahmad, Kamsuriah

PY - 2014

Y1 - 2014

N2 - This paper focuses on proposing a framework for security control that based on ISO 27001 and ISO 27002, which is a standard of Information Security Management System (ISMS). This framework helps to mitigate internal threats for data centre meant for public sector adoption. The ISMS implementation scope in the public sector normally comprises of data centre and information security services. Previous research indicates that there is no specific framework being develop to mitigate internal threat in the data centre. Findings from the previous study generally show that human resource security, access control, physical and environmental security, and operation and communication security are used to mitigate internal threats. Hence, this paper aims to identify the most important security elements to develop internal threats framework for data centre, as well as to formulate a guideline based on the identified elements. Finally, an internal threats framework based on the elements and the guidelines is developed. A qualitative research technique, such as an interview has been conducted to study the suitability of the identified security control elements. After the result of the first interview, a second interview is conducted to validate the proposed framework. A methodology used to establish the framework includes planning, analysis, design and validation. It is hoped that the establishment of the framework, may guide the public sector to manage internal threats for the data centre, as well as to reduce security incidents which may cause by human factors.

AB - This paper focuses on proposing a framework for security control that based on ISO 27001 and ISO 27002, which is a standard of Information Security Management System (ISMS). This framework helps to mitigate internal threats for data centre meant for public sector adoption. The ISMS implementation scope in the public sector normally comprises of data centre and information security services. Previous research indicates that there is no specific framework being develop to mitigate internal threat in the data centre. Findings from the previous study generally show that human resource security, access control, physical and environmental security, and operation and communication security are used to mitigate internal threats. Hence, this paper aims to identify the most important security elements to develop internal threats framework for data centre, as well as to formulate a guideline based on the identified elements. Finally, an internal threats framework based on the elements and the guidelines is developed. A qualitative research technique, such as an interview has been conducted to study the suitability of the identified security control elements. After the result of the first interview, a second interview is conducted to validate the proposed framework. A methodology used to establish the framework includes planning, analysis, design and validation. It is hoped that the establishment of the framework, may guide the public sector to manage internal threats for the data centre, as well as to reduce security incidents which may cause by human factors.

KW - Data centre

KW - Internal threat

KW - ISMS

KW - ISO27001/27002

UR - http://www.scopus.com/inward/record.url?scp=84919423045&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84919423045&partnerID=8YFLogxK

M3 - Article

VL - 70

SP - 316

EP - 323

JO - Journal of Theoretical and Applied Information Technology

JF - Journal of Theoretical and Applied Information Technology

SN - 1992-8645

IS - 2

ER -