17 December 2010
Hanoi International Presentation
A Security Evaluation Model for Information and Communication Technology of Rajabhat Universities
Jumpot Kanjanakomtorn1 , Panjai Tantasanawong2,
Sombat Teekasap3 and Boonmee Kavinseksan4
1Technology Management, Bansomdejchaopraya Rajabhat University.
2Graduate School, Silpakorn University.
3Faculty of Engineering, Eastern Asia University.
4Faculty of science and technology, Bansomdejchaopraya Rajabhat University.
Abstract
The research objectives were to study status and opinions toward Information and Communication Technology (ICT) security systems of Rajabhat Universities and were developed into the model of ICT security systems. The quantitative and qualitative approaches were applied in the research. Data were collected by in-depth interview of CIO,ICT Directors, ICT Technical staff and ICT Users in Rajabhat Universities, analyzed, and developed into a model for ICT security systems of Rajabhat Universities. The model was tested for its validation. Consequently, any higher education institutes can use this know how to evaluate their ICT security to prevent and correct a serious threat before getting the attacks. The model developed can be applied to other institutions with the benefit of extensive protection system of each institution.
Key word : Information technology and communication security / Evaluation security
Introduction
The development of Information and Communication Technology (ICT) security systems in educational institutes has been drastically implemented in administration, instructional plans and researches while a serious threat increases, as well. It is necessary to analyze and evaluate the treat both the correctness and the lost of the information. At present, ISO 27001 security systems are available in Asia Pacific, such as Singapore, Japan, Australia, Taiwan, South Korea and etc. These countries participate and develop in the same stable standard Plan-Do-Check-Act (PDCA) process.
Figure 1. Information Security Management System Process.
Figure 2. The research conceptual framework.
In Thailand, ISO 27001 security systems are used in some organization, since there are a lot of obstacles such as lack of the efficient experts and high expenses, most of universities, including Rajabhat Universities, cannot effort.
Therefore, these research objectives were to study status and opinions toward ICT security systems of Rajabhat Universities and were developed into a ICT security systems model. However broader scope for application to any higher education institutes are expected.
Objectives of this research are to study status and opinions toward ICT security systems and to develop ICT security systems model of Rajabhat Universities.
Instruments and Procedures
The quantitative and qualitative approaches were applied in the research. In-depth interview policy in ICT security systems were analyzed, and then developed into a ICT security systems model of Rajabhat Universities.
Datum were collected from Chief Information Officer, ICT Directors, ICT technical staffs and ICT users in Rajabhat Universities. Survey questionnaires and evaluation forms were approved by 7 experts and were tested extensively.
Results and Recommendation
From the study, it was found that each of Rajabhat Universities. Support ICT budget response education need of their students and staff. There are some shortage of personnel to take care of the system. However budget received is not enough for making efficient ICT security system which sometime effected to problems in providing services to students.
It also founded that the main treat in universities were computer virus, the delay network systems, the main network systems stopped by building electronic systems, the rule ignorance and the lack of users knowledge and etc. Therefore, a model for ICT security systems of Rajabhat Universities should concern the following items:
1. Technical security control regarding supportive control, indication, secret key-coded
management, safety management and protective control, user and password investigation, virus deletion and etc.
2. Managerial security management regarding managerial protective control, security
empowerment, security system development and maintenance, personal security control, role division and computer user control, technical training to ensure that the users understand and realize the related disciplines.
3. Practical Security Control regarding protective practical security control, accessing and grouping control, information limited area expansion, virus control, treasure control form fire and etc. the Risking indicators divided into strong, medium, and slight and impacts are none with risking provision and each group management.
Development of ICT Security Evaluation Model of Rajabhat Universities consists of 8 Topics;
1) Security policy
2) Organization of information security
3) Human resource security
4) Communications and operations management
5) Access control
6) Information system acquisition, development and maintenance
7) Business continuity management
8) Compliance
Therefore, this study is useful in the development and test evaluation model of the security system for self Rajabhat Universities. The enhancements of ICT security, improve ICT services to Universities community, administrators can manage personnel process and technology more effectively with maximizing benefit of budget spending.
Conclusion
Knowledge from status and opinions toward ICT security systems of Rajabhat Universities or other organizations can contribute to development. ICT security Evaluation Model for Rajabhat Universities benefits to university functions, eventhogh insufficient budget professional personnel is still existing. This system need less budget, compared to the normal practice of using professional agency.
The model of this evaluation is an important tool to monitor threat assessment changed to reduce any.- harmful attempt to the system. Any organizations shall implement this model within their organization which can prevent and resolve serious threat to destroy the system.
Acknowledgements
The great appreciation is due to Bansomdejchaopraya Rajabhat University Administrators and the experts who kindly support for this research.
References
ACSI33, Australian Government, Information and Communications Technology Security anaual,31 March 2006. ISO/IEC 27001.
Adams, D.A., Todd, P.A., & Nelson, R.R. (1993). A comparative evaluation of the impact of Electronic and voice mail on organizational communication. Information & Management 24): 9-21.
Berghout, E., Nijland, M., & Grant, K. (2005). Seven ways to get your favored it project accepted politics in IT evaluation. The Electronic Journal of Information Systems Evaluation 8(1): 31-40.
Boar, B.H. (2001). The art of strategic planning for information technology (2nded). U.S.A.: Wiley Computer Publishing.
Chonchanok Veerawan (2541). Using IT in Goverment: NECTEC (5): 65-77.
Clerehan, R., Kett, G., Gedge, R., & Tuovinen, J.E.(2003). Encouraging IT students to get serious
about assignment writing: evaluation of a web-based initiative. Internet and Higher Education (6): 327-346.
Grembergen, W.V. (2001). A balanced analytic approach to strategic electronic commerce decisions: A framework of the evaluation method. Information Technology Evaluation Methods and Management: 185-197.
Kunchit Malaiwong (2540). IT Vision. Bangkok: NECTEC
Pateep Metakhunvut (2544). ICT for Education Management Bangkok: Chulalongkorn University
ไม่มีความคิดเห็น:
แสดงความคิดเห็น