Insider threat risk management framework
In an organization which is actively involved in administrative or management work, data is the most valuable asset. Without proper preparation and adequate knowledge, those asset will be exposed at high risk to threat. Office of Student Affairs is the main office of the university management. It ha...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Published: |
2012
|
Subjects: | |
Online Access: | http://eprints.utm.my/id/eprint/32186/1/MohdHafizAmabrMFSKSM2012.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | In an organization which is actively involved in administrative or management work, data is the most valuable asset. Without proper preparation and adequate knowledge, those asset will be exposed at high risk to threat. Office of Student Affairs is the main office of the university management. It handled a lot of sensitive data and information that can be manipulated by unscrupulous people for personal gain. Any negative impact on the information can affect an organization's operations and organizational performance. The most worrying threat is caused by the insiders themselves. Threats from people inside can be specified to both technical and non technical. This problem is difficult to overcome but with the effective measures can reduce this risk to a greater minimum. Implementing risk management framework into the organization a good alternative. By creating a framework for information security that specific to an organization can help reduce this problem by deliver a practical guideline for everyday practices. The processes to produce this framework are going through selecting common feature available in existing framework. Exiting framework process was merging depending on the selected feature and threat to produce a framework that focus on UTM office of Student Affair. Those risk management framework design were specific for UTM office of Student Affair work flow by aiding and assist the organization towards securing their data confidentiality, integrity and availability. |
---|