Cyber security risk management and threat contol model (CSRM-TCM) a study carried out to enhance the protection of information in the Namibian public service
Loading...
Date
2016
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Namibia
Abstract
The persistent threats of the cyber environment drives organizations to adopt risk
management as a crucial practice of minimizing dangers to their information assets. However, focusing on technology alone to address these risks is no longer sufficient. IT governance which enables senior managers to align and integrate technology with business strategies through clear policy development and good practice of IT control is essential. The Namibian Public Service (NPS) currently lacks policy guidance on cyber security risk management. Consequently Offices/Ministries/Agencies (O/M/As) depend on technology to manage security risks facing them. However, this effort is not coordinated between various O/M/A. Therefore it presents security challenges to the government network as various systems continues to be interconnected. To address these risks, the study investigated behaviors of different O/M/As in the NPS. The focus was predominantly on the management of information assets in the absence of standardized cyber security best practices. The study concluded that although there may be an abundance of technologies in the (NPS), the absence cyber
security policies, standards and guidelines has led to a huge disparity regarding the
way in which Information Systems (IS) are managed in various O/M/As. Hence, this
poses security challenges. The study further identified threats, vulnerabilities facing the NPS and developed the Cyber Security Management and Threat Control (CSRM-TC) model. The model is believed to assist IT officials and policy makers in the NPS to understand challenges facing their information assets. This would further assist them to make appropriate decisions when developing cyber security policies, standards, guidelines and procedures according to best practices.
Description
A thesis submitted in partial fulfillment of the requirements for the Degree of Master of Science in Information Technology
Keywords
Threat control, Information