Mariana Yusoff

A conceptual framework of info structure for information security risk assessment (ISRA)

Information security has become a vital entity to most organizations today due to current trends in information transfer through a borderless and vulnerable world. The concern and interest in information security is mainly due to the fact that information security risk assessment (ISRA) is a vital method to not only to identify and prioritize information assets but also to identify and monitor the specific threats that an organization induces; especially the chances of these threats occurring and their impact on the respective businesses. However, organizations wanting to conduct risk assessment may face problems in selecting suitable methods that would augur well in meeting their needs. This is due to the existence of numerous methodologies that are readily available. However, there is a lack in agreed reference benchmarking as well as in the comparative framework for evaluating these ISRA methods to access the information security risk. Generally, organizations will choose the most appropriate ISRA method by carrying out a comparative study between the available methodologies in detail before a suitable method is selected to conduct the risk assessment. This paper suggests a conceptual framework of info-structure for ISRA that was developed by comparing and analysing six methodologies which are currently available. The info-structure for ISRA aims to assist organizations in getting a general view of ISRA flow, gathering information on the requirements to be met before risk assessment can be conducted successfully. This info-structure can be conveniently used by organizations to complete all the required planning as well as the selection of suitable methods to complete the ISRA.

Perception on Cyber Terrorism: A Focus Group Discussion Approach

Focus group discussion is an exploratory research technique used to collect data through group interaction. This technique provides the opportunity to observe interaction among participants on a topic under this study. This paper contributes to an understanding on the cyber terrorism conceptual framework through the analysis of focus group discussion. The proposed cyber terrorism conceptual framework which was obtained during the qualitative study by the authors has been used as a basis for discussion in the focus group discussion. Thirty (30) participants took part in the focus group discussion. The overall results suggest that the proposed cyber terrorism framework is acceptable by the participants. The present study supports our initial research that the cyber terrorism conceptual framework constitutes the following components: target, motivation, tools of attack, domain, methods of attack and impact.

Grounding the component of cyber terrorism framework using the grounded theory

The current framework of cyber terrorism consists of non-tested components which are related to physical terrorism as well as cyber security threats. However, there is no universally accepted definition of cyber terrorism, which seems to be a fundamental issue and challenge in countering threats from cyber terrorism. Grounded theory research begins by focusing on area of study and gathers data from various sources, including literatures, interviews and field observations. A grounded theory study can result in empirically grounded hypothesis that can be further tested and verified with new data using qualitative methodology. In this research, semi-structured interview with purposive sampling procedures is the primary data collection. Twenty-two (22) participants took part in the interview session. The analysis indicated that the framework describing cyber terrorism can be considered from six components: motivation, target, method of attack, domain, action by perpetrator and impact. Continued research in this area can be further conducted, which may lead to the development of strategic and technological framework to counter cyber terrorism.