source of knowledge blooming like a lotus knowledge is the competitive weapon of the 21 st century...
TRANSCRIPT
Source of Knowledge Blooming Like a LotusKnowledge is the competitive weapon of the 21st century
Intellectual
Professional
Cheerfulness
Morality
The Analysis and Evaluation of Security The Analysis and Evaluation of Security Readiness in ICT Infrastructure for Readiness in ICT Infrastructure for
Supporting e-Learning in Supporting e-Learning in Institute of Physical EducationInstitute of Physical Education
Thanakorn MeehinkongPrasong PraneetpolgrangKittima Mekhabunchakij
Faculty of Informatics, Doctor of Philosophy Program Faculty of Informatics, Doctor of Philosophy Program in Information Technologyin Information Technology
Sripatum University, Bangkok, ThailandSripatum University, Bangkok, Thailand
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
Background of the Research Research Objectives Theories and Related Research Research Conceptual Framework Research Methodology Research Results Conclusions Suggestion
3
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
4
The IPE has heavily invest on ICT Infrastructure.
ICT Infrastructure is necessary for e-Learning management.
ICT Infrastructure of IPE has no security readiness.
IPE = Institute Physical Education, ICT = Information and Communication Technology
There are no setting security standard to maintain
security process in IPE.
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
5
1. To analyze the readiness of ICT security
2. To evaluate the security readiness of ICT infrastructure in order to supporting e-Learning in Institute of Physical Education
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
6
1. e- Learning
2. ICT Security
3. Concept of Evaluation
4. ISMS Model
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
7
1. e-Learning1. e-Learning The learners do not have to come to study
in same place and same time. The Learners have to study the content from e-Learning courseware, stress the content by
non-linear, designed interaction activity, include exercises and tests for self understanding.
The content is divided in modules, learners have to discuss and share their opinions with
their classmates through electronics.
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
8
2. ICT Security 2. ICT Security
ICT security is a protection of ICT asset in the organization that refers to confidentiality, integrity and availability.
ICT Infrastructure asset is important to protect a computer network and Internet support in e-Learning system.
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
9
Many organizations adopt international standard ICT security as a main principle to develop organization’s ICT security for confidential and acceptance of public. Many organization in Thailand and all over the world emphasize in the word Best Practices or the direction standard that prepare organization’s ICT to IT Governance. The popular best practices are CobiT, ITIL and ISO/IEC 27001.
2. ICT Security 2. ICT Security (Cont.)
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
10
3.Concept of Evaluation3.Concept of Evaluation
Shuffle Beam and et al.(1971)[8] gave meaning of evaluation that it is a analysis process in order to get usefulness information for making decision the best choice.
Alkin (1969) [7] defined the word “Evaluation” that it is a collecting information selection process and utility IT management, present to the person who has power in decision making or to specific activity or project.
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
11
4. ISMS Model 4. ISMS Model
Jan Eloff and Mariki Eloff [11] presented a new form of information security management model, using ISMS model (Information Security Management System) and refer information security standard ISO17799.
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
12
1. Executives2. People3. Budget4. Plan
ICT Security Readiness Levelfor Support e-Learning
Factor
1. Policy2. People3. Physical and Environment4. Hardware5. Software
Infrastructure
ISO/IEC 27001Factor of ICT
Security
ICT Security Level
Impact to infrastructure
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
13
1. Population and Sampling Groups
3. Data Analysis
2. Research Tool
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
14
Sampling Groups
Frequenc
yExecutives 141Administrator 58Instructor 288Office Staff 280
Sub-Ordinate
Units
Units
Central Institutions
1
Institute of Physical Education
17
Sports School 11
Population Sampling Group
1. Population and Sampling Groups1. Population and Sampling Groups
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
15
2. Research Tool2. Research Tool
we use the questionnaires as research tool with sending 767 questionnaires; we receive the return questionnaires with 513 papers that is only 66.88 percents
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
16
3. Data Analysis3. Data Analysis
This research study, we have quantitative data from questionnaires, observation, interview and data analysis with statistical mean and standard deviation.
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
17
1. ICT Security Analysis Result.1. ICT Security Analysis Result.
2. Evaluation Result of Security Readiness2. Evaluation Result of Security Readiness in ICT Infrastructure from questionnairesin ICT Infrastructure from questionnaires
3. Evaluation Result of Security Readiness3. Evaluation Result of Security Readiness in ICT Infrastructure from Executive’sin ICT Infrastructure from Executive’s Interview.Interview.
4. ICT Infrastructure Effect Factor. 4. ICT Infrastructure Effect Factor.
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
Dimension of Security Mean S.D.
7. Back-up 2.69 0.90
8. Access Control 2.71 0.92
9. Information Systems Acquisition, Development and Maintenance
2.75 0.89
10. Information Security Incident Management
2.63 0.93
11. Compliance 2.72 0.95
Average 2.80 0.88
Dimension of Security Mean S.D.
1. Policy and Organization of Information Security
2.90 0.88
2. Asset Management 2.93 0.83
3. Human Resources Security 2.94 0.84
4. Physical and Environmental Security
3.00 0.78
5. Communications and Operations Management
2.88 0.89
6. Exchange of Information 2.69 0.92
18
The Level of ICT Security readiness The Level of ICT Security readiness (Cont.)
1. ICT Security Analysis Result1. ICT Security Analysis Result
Research Result Research Result (Cont.)(Cont.)
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
19
Research Result Research Result (Cont.)(Cont.)
Infrastructure ICT Mean S.D.
Policy and Structure 2.83 0.93
People 2.87 0.87
Physical and Environmental 2.93 0.82
Hardware 2.88 0.86
Software 2.73 0.91
Average 2.85 0.76
The Level of Security Readiness in ICT Infrastructure
2. Evaluation Result of Security Readiness2. Evaluation Result of Security Readiness in ICT Infrastructure from questionnairesin ICT Infrastructure from questionnaires
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
20
Research Result Research Result (Cont.)(Cont.)
ICT Security Significance: Person or staff in Institute of Physical Education place importance in ICT Security
ICT Infrastructure Budget Supporting: Institute of Physical Education propose ICT model scheme year 2008-2012, the 5 strategies .
3. Evaluation Result of Security Readiness in3. Evaluation Result of Security Readiness in ICT Infrastructure from Executive’s Interview.ICT Infrastructure from Executive’s Interview.
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
21
Research Result Research Result (Cont.)(Cont.)
ICT Security Actual Problem: The office has not using control system in computer and internet network, non- quality internet network, lack of knowhow technical person, these go to be destroy data by virus, loosing data, using other data which disallow, inactive computer because of inoperative program, slowly solving network problem.
3. Evaluation Result of Security Readiness 3. Evaluation Result of Security Readiness in ICT Infrastructure from Executive’s in ICT Infrastructure from Executive’s InterviewInterview.(Cont.).(Cont.)
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
22
Research Result Research Result (Cont.)(Cont.)
The factors that effect to ICT infrastructure are executives, people, budget and plan.
1. Policy : The executives do not govern their people to comply with the policy.
2. People: The people have got less knowledge training and discontinuous.
3. Physical and Environment : The people are not awareness of ICT security in office.
4. Hardware : The budget is not enough for hardware development plan.
5. Software: The budget is not enough for software development plan.
4. ICT Infrastructure Effect Factor 4. ICT Infrastructure Effect Factor
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
23
IPE has a moderate level of ICT security. IPE has a moderate level of security readiness in ICT infrastructure.
The results of executive interviews show that the IPE current budget allocated to the appropriate ICT infrastructure and focus on ICT security significantly.
IPE = Institute Physical Education , ICT = Information and Communication Technology
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
24
1. Policy and Structure: Redefine policy and structure control. 2. People :Provide training and inspire people awareness.3. Physical and Environment: Set up security guards environment.4. Hardware: Provide appropriate number of computers and effective intrusion detection system.5. Software: Provide e-Learning software licence.
This research result show that security readiness in ICT infrastructure in IPE has a moderate level. This level can support e-Learning only for a basic requirement. To success in e-Learning in high level, IPE should process on ICT infrastructure as follow :
IPE = Institute Physical Education , ICT = Information and Communication Technology
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
25
[1] Institute of Physical Education, Master plan Information and Communication Technology (2008-2012), Bangkok, 2008.[2] Prinya banpasat,“The design and format of e-learning concepts,” Master of information Technology in Sripratum University, Thailand, 2004.[3] International Standards for Business Government and Society, Information Security Management Requirements ISO/IEC 27001, Switzerland: ISO Office, 2007.[4] Doungkamol suppitayakorn, Standard practice guidelines and framework are related to information technology systems, Bangkok, Thai Computer Emergency Response Team, 2007.[5] itSMF, ITIl V3 Foundation Handbook, Pocketbook from Official Publisher of ITIL, Updated to the 2009 Syllabus,2009.[6] Prin sereepong, ISO 27001 Introduction to security management system, bangkok, Thailand Productivity Institue, 2008.[7] Peerapong Manakij, “Manage Security Problems: If Event 3 Southern Border Provinces,” Research Reports, National Institute of Development Administration, 2005.
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
26
[8] Shuffle Beam and et.Al. (2003) nsdv homepage.[Online]. Available: http:// www. nsdv.go.th/evaluation/[9] Stake, R.E, Standards-Based and Responsive Evaluation. Thousand Oaks, CA: Sage Publications.2004.[10] Daniel W K Tse. “Security in Modern Business Security Assessment Model for Information Security Practices,” Proceeding of the Pacific Asia Conference of Information Systems, 2004,pp. 1506-1519.[11] Jan eloff, Mariki eloff, Information Security Management – A New Paradigm, PretoriaUniversity and University of South Africa, 2003.[12] Vannee Gamkat, Science behavioral science research methods, Printing of Chulalongkorn University 2nd, 2008, p.205-221, 287-294.[13] M.D. Aime, A. Atzeni, and P.C. Pomi, “The risks with security metrics,” Proceedings of the 4th ACM workshop on Quality of protection, 2008, pp.65–70.[14] K. Burgess, P.J. Singh, and R. Koroglu, “Supply chain management: a structured iterature review and implications for future research,” International Journal of Operations and Production Management, 2006, vol. 26, p.703.[15] B.Von Solms and R. Von Solms, “The 10 deadly sins of information security management,” Computers & Security, 2004, vol. 23, pp. 371–376.
The Sixth International Conference on eLearning for Knowledge-Based Society, 17-18 December 2009 Thailand
Fac
ulty
of
Info
rmat
ics,
Doc
tor
of P
hilo
soph
y P
rogr
am in
Inf
orm
atio
n T
echn
olog
y S
ripa
tum
Uni
vers
ity,
Ban
gkok
, Tha
ilan
d
Sripatum University
27
Thank youThank you
for your kind attentionfor your kind attention