Guidelines on Corporate Governance for Responding to Cybersecurity Threats in the Digital Age
Main Article Content
Abstract
The objectives of this research are to: 1) study the situation of cyber threats to Critical Information Infrastructure (CII) in public health and public utilities; 2) study the enforcement of cybersecurity policies and measures in risk management to raise awareness and monitor cybersecurity threats; and 3) study guidelines on corporate governance for responding to cybersecurity threats and good digital governance in the organization to mitigate risks and prevent future cyber threats. This study is a qualitative research work that relies on the schemes of documentary research and cybersecurity officers to describe cyber threats and how to create a corporate governance for responding to cybersecurity threats. It is found that 1) cyber threats to Critical Information Infrastructure (CII) from both domestic and international sources are becoming increasingly severe, such as in hospitals, electricity and water supply, affecting the security of public health services and public utilities in various countries; 2) many countries are taking of initiatives to formulate policies, practices and prioritize in cyber risk management, including risk assessments to ensure that they are at an acceptable level for the organization; and 3) government agencies have developed applicable guidelines for enterprise operations to reduce friction and risks to a minimum, including legal measures that might not only solve cybersecurity problems but also raise awareness and promote the right to receive information in the Thai state justice process.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Views and opinions appearing in the Journal it is the responsibility of the author of the article, and does not constitute the view and responsibility of the editorial team.
References
Bank of Thailand. (2019, August 15). Cyber Resilience Assessment Framework. https://www.bot.or.th/content/dam/bot/fipcs/documents/FOG/2562/ThaiPDF/25620189.pdf
Crowdstrike. (2021). The 2021 Crowdstrike Global Threat Report. https://go.crowdstrike.com/crowdstrikeglobal-threat-report-2021.html
Cyber Security Plan. (2022, September 14). Spade Ransomware. https://webcache.googleusercontent.com/search?q=cache:1_ui7jHCTEYJ:https://www.cybersecurityplan.org/spade-ransomware/+&cd=4&hl=en&ct=clnk&gl=th
Electronic Transactions Development Agency (ETDA). (2022, October 8). 9 Dangerous behaviors Simple things that should not be overlooked. https://www.etda.or.th/th/Our-Service/ThaiCERT/Incident-Coordination/Information/Published-documents/General/papers-general
Karatzogianni, A. (2009). Cyber Conflict and Global Politics. https://www.researchgate.net/publication/259850763_Cyber_Conflict_and_Global_Politics
Lindau, K. (2012). “Cyber Security in Estonia: Lessons from the Year 2007 Cyberattack”[Master’s thesis, Tallinn University].
Mahidol University, Nakhonsawan Campus Project. (2022, September 11). Watch out! Ransomware a Severe Cyber Attack. https://na.mahidol.ac.th/medicalcenter/2020/09/11/ransomware/
National Science Museum (NSM) Thailand. (2021, December 13). Zero-Day or 0-Day. https://www.nsm.or.th/nsm/th/node/5548
Petchkla, N., & Chitsawang, S. (2022). Government Sector’s Response in Counter-Cyberterrorism in Thailand. International Journal of Crime, Law and Social Issues, 9(2), 1-11. https://doi.org/10.14456/ijclsi.2022.6
Phantawornchai, J. (2018). Guidelines for Cyber Resilience Development Framework in Cloud Computing[Master’s Thesis, Sripatum University].
Rittipalin, J. (2021). Cyber Resilience Strategy: A Key Guide to Enterprise Operations in Digital Age. NBTC Journal, 5(5), 162-181. https://so04.tci-thaijo.org/index.php/NBTC_Journal/issue/view/17234/4633)
Roumani, Y. (2021). Patching Zero-day Vulnerabilities: An Empirical Analysis. Journal of Cybersecurity, 7(1), 1–13. DOI:10.1093/cybsec/tyab023
Sakchareonkul, N. (2019). The Preparation of Thai Public Officials for Digital Government[Master’s Thesis, Chulalongkorn University].
Sangtongdee, A., & Youngyuen, Y. (2020). Guidelines of Countermeasures and Police Reporting for Ransomware Cases. Interdisciplinary Studies Journal, 21(1), 26-44. https://so02.tci-thaijo.org/index.php/sahasart/article/view/245102/168732
Satter. R. (2017). What makes a cyberattack? Experts lobby to restrict the term. https://apnews.com/2c25d7da76f4409bae7daf063c071420
Sonic Wall. (2022, August 14). VoidCrypt Ransomware Actively Spreading in the Wild. https://securitynews.sonicwall.com/xmlpost/voidcryptransomware-actively-spreading-in-the-wil
Teeraratchakarn, V., & Limpiyakorn, Y. (2020). Exploring Network Vulnerabilities for Corporate Security Operations. In book: Information Science and Applications (pp.341-351). DOI:10.1007/978-981-15-1465-4_35
TRPC. (2015, September). Public data at risk: Cyber Threats to the Networked Government. (Thailand Computer Emergency Response Team: ThaiCERT; Electronic Transactions Development Agency (Public Organization) (ETDA) (Translator). http://apps.bangkok.go.th/info_gidsedbkk/bmainfo/data_DDS/document/cyber_threats.pdf
Utakrit, N. (2012). Contingency Support Planning for Organization Information Assurance. Information Technology Journal, 8(2), 64-72. https://ph01.tci-thaijo.org/index.php/IT_Journal/article/view/54253