A Gap Analysis of Compliance with Information Security Measures against ISO/IEC 27001:2022 and Technical Vulnerability Assessment: A Case Study of Companies in Amata City Chonburi Industrial Estate
Article Sidebar
Main Article Content
Abstract
This project aimed to check and assess the compliance of information security measures against ISO/IEC 27001:2022 standards and to examine technical vulnerabilities of operating systems and application programs of companies in Amata City Chonburi Industrial Estate in order to provide guidelines for operations and prepare an information security system to meet the ISO/IEC 27001:2022 standards. The organizing team had the operating procedures and inspection guidelines that met international standards. This resulted in efficiency in inspecting information technology systems and ensuring information technology operations. It was found that the system conformed to information security according to ISO/IEC 27001:2022 standards. The study employed a quality assessment form to collect data from a specific sample group which included those who maintained and used the organizations’ information system. The overall satisfaction level was at a good level, with the total mean at 4.33 and the standard deviation at 0.57.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
ลิขสิทธิ์ต้นฉบับที่ได้รับการตีพิมพ์ในวารสารนวัตกรรมวิทยาศาสตร์เพื่อการพัฒนาอย่างยั่งยืนถือเป็นกรรมสิทธิ์ของคณะวิทยาศาสตร์และเทคโนโลยี มหาวิทยาลัยสวนดุสิต ห้ามผู้ใดนำข้อความทั้งหมดหรือบางส่วนไปพิมพ์ซ้ำ เว้นแต่จะได้รับอนุญาตอย่างเป็นลายลักษณ์อักษรจากคณะวิทยาศาสตร์และเทคโนโลยี มหาวิทยาลัยสวนดุสิต นอกจากนี้ เนื้อหาที่ปรากฎในบทความเป็นความรับผิดชอบของผู้เขียน ทั้งนี้ไม่รวมความผิดพลาดอันเกิดจากเทคนิคการพิมพ์
References
Averyitech. (2021). NIST cybersecurity framework. Retrieved from https://www.averyittech.com/NIST_Cybersecurity_Framework
Advantio Ltd. (2023). ISO/IEC 27002:2022. Retrieved from
https://www.advantio.com/blog/whats-new-in-iso/iec-27002-2022-updates
Chotimaha, P. (2018). Guidelines for internal audit according to ISO 27001:2013 standard: A case study of the Expressway Authority of Thailand (Master's thesis). Sripatum University, Faculty of Information Technology, Information Technology
CVE Program Mission. (2023). Retrieved from https://www.cve.org
Information Security Principles. (2023). Retrieved from
https://devopedia.org/information-security-principles
Harangsee, B. (2020). ISO/IEC 27001:2022 standard Thai version. Retrieved from https://smartpdpa.gec.co.th/news/6391614101e7e93a1ee6e20a
Huawei Technologies Co., Ltd. (2023). The overview of common vulnerability scoring system. Retrieved from https://forum.huawei.com/enterprise/en/The-Overview-of-Common-Vulnerability-Scoring-System-CVSS-PART-04/thread/667251190766911488-667213854934970368
ISO27001security. (2022). ISO/IEC 27001:2022. Retrieved from https://www.iso27001security.com/html/27001.html
OpenVAS on Kali GNU/Linux part 2: First scan. (2023). Retrieved from https://stafwag.github.io/blog/blog/2021/03/07/openvas-first-scan
Panawas, N. (2008). Security measures on information network systems for organizations. Retrieved from http://dspace.spu.ac.th/handle/123456789/1016
Stefan. (2022). Install OpenVAS on Kali Linux – Easy step-by-step tutorial. Retrieved from https://www.ceos3c.com/security/install-openvas-kali-linux