Authors: Pema Choejey, David Murray, Chun Che Fung

Abstract:

Bhutan is becoming increasingly dependent on Information and Communications Technologies (ICTs), especially the Internet for performing the daily activities of governments, businesses, and individuals. Consequently, information systems and networks are becoming more exposed and vulnerable to cybersecurity threats. This paper highlights the findings of the survey study carried out to understand the perceptions of cybersecurity implementation among government organizations in Bhutan. About 280 ICT personnel were surveyed about the effectiveness of cybersecurity implementation in their organizations. A questionnaire based on a 5 point Likert scale was used to assess the perceptions of respondents. The questions were asked on cybersecurity practices such as cybersecurity policies, awareness and training, and risk management. The survey results show that less than 50% of respondents believe that the cybersecurity implementation is effective: cybersecurity policy (40%), risk management (23%), training and awareness (28%), system development life cycle (34%); incident management (26%), and communications and operational management (40%). The findings suggest that many of the cybersecurity practices are inadequately implemented and therefore, there exist a gap in achieving a required cybersecurity posture. This study recommends government organizations to establish a comprehensive cybersecurity program with emphasis on cybersecurity policy, risk management, and awareness and training. In addition, the research study has practical implications to both government and private organizations for implementing and managing cybersecurity.

Keywords: Awareness and training, cybersecurity, cybersecurity policy, risk management, security risks.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1131810

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1493

References:

[1] MoIC, "Information and Communications Technology (ICT) Policy for Bhutan: A White Paper ", M. o. I. a. Communications, Ed., ed. Thimphu: Royal Government of Bhutan, 2003.
[2] RGoB, "Bhutan Information Communications and Media Act," ed. Thimphu: Royal Government of Bhutan, 2006.
[3] MoIC, "Bhutan e-Government Master Plan," Ministry of Information and Communications, Ed., ed: Royal Government of Bhutan, 2013.
[4] GNHC, "Eleventh Five Year Plan Volume I: Main Document," G. N. H. Commission, Ed., ed. Thimphu: GNHC, 2013.
[5] N. Gyeltshen, "BoB transfers Nu 16M based on fake e-mail," in BBS Online, ed. Thimphu: Bhutan Broadcasting Service, 2016.
[6] P. Choejey, C. C. Fung, K. W. Wong, D. Murray, and D. Sonam, "Cybersecurity challenges for Bhutan," in Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2015 12th International Conference on, 2015, pp. 1-5.
[7] MoIC, "Information Management and Security Policy," M. o. I. a. Communications, Ed., ed: Royal Government of Bhutan, 2009.
[8] MoC, "Bhutan e-Readiness Assessment," T. D. o. I. Technology, Ed., ed: Ministry of Communications, 2003.
[9] ITU, "Cybersurity: Readiness Assessment for Establishing National CIRT," International Telecommunication Union2012.
[10] B. Nono, "Proposing a Government PKI in Bhutan: A Solution to e-Government Security Requirements " 2011.
[11] T. Roberts, "Building Cyber-Security Capacity in the Kingdom of Bhutan," G. C. S. C. Centre, Ed., ed: University of Oxford undated.
[12] ISO/IEC 27001, "Information technology – Security techniques – Information security management systems – Requirements," 2005.
[13] NIST, "SP 800-53: Recommended Security Controls for Federal Information Systems," October, vol. 31, p. 9, 2003.
[14] P. Choejey, C. C. Fung, K. W. Wong, D. Murray, and S. Dawa, "Cybersecurity Challenges for Bhutan," presented at the 12th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology, Hua Hin, Thailand, 2015.
[15] P. Choejey, C. C. Fung, K. W. Wong, D. Murray, and H. Xie, "Cybersecurity Practices for E-Government: An Assessment in Bhutan," 2015.
[16] R. Likert, "A technique for the measurement of attitudes," Archives of psychology, 1932.
[17] J. G. Dawes, "Do data characteristics change according to the number of scale points used? An experiment using 5 point, 7 point and 10 point scales," International journal of market research, vol. 51, 2008.
[18] R. Johns, "Likert items and scales," Survey Question Bank: Methods Fact Sheet, vol. 1, 2010.