Abstract

The purpose of this paper is to discuss potential human-related problems concerning information security, which foreign companies may face in Thailand, and to suggest supplemental countermeasures in international frameworks such as Committee of Sponsoring Organizations of the Treadway Commission and ISO/IEC 27001. These potential problems are predicted using Hofstede’s cultural dimensions. To evaluate the magnitudes of potential of problems, a measure named Level of Potential (/LoP/) is adopted. The severity of each problem is calculated based on the results of an empirical survey, which was conducted in Thailand. This paper examines the relations between the conditions of occurrence of problems and the profiles of the respondents. The problem “Using previous company’s confidential information” is found to be the severest among all the investor countries considered; the second severest problem is “Unintentional sharing of confidential information” while the problems of “Concealing faults made by friends”, “Lower priority to information security management”, “Lack of interest in information security management” and “Lack of interest in information outside duties” are also severe. This paper has identified information security management-related problems with their severities and conditions of occurrence for each of the key investor countries in Thailand. It has recommended practical countermeasures to cope with the six serious problems identified. Keywords: Cultural Differences, Cultural Dimensions, Information Security Management, Human-Related Problems, Thailand

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.