Internal and External Factors to Adopt a Cyber Security Strategy in Iraqi Organisations

Abstract

Cyber security has become one of the main focus areas in developing and maintaining a country’s information technology (IT) infrastructure. In a country like Iraq, there is an urgent necessity to strengthen its overall cybersecurity framework and reorganise the whole industrial and security infrastructure with the help of advanced technology coupled with integrated cyber security policy. The main aim of this paper is to devise a cyber security strategic framework for Iraqi organisations. This framework will be organised on the basis of the internal and external factors that must be considered at both the deployment and the policy levels of infrastructure development and management. An integrative or critical literature review has been embarked on for generation of themes on the bases of which the proposed cyber security framework would be modelled. This literature review is designed such that it would not only help in diagnosing gaps in knowledge but also assist to overcome the barriers in research and development. The literature reviews along with the case studies of Oman, Singapore, Malaysia, and the UK can be used to understand that a decentralised cyber security framework for national or private organisations across a country is yet not possible. However, every country must have a national level framework for a cyber security enforcement that is capable of handling both the internal and external threats. A set of recommendations were taken in this study began with Identify and technically segregate the external and internal stakeholders, formulate and implement even-handed cyber rules and regulations, devise training and awareness programmes on cyber security across the Iraqi organisations to create a fleet of capable CERT groups, innovate a cyber security framework that would encompass both the internal and external factors to be taken in account and ended with future research must be focussed on ways to assimilate cyber security specific policies within the national IT and ITeS policy framework.