การประเมินความเสี่ยงด้านความมั่นคงปลอดภัยไซเบอร์ของระบบโครงสร้างพื้นฐาน ทางเทคโนโลยีสารสนเทศที่สำคัญ ภายใต้กรอบของ National Institute of Standards and Technology (NIST): กรณีศึกษา มหาวิทยาลัย ABC / จุฑามาศ ยอดวงค์ =Cybersecurity Risk Assessment for Critical IT Infrastructure of ABC University using National Institute of Standards and Technology (NIST) framework /Jutamad Yodwong
The Independent Study is to study, analyze and assess the Cybersecurity risk of the Information Technology Infrastructure which includes the Operating System, Database System and Network System of the ABC University using National Institute of Standards and Technology (NIST) framework. The result of the IT Management interview and the review of relevant documents were used for identifying risks, impacts and likelihoods of the Organization’s Cybersecurity Risks. The suggestions are provided to help organization controls and reduces the risk level of the identified risks to the acceptable level. The result of the study shows that there were ten Cybersecurity risks identified. There are three out of ten risks with High and Very High-risk level which have assessed that there is inadequate control. As a result, the study propose to provide the additional control process for the organization to mitigate risk and develop the Current Profile status from Tier 1 (Partial); risk is managed as an ad hoc and organization does not formalize the Cybersecurity Risk Management practices, to the Target Profile (Tier 3 – Repeatable); formal Cybersecurity Risk Management policy is approved and widely used among departments in the Organization.