การจัดการความเสี่ยงจากภัยคุกคามไซเบอร์ของหน่วยงานภาครัฐ : บทเรียนจากหน่วยงานศาลยุติธรรมในเขตอำนาจอธิบดีผู้พิพากษาภาค 9

Abstract

The purposes of this research are to (1) analyze threats, risk factors, and current practices of cyber threat risk management among judicial agencies under the jurisdiction of the Chief Justice Region 9; (2) examine the success and obstacles of cyber threat risk management; and (3) provide suggestions for better management of cyber threat risk in the future. Qualitative research methods were employed. Data were gathered through documentary research and in-depth interviews. The 36 participants who served as key informants in this study consisted of representatives from the judicial agencies under the jurisdiction of the Chief Justice Region 9. Data were verified using the data triangulation method, and after that, data were analyzed inductively. Results reveal that cyber threat risk factors faced by these agencies include the free-downloaded program software, wireless internet connection, exposed environment, unintentional attack and intentional attack. The successes of cyber threat risk management among these agencies include the establishment of accessibility levels, correctness of data, accuracy of data, and the readiness for preventing cyber threat for both software and hardware. Results also show that they are 5 obstacles that hampered the management of cyber threat risk among these agencies, which include inadequate budget for software and hardware procurement, the lack of knowledge and skill regarding cyber threat risk management among personnel, the insufficiency of IT or cyber personnel, the locations of judicial agencies that are near the coasts, and the new systems that are often redundant with the existing systems. It is recommended in this research that judicial agencies allocate more budget to assess risk in both software and hardware and to purchase insurance for connection equipment, train personnel about cyber treat risk management, request for more IT or cyber personnel, change location from coastal areas and reduce redundancy of systems.