CFP last date
20 January 2025
Reseach Article

Information Security Policy Implementation Assessment in Libyan Telecommunications Companies

by Salima Benqdara, Ibrahim Alshiekhy
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 185 - Number 2
Year of Publication: 2023
Authors: Salima Benqdara, Ibrahim Alshiekhy
10.5120/ijca2023922675

Salima Benqdara, Ibrahim Alshiekhy . Information Security Policy Implementation Assessment in Libyan Telecommunications Companies. International Journal of Computer Applications. 185, 2 ( Apr 2023), 33-41. DOI=10.5120/ijca2023922675

@article{ 10.5120/ijca2023922675,
author = { Salima Benqdara, Ibrahim Alshiekhy },
title = { Information Security Policy Implementation Assessment in Libyan Telecommunications Companies },
journal = { International Journal of Computer Applications },
issue_date = { Apr 2023 },
volume = { 185 },
number = { 2 },
month = { Apr },
year = { 2023 },
issn = { 0975-8887 },
pages = { 33-41 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume185/number2/32680-2023922675/ },
doi = { 10.5120/ijca2023922675 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:25:07.041627+05:30
%A Salima Benqdara
%A Ibrahim Alshiekhy
%T Information Security Policy Implementation Assessment in Libyan Telecommunications Companies
%J International Journal of Computer Applications
%@ 0975-8887
%V 185
%N 2
%P 33-41
%D 2023
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The telecommunications industry is a critical infrastructure that is essential for the functioning of modern society. It is also a lucrative target for cyber attacks. A successful attack on a telecommunications network could potentially expose the information of millions of customers. This study focuses on the information security policy of telecommunications companies in Libya. The study aims to assess the hypothetical risks of implementing an information security policy, as well as to examine the vulnerabilities and effectiveness of such a policy. The interview technique was selected to collect data and conduct the necessary analysis to verify the existence of any gaps. The study found that several vulnerabilities exist in telecommunications information security policies. It is therefore important for telecommunications companies to take steps to mitigate these vulnerabilities and protect their networks from cyberattacks. Overall, the study provides valuable insights into the importance of information security in the telecommunications industry. The study findings can help telecommunications companies to develop and implement effective information security policies that can help to protect their networks from cyber attacks.

References
  1. Safa, N., Ghani, N. and Ismail, M. 2014. An artificial neural network classification approach for improving the accuracy of customer identification in e-commerce. Malays J Computer Sci, vol 27(3), 171–85.
  2. Ibrahim Al-Mayahi and Sa’ad P. Mansoor. 2013. Information Security Culture Assessment: Case Study. Third International Conference on Information Science and Technology, Yangzhou, Jiangsu, China, 23-25.
  3. Klein, R. H. and Luciano, E. M. 2016. What Influences Information Security Behavior? A Study with Brazilian Users. JISTEM-Journal of Information Systems and Technology Management, vol13 (3), 479-496.
  4. Richardson. R, 2008. CSI computer crime and security survey. Computer Security Institute, http://www.gocsi.com
  5. J. S. Lim, S. Chang, S. Maynard, and A. Ahmad. 2010. Embedding Information Security Culture Emerging Concerns and Challenges. In Proceeding Pacific Asia Conference on Information Systems, PACIS 2010.
  6. Guo, K.H.2013. Security-related behavior in using information systems in the workplace: a review and synthesis. Compute Secure. Vol 32, 242–251.
  7. Alshaikh, M., Maynard, S., Ahmad, A. and Chang, S. 2016. Information Security Policy: A Management Practice Perspective. In Proceeding Australasian Conference on Information Systems, Adelaide, South Australia.
  8. Ključnikov, A., Mura, L. and Sklenar, D. 2019. Information security management in SMEs: factors of success. Entrepreneurship and Sustainability. Vol 4 (37).2081-2094.
  9. F. Al-Izki and G. R. S. Weir. 2016. Management Attitudes toward Information Security in Omani Public Sector Organisations. Cybersecurity and Cyberforensics Conference (CCC), Amman, 107-112.
  10. Salima. B ,Almabruk ,S and Awad.E . 2020 . Assessment of Security Issues in Banking Sector of Libya, International Journal of Computer Applications, Vol 176 ( 13), 975 – 8887.
  11. Carvalho, I., Cruz, F. and Almeida, F. 2018. Structure and Challenges of a Security Policy on Small and Medium Enterprises. KSII Transactions on Internet and Information Systems.
  12. Al-Shanfari, Warusia Yassin, Nasser Tabook, Roesnita Ismail and Anuar Ismail. 2022. Determinants of Information Security Awareness and Behavior Strategies in Public Sector Organizations among Employees. (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 13(8).
  13. Alkhurayyif, Yazeed and Weir, George. 2017. Readability as a Basis for Information Security Policy Assessment. Seventh International Conference on Emerging Security Technologies (EST), 114-121.
  14. Rathika Palanisamy, Azah Anir Norman and Miss Laiha Mat Kiah. 2022. Journal of Computer Information Systems, Vol 62 (1), 61-72.
  15. /
  16. Fig 8: Risk effect on CIA for factors
  17. Table 2: Mapping estimated risk effect of every factor on the three elements of the CIA
  18. Factor No.
  19. Highlight
  20. Effect
  21. Risk evaluation
  22. Consequences
  23. 
  24. 
  25. 
  26. C
  27. I
  28. A
  29. 
  30. 
  31. 
  32. 1
  33. awareness with ISP in the organization
  34. ✔
  35. ✔
  36. ✔
  37. High
  38. Overall negative effects on confidentiality, integrity, and availability
  39. The policy will be impractical which will decrease the impact of the policy and the security standard in the organization. That will lead to a cyber attack
  40. 
  41. 2
  42. Enforce policy in the organization
  43. ✔
  44. ✔
  45. 
  46. High
  47. Negative effects on confidentiality and integrity
  48. The lack of security experience in the department will impact heavily in handling mitigation procedures and constructing secure defense for the organization.
  49. 
  50. 3
  51. Roles and Responsibilities in general regarding the ISP in the organization
  52. ✔
  53. ✔
  54. 
  55. High
  56. Negative effects on confidentiality and integrity
  57. Lack of segregation duties will enable irresponsible behavior from the organization by providing over privileges to users which makes them a risk to the organization and a target for threat vector
  58. 
  59. 4
  60. Attitude and point of view toward compliance with the ISP
  61. ✔
  62. ✔
  63. ✔
  64. High
  65. Overall negative effects on confidentiality, integrity, and availability
  66. Such behavior is very unprofessional and irresponsible. Which identifies the organization to become the target of social engineer attacks.
  67. 
  68. 5
  69. Compliance with information security policy
  70. ✔
  71. ✔
  72. 
  73. Medium
  74. Negative effects on confidentiality and integrity
  75. According to the interview answers, that indicates the willingness to comply with the policy however, the lack of enforcement and inconsistency auditing on the policy. The impact will affect the security standard overall and initiate chaos in the organization which can lead to cyber-attack.
  76. 
  77. 6
  78. Aware of disciplinary penalties for noncompliant behavior with the information security policy in the organization
  79. ✔
  80. ✔
  81. ✔
  82. High
  83. Overall negative effects on confidentiality, integrity, and availability
  84. The lack of awareness of the importance of the security policy in the organization can lead to irresponsible behavior that put the organization as a target for threat vectors. also, lack of consequences or pantiles in the organization creates disciplinary issues which will impact vulnerability severity in the organization's
  85. 
  86. 
Index Terms

Computer Science
Information Sciences

Keywords

Information security policy Implementation Assessment information security management.