Security Assessment Model of Cloud Computing for Government Organizations


  • Yuthtapon Pichainarong
  • Nattapong Songneam
  • Dusanee Supawantanakul
  • Worapat Paireekreng


risk assessment, security, cloud computing, government organization


The objectives of this study were to 1) survey, analyze and evaluate risk factors of Cloud computing systems of government organizations in Thailand, 2) design and develop a Cloud computing security model for government organizations, and 3) evaluate the efficiency of the model. The findings were as follows. The survey, analysis, and evaluation of risk of using Cloud computing systems revealed that usage patterns differed from organization to organization; meanwhile, no differences in Cloud computing among these organizations were found. Moreover, the level of risk was found to be very low, in spite of the high stakes, because Cloud computing systems were served and supervised by the Digital Government Development Agency (DGA). As for a security model of Cloud computing for government organizations, the researcher designed and constructed a security model according to three international standards (ISO, COBIT, ITIL) and criteria for selected items. This model was evaluated by experts whose opinions were solicited via a focus group. This model, featuring a security policy, consisted of 4 domains, 26 objectives and 109 sub-terms. The evaluation conducted by three experts according to qualitative rubrics showed that the overall security of the existing practice was at a moderate level, of which the mean was 3. After the security policy was introduced, its efficiency increased to a very high level of which the mean was 5, an increase of 66.67 percent. Our model can be applied in any government organization in Thailand in order to assess the risk of Cloud computing.


Best, John W. (1981). Research in Education. 3rd.ed. Englewood cliffs, New Jersey: Prentice. Hall Inc.

Boonsom, A. (2005). Opinions of Provincial Electricity Authority employees, Information Division and communicate with the implementation of information technology systems in the operation. Master of Arts Thesis in Political Science Department of Political Science and Public Administration,Kasetsart University.

Biswas, Sourya. (2011). How Can Cloud Computing Help in Education?. [Online] Available Access on 18/08/2017.

Khadkhang, S. (2014). Factors influencing attitude and the intention to use the storage system Information on

clouds of working people in Bangkok. Research Report, Bangkok University, Bangkok.

Khummanee, S. (2013). Security of Cloud Computing Technology. Master of Science Thesis in Computer Science

Faculty of Information Science, Mahasarakham University.

Krejcie, R. V. & Morgan, D. W. (1970). Determining Sample Size for Research ActivitiesEducational and Psychological Measurement, 30(3), pp.607-610.

Mell, P. and Grace, T. (2011). The NIST Definition of Cloud Computing: Recommendations of the National Institute of Standards and Technology. NIST Special Publication. (800-145), 800-145.

Ministry of Information and Communication Technology. (2015). Strategic Plan, ICT2020 Policy Framework. Office of the Permanent Secretary for Information and Communication Technology.

Prithiphan, S. (2010). Research Methods for Business. 3rd.ed. Bangkok: Hasun Printing.

Yamane, Taro. (1973). Statistics: An Introductory Analysis. Third editio. Newyork: Harper and Row Publication.