M-SES: An online cybersecurity self-evaluation system to mitigate the risk of cybersecurity attacks in Thailand

Article Sidebar

PDF
Published: Dec 26, 2025
DOI: https://doi.org/10.69598/sehs.19.25020008
Keywords:
cybersecurity standard ISO/IEC 27001:2013 Personal Data Protection Act (PDPA) Thailand Computer-related Crime Act (CCA) web scraping implementation levels

Main Article Content

Narong Chaiwut
Computer and Communication Engineering for Capacity Building Research Center, School of Applied Digital Technology, Mae Fah Luang University, Chiang Rai, Thailand
Worasak Rueangsirarak
Computer and Communication Engineering for Capacity Building Research Center, School of Applied Digital Technology, Mae Fah Luang University, Chiang Rai, Thailand. Corresponding author's e-mail: worasak.rue@mfu.ac.th

Abstract

Various preventive and responsive measures have been developed to mitigate the risk of cybersecurity attacks. Enhanced cybersecurity is now crucial to safeguard computer systems against malicious attacks. Implementation of the Personal Data Protection Act (PDPA) in June 2022 mandated compliance by all companies and government units operating in Thailand. Non-IT organizations have experienced significant challenges in adapting and meeting the requirements of this national regulation due to the time and resources required for comprehension and evaluation. This research proposed a novel online self-evaluation system (M-SES) for assessing compliance with the PDPA and related Thai cybersecurity legislation. The M-SES was developed based on a customized framework incorporating ISO/IEC 27001:2013, PDPA, and the Thailand Computer-related Crime Act (CCA). This tool was validated by ten experts from industrial and government sectors and comprised 26 cybersecurity controls. To mitigate the self-evaluation biases of the respondent users, this study adopted a web scraping technique to search for cybersecurity keywords in the data crawled from organizational websites. The final evaluation score was then calculated from the self-evaluation score and the web scraping score and an adjustment factor was applied to indicate the overall cybersecurity implementation status. The system prototype was tested using three organizations from different sectors, yielding cybersecurity implementation levels of one fully implemented and two moderate adoption. Our evaluation offers a practical and time-efficient approach to enable Thai companies to adapt to the national cybersecurity regulations.

Downloads

Download data is not yet available.

Article Details

How to Cite
Chaiwut, N., & Rueangsirarak, W. (2025). M-SES: An online cybersecurity self-evaluation system to mitigate the risk of cybersecurity attacks in Thailand. Science, Engineering and Health Studies, 19, 25020008. https://doi.org/10.69598/sehs.19.25020008
Issue
Volume 19, 2025
Section
Physical sciences
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

References

Altman, D. G. (1991). Practical statistics for medical research. CRC Press.

Department of Disease Control. (n.d.) ISMS based on ISO/IEC 27001:2013 cost estimation. https://ddc.moph.go.th/uploads/files/1709020210219105509.pdf [in Thai]

Glez-Peña, D., Lourenço, A., López-Fernández, H., Reboiro-Jato, M., & Fdez-Riverola, F. (2014). Web scraping technologies in an API world. Briefings in Bioinformatics, 15(5), 788–797. https://doi.org/10.1093/bib/bbt026

International Organization for Standardization. (2021). ISO/IEC 27001: Information security management. https://www.iso.org/isoiec-27001-information-security.html

ISACA. (2021). COBIT: An ISACA framework. https://www.isaca.org/resources/cobit

IT Governance. (2021). ISO 27001 gap analysis. https://www.itgovernance.co.uk/iso-27001-gap-analysis

Jinquan, J., Al-Absi, M. A., Al-Absi, A. A., & Lee, H. J. (2020). Analysis and protection of computer network security issues. In Proceedings of the 22nd International Conference on Advanced Communications Technology (ICACT) (pp. 577–580). IEEE. https://doi.org/10.23919/ICACT48636.2020.9061266

Kinne, J., & Axenbeck, J. (2019). Web mining of firm websites: A framework for web scraping and a pilot study for Germany. SSRN. https://doi.org/10.2139/ssrn.3240470

Loper, E., & Bird, S. (2002). NLTK: The natural language toolkit. arXiv. https://arxiv.org/abs/cs/0205028

Mirtsch, M., Kinne, J., & Blind, K. (2021). Exploring the adoption of the international information security management system standard ISO/IEC 27001: A web mining-based analysis. IEEE Transactions on Engineering Management, 68(1), 87–100. https://doi.org/10.1109/TEM.2020.2977815

Morgan, S. (Ed.). (2020, November 13). Cybercrime to cost the world $10.5 trillion annually by 2025. Cybercrime Magazine. https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

Nal-Karaki, J. N., Gawanmeh, A., & El-Yassami, S. (2022). GoSafe: On the practical characterization of the overall security posture of an organization information system using smart auditing and ranking. Journal of King Saud University - Computer and Information Sciences, 34(6 Part A), 3079–3095. https://doi.org/10.1016/j.jksuci.2020.09.011

National Institute of Standards and Technology. (2021). Security best practices. https://www.nist.gov/itl/voting/security-best-practices

Nwafor, C. I., Zavarsky, P., Ruhl, R., & Lindskog, D. (2012). A COBIT and NIST-based conceptual framework for enterprise user account lifecycle management. In Proceedings of the World Congress on Internet Security (WorldCIS-2012) (pp. 150–157). IEEE. https://ieeexplore.ieee.org/abstract/document/6280218

Personal Data Protection Act B.E. 2562. (2019, May 27). Royal Thai Government Gazette. No. 136 Special Section 69 A. pp. 52–95. https://ratchakitcha.soc.go.th/documents/17082307.pdf [in Thai]

Phatthiyaphaibun, W., Chaovavanich, K., Polpanumas, C., Suriyawongkul, A., Lowphansirikul, L., Chormai, P., Limkonchotiwat, P., Suntorntip, T., & Udomcharoenchaikit, C. (2023). PyThaiNLP: Thai natural language processing in Python. In L. Tan, D. Milajevs, G. Chauhan, J. Gwinnup, & E. Rippeth (Eds.), Proceedings of the 3rd Workshop for Natural Language Processing Open Source Software (NLP-OSS 2023) (pp. 25–36). Association for Computational Linguistics. https://doi.org/10.18653/v1/2023.nlposs-1.4

Samsel, H. (2019, August 22). With 4.1 billion records exposed in six months, 2019 is on course to be record year for data breaches. Security Today. https://securitytoday.com/articles/2019/08/22/with-4.1-billion-records-exposed-in-six-months-2019-is-on-course-to-be-record-year-for-data-breaches.aspx

Sandfreni, S., & Adikara, F. (2017). Capability level assessment of IT governance in PTP Mitra Ogan: COBIT 5 framework for BAI 04 process. In Proceedings of the 4th International Conference on Computer Applications and Information Processing Technology (CAIPT) (pp. 1–5). IEEE. https://doi.org/10.1109/CAIPT.2017.8320665

Shebli, H. M. Z. A., & Beheshti, B. D. (2018). A study on penetration testing process and tools. In Proceedings of the 2018 IEEE Long Island Systems, Applications and Technology Conference (LISAT) (pp. 1–7). IEEE. https://doi.org/10.1109/LISAT.2018.8378035

Thai Credit Guarantee Corporation. (n.d.). ISMS based on ISO/IEC 27001 cost estimation. https://www.tcg.or.th/uploads/file/ประกาศเปลี่ยนแปลงราคากลาง%20จ้างที่ปรึกษา%20iso%202565-ประกาศ.pdf [in Thai]

Thamrongthanakit, T. (2023). Impacts of cybersecurity practices on cyberattack damage and protection among small and medium enterprises in Thailand [Master’s thesis, Stockholm University]. Digitala Vetenskapliga Arkivet. https://www.diva-portal.org/smash/get/diva2:1784412/FULLTEXT01.pdf

The British Standards Institution. (2021). BSI Thailand. https://www.bsigroup.com/th-TH/ [in Thai]

Tirumala, S. S., Valluri, M. R., & Babu, G. (2019). A survey on cybersecurity awareness concerns, practices and conceptual measures. In Proceedings of the 2019 International Conference on Computer Communication and Informatics (ICCCI) (pp. 1–6). IEEE. https://doi.org/10.1109/ICCCI.2019.8821951