Data centers are primarily the main targets of cybercriminals and security threats as they host various critical Information and Communication Technology (ICT) services. Given that, identifying the threats and managing the risks associated with data centers has become a major challenge as this will enable organizations to optimize their resources to focus on the most hazardous threats in order to prevent or minimize the potential risks and damages. The objective of this paper is to identify major ICT security threats to data centers in the Malaysian Public Sector and their causes. The data for this study was collected through interview sessions. A total of 33 respondents from various government organizations were interviewed and the results revealed that the Technical Threats, Spyware, Phishing, Bluesnarfing Threats, Social Engineering and Virus, Trojan, Malware, Ransomware, Viral Websites Threats are the major categories of threats often encountered by the organizations in the Malaysian Public Sector. It was discovered that the main causes for these threats are the lack of resources such as budget, competent personnel and manpower to focus on security tasks; lack of user awareness and education; weak or insufficient security policies and procedures; lack of compliances and monitoring as well as deliberate attacks by hackers. The outcome of this study will give a greater degree of awareness and understanding to the ICT security officers, who are entrusted with data center security.

data center security threats; ICT security threats

Lehto, M. (2016). Cyber Security Education and Research in the Finland's Universities and Universities of Applied Sciences. International Journal of Cyber Warfare and Terrorism, 6(2), 15-31.

Bagay, D. (2020). Information security of Internet things. Procedia Computer Science, 169, 179-182.

Andrade, R. O., & Yoo, S. G. (2019). Cognitive security: A comprehensive study of cognitive science in cybersecurity. Journal of Information Security and Applications, 48, 102352.

Knapp, K. J., Denney, G. D., & Barner, M. E. (2011). Key issues in data center security: An investigation of government audit reports. Government Information Quarterly, 28(4), 533-541.

Munodawafa, F., & Awad, A. I. (2018). Security risk assessment within hybrid data centers: A case study of delay sensitive applications. Journal of Information Security and Applications, 43, 61–72.

Gusmão, A. P., Silva, L. C., Silva, M. M., Poleto, T., & Costa, A. P. (2016). Information security risk analysis model using fuzzy decision theory. International Journal of Information Management, 36(1), 25-34.

Snedaker, S., & Rima, C. (2013). Business continuity and disaster recovery planning for IT professionals.

Silva, M. M., Gusmão, A. P., Poleto, T., Silva, L. C., & Costa, A. P. (2014). A multidimensional approach to information security risk management using FMEA and fuzzy theory. International Journal of Information Management, 34(6), 733-740.

Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of information security risk assessment (ISRA). Computers & Security, 57, 14-30.

Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178–188.

Burdon, M., & Coles-Kemp, L. (2019). The significance of securing as a critical component of information security: An Australian narrative. Computers & Security, 87, 101601.

Mohamed, D. B. (2013). Combating the threats of cybercrimes in Malaysia: The efforts, the cyberlaws and the traditional laws. Computer Law & Security Review, 29(1), 66-76.

Bhattacharjee, J., Sengupta, A., & Mazumdar, C. (2013). A formal methodology for Enterprise Information Security risk assessment. 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS).

Shamala, P., Ahmad, R., & Yusoff, M. (2013). A conceptual framework of info structure for information security risk assessment (ISRA). Journal of Information Security and Applications, 18(1), 45-52.

The Basics of Information Security (2014).

Goh, M. H. (2008). Analyzing & reviewing the risks for business continuity planning. Singapore: GMH Pte.

ISO/IEC: ISO/IEC 27005:2018 Information Technology - Security Techniques - Information Security Risk Management (2018), https://www.iso.org/standard/75281.html.

Ryan, J. J., Mazzuchi, T. A., Ryan, D. J., Cruz, J. L., & Cooke, R. (2012). Quantifying information security risks using expert judgment elicitation. Computers & Operations Research, 39(4), 774-784.

Jouini, M., Rabai, L. B., & Aissa, A. B. (2014). Classification of Security Threats in Information Systems. Procedia Computer Science, 32, 489-496.

Kearney, W., & Kruger, H. (2016). Can perceptual differences account for enigmatic information security behaviour in an organisation? Computers & Security, 61, 46-58.

Sarkar, K. R. (2010). Assessing insider threats to information security using technical, behavioural and organisational measures. Information Security Technical Report, 15(3), 112-133.

Firoozjaei, M. D., Jeong, J., Ko, H., & Kim, H. (2016). Security challenges with network functions virtualization. Future Generation Computer Systems.

Zhang, L., Wang, Q., & Tian, B. (2013). Security threats and measures for the cyber-physical systems. The Journal of China Universities of Posts and Telecommunications, 20, 25-29.

Szczepaniuk, E. K., Szczepaniuk, H., Rokicki, T., & Klepacki, B. (2020). Information security assessment in public administration. Computers & Security, 90, 101709.

Shamala, P., Ahmad, R., Zolait, A., & Sedek, M. (2017). Integrating information quality dimensions into information security risk management (ISRM). Journal of Information Security and Applications, 36, 1–10.

Jouini, M., Rabai, L. B., & Khedri, R. (2015). A Multidimensional Approach towards a Quantitative Assessment of Security Threats. Procedia Computer Science, 52, 507-514.

Gartner.,2017. Press Releases. https://www.gartner.com

Cyber Attack Sweeps Globe, Researchers See Wannacry Link. (2017, June 27). New Straits Times. Retrieved from https://www.nst.com.my

Cybersecurity Malaysia: Watch out for cyberattacks ahead of Malaysian Day. (2019, September 13). TheStar. Retrieved from https://www.thestar.com.my

2014–15 Malaysia floods. (2019, November 7). Retrieved from https://en.wikipedia.org/wiki/2014–15_Malaysia_floods