Assessment of information
An exploration study of Malaysian public
National Institute of Public Administration, Cyberjaya, Malaysia, and
Ali Hussein Zolait
Department of Information Systems, College of Information Technology,
University of Bahrain, Sakhir, Bahrain
Purpose – The purpose of this paper is to examine the basis factors involved in the information
security management systems of Malaysian public service (MPS) organizations. Therefore, it proposes
an empirical analysis which was conducted to identify the antecedents of the information security
maturity (ISM) of an organization; and to clarify the relationship between ISM and the social and
technical factors identiﬁed.
Design/methodology/approach – This study uses quantitative approach, convenience sampling
and the required data collected from 970 key players’ managers in information security, in a total of
722 government agencies, through a self-administrated survey. Research adopted the Wallace et al.
process to develop and validate the study’s instrument.
Findings – The paper provides empirical insights and reveals a number of underlying dimensions of
social factors and one technical factor. The risk management was found to be the formal coping
mechanism adopted in the MPS organizations and is the leading factor towards ISM. The social factors
have the most inﬂuence on MPS organizations’ ISM. Findings demonstrate that two independent
variables, risk management and individual perception, discriminate between those organizations that
have high and low ISM.
Research limitations/implications – The research results may lack generalization; therefore,
researchers are encouraged to test the proposed propositions further in a different context.
Practical implications – The paper includes implications for the development of a powerful
instrument in explaining the ISM. Moreover, it helps internal stakeholders of an organization to
formulate a more appropriate policy or give a more effective focus on issues that are really relevant to
MPS information security management.
Originality/value – This paper fulﬁls the identiﬁed need to explore determinants of information
Keywords Malaysia, Data management, Risk management, Data security, Information security,
Public service organizations, Security management, Security assessment, Security maturity,
Paper type Research paper
It has been established that information is one of the most important assets which an
organization may possess. Since most organizations have made the move from the
physical world into cyberspace this asset has been under attack from a multitude of new
sources (Jessup and Valacich, 2008). Consequently, information security has propelled
The current issue and full text archive of this journal is available at
Received 23 April 2011
Revised 8 November 2011
Accepted 25 January 2012
Journal of Systems and Information
Vol. 14 No. 1, 2012
q Emerald Group Publishing Limited