Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Assessment of information security maturity An exploration study of Malaysian public service organizations

Assessment of information security maturity An exploration study of Malaysian public service... Purpose – The purpose of this paper is to examine the basis factors involved in the information security management systems of Malaysian public service (MPS) organizations. Therefore, it proposes an empirical analysis which was conducted to identify the antecedents of the information security maturity (ISM) of an organization; and to clarify the relationship between ISM and the social and technical factors identified. Design/methodology/approach – This study uses quantitative approach, convenience sampling and the required data collected from 970 key players' managers in information security, in a total of 722 government agencies, through a self‐administrated survey. Research adopted the Wallace et al. process to develop and validate the study's instrument. Findings – The paper provides empirical insights and reveals a number of underlying dimensions of social factors and one technical factor. The risk management was found to be the formal coping mechanism adopted in the MPS organizations and is the leading factor towards ISM. The social factors have the most influence on MPS organizations' ISM. Findings demonstrate that two independent variables, risk management and individual perception, discriminate between those organizations that have high and low ISM. Research limitations/implications – The research results may lack generalization; therefore, researchers are encouraged to test the proposed propositions further in a different context. Practical implications – The paper includes implications for the development of a powerful instrument in explaining the ISM. Moreover, it helps internal stakeholders of an organization to formulate a more appropriate policy or give a more effective focus on issues that are really relevant to MPS information security management. Originality/value – This paper fulfils the identified need to explore determinants of information security maturity. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Journal of Systems and Information Technology Emerald Publishing

Assessment of information security maturity An exploration study of Malaysian public service organizations

Download PDF
35 pages

Loading next page...
 
/lp/emerald-publishing/assessment-of-information-security-maturity-an-exploration-study-of-3TuHEGeKGV
Publisher
Emerald Publishing
Copyright
Copyright © 2012 Emerald Group Publishing Limited. All rights reserved.
ISSN
1328-7265
DOI
10.1108/13287261211221128
Publisher site
See Article on Publisher Site

Abstract

Purpose – The purpose of this paper is to examine the basis factors involved in the information security management systems of Malaysian public service (MPS) organizations. Therefore, it proposes an empirical analysis which was conducted to identify the antecedents of the information security maturity (ISM) of an organization; and to clarify the relationship between ISM and the social and technical factors identified. Design/methodology/approach – This study uses quantitative approach, convenience sampling and the required data collected from 970 key players' managers in information security, in a total of 722 government agencies, through a self‐administrated survey. Research adopted the Wallace et al. process to develop and validate the study's instrument. Findings – The paper provides empirical insights and reveals a number of underlying dimensions of social factors and one technical factor. The risk management was found to be the formal coping mechanism adopted in the MPS organizations and is the leading factor towards ISM. The social factors have the most influence on MPS organizations' ISM. Findings demonstrate that two independent variables, risk management and individual perception, discriminate between those organizations that have high and low ISM. Research limitations/implications – The research results may lack generalization; therefore, researchers are encouraged to test the proposed propositions further in a different context. Practical implications – The paper includes implications for the development of a powerful instrument in explaining the ISM. Moreover, it helps internal stakeholders of an organization to formulate a more appropriate policy or give a more effective focus on issues that are really relevant to MPS information security management. Originality/value – This paper fulfils the identified need to explore determinants of information security maturity.

Journal

Journal of Systems and Information TechnologyEmerald Publishing

Published: Mar 17, 2012

Keywords: Malaysia; Data management; Risk management; Data security; Information security; Public service organizations; Security management; Security assessment; Security maturity; Security awareness

References

  • ISM3 1.0. – Information Security Management Maturity Model
    Aceituno, V.C.
  • Information security governance
    Andersen, W.P.
  • Manage people to protect data
    Andress, M.
  • Designing Information System Security
    Baskerville, R.
  • After the storm, reform
    Berinato, S.
  • Computer Security: Threat and Countermeasures
    Bhaskar, K.N.
  • Enterprise strategies: advice for a secure enterprise: implement the basics and see that everyone uses them
    Borck, J.R.
  • Risk Management: Guideline for Decision Makers
    CAN/CSA Q850
  • The Challenges of Security Management
    Caralli, R.A.; Wilson, W.R.
  • The principles of socio‐technical design
    Cherns, A.
  • Control Objectives for Information and Related Technology: Management Guidelines
    COBIT
  • Control Objectives for Information and Related Technology
    COBIT
  • Enterprise Risk Management Framework: Committee of Sponsoring Organizations of the Treadway Commission (COSO)
    COSO
  • Management Briefing – Information Security
    Delloitte & Touche
  • Surveys in Social Research
    de Vaus, D.A.
  • Current direction in IS security research: toward socio‐technical perspectives
    Dhillon, G.; Backhouse, J.
  • Employing the social‐technical perspective in identifying security management systems in organisations
    Dzazali, S.; Ainin, S.; Zolait, A.H.S.
  • What do international standards say on information security policies?
    Eloff, J.H.P.
  • Information security management: a hierarchical framework for various approaches
    Eloff, M.M.; Solms, S.H.
  • Ernst & Young Global Information Security Survey 2004
    Ernst & Young
  • Information security: a strategic issue
    Ezingeard, J.N.; Bowen‐Schrire, M.
  • Are we securing the right information?
    Firth, D.
  • Software system risk management and assurance
    Fletcher, S.K.; Jansma, R.M.; Lim, J.J.; Halbgewachs, R.; Murphy, M.D.; Wyss, G.D.
  • The application of information security policies in large UK‐based organisations: an exploratory investigation
    Fulford, H.; Doherty, N.F.
  • Practical approaches to creating a security culture
    Gaunt, N.
  • 9th Annual FBI/CSI Computer Crime and Security Survey 2004
    Gordon, L.A.; Loeb, G.M.; Lucyshyn, W.; Richardson, R.
  • The need for a new approach to information security
    Hitchings, J.
  • An integrated system theory of information security management
    Hong, K.S.; Chi, Y.P.; Chao, L.R.; Tang, J.H.
  • The impact of denial‐of‐service attack announcements on the market value of firms
    Hovav, A.; D'Arcy, J.
  • ISO/IEC 27001‐2005(E): Information Technology‐Security Techniques‐Information Security Management Systems‐Requirements
    ISO 27001
  • Board briefing on IT governance
    ITGI
  • Value at Risk: A Methodology for Information Security Risk Assessment
    Jaisingh, J.; Rees, J.
  • Organisational IT security theory and practices: and never the twain shall meet?
    Jenkins, J.
  • Information Systems Today: Managing in the Digital World
    Jessup, L.; Valacich, J.