Please use this identifier to cite or link to this item:
http://studentrepo.iium.edu.my/handle/123456789/12031
Title: | Top management engagement in information security : multiple-case studies of Malaysian public sector | Authors: | Rufizah Abdul Munir | Supervisor: | Shuhaili Talib, Ph.D Nurul Nuha Abdul Molok, Ph.D |
Year: | 2024 | Publisher: | Kuala Lumpur : Kulliyyah of Information and Communication Technology, International Islamic University Malaysia, 2024 | Abstract in English: | Organisations that rely heavily on ICT face greater challenges in protecting their information assets. Technical solutions alone cannot guarantee the security of an organisation’s information. As human is the weakest link, numerous studies on information security now incorporate human factors as part of the information security solution. As security is integral to corporate governance, top-level commitment and management roles are indispensable to forming good information security governance (ISG). Through this governance, the sustainability of information security activities in organisations could be achieved. However, due to top management’s common perception of information security as a technical and operational concern rather than a business matter, the responsibility for its implementation is often assigned solely to the information security team. This approach has led to challenges in fostering a collaborative, organisation-wide effort towards information security. Therefore, this study aims to gain clarity on the phenomenon of top management driving information security initiatives in the Malaysian government. It will examine the factors that influence their engagement in information security and seek to explore the issues related to ISG. This study employs qualitative research methodology with an inductive approach. The multiple-case study is used as a strategy to investigate the topic under study. Using purposive sampling, interviews were conducted at four (4) public sector organisations involving 27 participants. The results indicate that Regulatory Forces (External Factor), Informal Education (Personal Factor), and On-the-job Exposure (Personal Factor) are the most influential factors on top management engagement in information security. The application of the information security engagement factors led to the establishment of the research model of the study. This study proposes the extension of Malaysia’s cyber security framework (RAKKSSA) and its accompanying guidelines to demonstrate the research model’s viability. The extension focuses on top management competency, an area where the current RAKKSSA is deficient. The extended RAKKSSA improves the overall comprehensiveness of the framework. It guides all levels of government agency personnel with the essential skillsets, from governing information security initiatives to carrying out security activities within their respective organisations. | Degree Level: | Doctoral | Kullliyah: | Kulliyyah of Information and Communication Technology | Programme: | Doctor of Philosophy of Information Technology | URI: | http://studentrepo.iium.edu.my/handle/123456789/12031 |
Appears in Collections: | KICT Thesis |
Files in This Item:
File | Size | Format | |
---|---|---|---|
G1616130Rufizahabdulmunir_SEC.pdf Restricted Access | 50.18 MB | Adobe PDF | View/Open Request a copy |
Google ScholarTM
Check
Items in this repository are protected by copyright, with all rights reserved, unless otherwise indicated. Please give due acknowledgement and credits to the original authors and IIUM where applicable. No items shall be used for commercialization purposes except with written consent from the author.