World Academy of Science, Engineering and Technology
Published February 5, 2015 | Version 10000838
Journal article Open

Understanding Success Factors of an Information Security Management System Plan Phase Self-Implementation

Creators

Description

The goal of this study is to identify success factors
that could influence the ISMS self-implementation in government
sector from qualitative perspective. This study is based on a case
study in one of the Malaysian government agency. Semi-structured
interviews involving five key informants were conducted to examine
factors addressed in the conceptual framework. Subsequently,
thematic analysis was executed to describe the influence of each
factor on the success implementation of ISMS. The result of this
study indicates that management commitment, implementer
commitment and implementer competency are part of the success
factors for ISMS self-implementation in Malaysian Government
Sector.

Files

10000838.pdf

Files (139.0 kB)

Name Size Download all
md5:8e8aeb5fee3c1ba683cb5eb227bd713a
139.0 kB Preview Download

Additional details

References

  • Ismail, Z., Masrom, M., Sidek, Z., & Hamzah, D. (2010). Framework to Manage Information Security for Malaysian Academic Environment. Journal of Information Assurance & Cybersecurity, 2010, 1–16.
  • Shoraka, B. (2011). An Empirical Investigation of the Economic Value of Information Security Management System Standards.
  • British Standards Institution. (1995). BS7799-1: Information Security Management Systems – Code of Practice for Information Security Management Systems.
  • Dash, P. K. (2012). Effectiveness of ISO 27001, as an Information Security Management System: An Analytical Study of Financial, 9(3), 42–55.
  • MAMPU. (2010). Surat Arahan Pelaksanaan Pensijilan MS ISO / IEC 27001: 2007 Dalam Sektor Awam
  • MAMPU. (2010). MS ISO/IEC 27001 Information Security Management System (ISMS).
  • Ku, C.-Y., Chang, Y.-W., & Yen, D. C. (2009). National information security policy and its implementation: A case study in Taiwan. Telecommunications Policy, 33(7), 371–384.
  • Ramli, N. A., & Aziz, N. A. (2012). Risk Identification for an Information Security Management System Implementation, pp. 57–61.
  • Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information Security Technical Report, 13(4), 247–255. [10] Rhee, H.-S., Ryu, Y. U., & Kim, C.-T. (2012). Unrealistic optimism on information security management. Computers & Security, 31(2), 221– 232. 11. (Pelnekar, 2008). [11] Pelnekar, C. (2008). Feature Planning for and Implementing ISO 27001, (70). [12] Ashenden, D. (2008). Information Security management: A human challenge? Information Security Technical Report, 13(4), pp. 195–201. [13] Ramli, N. A., & Aziz, N. A. (2012). Risk Identification for an Information Security Management System Implementation, pp. 57–61. [14] Chang, A.J.-T. & Yeh, Q.-J. (2006) On security preparations against possible IS threats across industries, Information Management & Computer Security, vol. 14, no. 4, pp. 343-60 [15] Abusaad, B., Saeed, F. A., Alghathbar, K., Khan, B., & Arabia, S. (2011). Implementation Of ISO 27001 In Saudi Arabia – Obstacles, Motivation, Outcomes and lessons Learned, 1–9. [16] Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information Security Technical Report, 13(4), 247–255 [17] Lane, T. (2007). Information Security Management in a Australian Universities – An Exploratory, [18] ISACA. (2006). Information Security Governance. [19] British Standards Institution. (1999). BS7799-2: Information Security Management Systems – Specification with guidance for use. [20] Boyatzis, R. (1998). "Transforming qualitative information: Thematic analysis and code development", Thousand Oaks, CA, Sage. [21] Al-awadi, M., & Renaud, K. (2007). Success Factor in information security implementation in organizations. [22] Jalil, S. A., & Hamid, R. A. (2003). ISMS Pilot Program Experiences: Benefits, Challenges & Recommendations [23] Bjorck, F. (2001). Implementing Information Security Management Systems–An Empirical Study of Critical Success Factors. Lic Thesis. Stockholm University. [24] Watts, C. (2003). Implementing Gov Secure Information Security Management System (ISMS) Methodology – A Case Study of Critical Success Factors, (November), 1–9. [25] Bellone, J., Basquiat, S. De, & Rodriguez, J. (2008). Reaching escape velocity: A practiced approach to information security management system implementation. Information Management & Computer Security, 16(1), 49–57. [26] Petter, S., DeLone, W., & McLean, E. (2008). Measuring information systems success: models, dimensions, measures, and interrelationships. European Journal of Information Systems, 17(3), 236–263.