Factors Contributing to the Success of Information Security Management Implementation

Information Security Management (ISM) concerns shielding the integrity, confidentiality, availability, authenticity, reliability and accountability of the organisation’s information from unauthorised access in order to ensure business continuity and customers’ confidence. The importance of information security (IS) in today’s situation should be given due attention. Recognising its importance, organisations nowadays have devoted wide efforts in protecting their information. They establish information security policy, processes, and procedures as well as reengineer their organisational structures to align with ISM principles. Regardless of the efforts, security incidents continue to occur in many organisations. This phenomenon shows that the current implementation of ISM is still ineffective due to unaware of the factors contributing to the success of ISM. Thus, the objective of this paper is to identify ISM success factors and their elements through a large-scale survey. The survey involves 243 practitioners from statutory bodies, public and private organisations in Malaysia. The results of the survey indicate that top management, IS coordinator team, ISM team, IS audit team, employees, third parties, IS policy, IS procedures, resource planning, competency development and awareness, risk management, business continuity management, IS audit and IT infrastructure are the factors that contribute to the success of ISM implementation. These factors shall guide practitioners in planning and refining ISM implementation in their organisations.

[1]  Anand Singh,et al.  Improving information security risk management. , 2009 .

[2]  Mahmood Hussain Shah,et al.  Information security management needs more holistic approach: A literature review , 2016, Int. J. Inf. Manag..

[3]  Ghazali Darusalam Kesahan dan Kebolehpercayaan dalam Kajian Kualitatif dan Kuantitatif , 2005 .

[4]  Luqiang Yang,et al.  Study on the Improvement of the Internal Audit Work in IT Environment , 2011, 2011 Fourth International Symposium on Knowledge Acquisition and Modeling.

[5]  Abhishek Narain Singh,et al.  Identifying factors of "organizational information security management" , 2014, J. Enterp. Inf. Manag..

[6]  Rossilawati Sulaiman,et al.  A User Protection Model for the Trusted Computing Environment , 2014, J. Comput. Sci..

[7]  Raul Valverde,et al.  The effectiveness of COBIT 5 Information Security Framework for reducing Cyber Attacks on Supply Chain Management System , 2015 .

[8]  Mohammed A. Alnatheer,et al.  Information Security Culture Critical Success Factors , 2015, 2015 12th International Conference on Information Technology - New Generations.

[9]  Hans B. F. Mulder,et al.  Governance Practices and Critical Success Factors Suitable for Business Information Security , 2015, 2015 International Conference on Computational Intelligence and Communication Networks (CICN).

[10]  Joshua De Lange,et al.  Information security management in local government , 2016, 2016 IST-Africa Week Conference.

[11]  Rozilawati Razali,et al.  An assessment model of information security implementation levels , 2011, Proceedings of the 2011 International Conference on Electrical Engineering and Informatics.

[12]  Waidah Ismail,et al.  Embedding organizational culture values towards successful business continuity management (BCM) implementation , 2014, Proceedings of the 6th International Conference on Information Technology and Multimedia.

[13]  Rozilawati Razali,et al.  An Empirical Study of Information Security Management Success Factors , 2016 .

[14]  Benfano Soewito,et al.  Information security maturity model: A best practice driven approach to PCI DSS compliance , 2016, 2016 IEEE Region 10 Symposium (TENSYMP).

[15]  Hee-Kyung Kong,et al.  Will the Certification System for Information Security Management Help to Improve Organizations' Information Security Performance? The Case of K-ISMS , 2016 .

[16]  Kemal Hajdarevic,et al.  A new method for the identification of proactive information security management system metrics , 2013, 2013 36th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[18]  Knut Haufe Maturity based approach for ISMS Governance , 2017 .

[19]  K. Perreault,et al.  Research Design: Qualitative, Quantitative, and Mixed Methods Approaches , 2011 .

[20]  Norizan Mohd Yasin,et al.  Information Systems Security Management (ISSM) Success Factor: Retrospection From the Scholars. , 2012 .

[21]  Roslina Ibrahim,et al.  Understanding Success Factors of an Information Security Management System Plan Phase Self-Implementation , 2015 .

[22]  Emma Nuraihan Mior Ibrahim,et al.  Contributing factor to business continuity management (BCM) failure - A case of Malaysia public sector , 2015 .

[23]  Mikko Suomu Automated ISMS control auditability , 2015 .

[24]  Stefan Fenz,et al.  Current challenges in information security risk management , 2014, Inf. Manag. Comput. Secur..

[25]  R. Rizal Isnanto,et al.  Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs , 2018 .

[26]  Aggeliki Tsohou A Security Standards' Framework to Facilitate Best Practices' Awareness and Conformity , 2010, Inf. Manag. Comput. Secur..

[27]  WookJoon Sung,et al.  An Empirical Study on the Effect of Information Security Activities: Focusing on Technology, Institution, and Awareness , 2017, DG.O.

[28]  Marco Spruit,et al.  Organizational Characteristics Influencing SME Information Security Maturity , 2016, J. Comput. Inf. Syst..

[29]  Noorul Halimin Mansol,et al.  Success Factors towards Implementation of Business Continuity Management in Organizations , 2014 .

[30]  Rozilawati Razali,et al.  Information security management success factors , 2016 .

[31]  Marshall A. Kuypers,et al.  An Empirical Analysis of Cyber Security Incidents at a Large Organization , 2016 .