Authors: Nurazean Maarop, Noorjan Mohd Mustapha, Rasimah Yusoff, Roslina Ibrahim, Norziha Megat Mohd Zainuddin

Abstract:

The goal of this study is to identify success factors that could influence the ISMS self-implementation in government sector from qualitative perspective. This study is based on a case study in one of the Malaysian government agency. Semi-structured interviews involving five key informants were conducted to examine factors addressed in the conceptual framework. Subsequently, thematic analysis was executed to describe the influence of each factor on the success implementation of ISMS. The result of this study indicates that management commitment, implementer commitment and implementer competency are part of the success factors for ISMS self-implementation in Malaysian Government Sector.

Keywords: ISMS Success Factors, IT Project Management, IS Success, Information Security.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1099912

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 4191

References:

[1] Ismail, Z., Masrom, M., Sidek, Z., & Hamzah, D. (2010). Framework to Manage Information Security for Malaysian Academic Environment. Journal of Information Assurance & Cybersecurity, 2010, 1–16.
[2] Shoraka, B. (2011). An Empirical Investigation of the Economic Value of Information Security Management System Standards.
[3] British Standards Institution. (1995). BS7799-1: Information Security Management Systems – Code of Practice for Information Security Management Systems.
[4] Dash, P. K. (2012). Effectiveness of ISO 27001, as an Information Security Management System: An Analytical Study of Financial, 9(3), 42–55.
[5] MAMPU. (2010). Surat Arahan Pelaksanaan Pensijilan MS ISO / IEC 27001: 2007 Dalam Sektor Awam
[6] MAMPU. (2010). MS ISO/IEC 27001 Information Security Management System (ISMS).
[7] Ku, C.-Y., Chang, Y.-W., & Yen, D. C. (2009). National information security policy and its implementation: A case study in Taiwan. Telecommunications Policy, 33(7), 371–384.
[8] Ramli, N. A., & Aziz, N. A. (2012). Risk Identification for an Information Security Management System Implementation, pp. 57–61.
[9] Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information Security Technical Report, 13(4), 247–255.
[10] Rhee, H.-S., Ryu, Y. U., & Kim, C.-T. (2012). Unrealistic optimism on information security management. Computers & Security, 31(2), 221– 232. 11. (Pelnekar, 2008).
[11] Pelnekar, C. (2008). Feature Planning for and Implementing ISO 27001, (70).
[12] Ashenden, D. (2008). Information Security management: A human challenge? Information Security Technical Report, 13(4), pp. 195–201.
[13] Ramli, N. A., & Aziz, N. A. (2012). Risk Identification for an Information Security Management System Implementation, pp. 57–61.
[14] Chang, A.J.-T. & Yeh, Q.-J. (2006) On security preparations against possible IS threats across industries, Information Management & Computer Security, vol. 14, no. 4, pp. 343-60
[15] Abusaad, B., Saeed, F. A., Alghathbar, K., Khan, B., & Arabia, S. (2011). Implementation Of ISO 27001 In Saudi Arabia – Obstacles, Motivation, Outcomes and lessons Learned, 1–9.
[16] Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Information Security Technical Report, 13(4), 247–255
[17] Lane, T. (2007). Information Security Management in a Australian Universities – An Exploratory,
[18] ISACA. (2006). Information Security Governance.
[19] British Standards Institution. (1999). BS7799-2: Information Security Management Systems – Specification with guidance for use.
[20] Boyatzis, R. (1998). "Transforming qualitative information: Thematic analysis and code development", Thousand Oaks, CA, Sage.
[21] Al-awadi, M., & Renaud, K. (2007). Success Factor in information security implementation in organizations.
[22] Jalil, S. A., & Hamid, R. A. (2003). ISMS Pilot Program Experiences: Benefits, Challenges & Recommendations
[23] Bjorck, F. (2001). Implementing Information Security Management Systems–An Empirical Study of Critical Success Factors. Lic Thesis. Stockholm University.
[24] Watts, C. (2003). Implementing Gov Secure Information Security Management System (ISMS) Methodology – A Case Study of Critical Success Factors, (November), 1–9.
[25] Bellone, J., Basquiat, S. De, & Rodriguez, J. (2008). Reaching escape velocity: A practiced approach to information security management system implementation. Information Management & Computer Security, 16(1), 49–57.
[26] Petter, S., DeLone, W., & McLean, E. (2008). Measuring information systems success: models, dimensions, measures, and interrelationships. European Journal of Information Systems, 17(3), 236–263.