IIUM Repository (IREP)

Exploring the factors influencing top management involvement and participation in information security

Abdul Munir, Rufizah and Abdul Molok, Nurul Nuha and Talib, Shuhaili (2017) Exploring the factors influencing top management involvement and participation in information security. In: Pacific Asia Conference on Information Systems 2017 (PACIS 2017), 16-20 July 2017, Kedah, Malaysia..

[img]
Preview
PDF - Published Version
Download (327kB) | Preview

Abstract

Organizations that rely heavily on ICT face bigger challenges to safeguard their information assets. Organizations need to be vigilant to cope with ever growing information security risks and threats due to technological advancement. All employees, from the senior management to the junior subordinate, have the responsibility to protect organizational information from such threats. Top management members are accountable to play imperative roles in steering information security programs to ensure the confidentiality, integrity and availability (CIA) of organizational valuable assets are protected. They should be more involved to allow information security to become an intrinsic part of corporate governance. However, information security is often viewed as technical and operational issues rather than business issues, thus it is delegated to IT and security team. This conceptual study aims to explore this current phenomenon by investigating the factors influencing top management in governing information security implementation in organizations. Qualitative research approach is proposed for this study by interviewing the members of top management in the Malaysian public sector organizations. The understanding of the influencing factors would assist in formulating a dedicated information security training and awareness framework tailored for the top management. Since most information security awareness programs are designed for lower and middle level employees, this study aims to fulfil this gap by focusing on specific training guidelines for the top management. The proposed framework will help public sector organizations to produce, or improve existing, competency development programs. It will help the members of top management to exercise due diligence and understand their roles and responsibilities as the key driver in governing information security implementation in their organizations.

Item Type: Conference or Workshop Item (Poster)
Additional Information: 5341/62418
Subjects: T Technology > T Technology (General) > T10.5 Communication of technical information
Kulliyyahs/Centres/Divisions/Institutes: Kulliyyah of Information and Communication Technology > Department of Information System
Kulliyyah of Information and Communication Technology > Department of Information System
Depositing User: Ms Shuhaili Talib
Date Deposited: 28 Feb 2018 16:31
Last Modified: 25 Jun 2018 12:34
URI: http://irep.iium.edu.my/id/eprint/62418

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year