Understanding Success Factors of an Information Security Management System Plan Phase Self-Implementation
The goal of this study is to identify success factors
that could influence the ISMS self-implementation in government
sector from qualitative perspective. This study is based on a case
study in one of the Malaysian government agency. Semi-structured
interviews involving five key informants were conducted to examine
factors addressed in the conceptual framework. Subsequently,
thematic analysis was executed to describe the influence of each
factor on the success implementation of ISMS. The result of this
study indicates that management commitment, implementer
commitment and implementer competency are part of the success
factors for ISMS self-implementation in Malaysian Government
Sector.
[1] Ismail, Z., Masrom, M., Sidek, Z., & Hamzah, D. (2010). Framework to
Manage Information Security for Malaysian Academic Environment.
Journal of Information Assurance & Cybersecurity, 2010, 1–16.
[2] Shoraka, B. (2011). An Empirical Investigation of the Economic Value
of Information Security Management System Standards.
[3] British Standards Institution. (1995). BS7799-1: Information Security
Management Systems – Code of Practice for Information Security
Management Systems.
[4] Dash, P. K. (2012). Effectiveness of ISO 27001, as an Information
Security Management System: An Analytical Study of Financial, 9(3),
42–55.
[5] MAMPU. (2010). Surat Arahan Pelaksanaan Pensijilan MS ISO / IEC
27001: 2007 Dalam Sektor Awam
[6] MAMPU. (2010). MS ISO/IEC 27001 Information Security
Management System (ISMS).
[7] Ku, C.-Y., Chang, Y.-W., & Yen, D. C. (2009). National information
security policy and its implementation: A case study in Taiwan.
Telecommunications Policy, 33(7), 371–384.
[8] Ramli, N. A., & Aziz, N. A. (2012). Risk Identification for an
Information Security Management System Implementation, pp. 57–61.
[9] Humphreys, E. (2008). Information security management standards:
Compliance, governance and risk management. Information Security
Technical Report, 13(4), 247–255.
[10] Rhee, H.-S., Ryu, Y. U., & Kim, C.-T. (2012). Unrealistic optimism on
information security management. Computers & Security, 31(2), 221–
232. 11. (Pelnekar, 2008).
[11] Pelnekar, C. (2008). Feature Planning for and Implementing ISO 27001,
(70).
[12] Ashenden, D. (2008). Information Security management: A human
challenge? Information Security Technical Report, 13(4), pp. 195–201.
[13] Ramli, N. A., & Aziz, N. A. (2012). Risk Identification for an
Information Security Management System Implementation, pp. 57–61.
[14] Chang, A.J.-T. & Yeh, Q.-J. (2006) On security preparations against
possible IS threats across industries, Information Management &
Computer Security, vol. 14, no. 4, pp. 343-60
[15] Abusaad, B., Saeed, F. A., Alghathbar, K., Khan, B., & Arabia, S.
(2011). Implementation Of ISO 27001 In Saudi Arabia – Obstacles,
Motivation, Outcomes and lessons Learned, 1–9.
[16] Humphreys, E. (2008). Information security management standards:
Compliance, governance and risk management. Information Security
Technical Report, 13(4), 247–255
[17] Lane, T. (2007). Information Security Management in a Australian
Universities – An Exploratory,
[18] ISACA. (2006). Information Security Governance.
[19] British Standards Institution. (1999). BS7799-2: Information Security
Management Systems – Specification with guidance for use.
[20] Boyatzis, R. (1998). "Transforming qualitative information: Thematic
analysis and code development", Thousand Oaks, CA, Sage.
[21] Al-awadi, M., & Renaud, K. (2007). Success Factor in information
security implementation in organizations.
[22] Jalil, S. A., & Hamid, R. A. (2003). ISMS Pilot Program Experiences :
Benefits, Challenges & Recommendations
[23] Bjorck, F. (2001). Implementing Information Security Management
Systems–An Empirical Study of Critical Success Factors. Lic Thesis.
Stockholm University.
[24] Watts, C. (2003). Implementing Gov Secure Information Security
Management System (ISMS) Methodology – A Case Study of Critical
Success Factors, (November), 1–9.
[25] Bellone, J., Basquiat, S. De, & Rodriguez, J. (2008). Reaching escape
velocity: A practiced approach to information security management
system implementation. Information Management & Computer Security,
16(1), 49–57.
[26] Petter, S., DeLone, W., & McLean, E. (2008). Measuring information
systems success: models, dimensions, measures, and interrelationships.
European Journal of Information Systems, 17(3), 236–263.
[1] Ismail, Z., Masrom, M., Sidek, Z., & Hamzah, D. (2010). Framework to
Manage Information Security for Malaysian Academic Environment.
Journal of Information Assurance & Cybersecurity, 2010, 1–16.
[2] Shoraka, B. (2011). An Empirical Investigation of the Economic Value
of Information Security Management System Standards.
[3] British Standards Institution. (1995). BS7799-1: Information Security
Management Systems – Code of Practice for Information Security
Management Systems.
[4] Dash, P. K. (2012). Effectiveness of ISO 27001, as an Information
Security Management System: An Analytical Study of Financial, 9(3),
42–55.
[5] MAMPU. (2010). Surat Arahan Pelaksanaan Pensijilan MS ISO / IEC
27001: 2007 Dalam Sektor Awam
[6] MAMPU. (2010). MS ISO/IEC 27001 Information Security
Management System (ISMS).
[7] Ku, C.-Y., Chang, Y.-W., & Yen, D. C. (2009). National information
security policy and its implementation: A case study in Taiwan.
Telecommunications Policy, 33(7), 371–384.
[8] Ramli, N. A., & Aziz, N. A. (2012). Risk Identification for an
Information Security Management System Implementation, pp. 57–61.
[9] Humphreys, E. (2008). Information security management standards:
Compliance, governance and risk management. Information Security
Technical Report, 13(4), 247–255.
[10] Rhee, H.-S., Ryu, Y. U., & Kim, C.-T. (2012). Unrealistic optimism on
information security management. Computers & Security, 31(2), 221–
232. 11. (Pelnekar, 2008).
[11] Pelnekar, C. (2008). Feature Planning for and Implementing ISO 27001,
(70).
[12] Ashenden, D. (2008). Information Security management: A human
challenge? Information Security Technical Report, 13(4), pp. 195–201.
[13] Ramli, N. A., & Aziz, N. A. (2012). Risk Identification for an
Information Security Management System Implementation, pp. 57–61.
[14] Chang, A.J.-T. & Yeh, Q.-J. (2006) On security preparations against
possible IS threats across industries, Information Management &
Computer Security, vol. 14, no. 4, pp. 343-60
[15] Abusaad, B., Saeed, F. A., Alghathbar, K., Khan, B., & Arabia, S.
(2011). Implementation Of ISO 27001 In Saudi Arabia – Obstacles,
Motivation, Outcomes and lessons Learned, 1–9.
[16] Humphreys, E. (2008). Information security management standards:
Compliance, governance and risk management. Information Security
Technical Report, 13(4), 247–255
[17] Lane, T. (2007). Information Security Management in a Australian
Universities – An Exploratory,
[18] ISACA. (2006). Information Security Governance.
[19] British Standards Institution. (1999). BS7799-2: Information Security
Management Systems – Specification with guidance for use.
[20] Boyatzis, R. (1998). "Transforming qualitative information: Thematic
analysis and code development", Thousand Oaks, CA, Sage.
[21] Al-awadi, M., & Renaud, K. (2007). Success Factor in information
security implementation in organizations.
[22] Jalil, S. A., & Hamid, R. A. (2003). ISMS Pilot Program Experiences :
Benefits, Challenges & Recommendations
[23] Bjorck, F. (2001). Implementing Information Security Management
Systems–An Empirical Study of Critical Success Factors. Lic Thesis.
Stockholm University.
[24] Watts, C. (2003). Implementing Gov Secure Information Security
Management System (ISMS) Methodology – A Case Study of Critical
Success Factors, (November), 1–9.
[25] Bellone, J., Basquiat, S. De, & Rodriguez, J. (2008). Reaching escape
velocity: A practiced approach to information security management
system implementation. Information Management & Computer Security,
16(1), 49–57.
[26] Petter, S., DeLone, W., & McLean, E. (2008). Measuring information
systems success: models, dimensions, measures, and interrelationships.
European Journal of Information Systems, 17(3), 236–263.
@article{"International Journal of Business, Human and Social Sciences:69368", author = "Nurazean Maarop and Noorjan Mohd Mustapha and Rasimah Yusoff and Roslina Ibrahim and Norziha Megat Mohd Zainuddin", title = "Understanding Success Factors of an Information Security Management System Plan Phase Self-Implementation", abstract = "The goal of this study is to identify success factors
that could influence the ISMS self-implementation in government
sector from qualitative perspective. This study is based on a case
study in one of the Malaysian government agency. Semi-structured
interviews involving five key informants were conducted to examine
factors addressed in the conceptual framework. Subsequently,
thematic analysis was executed to describe the influence of each
factor on the success implementation of ISMS. The result of this
study indicates that management commitment, implementer
commitment and implementer competency are part of the success
factors for ISMS self-implementation in Malaysian Government
Sector.
", keywords = "ISMS Success Factors, IT Project Management, IS
Success, Information Security.", volume = "9", number = "3", pages = "884-6", }
