An empirical study of information security management success factors

Mazlina Zammani, Rozilawati Razali

Research output: Contribution to journalArticle

10 Citations (Scopus)

Abstract

Information security management (ISM) is a continuous, structured and systematic security approach to managing and protect the organisation's information from being compromised by irresponsible parties. To ensure the information remains secure, many organisations have implemented ISM by establishing and reviewing information security (IS) policy, processes, procedures, and organisational structures. Regardless of the efforts, security threats, incidents, vulnerabilities, and risks are still plaguing many organisations. Lack of awareness of ISM effectiveness due to low understanding of the success factors is one of the major factors that cause this phenomenon. This study aimed to address this subject by firstly identifying the ISM key factors from existing literature and then by confirming the factors and discovering other related factors from practitioners' perspective. This study used a qualitative method where it adopted semi-structured interviews involving nine practitioners. The data were analysed using content analysis technique. Through the analysis, the study validated several ISM factors and their elements that contribute to the success of ISM. The findings provide practitioners with the high understanding of ISM key factors and could guide practitioners in implementing proper ISM.

Original languageEnglish
Pages (from-to)904-913
Number of pages10
JournalInternational Journal on Advanced Science, Engineering and Information Technology
Volume6
Issue number6
DOIs
Publication statusPublished - 2016

Fingerprint

Information Management
Security of data
Organizations
qualitative analysis
Interviews
interviews

Keywords

  • Information security
  • Information security management
  • Success factors

ASJC Scopus subject areas

  • Agricultural and Biological Sciences(all)
  • Computer Science(all)
  • Engineering(all)

Cite this

@article{01ea779fafa54ac1acde3326e2ad208c,
title = "An empirical study of information security management success factors",
abstract = "Information security management (ISM) is a continuous, structured and systematic security approach to managing and protect the organisation's information from being compromised by irresponsible parties. To ensure the information remains secure, many organisations have implemented ISM by establishing and reviewing information security (IS) policy, processes, procedures, and organisational structures. Regardless of the efforts, security threats, incidents, vulnerabilities, and risks are still plaguing many organisations. Lack of awareness of ISM effectiveness due to low understanding of the success factors is one of the major factors that cause this phenomenon. This study aimed to address this subject by firstly identifying the ISM key factors from existing literature and then by confirming the factors and discovering other related factors from practitioners' perspective. This study used a qualitative method where it adopted semi-structured interviews involving nine practitioners. The data were analysed using content analysis technique. Through the analysis, the study validated several ISM factors and their elements that contribute to the success of ISM. The findings provide practitioners with the high understanding of ISM key factors and could guide practitioners in implementing proper ISM.",
keywords = "Information security, Information security management, Success factors",
author = "Mazlina Zammani and Rozilawati Razali",
year = "2016",
doi = "10.18517/ijaseit.6.6.1371",
language = "English",
volume = "6",
pages = "904--913",
journal = "International Journal on Advanced Science, Engineering and Information Technology",
issn = "2088-5334",
publisher = "INSIGHT - Indonesian Society for Knowledge and Human Development",
number = "6",

}

TY - JOUR

T1 - An empirical study of information security management success factors

AU - Zammani, Mazlina

AU - Razali, Rozilawati

PY - 2016

Y1 - 2016

N2 - Information security management (ISM) is a continuous, structured and systematic security approach to managing and protect the organisation's information from being compromised by irresponsible parties. To ensure the information remains secure, many organisations have implemented ISM by establishing and reviewing information security (IS) policy, processes, procedures, and organisational structures. Regardless of the efforts, security threats, incidents, vulnerabilities, and risks are still plaguing many organisations. Lack of awareness of ISM effectiveness due to low understanding of the success factors is one of the major factors that cause this phenomenon. This study aimed to address this subject by firstly identifying the ISM key factors from existing literature and then by confirming the factors and discovering other related factors from practitioners' perspective. This study used a qualitative method where it adopted semi-structured interviews involving nine practitioners. The data were analysed using content analysis technique. Through the analysis, the study validated several ISM factors and their elements that contribute to the success of ISM. The findings provide practitioners with the high understanding of ISM key factors and could guide practitioners in implementing proper ISM.

AB - Information security management (ISM) is a continuous, structured and systematic security approach to managing and protect the organisation's information from being compromised by irresponsible parties. To ensure the information remains secure, many organisations have implemented ISM by establishing and reviewing information security (IS) policy, processes, procedures, and organisational structures. Regardless of the efforts, security threats, incidents, vulnerabilities, and risks are still plaguing many organisations. Lack of awareness of ISM effectiveness due to low understanding of the success factors is one of the major factors that cause this phenomenon. This study aimed to address this subject by firstly identifying the ISM key factors from existing literature and then by confirming the factors and discovering other related factors from practitioners' perspective. This study used a qualitative method where it adopted semi-structured interviews involving nine practitioners. The data were analysed using content analysis technique. Through the analysis, the study validated several ISM factors and their elements that contribute to the success of ISM. The findings provide practitioners with the high understanding of ISM key factors and could guide practitioners in implementing proper ISM.

KW - Information security

KW - Information security management

KW - Success factors

UR - http://www.scopus.com/inward/record.url?scp=85010189147&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85010189147&partnerID=8YFLogxK

U2 - 10.18517/ijaseit.6.6.1371

DO - 10.18517/ijaseit.6.6.1371

M3 - Article

VL - 6

SP - 904

EP - 913

JO - International Journal on Advanced Science, Engineering and Information Technology

JF - International Journal on Advanced Science, Engineering and Information Technology

SN - 2088-5334

IS - 6

ER -