Abstract
Information Security Management (ISM) concerns shielding the integrity, confidentiality, availability, authenticity, reliability and accountability of the organisation’s information from unauthorised access in order to ensure business continuity and customers’ confidence. The importance of information security (IS) in today’s situation should be given due attention. Recognising its importance, organisations nowadays have devoted wide efforts in protecting their information. They establish information security policy, processes, and procedures as well as reengineer their organisational structures to align with ISM principles. Regardless of the efforts, security incidents continue to occur in many organisations. This phenomenon shows that the current implementation of ISM is still ineffective due to unaware of the factors contributing to the success of ISM. Thus, the objective of this paper is to identify ISM success factors and their elements through a large-scale survey. The survey involves 243 practitioners from statutory bodies, public and private organisations in Malaysia. The results of the survey indicate that top management, IS coordinator team, ISM team, IS audit team, employees, third parties, IS policy, IS procedures, resource planning, competency development and awareness, risk management, business continuity management, IS audit and IT infrastructure are the factors that contribute to the success of ISM implementation. These factors shall guide practitioners in planning and refining ISM implementation in their organisations.
Highlights
Information security management (ISM) is a systematic preservation approach to protect the integrity, confidentiality, availability, authenticity, reliability and accountability of information [1],[2],[3]
The findings indicate that most respondents agreed that the fourteen factors contribute to the success of ISM implementation
This study has confirmed fourteen factors and forty-five items that contribute to the success of ISM implementation
Summary
Information security management (ISM) is a systematic preservation approach to protect the integrity, confidentiality, availability, authenticity, reliability and accountability of information [1],[2],[3]. From the year 2010 to 2016, there were 60,000 security incidents occurred at large organisations in the United States [4]. The increasing number of security incidents has led organisations to enhance their ISM plans in order to shield their critical information [11]. One of the main reasons is that the organisations are not aware of the factors contributing to the success of ISM implementation [13]. An ISM is a method or approach to managing information securely and effectively. It involves various aspects such as people, process, organisational documents, and technology [15], [16].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
