INFORMATION SECURITY GOVERNANCE ISSUES IN MALAYSIAN GOVERNMENT SECTOR

Abstract

Top-level management’s commitment and involvement in information security governance are essential in today’s interconnected environment. Cyber-attacks are on the rise in this post-pandemic era where organizations rely heavily on the Internet and online transactions. Without proper governance of information security initiatives, information assets could easily be exposed to various cyber threats, compromising the confidentiality, integrity, and availability of organizations' valuable information. Thus, we present four (4) case studies that explore the issues related to the top management of the Malaysian government in information security governance. Drawing on these case studies, we present the real challenges that top management and organizations face when it comes to driving and implementing information security in their respective public sector organizations. We found that top management constraints, resource constraints, challenges in employees’ acceptance of information security, and the organization’s culture are the major concerns surrounding the security governance and the implementation of information security initiatives in the Malaysian government. Hence, this paper proposed a few solutions to the issues.