Information security landscape and maturity level: Case study of Malaysian Public Service (MPS) organizations

Abstract

Abstract Information protection is of paramount importance in today's world. From information involving the highest level of government administration and national security, to information existing at the level of the private company in the form of trade secrets or personal data, all are under the constant threat of being compromised. In this study, the researchers attempt to evaluate the information security maturity level and provide clear thoughtful analysis of the information security landscapes of the Malaysian Public Service (MPS) organizations. This study uses convenience sampling and the required data collected from 970 targeted individuals through a self-administrated survey. In addition, a survey questionnaire is utilized to gauge the security landscape and to further understand the occurrence of incidents, the sources of attack, and the types of technical safeguard. Findings revealed that the highest security incidents experienced by the MPS were spamming (42%), followed by attacks of malicious codes (41%). Twenty-five percent of incidents originated from within the organizations, 15% originated from outside, and 11% were from a mixture of internal and external sources. Also, it shows that 49% of incidents were from sources unknown to the respondents. The top most deployed safeguards by the MPS were found to be firewalls (95%), followed by anti-virus software (92%), and access control to information system (89%). Findings on the maturity level show that 61% of respondents are at Level 3, followed by 21% at Level 2 where the information security processes are still considered an Information and Communication Technology (ICT) domain. At the higher end of the continuum lies 13% for Level 4 and 1% at Level 5.