The Role of Organizational Factors to the Effectiveness of ISMS Implementation in Malaysian Public Sector

Abstract

Many organizations have initiated efforts to manage the security of their information by implementing an Information Security Management System (ISMS). ISMS is a set of guiding principles for managing organization’s confidential information and minimizing risk for business continuity. However, information security remains a major challenge and the effectiveness of ISMS is often argued due to the exposure of organizations to information security threats, incidents, risks, and vulnerabilities. One of the reasons is the unsuccessful ISMS current practices amongst all employees and lack of ISMS awareness in organizations. Several critical success factors are identified from previous studies that lead to the ISMS success. Among the success factors are human, organizational and technical factors. This study explores the factors that contribute to the success of ISMS and identify the organizational factors that relate to the information security effectiveness. The conceptual model is developed and will be tested within the Malaysian Public Sectors (MPS) organizations to provide a preliminary insight, understanding, and clarification of the organizational factors, together with the significant effects on ISMS effectiveness. This study used a quantitative approach and data collected from personnel’s that were directly involved with the ISMS implementation through a questionnaire survey.