Information Security Management Success Factors

Zammani, Mazlina; Razali, Rozilawati

doi:10.1166/asl.2016.7746

Cited by 7 publications

(7 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All of these factors have their own elements that contribute to the success of ISM. The detailed explanation about the factors and elements can be found in [36] Leadership, Commitment [5], [7], [8], [9], [10], [19], [22], [23], [37], [38], [33] ISM Team Knowledge, Skills, Commitment [5], [9], [10], [19] IS Audit Team Knowledge, Skills, Commitment [8], [9], [10], [22] Employees Awareness, Motivation, Compliance…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

An Empirical Study of Information Security Management Success Factors

Zammani

Razali

2016

International Journal on Advanced Science, Engineering and Information Technology

Self Cite

View full text Add to dashboard Cite

Information security management (ISM) is a continuous, structured and systematic security approach to managing and protect the organisation's information from being compromised by irresponsible parties. To ensure the information remains secure, many organisations have implemented ISM by establishing and reviewing information security (IS) policy, processes, procedures, and organisational structures. Regardless of the efforts, security threats, incidents, vulnerabilities, and risks are still plaguing many organisations. Lack of awareness of ISM effectiveness due to low understanding of the success factors is one of the major factors that cause this phenomenon. This study aimed to address this subject by firstly identifying the ISM key factors from existing literature and then by confirming the factors and discovering other related factors from practitioners' perspective. This study used a qualitative method where it adopted semi-structured interviews involving nine practitioners. The data were analysed using content analysis technique. Through the analysis, the study validated several ISM factors and their elements that contribute to the success of ISM. The findings provide practitioners with the high understanding of ISM key factors and could guide practitioners in implementing proper ISM.

show abstract

Section: Methodsmentioning

confidence: 99%

“…This theoretical study reviewed published and unpublished documents in multiple online databases. The findings of the study have been elaborated in [36].…”

Section: B Data Collection 1) Theoretical Studymentioning

confidence: 99%

An Empirical Study of Information Security Management Success Factors

Zammani

Razali

2016

International Journal on Advanced Science, Engineering and Information Technology

Self Cite

View full text Add to dashboard Cite

show abstract

“…Although literature has mentioned certain factors that may contribute to the success of ISM (Maarop et al, 2016), to the best of our knowledge, this is the first comprehensive CSF model that has been developed and empirically validated in the field of ISM. Despite the extensive efforts on ISM initiatives, information security standards, policies, guidelines and procedures to guide organizations in implementing ISM, organizations are still exposed to security threats and risks because of ineffective ISM practices (Zammani and Razali, 2016). One possible cause of this phenomenon is that organizations are unaware of the factors that influence the success of ISM, especially the need for its value alignment with corporate strategy.…”

Section: Discussionmentioning

confidence: 99%

Strategic value alignment for information security management: a critical success factor analysis

Yuan

Archer

et al. 2018

ICS

View full text Add to dashboard Cite

Purpose Effective information security management is a strategic issue for organizations to safeguard their information resources. Strategic value alignment is a proactive approach to manage value conflict in information security management. Applying a critical success factor (CSF) analysis approach, this paper aims to propose a CSF model based on a strategic alignment approach and test a model of the main factors that contributes to the success of information security management. Design/methodology/approach A theoretical model was proposed and empirically tested with data collected from a survey of managers who were involved in decision-making regarding their companies’ information security (N = 219). The research model was validated using partial least squares structural equation modeling approach. Findings Overall, the model was successful in capturing the main antecedents of information security management performance. The results suggest that with business alignment, top management support and organizational awareness of security risks and controls, effective information security controls can be developed, resulting in successful information security management. Originality/value Findings from this study provide several important contributions to both theory and practice. The theoretical model identifies and verifies key factors that impact the success of information security management at the organizational level from a strategic management perspective. It provides practical guidelines for organizations to make more effective information security management.

show abstract

“…The model contains three maturity levels; basic, intermediate, and advance. [11], [25], [26], [33], [34], [35] [36], [37], [38], [39], [40], [41] [42], [43], [44] IS [26], [33], [36], [40], [42], [43], [ 45] IS Audit Team…”

Section: Another Maturity Model Is Cybersecurity Capabilitymentioning

confidence: 99%

Organisational Information Security Management Maturity Model

Zammani¹,

Razali²,

Singh³

2021

IJACSA

Self Cite

View full text Add to dashboard Cite

Information Security Management (ISM) is a systematic initiative in managing the organisation's information security. ISM can also be defined as a strategic approach to addressing information security (IS) risks, breaches, and incidents that could threaten the confidentiality, integrity, and availability of information. Although organisations have complied with ISM requirements, security incidents are still afflicting numerous organisations. This issue shows that the current implementation of ISM is still ineffective. The ineffective ISM implementation illustrates the low maturity level. To achieve a higher level of maturity, organisations should always evaluate their ISM practices. Several maturity models have been developed by international organisations, consultants, and researchers to assist organisations in assessing their ISM practices. However, the current models do not evaluate ISM practices holistically. The measurement dimensions in current models are more focused on assessing certain factors only. This caused the maturity assessment to be not executed comprehensively. Therefore, this study aims to address this shortcoming by proposing a comprehensive maturity assessment model that takes into account ISM success factors to evaluate the effectiveness of the implementation. This study adopted a mixedmethod approach, which comprises qualitative and quantitative studies to strengthen the research finding. The qualitative study analyses the existing literature and conducts interviews with nine industry practitioners and six experts while the quantitative study involves a questionnaire survey. The data obtained from the qualitative study were analysed using content analysis while the quantitative data employed statistics analysis. The study identified fourteen success factors and fifty-seven maturity dimensions, which each contains five maturity levels. The proposed model was evaluated through experts' reviews to ensure its accuracy and suitability. The evaluation shows that the model can identify the ISM maturity level systematically and comprehensively. This model will ultimately help the organisations to improve the weaknesses in the implementations thus diminishing security incidents.

show abstract

Information Security Management Success Factors

Cited by 7 publications

References 0 publications

An Empirical Study of Information Security Management Success Factors

An Empirical Study of Information Security Management Success Factors

Strategic value alignment for information security management: a critical success factor analysis

Organisational Information Security Management Maturity Model

Contact Info

Product

Resources

About