An Empirical Exploration of Information Security Management System (ISMS) in Malaysian Public Sector: A PLS-SEM Method
Many organizations have embarked on efforts to manage their organizational confidential information by implementing an Information Security Management System (ISMS). Due to organizational exposure to the information security threats, incidents, risks, and vulnerabilities, information security issues are still a major challenge and the effectiveness of ISMS has become a key concern. To improve the effectiveness of ISMS practices in organizations, several attempts have been made in the past to study the critical success factors of ISMS. However, few studies have made attempts to focus on organizational factors, which are essential in ISMS that involve not only technical but also organizational issues. While organizational factors were given emphasis in the literature as factors that should be given attention in security practices, their empirical studies are still lacking. Specifically, little is known about how the factors from the findings of the literature such as information security policy, information technology competency, management commitment, information security awareness and information security standard compliance affect the effectiveness of the ISMS. The conceptual model was proposed and tested to employees who involved with ISMS implementation in Malaysian Public Sector. The data was assessed via Partial Least Squares Structural Equation Modelling (PLS-SEM). The results of the data analysis revealed that information security awareness and information security standard compliance had a significant effect on ISMS effectiveness.
Keywords: Information Security Management System; Organizational Factors; ISMS; Success Factors; Public Sector