Top Management Leadership in Combating Information Security Threats through Organizational Information Security Practices

Authors

  • Qamarul Nazrin Harun College of Computing, Informatics, and Mathematics, Univesiti Teknologi MARA (UiTM), 85000, Segamat, Johor, Malaysia https://orcid.org/0000-0003-1645-0607
  • Imran Azmy Razak Faculty of Technology and Informatics, Universiti Teknologi Malaysia (UTM), 54100, Kuala Lumpur, Malaysia https://orcid.org/0009-0007-5537-2724
  • Nurhafizah Azizan College of Computing, Informatics, and Mathematics, Univesiti Teknologi MARA (UiTM), 85000, Segamat, Johor, Malaysia
  • Abu Ubaidah Abdul Aziz Universiti Geomatika, 54200, Kuala Lumpur, Malaysia https://orcid.org/0009-0009-8516-9967

DOI:

https://doi.org/10.59994/pau.2024.2.153

Abstract

This study aims to examine the relationship between top management's role and information security practices (ISP) within Malaysian organizations and investigate the relationship between ISP and their effect on information security threats. A quantitative research design was used, and 352 questionnaires were collected from managers and executives of Malaysia Digital (MD)-status organizations in Malaysia. Structural equation modeling (SEM) was used to test all 18 hypotheses developed for this research. The results show that top management is highly associated with ISP in MD-status organizations, and the empirically-based framework developed in this research makes a significant contribution to the area of information security (InfoSec). The study highlights the importance of establishing an ISP that enlists the support of top management to lower the risk of information security threats and develop the organization's core principles. This research addresses the necessity for a thorough, coherent, and empirically verified Top Management Roles and ISP to reduce the risk of information security threats in Malaysian information technology (IT) companies.

Keywords:

Information Security, Management Leadership, Information Security Practices, Information Security Threat

References

Al-Awadi, M., & Renaud, K. (2007). Success factors in information security implementation in organizations. In Kommers, P. (Eds.), e-Society 2007: Proceedings of the IADIS International Conference e-Society (pp. 169-176). Lisbon, Portugal

AlHogail, A., & Mirza, A. (2014). A proposal of an organizational information security culture framework. In Proceedings of the International Conference on Information, Communication Technology and System (ICTS) 2014 (pp. 243-249).

Alkabani, A., Deng., H., & Kam, B. (2014). A conceptual framework of information security in public organizations for e-government development. In Proceedings of the 25th Australiasian Conference on Information Systems (pp. 179-189). Auckland, New Zealand

Al-Mhiqani, M. N., Ahmad, R., Zainal Abidin, Z., Yassin, W., Hassan, A., Abdulkareem, K. H., ... & Yunos, Z. (2020). A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations. Applied Sciences, 10(15), 5208.‏

Bace, R.G. (2000). Intrusion Detection. MacMillan Publishing

Chang, S.-E., & Lin, C.-S. (2015). Exploring organizational culture for information security management. Industrial Management & Data Systems, 107(3), 438-458.

Cohen, J. (1988). Statistical power analysis for the behavioural science. Lawrence Erlbaum.

Diamantopoulos, A., & Siguaw, J. A. (2006). Formative versus reflective indicators in organizational measure development: a comparison and empirical illustration. British Journal of Management, 17(4), 263-282.

Diesch, R., Pfaff, M., & Krcmar, H. (2020). A comprehensive model information security factors for decision makers. Computers & Security, 92, 1-21.

Ernst & Young (2018). Is cybersecurity about more than protection? EY Global Information Security Survey 2018-19. Retrieved from

https://assets.ey.com/content/dam/ey-sites/ey-com/en_ca/topics/advisory/ey-global-information-security-survey-2018-19.pdf

Falk, R. F., & Miller, N. B. (1992). A primer for soft modeling. University of Akron Press.‏

Flores, W., R., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers & Security, 43, 90-110.

https://doi.org/10.1016/j.cose.2014.03.004

Fornell, C., & Larcker, D. F. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 19, 39- 50

Geisser, S. (1974). A predictive approach to the random effects model. Biometrika, 61(1), 101-107.

Hsu, C., & Wang, T. (2015). Composition of the top management team and information security breaches. In Handbook of research on digital crime, cyberspace security, and information assurance (pp. 116-134). IGI Global.‏

Humaidi, N., & Balakrishnan, V. (2015). Leadership styles and information security compliance behavior: The mediator effect of information security awareness. International Journal of Information and Education Technology, 5(4), 311-318.

Jouini, M., Rabai L. B. A., & Aissa, A. B. (2014). Classification of security threats in information systems. Procedia Computer Science, 32, 489 – 496.

Kankanhalli, A., Hock-Hai, T., Bernard, C.Y.T. & Kwok-Kee, W. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23,139-54.

Kazemi, M., Khajouei, H. & Nasrabadi, H. (2012). Evaluation of information security management system success factors: Case study of Municipal organization. African Journal of Business Management, 6 (14), 4982-4989.

Kwon, J., Ulmer, J. R., & Wang, T. (2013). The association between top management involvement and compensation and information security breaches. Journal of Information Systems, 27(1), 219-236.

Kudjo, P. K., Wornyo, D. K., & Ocquaye, E. (2017). Importance of information security education and awareness in Ghana. Communications on Applied Electronics,6(6),30-35.

Liang, H., Xue, Y., & Wu, L. (2017). Ensuring employees’ IT compliance: Carrot or stick? Journal of Management Information Systems, 34(2), 1105-1137.

Martins, N., & Da Veiga, A. (2015). An information security culture model validated with structural equation modelling. In Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance. In HAISA, (pp. 11-21).

Masrek, M. N., Harun, Q. N., & Sahid, N. Z. (2018). Assessing the information security culture in a government context: the case of developing country. International Journal of Civil Engineering and Technology, 9(8), 96-112.

Masrek, M. N., Harun, Q. N., Ramli, I., & Prasetyo, H. (2019). The role of top management in information security practices [Paper presentation]. SOCIOINT 2019- 6th International Conference on Education, Social Sciences and Humanities, Istanbul, Turkey.

Metalidou, E., Marinagi, C. C., Trivellas, P., Eberhagen, N., Skourlas, C., & Giannakopoulos, G. A. (2014). The human factor of information security: unintentional damage perspective. Procedia -Social and Behavioral Sciences, 147. 424-428

Masrek, M. N., Soesantari, T., Khan, A., & Dermawan, A. K. (2020). Examining the relationship between information security effectiveness and information security threats. International Journal of Business and Society, 21(3), 1203-1214.‏

Nieles, M., Dempsey, K., & Pillitteri, V. Y. (2017). An introduction to information security. NIST special publication, 800(12), 101.‏

Noordin, S. A., & Masrek, M. N. (2016, November). Adopting the quantitative and qualitative methods in the social science research: Justifying the underpinning philosophical orientation. In Proceeding of the 28th International Business & Information Management Association (IBIMA) Conference Seville, Spain, 9-10 November 2016.‏

Podsakoff, P. M., & Organ, D. W. (1986). Self-reports in organizational research: Problems and prospects. Journal of Management, 12(4), 531-44.

Ramayah, T. J. F. H., Cheah, J., Chuah, F., Ting, H., & Memon, M. A. (2018). Partial least squares structural equation modeling (PLS-SEM) using smartPLS 3.0. An updated guide and practical guide to statistical analysis, 978-967.‏

Stone, M. (1974). Cross‐validatory choice and assessment of statistical predictions. Journal of the royal statistical society: Series B (Methodological), 36(2), 111-133.‏

Yoo, J. (2014). Comparison of information security controls by leadership of top management. Journal of Society for e-Business Studies, 19(1), 63-78.

Zhou, K. Z., Gao, G. Y., Yang, Z., & Zhou, N. (2016). Developing adaptive information security strategies: The critical role of top management support. Journal of Business Research, 69(12), 5552-5560.

Downloads

Published

2024-08-01

How to Cite

Harun, Q. N. ., Azmy , I. ., Azizan, N. ., & Abdul Aziz, A. U. (2024). Top Management Leadership in Combating Information Security Threats through Organizational Information Security Practices. Journal of Palestine Ahliya University for Research and Studies, 3(2), 153–171. https://doi.org/10.59994/pau.2024.2.153

Issue

Section

Articles