Organizations that rely heavily on ICT face bigger challenges to safeguard their information assets. They need to be vigilant to cope with ever growing information security risks and threats due to technological advancement. All employees, from the top management to the junior subordinate, have the responsibility to protect organizational information from such threats. Top management members are accountable to play imperative roles in steering information security programs to ensure the confidentiality, integrity and availability (CIA) of organizational valuable assets are protected. They should be more involved to allow information security to become an intrinsic part of corporate governance. However, information security is often viewed as technical and operational issues rather than business issues, thus it is delegated to IT and security team. This conceptual study aims to explore this current phenomenon by investigating the factors influencing top management in governing information security implementation in Malaysian public sector organizations. A qualitative multiple-case study on four (4) ministries is proposed for the study. The understanding of the influencing factors would assist in formulating a dedicated information security training and awareness guideline tailored for the top management. Since most information security awareness programs are designed for lower and middle level employees, therefore, this study aims to cater for higher level management. The proposed guideline will help public sector organizations to produce, or improve existing competency development programs in information security. It will help the members of top management to exercise due diligence and understand their roles and responsibilities as a key driver in governing information security implementation in their organizations.
Munir, Rufizah Abdul; Abdul Molok, Nurul Nuha; and Talib, Shuhaili, "Exploring the Factors Influencing Top Management Involvement in Information Security" (2017). PACIS 2017 Proceedings. 273.