Organizations that rely heavily on ICT face bigger challenges to safeguard their information assets. Organizations need to be vigilant to cope with ever growing information security risks and threats due to technological advancement. All employees, from the senior management to the junior subordinate, have the responsibility to protect organizational information from such threats. Top management members are accountable to play imperative roles in steering information security programs to ensure the confidentiality, integrity and availability (CIA) of organizational valuable assets are protected. They should be more involved to allow information security to become an intrinsic part of corporate governance. However, information security is often viewed as technical and operational issues rather than business issues, thus it is delegated to IT and security team. This conceptual study aims to explore this current phenomenon by investigating the factors influencing top management in governing information security implementation in organizations. Qualitative research approach is proposed for this study by interviewing the members of top management in the Malaysian public sector organizations. The understanding of the influencing factors would assist in formulating a dedicated information security training and awareness framework tailored for the top management. Since most information security awareness programs are designed for lower and middle level employees, this study aims to fulfil this gap by focusing on specific training guidelines for the top management. The proposed framework will help public sector organizations to produce, or improve existing, competency development programs. It will help the members of top management to exercise due diligence and understand their roles and responsibilities as the key driver in governing information security implementation in their organizations.
Munir, Rufizah Abdul; Abdul Molok, Nurul Nuha; and Talib, Shuhaili, "Exploring the Factors influencing Top Management Involvement and Participation in Information Security" (2017). PACIS 2017 Proceedings. 65.