Article Info

Information Security Governance Framework of Malaysia Public Sector

Amri Jamil, Zawiyah Mohammad Yusof
dx.doi.org/10.17576/apjitm-2018-0702-07

Abstract

Information is one of the key assets in the organization other than employees and physical assets. Information should be protected so as not to be exposed to unauthorized individuals, especially competitors and spies. Previous studies have found that Information Security Governance (ISG) is divided into two that is technical security because of the use of information and communication technology (ICT) and non-technical information security. Implementation of ISG in the public sector in Malaysia is aimed at protecting information from technical aspects only without giving priority to information security issues that are not technical in nature, particularly in terms of content. Data analysis found that the public sector did not have guidelines on ISG in a single and integrated document form, making it difficult to implement the initiative. This study analyzes the ISG policy of Malaysian public sector agencies with the objective of developing a comprehensive ISG framework. The study employed a qualitative approach which comprises of document content analysis techniques and interviews with senior Malaysian public sector officials. The analysis of the study found that the Malaysian public sector already has a framework for governance of information security. However, the ISG framework is found in several separate documents by using different governance approaches between each one.

keyword

information security, information security governance, information security governance framework

Area

Cyber Security and Digital Forensic