THE ROLE OF TOP MANAGEMENT IN INFORMATION SECURITY PRACTICES

Mohamad Noorman Masrek¹*, Qamarul Nazrin Harun², Ishak Ramli³, Helmy Prasetyo^4
1Faculty of Information Management, Universiti Teknologi MARA Selangor Branch, MALAYSIA, mnoormanm@gmail.com
²Faculty of Information Management, Universiti Teknologi MARA Selangor Branch, MALAYSIA, qamarulnaz@gmail.com
³Faculty of Arts and Design, Universiti Teknologi MARA, Perak Branch, MALAYSIA, ibr_86@yahoo.com
⁴Faculty of Social Sciences and Political Sciences, Universitas Airlangga, Surabaya, INDONESIA, helmy.prasetyo@fisip.unair.ac.id  
*Corresponding Author

Abstract

A good number of literatures have indicated the importance of top management in ensuring the success of information security implementation. However, empirical research in the context of government agencies is still very scarce. In addition, in the context of Malaysia, little is really known on the situation of management supports in terms of information security practices. Against this background a study was conducted with the aim of examining the influence of top management support on information security practices. The top management support is operationalised as comprising of two dimensions, which are information security commitment and information security importance. Information security practices are operationalised as consisting of three dimensions namely, security policy effectiveness, information security responsibility, information security directives. The study hypothesised that the dimensions of top management support are significant predictors of the dimensions of information security practices. The survey research methodology and a convenient sampling was used in this study. The population was public organizations of Malaysian federal ministries. Based on 292 responses, a Partial Least Square Structural Equation Modelling (PLS-SEM) analysis was performed using SmartPLS Version 3.0 software. The results showed that the measurement model fulfilled all requirements for convergent validity and discriminant validity. The results of the structural model revealed that all exogenous constructs are significant predictors, implying that the hypotheses of the study are all accepted. The findings further highlight the need and importance of management support in ensuring the success of information security implementation. The contribution of the study can be gauged from several perspectives. From the theoretical perspective, it has developed an empirical based framework connecting top management support and information security practices. From the practical perspective, it has develop an instrument which can be used to self-evaluate the performance of organization information security practices.

Keywords: information security commitment, information security importance, information security policy effectiveness, information security responsibility, information security directives