Effectiveness of information systems security in IT organizations in Malaysia

Abstract

As computers become more and more pervasive, information technology (IT) organizations have become so dependent on information systems (IS) for their daily operations and strategic purposes thus intensify the need for IS security. The lack of concern for IS security is evident that organizations are often victimized by computer abuse incidents. Studies on information systems security in Malaysia's IT industry context is very insufficient. This paper will focus on how deterrent actions, preventive actions and organizational actions lead to IS security effectiveness in an IT organization. A survey of Association of Computer and Multimedia Industry of Malaysia (PIKOM) members were conducted. Based on the results of the statistical analysis, a conceptual model of IS security was developed using statistical package for social sciences (SPSS) 8.0. To test the effectiveness of the conceptual model, a case study was done on a typical IT organization to review its IS security status. Finally, findings from this case study were compared with the results from the statistical analysis. The results from the statistical analysis shows that systems environment security control, codes of ethics, security software control and top management support have a positive significant effect on the level of security effectiveness whereas disincentives certainty and organizational maturity was found to have negative significant effect on the level of security effectiveness. Findings from the case study shows that disincentives certainty, systems environment security control, security software control and organizational maturity are key factors contributing to IS security effectiveness while codes of ethics and top management support are insignificant to IS security effectiveness.