Papers by Suhazimah Dzazali
Pacific Asia Conference on Information Systems, 2017
Cybersecurity impacts nations in multiple facets as the cyberspace luring efficiency and convenie... more Cybersecurity impacts nations in multiple facets as the cyberspace luring efficiency and convenience in interconnectivity in our digital lifestyle including the critical national infrastructures (CNI) where a break in the weakest link impacts large geographical regions and send ripples across the economy. In order to protect the cybersecurity of CNIs, NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST CSF), a technology-neutral framework based on industry best practices and standards, was developed in 2014. This research-in-progress seek to gain insights on its applicability in developing nations, Malaysia, where a qualitative methodology to investigate the applicability of NIST CSF in Malaysia was adopted. The Preliminary findings concurred that the framework is relevant and it needs to be revised periodically as every CNI sector is critical in its own way, and that the cyber threats are ever evolving and emerging.
2018 4th International Conference on Computer and Information Sciences (ICCOINS)
This paper presents challenges in cyber security implementation at organisational level. This res... more This paper presents challenges in cyber security implementation at organisational level. This research is based on a case study on government sector in Malaysia deploying qualitative approach using semi-structured interviews with key officers in the organization. The data were analysed using Grounded Theory. The findings clustered under three pillars of success namely People, Process and Technology. Under the pillar of People, the challenges are lack of skills, cyber security is everyone’s responsibilities and human error, whilst under Process, challenges identified are lack of implementation plan, wrongly placed human resource and lack of budget. The challenge in Technology is that it moves too fast. The findings are useful for the cyber security policy makers and implementers.
Cybersecurity impacts nations in multiple facets as the cyberspace luring efficiency and convenie... more Cybersecurity impacts nations in multiple facets as the cyberspace luring efficiency and convenience in interconnectivity in our digital lifestyle including the critical national infrastructures (CNI) where a break in the weakest link impacts large geographical regions and send ripples across the economy. In order to protect the cybersecurity of CNIs, NIST Framework for Improving Critical Infrastructure Cybersecurity (NIST CSF), a technology-neutral framework based on industry best practices and standards, was developed in 2014. This research-in-progress seek to gain insights on its applicability in developing nations, Malaysia, where a qualitative methodology to investigate the applicability of NIST CSF in Malaysia was adopted. The Preliminary findings concurred that the framework is relevant and it needs to be revised periodically as every CNI sector is critical in its own way, and that the cyber threats are ever evolving and emerging.
Information security maturity is the measurement of the organisation's capability to remain secur... more Information security maturity is the measurement of the organisation's capability to remain secure. This article focuses on the social aspect of the management approach as part of a larger study that uses a socio-technical theory as a basis for analysing the relationship between the social and technical factors in the information security management system of Malaysian Public Service organisations. The empirical analysis was conducted to identify the antecedents of the information security maturity of an organisation, mainly through the study of several social factors. Through the sample obtained from the key players of information security in Malaysian Public Service organisations, results of the multivariate test reveal the underlying dimensions of a few social factors. The final result provides empirical proof of the social factors that has the most influence on the Malaysian Public Service organisations' information security maturity.
Journal of Systems and Information Technology, 2012
Purpose-The purpose of this paper is to examine the basis factors involved in the information sec... more Purpose-The purpose of this paper is to examine the basis factors involved in the information security management systems of Malaysian public service (MPS) organizations. Therefore, it proposes an empirical analysis which was conducted to identify the antecedents of the information security maturity (ISM) of an organization; and to clarify the relationship between ISM and the social and technical factors identified. Design/methodology/approach-This study uses quantitative approach, convenience sampling and the required data collected from 970 key players' managers in information security, in a total of 722 government agencies, through a self-administrated survey. Research adopted the Wallace et al. process to develop and validate the study's instrument. Findings-The paper provides empirical insights and reveals a number of underlying dimensions of social factors and one technical factor. The risk management was found to be the formal coping mechanism adopted in the MPS organizations and is the leading factor towards ISM. The social factors have the most influence on MPS organizations' ISM. Findings demonstrate that two independent variables, risk management and individual perception, discriminate between those organizations that have high and low ISM. Research limitations/implications-The research results may lack generalization; therefore, researchers are encouraged to test the proposed propositions further in a different context. Practical implications-The paper includes implications for the development of a powerful instrument in explaining the ISM. Moreover, it helps internal stakeholders of an organization to formulate a more appropriate policy or give a more effective focus on issues that are really relevant to MPS information security management. Originality/value-This paper fulfils the identified need to explore determinants of information security maturity.
International Journal of Business Information Systems, 2009
Int. J. Business Information Systems, Vol. 4, No. 4, 2009 ... Employing the social-technical pers... more Int. J. Business Information Systems, Vol. 4, No. 4, 2009 ... Employing the social-technical perspective in identifying security management systems in organisations ... Faculty of Business and Accountancy University of Malaya 50603 Kuala Lumpur, Malaysia Fax: 60379673980 E-mail: ...
Government Information Quarterly
Information protection is of paramount importance in today's world. From information involvin... more Information protection is of paramount importance in today's world. From information involving the highest level of government administration and national security, to information existing at the level of the private company in the form of trade secrets or personal data, all are under the constant threat of being compromised. In this study, the researchers attempt to evaluate the information security maturity level and provide clear thoughtful analysis of the information security landscapes of the Malaysian Public Service (MPS) organizations. This study uses convenience sampling and the required data collected from 970 targeted individuals through a self-administrated survey. In addition, a survey questionnaire is utilized to gauge the security landscape and to further understand the occurrence of incidents, the sources of attack, and the types of technical safeguard. Findings revealed that the highest security incidents experienced by the MPS were spamming (42%), followed by at...
Journal of Systems and Information Technology, 2012
International Journal of Business Information Systems, 2009
Int. J. Business Information Systems, Vol. 4, No. 4, 2009 ... Employing the social-technical pers... more Int. J. Business Information Systems, Vol. 4, No. 4, 2009 ... Employing the social-technical perspective in identifying security management systems in organisations ... Faculty of Business and Accountancy University of Malaya 50603 Kuala Lumpur, Malaysia Fax: 60379673980 E-mail: ...
Government Information Quarterly, 2009
Information protection is of paramount importance in today's world. From information involving th... more Information protection is of paramount importance in today's world. From information involving the highest level of government administration and national security, to information existing at the level of the private company in the form of trade secrets or personal data, all are under the constant threat of being compromised. In this study, the researchers attempt to evaluate the information security maturity level and provide clear thoughtful analysis of the information security landscapes of the Malaysian Public Service (MPS) organizations. This study uses convenience sampling and the required data collected from 970 targeted individuals through a self-administrated survey. In addition, a survey questionnaire is utilized to gauge the security landscape and to further understand the occurrence of incidents, the sources of attack, and the types of technical safeguard. Findings revealed that the highest security incidents experienced by the MPS were spamming (42%), followed by attacks of malicious codes (41%). Twenty-five percent of incidents originated from within the organizations, 15% originated from outside, and 11% were from a mixture of internal and external sources. Also, it shows that 49% of incidents were from sources unknown to the respondents. The top most deployed safeguards by the MPS were found to be firewalls (95%), followed by anti-virus software (92%), and access control to information system (89%). Findings on the maturity level show that 61% of respondents are at Level 3, followed by 21% at Level 2 where the information security processes are still considered an Information and Communication Technology (ICT) domain. At the higher end of the continuum lies 13% for Level 4 and 1% at Level 5.
Uploads
Papers by Suhazimah Dzazali