Contributing Factors for Successful Information Security Management Implementation: A Conceptual Model

Abstract

Information security management is a comprehensive information management technique that is used as a strategic approach for addressing risks, breaches of information security incidents that threaten confidentiality, integrity and availability. Information Security Management has become an important initiative for organizations to manage and protect their information assets responsibly and effectively. One of the common problems in organisations is the lack of guidelines for the implementation of an effective and efficient ISM. As a result, incidents and threats to organisations continue to rise causing the organisations to suffer losses and their reputation jeopardised. Therefore, this study aims to identify the success factors that could assist organisations in the implementation of ISM. The methodology used in this study is a qualitative research technique whereby a theoretical study was reviewed through existing literature together with ISM international standards, frameworks, guidelines, best practices and previous studies in the IS field. The data from the theoretical study was then analysed using content analysis. Twelve success factors were identified and the relationships between these factors are proposed. These factors are derived and grouped into aspects of people and process. Each factor contains its own element that represents either the role to play or the activity to perform. In the process aspect, the factor was further divided into the Plan, Do, Check and Act phases. The aspects and factors were then formulated as a conceptual model for information security management implementation. The conceptual model acts as a guideline and an initial setup for organisations intending to implement ISM in the future. Furthermore, it could also act as a reference for future research in the information security domain.