Contributing Factors for Successful Information Security Management Implementation: A Conceptual Model
Rahayu Hashim1, Rozilawati Razali2

1Rahayu Hashim*, Research Centre for Software Technology and Management, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia.
2Rozilawati Razali, Research Centre for Software Technology and Management, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia.

Manuscript received on November 14, 2019. | Revised Manuscript received on 23 November, 2019. | Manuscript published on December 10, 2019. | PP: 4491-4499 | Volume-9 Issue-2, December 2019. | Retrieval Number: B7214129219/2019©BEIESP | DOI: 10.35940/ijitee.B7214.129219
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (

Abstract: Information security management is a comprehensive information management technique that is used as a strategic approach for addressing risks, breaches of information security incidents that threaten confidentiality, integrity and availability. Information Security Management has become an important initiative for organizations to manage and protect their information assets responsibly and effectively. One of the common problems in organisations is the lack of guidelines for the implementation of an effective and efficient ISM. As a result, incidents and threats to organisations continue to rise causing the organisations to suffer losses and their reputation jeopardised. Therefore, this study aims to identify the success factors that could assist organisations in the implementation of ISM. The methodology used in this study is a qualitative research technique whereby a theoretical study was reviewed through existing literature together with ISM international standards, frameworks, guidelines, best practices and previous studies in the IS field. The data from the theoretical study was then analysed using content analysis. Twelve success factors were identified and the relationships between these factors are proposed. These factors are derived and grouped into aspects of people and process. Each factor contains its own element that represents either the role to play or the activity to perform. In the process aspect, the factor was further divided into the Plan, Do, Check and Act phases. The aspects and factors were then formulated as a conceptual model for information security management implementation. The conceptual model acts as a guideline and an initial setup for organisations intending to implement ISM in the future. Furthermore, it could also act as a reference for future research in the information security domain. 
Keywords: Information Security, Information Security Management, Information Security Management Implementation, Success Factor.
Scope of the Article: Community Information Systems