International Journal of Scientific & Technology Research

Home About Us Scope Editorial Board Blog/Latest News Contact Us
10th percentile
Powered by  Scopus
Scopus coverage:
Nov 2018 to May 2020


IJSTR >> Volume 10 - Issue 2, February 2021 Edition

International Journal of Scientific & Technology Research  
International Journal of Scientific & Technology Research

Website: http://www.ijstr.org

ISSN 2277-8616

Information Security Management System Success Measurement Indicator

[Full Text]



Nurazean Maarop, Deden Witarsyah, Surya Sumarni Hussein, Ganthan Narayana Samy, Noor Hafizah Hassan, Doris Wong Hooi Ten, Roslina Mohammad, Norziha Megat Mohd Zainuddin



Information Security Management System; Success Model; Information Systems Success; Survey Indicator Development



Information security matter has become significant element to support digital transformation. The concern is even more vital in organizations as they need to warrant that their information systems are appropriately secured. Hence, the Information Security Management System (ISMS) has been formed to offer many benefits in improving overall organizational security performance, efficiency and management of information. Nevertheless, there is still limited indicator to be applied when assessing ISMS implementation success in organization. In most literature within the Information Systems domain, the success or failure of the implementation of technology is fundamentally measured by the indicator known as net benefit of individual or organization. This study presents the development of ISMS success measurement indicators based on the procedures and the statistical analysis of pilot study. The overall aim is to validate the items relevancy of ISMS implementation success. This study occupies an acceptable pilot sample size of thirty eight respondents through quantitative survey distributed purposively among Malaysian government agencies’ employees who have experienced with ISMS implementation and application. As a result, this study proposes ISMS success model measurement indicators comprising thirty five measurement items.



[1] The ISO Survey of Management System Standard Certifications. (2015). Retrived 10 April 2018, from https://www.iso.org/files/live/sites/isoorg/files/archive/pdf/en/the_iso_survey_of_management_system_standard_certifications_2015.pdf
[2] N., Maarop, N. Mohd Mustapha, R. Yusoff, R. Ibrahim, N.M.M. Zainuddin. “Understanding Success Factors of an Information Security Management System Plan Phase Self-Implementation”, Vol. 9, No. 3, pp. 884-889, 2015.
[3] H. K., Kong, J. H., Woo, T. S., Kim, & H. Im, “Will the Certification System for Information Security Management Help to Improve Organizations’ Information Security Performance? The Case of K-ISMS”, Indian Journal of Science and Technology, Vol 9, No. 24, 2016.
[4] E., Humphreys. “Information security management standards: Compliance, governance and risk management”, Information Security Technical Report, Vol 1, No 4, pp. 247–255, 2008.
[5] R., M., van Wessel, H.J de van Vries, “Business Impacts of International Standards for Information Security Management. Lessons from Case”, Vol. 1, pp. 25–40, 2013.
[6] J., S., Broderick. “ISMS, security standards and security regulations. Information Security Technical Report”, Vol 11, No. 1, pp. 26–31, 2006.
[7] S., M., Alfawaz. “Information Security Management: A Case Study of an Information Security Culture”, PhD Dissertation, QUT, Australia, 2011.
[8] D.R. Monette, T.J. Sullivan, C.R. DeJong, “Applied social research: A tool for the human services”, Cengage Learning, 2013.
[9] C., Pelnekar, “Planning for and Implementing ISO 27001,” ISACA Journal, Vol. 4, No. 4, pp. 1-8, 2011.
[10] ISACA, “Information Security Governance: Guidance for Boards of Directors and Executive Management”, IT Governance Institute, 2006.
[11] W., H., DeLone and E.,R., McLean, “Information systems success: the quest for the dependent variable”, Information Systems Research, Vol. 3, No. 1, pp. 60–95, 1992.
[12] W.,H., DeLone and E.,R., McLean, “The DeLone and McLean model of information systems success: a ten-year update”, Journal of Management Information Systems, Vol. 19, No. 4, pp. 9–30, 2003
[13] H. Jin Yeo, “Information System Success Disparity between Developer and Users”, Indian Journal of Science and Technology, Vol. 9, No. 20, 2016.
[14] Y. Hagos, M. Garfield, and S. Anteneh, “Measurement factors model for e- learning systems success”, Tenth International Conference on Research Challenges in Information Science (RCIS), IEEE, pp. 1–6, 2016.
[15] R., Boyatzis ."Transforming qualitative information: Thematic analysis and code development", Thousand Oaks, CA, Sage, 1998.
[16] H., L., Hai and K., M., Wang, “The critical success factors assessment of ISO 27001 certification in computer organization by test-retest reliability, African Journal of Business Management, Vol. 8, No. 17., pp. 705-716, 2014.
[17] N., Maarop, K. Thamadaran, G., N., Samy, A., Azmi, O., Mohd-Yusof, A., Azizan, “Information Security Management System Implementation Success Factors: A Review”, Advanced Science Letter, Vol. 22, No. 10, pp. 3023-3026, 2015
[18] B., AbuSaad, F., A., Saeed, K., Alghathbar and B., Khan, “Implementation of ISO 27001 in Saudi Arabia-obstacles, motivations, outcomes, and lessons learned”, Proceedings of the 9th Australian Information Security Management Conference, Edith Cowan University, Perth Western, Australia, 5th -7th December, 2011
[19] S., Woodhouse, “Critical success factors for an Information Security Management System”, Proceeding 5th International Conference on Information Technology and Application, pp. 244-249, 2008.
[20] T., Aksorn, and B., H., W., Hadikusumo. "Critical Success Factors Influencing Safety Program Performance in Thai Construction Projects," Safety Science, Vol. 46, No. 4, pp 709-727, 2008.
[21] T., Kayworth and D., Whitten, "Effective Information Security Requires a Balance of Social and Technology Factors," MIS Quarterly Executive (9:3), pp 163-175, 2010.
[22] A., N., Singh and M.P. Gupta, “Identifying factors of organizational information security management”, Journal of Enterprise Information Management Vol. 27 No. 5, 2014 pp. 644-667, 2010.
[23] J., L., Spears and H., Barki, "User Participation in Information Systems Security Risk Management," MIS quarterly (34:3), pp 503-522, 2010
[24] J. C. Nunnally and I. H. Bernstein, Psychometric theory. New York: McGraw-Hill, 1994.
[25] M.R. Lynn, “Determination and quantification of content validity”, Nursing Research, Vol. 35, pp.382– 385, 1986.
[26] Tu, Z., & Yuan, Y. Critical Success Factors Analysis on Effective Information Security Management: A Literature Review. Proceedings of the 20th Americas Conference on Information Systems (AMCIS), USA, Georgia, Savannah, 2014
[27] Alshitri, K.I. & Abanumy, A.N., Exploring the Reasons behind the Low ISO 27001 Adoption in Public Organizations in Saudi Arabia. In International Conference on Information Science and Applications (ICISA), pp. 1-4, 2014
[28] Lisiak-Felicka. D., & Szmit, M. Information security management systems in Marshal Offices in Poland. Information Systems in Management, Vol 3, No. 2, pp. 134-144, 2014
[29] M. Hasan, H.I. Baharun, G.N. Samy, N. Maarop, W.Z. Abidin, and N.H. Hassan, “Developing a success model of Research Information Management System for research affiliated institutions”, in 5th International Conference on Research and Innovation in Information Systems: Social Transformation through Data Science, ICRIIS 2017
[30] Werlinger, R., Hawkey, K., & Beznosov, K. An Integrated View of Human, Organizational, and Technological Challenges of IT Security Management, Information Management & Computer Security, Vol 17, No.1, pp 4-19, 2009
[31] Kim, J. & Rhee, J. An empirical study on the impact of critical success factors on the balanced scorecard performance in Korean green supply chain management enterprises. International Journal of Production Research, Vol 50, No. 9, pp.2465-2483, 2012
[32] Kayworth, T., & Whitten, D. Effective Information Security Requires a Balance of Social and Technology Factors, MIS Quarterly Executive 9(3), 2010, pp 163-175.
[33] Kazemi, M., Khajouei, H., & Nasrabadi, H. (2012). Evaluation of information security management system success factors: Case study of Municipal organization. African Journal of Business Management, 6(14), 4982–4989.
[34] Yildirim, E. Y., Akalp, G., Aytac, S., & Bayram, N. Factors Influencing Information Security Management in Small-and Medium-Sized Enterprises: A Case Study from Turkey, International Journal of Information Management 31(4), 2011, pp 360-365.
[35] Van Niekerk, J. F., & Von Solms, R. Information Security Culture: A Management Perspective, Computers & Security, 29(4), pp 476-486, 2010.
[36] Spears, J. L., & Barki, H. User Participation in Information Systems Security Risk Management," MIS quarterly, 34(3), 2010, pp 503-522.
[37] M., Arain, M., J., Campbell, C., L., Cooper and G., A., Lancaster, “What is a pilot or feasibility study? A review of current practice and editorial policy”, BMC Medical Research Methodology, Vol 10., No.67, 2010
[38] G., A., Lancester, S., Dodd and P., R., Williamson, “Design and analysis of pilot studies: recommendations for good practice”, Journal of Evaluation in Clinical Practice, Vol 10, No. 2, pp 307-312, 2004.
[39] E., van Teijlingen & V., Hundley, “ The importance of pilot studies”, Vol. 16, No., pp.33-36, 2002.
[40] J. F. Hair, G. T. M. Hult, C. M. Ringle, and M. Sarstedt, “A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM)”, SAGE Publications, 2013.
[41] J., F., Hair, B., J., Babin and N., Krey, “Covariance-Based Structural Equation Modeling in the Journal of Advertising: Review and Recommendations, Vol. 46, No. 1, pp. 163-177, 2017
[42] M., Tavakol & R., Dennick, “Making sense of Cronbach’s alpha”, Vol. 2, pp. 53-55, 2011
[43] L.,M., Connelly, “ Research Roundtable, Cronbach’s Alpha”, MEDSURG Nursing, Vol. 20, No. 45, 2011.
[44] C., Fornell, & D., F., Larcker, “Evaluating structural equation models with unobservable variables and measurement error. Journal of marketing research”, Vol.18, No. 1, pp. 39-50, 198