The Role of Employee in Information Security Risk Management
-
2018-12-09 
https://doi.org/10.14419/ijet.v7i4.31.23358
-
Information Security Risk Management, Risk Assessment, Employee Risk, Information Security -
Information security risk management (ISRM) is become essential for establishing safe and reliable environment for online and e-transactional activities. With the coming Industrial Revolution 4.0, there is a huge interest of the organization for involving user in their risk management activity to minimize any security incidents. Limited research has been conducted in investigating involvement of user in ISRM. Therefore, this paper examines the involvement of user in ISRM in financial organization. Besides, this paper discusses the existing theories of risk management use in assessing ISRM. This paper investigates user participation in ISRM implemented in the organization using mixed-method approach. This study use questionnaire survey and follow-up with interview in one financial organization. Besides, Strength, Weakness, Opportunities and Threat (SWOT) analysis is presented based on the result found for the organisation to focus on their improvements needed. This study shows that a well-known procedure and standards must be implemented in the organisation to ensure that employee participate more in the ISRM process and activities.
Â
Â
-
References
[1] Stoneburner, A., Goguen, A. and Feringa, A, “Risk Management Guide for Information Technology Systems Recommendations of the National Institute of Standards and Technologyâ€, NIST Special Publication., (2002), available online: https://www.archives.gov/files/era/recompete/sp800-30.pdf, last visit: 20.06.2018
[2] Zahoor Ahmed Soomro, Mahmood Hussain Shah; Javed Ahmed, “Information Security Management Needs More Holistic Approach: A Literature Reviewâ€, International Journal of Information Management, Vol. 36, No. 1, (2016), pp. 215–225, available online: https://www.sciencedirect.com/science/article/pii/S0268401215001103, last visit: 20.07.2018
[3] Safa, Nader Sohrabi, et al. "Information security conscious care behaviour formation in organizations", Computers & Security, Vol. 53 (2015), pp. 65-78, available online: http://www.mihantarjomeh.com/wp-content/uploads/2016/02/Information-security-management-needs___sder85t2d3gf0gg0g.pdf, last visit: 19.06.208.
[4] S Dzazali, Suhazimah, Ainin Sulaiman, and Ali Hussein Zolait. "Information security landscape and maturity level: Case study of Malaysian Public Service (MPS) organizations." Government Information Quarterly, Vol. 26, No. 4, (2009), pp. 584-593.
[5] Spears, Janine L., and Henri Barki. "User participation in information systems security risk management." MIS quarterly, Vol. 34, No. 3, (2010), pp. 503-522.
[6] Deli, M. S. M., Ahmad, J. F., Hassan, N. H., Maarop, N., Samy, G. N., Abdullah, M. S., & Yaacob, S. (2018). Understanding User Participation in Information Security Risk Management. Open International Journal of Informatics, vol. 5, No. 1, (2017), pp 1-8, available online: http://publication.ais.utm.my/ojs/index.php/oiji/article/view/35, last visit: 1.07.2018.
[7] Sadowsky, G., Dempsey, J. X., Greenberg, A., Mack, B. J., & Schwartz, A., Information technology security handbook. Washington, DC: World Bank. G (2003).
[8] Wheeler, E. Security risk management: Building an information security risk management program from the Ground Up. Elsevier, (2011).
[9] Behnia, A., Rashid, R. A., & Chaudhry, J. A.. “A survey of information security risk analysis methodsâ€, SmartCR, Vol. 2, No. 1, (2012), pp. 79–94.
[10] Salleh, K. A., Janczewski, L. J., & Beltran, F.. “SEC-TOE Framework: Exploring Security Determinants in Big Data Solutions Adoptionâ€, Proceedings of The Pacific Asia Conference on Information Systems, 2015.
[11] Wangen, G., Hallstensen, C., & Snekkenes, E.“A framework for estimating information security risk assessment method completenessâ€. International Journal of Information Security, (2016), pp. 1–19.
[12] Caralli, R. A., Stevens, J. F., Young, L. R., & Wilson, W. R.. Introducing octave allegro: Improving the information security risk assessment process (No. CMU/SEI-2007-TR-012). CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST (2007).
[13] Peltier, Thomas R. "Facilitated risk analysis process (FRAP)." Auerbach Publication, CRC Press LLC (2000).
[14] United Nations Development Programme, “Community Based Resilience Assessment (CoBRA) Conceptual Framework and Methodology,†(2013).
[15] Francis O., “Community Based Resilience Analysis (COBRA) Assessmentâ€, (2013), available online : https://www.researchgate.net/publication/279534526_Community_Based_Resilience_CoBRA_Assessment, last visit: 1.07.2018
[16] Karabacak, B., and Ibrahim S., "ISRAM: information security risk analysis method", Computers & Security, Vol. 24, No. 2 (2005), pp. 147-159.
[17] Chandrashekhar, A. M., Yadunandan Huded, and HS Sachin Kumar. "Advances in Information security risk practices." International Journal of Advanced Research in data mining and Cloud computing (IJARDC), Vol. 3, No. 5, (2015).
[18] Shameli-Sendi, A. , Rouzbeh Aghababaei-Barzegar, and Mohamed Cheriet. "Taxonomy of information security risk assessment (ISRA)." Computers & Security,Vol. 57, (2016), pp. 14-30.
[19] MAMPU, “Panduan Keperluan Dan Persediaan Pelaksanaan Pensijilan MS ISO/IEC 27001:2007 Dalam Sektor Awam,†2010.
[20] MAMPU, “The Malaysian Public Sector Information Security Risk Assessment Methodology (MyRAM) Handbook,†2005.
[21] Creswell J. and Plano Clark, V., Designing and Conducting Mixed Methods Research, SAGE publication, (2017).
-
Downloads
-
-
How to Cite
Lau Keat Jin, D., Hafizah Hassan, N., Maarop, N., Narayana Samy, G., & Che Mohd Yusof, R. (2018). The Role of Employee in Information Security Risk Management. International Journal of Engineering & Technology, 7(4.31), 145-150. https://doi.org/10.14419/ijet.v7i4.31.23358
