Assessing information security management in Malaysian academic libraries / Roesnita binti Ismail

This research aimed to study the perceived threats of information security, their frequency of occurrence and the perceived main source of information security threats in Malaysian academic libraries. Utilising the relevant literature, a possible list of information security threats were listed and...

Full description

Bibliographic Details
Main Author: Ismail, Roesnita
Format: Thesis
Published: 2012
Subjects:
Online Access:http://studentsrepo.um.edu.my/5537/
http://studentsrepo.um.edu.my/5537/1/roesnita_FSKTM.pdf
Description
Summary:This research aimed to study the perceived threats of information security, their frequency of occurrence and the perceived main source of information security threats in Malaysian academic libraries. Utilising the relevant literature, a possible list of information security threats were listed and investigated. In addition, the researcher also studied the levels of implementation of information security measures in these academic libraries. The information security measures were grouped into five (5) components that represent the proposed library information security assessment model (LISAM). The five (5) components included the technological measures, information security policies, security procedures, security methods and security awareness creation activities. The researcher also studied the differences between the academic libraries in applying information security measures based on the type of university, number of staff, years in ICT adoption, yearly information security budget, availability of information system (IS) security staff and availability of wireless connection. Data used was based on structured questionnaires collected from a total of 39 individuals who were responsible for the information systems (IS) or information technology (IT) in academic libraries in Malaysia. The pilot test and the actual data collection indicated all the five components in the instruments are reliable with cronbach alpha correlation coefficients above α = 0.60. Findings revealed that hardware security threats (70.0%), human-related threats (66.0%) and environmental threats (51.0%) were perceived as the most common information security threats in Malaysian academic libraries. However, data security threat was perceived as the least threatening to these academic libraries. There were slightly high frequencies of occurrence of hardware maintenance errors, use of unauthorised hardware and malicious code attacks in these academic libraries. Parallel with the existing research findings, hardware and software failures (56.4%) as well as human-related threats (41.0%) were perceived as the main root causes of information security incidents in these academic libraries. Most of technological measures for hardware, software, workstation, network, server, data and environmental security have been implemented and reviewed on regular basis in these academic libraries. This study found significant differences among academic libraries in Malaysia in applying technological measures due to yearly information system’s security budget and availability of information systems (IS) security staff. However, most of information security procedures, information security administrative tools and information security awareness creation were rated at Level 2 (Only some part of measures have been implemented), these findings were discouraging as rating of Level 4 (Implemented and reviewed on regular basis) and Level 5 (Fully implemented and recognised as good example for other libraries) would be better reflection of a well implemented organisational measures in libraries. This study found significant differences among academic libraries in Malaysia in applying the organisational measures due to number of staff, yearly information system security budget and availability of information system (IS) security staff. With regard to the overall security status of information security management in Malaysian academic libraries based on the proposed information security assessment tool for libraries, findings revealed that half of those academic libraries (55.3%) surveyed have good practice of technological security measures but require improvement on organisational measures. This may be due to the over-emphasis on technology as the sole solution to information security problems in these academic libraries. Therefore, it is necessary to put organisational measures in place as relying on technology alone will not solve the information security problems effectively.