Information quality structure framework in developing an information security management system (ISMS)

• Main Author: Palaniappan, P Siva Shamala
• Format: Thesis
• Language: English; English
• Published: 2017
• Subjects: Q Science (General); QA Mathematics
• Online Access: http://eprints.utem.edu.my/id/eprint/20628/; https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=107013&query_desc=kw%2Cwrdl%3A%20Information%20Quality%20Structure

Organisations are progressively aware that information security is an important aspect of their business strategy. The awareness make organisations to achieve an ideal level of management system to establish and maintain a secure information environment. Hence, organisations are currently applying for information security management system (ISMS) to effectively manage their information assets. ISMS will ensure that the right people, processes and technologies are in place, and facilitates a proactive approach to manage security and risk. Unfortunately, limited scholarly investigation has been undertaken to present a need of properly defined steps of process approach in which a structured way of managing ISMS within an organisation is provided. This is due to the well-known process approach, “Plan-Do-Check-Act” lifecycle model which is unable to give information on how organisations should develop security objectives and ISMS strategies. Also, there are no recognized and standard ISMS frameworks for action. The lack of standardized and trustable ISMS methods, and complexity of ISMS standards has caused practitioners to face difficulties in understanding the ISMS requirements. However, after the daunting task on choosing one preferred methods, practitioners are also required to gather information to complete all the ISMS requirement planning. Practically, practitioners gather information in a surveillance mode rather than in decision mode. Hence, practitioners are required to evaluate the collected information resource in order to eliminate all the “garbage” information. Therefore, this research aims to provide an Information Quality Structure Framework for ISMS. This study adopts a mixed method and explanatory sequential approaches to achieve the research objectives. After an extensive literature review, the quantitative study begins with descriptive study in order to determine components of information structure. Then Likert structured questionnaire was distributed and the findings have been analyzed using Rasch Measurement Model (RMM) and SEM-PLS. Qualitative analysis was done by validating the framework on ensuring the proposed framework conforms to real working ISMS specification and its usefulness for organisations. Semi-structured interview among six expert panel in ISMS industry were conducted. The results from this study, managed to develop Information Quality Structure Framework for ISMS. The proposed framework consists of (1) information structure focuses on providing layout of information which is organized in a way, in which the components are put together to form a meaningful structure which can be navigated at any time and (2) quality dimensions: accuracy, objective, completeness, reliability and verifiability ensure the quality of information and (3) provide a synthesis of information quality dimensions parameters to ensure the quality of information is emphasized throughout the ISMS process. The proposed framework contributes to the field of ISMS, certification area and also contributes information quality theory in ISMS field. The proposed framework provides an awareness on knowing beforehand what to do and to what extent they are already conquering the quality information needed for getting clear direction and to develop ISMS.