Library Open Repository

Role of the boards and senior management within formal, technical and informal components: IS/IT security governance in the Malaysian publicly listed companies

Downloads

Downloads per month over past year

Musa, N (2012) Role of the boards and senior management within formal, technical and informal components: IS/IT security governance in the Malaysian publicly listed companies. PhD thesis, University of Tasmania.

[img]
Preview
PDF (Front matter)
front-musa-thes...pdf | Download (183kB)
Available under University of Tasmania Standard License.

[img]
Preview
PDF (Whole thesis)
whole-musa-thes...pdf | Download (2MB)
Available under University of Tasmania Standard License.

Abstract

In IT governance, there are two types of responsibilities, first is IT value governance and
second is IT risk governance. The primary objective of this study is to examine the second
type of responsibility, IT risk governance and specifically looking into the involvement of the
board, senior management and all management levels in IS/IT security.
Prior research has shown a lack of involvement by the board and senior management in
understanding IS/IT security problems, unbalanced implementation of IS/IT security within
the formal, technical and informal components and lack of internal controls application over
IS/IT security. The gap found in this study has lead to the development of two major research
questions, Research Question 1-In what way does the involvement of Boards and senior
management impact on the implementation of IS/IT security governance? and Research
Question 2-How can directing and monitoring actions in the technical, formal and informal
components of IS/IT security governance in corporations be implemented effectively and
efficiently? The two research questions have steered the development of the conceptual
framework, the model of IS/IT security governance and the research methods.
The IS/IT security governance model is an extension of the conceptual framework, the model
prescribes several areas relating to the elements of the three components, formal, technical
and informal and component interactions (Relationship Type 1-Formal/Informal,
Relationship Type 2-Formal/Technical and Relationship Type 3-Technical/Informal) within
Malaysian Publicly Listed Corporations. The model suggests IS/IT security ought to be
included within risk management and internal controls practices, through ‘directing’ and
‘monitoring’ actions and exclusively emphasises the supervision role and the relationship
between the supervisor (giver) and the holder of responsibility. Because the nature of study is
sensitive and confidential; the study has adopted a triangulation method. Data were collected
using interviews and a mail survey as primary sources and website analysis as a secondary
source. 12 interviews were conducted with CEOs, CIOs, other senior managers and IT
manager from eight companies of Group A (Top) and Group B (Middle) across different
industries. Despite a low response rate for the mail survey, the data have high validity as
interviews and responses involved appropriate people in leading organisations in Malaysia
from Group A(Top) and Group B(Middle)- high profit and large market capitalisation
organisations and experienced senior managers. Content analysis over 210 annual reports of
website data from Group A, Group B and Group C was conducted.
The data from interviews, survey and website analysis have supported the model of IS/IT
security governance. The findings from the interview data are consistent with the elements of
formal, technical and informal components and component interactions; risk management
and internal controls over IS/IT security and ‘directing’ and ‘monitoring’ actions over IS/IT
security are supported. The results of the survey have shown that the respondents had similar
perspectives as the model. The website analysis revealed that two factors may determine
IS/IT security governance, the group type and industry type.

Item Type: Thesis (PhD)
Additional Information:

Copyright the Author

Date Deposited: 17 Aug 2012 04:52
Last Modified: 11 Mar 2016 05:53
Item Statistics: View statistics for this item

Actions (login required)

Item Control Page Item Control Page