Implementation of a cybersecurity risk management framework is one of the security management requirements in Malaysian public universities. It is critical to understand an institution’s overall security profile. Therefore, this study aims to identify the current practice of cybersecurity risk management in Malaysian institutions of higher learning to address the security defies. This research employs a qualitative approach using a semi-structured interview to evaluate the current frameworks. This study considers the literature review on the cybersecurity risk management framework in Malaysian higher education institutions for data analysis. Thus, NVivo 12 software and thematic analysis were used to analyze the interview transcription from the audio recording. This paper expects to find the list of current frameworks applied in higher education institutions. It allows covering a wide range of cybersecurity risk management problems within the universities operation system. It is hoped that this study will make significant contributions to the cybersecurity risk management lifecycle in Malaysian institutions of higher learning.
Alvarez, G., and Perez, P. (2004). Seguridad informática para empresas y particulares (Madrid:
McGraw-Hill).
Bojanc, R. (2012). A quantitative model for information security risk management (pp. 267–275).
Boltz, J. (1999). Informational Security Risk Assessment: Practices of Leading Organizations.
DIANE Publishing.
Boranbayev, A., Mazhitov, M., & Kakhanov, Z. (2015). Implementation of Security Systems for
Prevention of Loss of Information at Organizations of Higher Education. 2015 12th International Conference on Information Technology - New Generations, (It), 802–804.
Clinch, J. (2009). ITIL V3 and Information Security. Best Management Practice.
Creswell, J. W. (2009). Research design: Qualitative, quantitative, and mixed methods approach. Thousand Oaks, CA: SAGE Publications.
Escrivá, G., Romero, R., Ramada, D., and Onrubia, R. (2013). Seguridad informática (Madrid: Macmillan Iberia S.A.).
Feehan. P (2013). Higher Education IT Compliance through the Prism of Risk Controls |
EDUCAUSE.
Ghazvini, A., Shukur, Z., & Hood, Z. (2018). Review of information security policy based on
content coverage and online presentation in higher education. International Journal of Advanced Computer Science and Applications, 9(8), 410–423.
https://doi.org/10.14569/ijacsa.2018.090853.
Gómez, A. (2014). Seguridad en equipos informáticos (Madrid: Editorial RA-MA).
Gordon, C. J. (2015). Addressing Security Risks for Mobile Devices: What Higher Education
Leaders Should Know.
Grajek, S. (2020). TOP 10 IT ISSUES 2020: The Drive to Digital Transformation Begins. EDUCAUSE Review, 4.
Hashim, R., & Razali, R. (2019). Contributing Factors for Successful Information Security
Management Implementation: A Conceptual Model. International Journal of Innovative Technology and Exploring Engineering, 9(2), 4491–4499.
https://doi.org/10.35940/ijitee.b7214.129219.
Hommel, W., Metzger, S., & Steinke, M. (2015). Information Security Risk Management in Higher Education Institutions: From Processes to Operationalization.
Houghton, C., Casey, D., Shaw, D., & Murphy, K. (2013). Rigour in qualitative case study research. Nurse Researcher, 20(4), 12-17.
Ibrahim, H. I., Mohamad, W. M. W., & Shah, K. A. M. (2020). Investigating Information and Communication Technology (ICT) usage, knowledge sharing, and innovative behavior among engineers in electrical and electronic MNCs in Malaysia. Jurnal Pengurusan, 58, 133–143. https://doi.org/10.17576/pengurusan-2020-58-11
ISO/IEC. (2013). Information technology - Security techniques - Code of practice for information security controls, ISO/IEC 27002:2013(E).
ISO/IEC. (2018). Information technology — Security techniques — Information security risk
management, ISO/IEC 27005:2018 (E).
Joshi, C., & Singh, U. K. (2017). Information security risks management framework – A step
towards mitigating security risks in the university network. Journal of Information Security and Applications, 35(October 2018), 128–137.
https://doi.org/10.1016/j.jisa.2017.06.006.
Kotulic, A. G., & Clark, J. G. (2004). Why there aren’t more information security research studies. Information and Management, 41(5), 597–607.
Leseure, M. J., Bauer, J., Birdi, K., Neely, A., & Denyer, D. (2004). Adoption of promising practices: A systematic review of the evidence. International Journal of Management Reviews, 5/6(3/4), 169–190. doi:10.1111/j.1460-8545.2004.00102.
Lind, C. H., Kang, O., Ljung, A., & Forsgren, M. (2018). MNC involvement in social innovations: The
issue of knowledge, networks, and power. Critical Perspectives on International Business 16(1): 79-99.
Najwa, N. A., Ramly, Z., & Haron, R. (2019). Board Size, Chief Risk Officer, and Risk-taking in
Islamic Banks: Role of Shariah Supervisory Board. Jurnal Pengurusan, 57. https://doi.org/10.17576/pengurusan-2019-57-01
Nunes, S. R. (2018). Value-focused assessment of cyber risks to gain benefits from security
investments.
Okoye, S. (2017). Strategies to Minimize the Effects of Information Security Threats on Business.
Özçakmak, F. (2019). Supplementing Isrm Models By Kri Implementation. Nanotechnology, 27(9).
http://dx.doi.org/10.1016/j.cej.2014.10.020%0Ahttp://dx.doi.org/10.1016/j.apcatb.2013.08.019%0Ahtt p://dx.doi.org/10.1016/j.tsf.2016.12.015
PCI Security Standards Council. (2012). Information Supplement: PCI DSS risk assessment
guidelines.
Peso, E., and Ramos, M. (2015). La seguridad de los datos de carácter personal (Madrid: Ediciones Díaz de Santos).
Quintero, N. A., Pérez, T. V., & Silva, H. C. (2019, June). Information security model. Case study higher education institution. In Journal of Physics: Conference Series (Vol. 1257, No. 1, p. 012014). IOP Publishing.
Shamala, P., Ahmad, R., Zolait, A. H., & bin Sahib, S. (2015). Collective information structure
model for Information Security Risk Assessment (ISRA). Journal of Systems and Information Technology, 17(2), 193–219. https://doi.org/10.1108/JSIT-02-2015-0013.
Shoki, M., Zakuan, N., Tajudin, M. N. M., Ahmad, A., Ishak, N., & Ismail, K. (2014). A framework
for risk management practices and organizational performance in higher education. Review of Integrative Business and Economics Research, 3(2), 422–432.
Siponen, M. T. (2000), “Critical analysis of different approaches to minimizing user-related faults in an information systems security: implications for research and practice”, Information Management & Computer Security, Vol. 8 No. 5, pp. 197-209.
Spears, J. L., and Barki, H. (2010), “User participation in information systems security risk
management”, MIS Quarterly, pp. 503-522.
Suray, N., Karpenko, E., Dubovik, M., Shlyenov, Y., & Sterlikov, F. (2019). Risk Management At
Educational Institution* Natal. 7(2), 1171–1184.
Talet, A. N., Mat-Zin, R., & Houari, M. (2014). Risk management and information technology
projects. International Journal of Digital Information and Wireless Communications (IJDIWC), 4(1), 1–9.
Thomas, S. J. (2015). Exploring strategies for retaining information technology professionals: A case study (Doctoral dissertation). Retrieved from ProQuest Dissertations and Theses database. (UMI No. 3681815).
Wang, Y., & Liao Y. (2008). Understanding individual adoption of mobile booking service: An
empirical investigation. CyberPsychology & Behavior, 11(5): 603-605. doi:10.1089/cpb.2007.0203.
Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2014). A situation awareness model for
information security risk management. Computers & Security, 44, 1–15.
YIN, R. K. (2011). Qualitative Research from Start to Finish. Animal Genetics (Vol. 39).
In-Text Citation: (Dioubate et al., 2022)
To Cite this Article: Dioubate, B. M., Daud, W., & Norhayate, W. (2022). Cyber Security Risk Management Frameworks Implementation in Malaysian Higher Education Institutions. International Journal of Academic Research in Business and Social Sciences, 12(4), 1290–1305.
Copyright: © 2022 The Author(s)
Published by Knowledge Words Publications (www.kwpublications.com)
This article is published under the Creative Commons Attribution (CC BY 4.0) license. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this license may be seen at: http://creativecommons.org/licences/by/4.0/legalcode