Factors Influencing Top Management Engagement in Information Security

Given the integral relationship between information security governance and corporate governance, it is imperative for top management to participate in information security initiatives actively. Due to top management’s common perception of information security as a technical and operational concern rather than a business matter, the responsibility for its implementation is often assigned solely to the information security team. This approach has led to challenges in fostering a collaborative, organisation-wide effort towards information security. This study examines the factors that influence top management engagement in information security. It utilises qualitative research methodology and adopts an inductive approach. The multiple-case study is employed as a research strategy to examine the topic under study. Purposive sampling was employed to select participants for interviews conducted at four (4) public sector organisations, with a total of 27 participants. The study findings suggest that regulatory forces, informal education, and on-the-job exposure are the primary factors influencing top management engagement in information security. The initial model was revised in accordance with the findings of the multiple-case study that led to the establishment of the final model.

Keywords: Top Management Engagement, Information Security Governance, Information Security Management, Engagement Factors Model, Participation and Involvement in Information Security

Suggested Citation: Suggested Citation

Abdul Munir, Rufizah and Talib, Shuhaili and Abdul Molok, Nurul Nuha and Ahmad, Mohd Ridzuan and Furnell, Steven, Factors Influencing Top Management Engagement in Information Security. Available at SSRN: https://ssrn.com/abstract=4648851 or http://dx.doi.org/10.2139/ssrn.4648851