Information Security Management Practices in the Digital Economy: A Descriptive Analysis of Current Trends and Future Directions in Malaysia
DOI:
https://doi.org/10.24191/abrij.v11i1.6936Keywords:
information security, security practices, digital economy, security threatsAbstract
The main objective of this research is to assess the level of InfoSec practices of Malaysia’s business organizations in the digital economy. The study seeks to provide insights into how businesses and individuals can better protect their data and systems from cyber threats, ultimately contributing to a safer and more secure digital future. A quantitative research method was employed in this research, and it was conducted throughout Malaysia. A total of 250 valid questionnaires were obtained from managers and executives of the Multimedia Super Corridor (MSC) status companies. A purposive sampling method was used to ensure the sample size was well-represented. The descriptive analysis suggests that most organizations have encouraged organizational awareness in InfoSec practices consistent with installing security controls at the first line of and indicating that InfoSec practices are somehow apparent in their organizational settings and the digital economy environment. This study was conducted descriptively to explore the trend and the current InfoSec practices of IT business in Malaysia. Although findings indicate that these companies are currently well-positioned to lead the digital economy, however, further exploration is needed to establish the correlations between InfoSec practices and secure digital business environment in the context of the digital economy. The ramifications of this study are beneficial for policymakers because they provide guidelines for how the pervasive use of computer systems can improve information security management.
References
Arora, B. (2016). Exploring and analyzing internet crimes and their behaviors. Perspectives in Science, 8, 540-542.
Azab, A., & Khasawneh, M. (2020). MSIC: Malware spectrogram image classification. IEEE Access, 8, 102007-102021.
Aziz, F., Mayasari, N., Sabhan, S., Zulkifli, Z., & Yasin, M. F. (2022). The future of human rights in the digital age: Indonesian perspectives and challenges. Journal of Digital Law and Policy, 2(1), 29-40.
Baker, W. H., & Wallace, L. (2007). Is information security under control? Investigating quality in information security management. IEEE Security & Privacy, 5(1), 36-44.
Bostrom, R. P., & Heinen, J. S. (1977). MIS problems and failures: A socio-technical perspective. Part I: The causes. MIS quarterly, 17-32.
Bostrom, R. P., & Heinen, J. S. (1977). MIS problems and failures: a socio-technical perspective, part II: The application of socio-technical theory. MIS quarterly, 11-28.
Dana, L. P., Salamzadeh, A., Mortazavi, S., & Hadizadeh, M. (2022). Investigating the impact of international markets and new digital technologies on business innovation in emerging markets. Sustainability, 14(2), 983.
De Lange, E., Woodhouse, E., & Milner‐Gulland, E. J. (2016). Approaches used to evaluate the social impacts of protected areas. Conservation Letters, 9(5), 327-333.
Duah, F. A., & Kwabena, A. M. (2015). The impact of cyber crime on the development of electronic business in Ghana. European Journal of Business and social sciences, 4(1), 22-34.
Evans, N., & Price, J. (2020). Development of a holistic model for the management of an enterprise’s information assets. International Journal of Information Management, 54, 102193.
Hanafy, H. A. (2017). Impact of information security initiatives on supply chain performance. Global Journal of Management and Business Research, 17(A6), 41-54.
Hasan, S., Ali, M., Kurnia, S., & Thurasamy, R. (2021). Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 58, 102726.
Hong, K. S., Chi, Y. P., Chao, L. R., & Tang, J. H. (2003). An integrated system theory of information security management. Information Management & Computer Security, 11(5), 243-248.
Ibrahim, D. M. (2019). Internet of Things technology based on LoRaWAN revolution. In 2019 10th International Conference on Information and Communication Systems (ICICS) (pp. 234-237). IEEE.
IDC unveils Top 10 ICT predictions to drive Malaysian digital economy. (2019, January 31). Digital News Asia. https://www.digitalnewsasia.com/digital-economy/idc-unveils-top-10-ict-predictions-drive-malaysian-digital-economy
ISO/IEC 27001:2013 Information Security Management Systems - SQC. (n.d.). SQC. Retrieved from https://www.sqc.com.my/iso-iec-270012013-information-security-management-systems/
Jie, L., & Xin, Q. (2022). Information security decisions of enterprises in the context of digital transformation. 2022 IEEE 13th International Conference on Software Engineering and Service Science (ICSESS). https://doi.org/10.1109/icsess54813.2022.9930222
Kaabi, S., & Jallouli, R. (2019). Overview of E-commerce technologies, data analysis capabilities and marketing knowledge. In Digital Economy. Emerging Technologies and Business Innovation: 4th International Conference, ICDEc 2019, Beirut, Lebanon, April 15–18, 2019, Proceedings 4 (pp. 183-193). Springer International Publishing.
Kohli, S. (2018). Exploring cyber security vulnerabilities in the age of IoT. In Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications (pp. 1609-1623). IGI Global.
Krejcie, R. V., & Morgan, D. W. (1970). Determining sample size for research activities. Educational and psychological measurement, 30(3), 607-610.
Liu, Y., Fan, T., Chen, T., Xu, Q., & Yang, Q. (2021). Fate: An industrial-grade platform for collaborative learning with data protection. The Journal of Machine Learning Research, 22(1), 10320-10325.
Malaysia Digital Economy Corporation. (2023). Guidelines and criteria on MSC Malaysia cybercity/cybercentre status application and process. (Standard No. v6.4). Retrieved from https://mdec.my/static/pdf/what-we-offer/cybercities-cybercentres-digital-hubs/Guidelines-and-Criteria-on-Cybercity-Cybercentre-Status-Application-and-Process-v6-4.pdf
Mat, B., Pero, S., Wahid, R., & Sule, B. (2019). Cybersecurity and digital economy in Malaysia: Trusted law for customer and enterprise protection. International Journal of Innovative Technology and Exploring Engineering, 8(3), 214-220.
Md Yusof, A., Zaini, M. K., Khairuddin, I. E., and Ahmad Uzir, N. (2024). Modeling a Digital Trust Framework to Address Cybersecurity Issues in Malaysia’s Digital Economy. International Transaction Journal of Engineering, Management, & Applied Sciences & Technologies, 15(4), 15A4B, 1-12. http://TUENGR.COM/V15/15A4B.pdf DOI: 10.14456/ITJEMAST.2024.21
Muslim, A. K., Dzulkifli, D. Z. M., Nadhim, M. H., & Abdellah, R. H. (2019). A study of ransomware attacks: Evolution and prevention. Journal of Social Transformation and Regional Development, 1(1), 18-25.
Nurse, J. R. (2018). Cybercrime and you: How criminals attack and the human factors that they seek to exploit. arXiv preprint arXiv:1811.06624.
Rhee, H. S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users' information security practice behavior. Computers & security, 28(8), 816-826.
Rosadi, S. D. (2018). Protecting privacy on personal data in digital economic Era: Legal framework in Indonesia. Brawijaya Law Journal, 5(1), 143-157.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. computers & security, 56, 70-82.
Safa, N. S., Von Solms, R., & Futcher, L. (2016). Human aspects of information security in organisations. Computer Fraud & Security, 2016(2), 15-18.
Sattarova Feruza, Y., & Kim, T. H. (2007). IT security review: Privacy, protection, access control, assurance and system security. International journal of multimedia and ubiquitous engineering, 2(2), 17-32.
Shendryk, S., Shendryk, V., Tymchuk, S., & Parfenenko, Y. (2021). Information technology of decision-making support on the energy management of hybrid power grid. In Information and Software Technologies: 27th International Conference, ICIST 2021, Kaunas, Lithuania, October 14–16, 2021, Proceedings 27 (pp. 72-83). Springer International Publishing.
Srinivasan, C. R. (2017). Hobby hackers to billion-dollar industry: The evolution of ransomware. Computer Fraud & Security, 2017(11), 7-9.
Van Wessel, R., Yang, X., & de Vries, H. J. (2011). Implementing international standards for Information Security Management in China and Europe: A comparative multi-case study. Technology Analysis & Strategic Management, 23(8), 865-879.
Whitman, M. E., & Mattord, H. J. (2022). Principles of Information Security. Cengage.
Zaini, M. K., Masrek, M. N., & Abdullah Sani, M. K. J. (2020). The impact of information security management practices on organisational agility. Information & Computer Security, 28(5), 681-700.
Zimba, A., Wang, Z., & Mulenga, M. (2019). Cryptojacking injection: A paradigm shift to cryptocurrency-based web-centric internet attacks. Journal of Organizational Computing and Electronic Commerce, 29(1), 40-59.Note: Please refer to this website for more examples on APA (7th edition) referencing: https://libraryguides.vu.edu.au/apa-referencing
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Muhamad Khairulnizam Zaini, Qamarul Nazrin Harun, Aumuhaimi Md Yusof, Nurhanyza Zakaria
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
