A study on the information security management system towards the behaviour and culture of cybersecurity Malaysia`s employees

Abstract

After 7 years being a certified ISO/IEC 27001 (ISMS), CyberSecurity Malaysia has cultivated the Information Security Management System (ISMS) culture throughout the organization. The main objective of this research is to investigate the effectiveness of ISMS awareness program conducted by CyberSecurity Malaysia in inculcating good security behaviour among its employees. Then to determine the level of security culture, security compliant and employees’ perception towards ISMS awareness program received. This research was conducted using a quantitative method with a survey research design. The questionnaire surveys were distributed to the selected employees who represented sampling from the total population of CyberSecurity Malaysia in order to evaluate individual organizational members` security behavior, security compliant and their perception on the awareness program attended. The data collected were analyzed using SPSS software. The main finding of the research shows that the ISMS awareness program is successful in inculcating good security behaviour among employees in CyberSecurity Malaysia. The level of security culture and security compliant among employees are also high and seems that employees commitment and understanding on ISMS is keep on increasing from year to year.