TABLE OF CONTENTS
Page
Copyright Page ………………………………………………………………… ii
Declaration ……………………………………………………………………… iii
Acknowledgement ……………………………………………………… - …… iv
Dedication ……………………………………………………………………… v
Table of Contents ……………………………………………………………… vi
List of Tables …………………………………………………………………… xi
List of Figures ……………………………………………………… - ……… xii
Abstract ……………………………………………………………………… xiii
CHAPTER 1 INTRODUCTION …………………………………………… 1
11 Overview ………………………… - ………………………… 1
12 Background to Research ……………………… - ………… 2
13 Problem Statement ………………………………………… 3
14 Significant of the Study …… - …………………… - ……… 4
141 Individual level ………………… - ……… - ……… 4
142 Body of knowledge ……………… - ………………… 5
143 Organisational level …………………………………… 5
15 Research Question …………………………………………… 6
16 Objectives of the Study ……………
………………………… 6
17 Scope of the Study …………………………………………… 7
18 Organisation of the Report …………………………………… 7
19 Summary …………………………………………… - ……… 8
CHAPTER 2 LITERATURE REVIEW ………………………………… 10
21 Overview ………… - ……………………… - …………… 10
22 Internet ……………………………………………………… 11
221 Internet usage in Malaysia ………… - …………… 12
23 Phishing …………………………………………………… - 14
24 Information Security Governance … - ……………………… 17
241 COBIT …… - …………………………………… 18
242 ITIL ……… - …………………………………… 21
243 ISO 17799 ……………………………… - ……… 23
244 Personal Data Protection Act 2010 ……………… 25
25 Information Security Governance Compliance …………… - 28
26 Education and Training …………………… - ……………… 29
27 Trust ………………………………………………………… 30
28 Employee Awareness ……………………………………… 31
29 Ethical Conduct ……………………………………… - …… 31
210 Privacy ……………………………………………………… 32
211 Theoretical Framework …………………………………… 33
212 Conceptual Framework …………………………………… 35
213 Hypothesis ………………………………………………… 36
214 Summary …………………………………………………… 37
CHAPTER 3 METHODOLOGY ………………………………………… 38
3 1 Overview …… - …………………………… - …………… 38
32 Research Design …………………………………………… 40
321 Development of questionnaire ………………………… 41
322 Reliable and validity analysis of the instrument ……… 46
33 Data Collection ……………………………………………… 47
331 Variable measurement ………………………………… 47
34 Population, Sampling and Data Collection ………………… 48
341 Population …………………………………………… 48
342 Sampling ……………………………………………… 48
343 Data collection ……………………………………… 49
344 Data coding…………………………………………… 49
345 Data analysis ………………………………………… 50
35 Ethical Consideration …………………………… - ………… 50
36 Summary …………………………………………………… 51
CHAPTER 4 RESEARCH RESULTS …………………………………… 52
41 Overview …………………………………………………… 52
42 Preliminary Data Analysis …………………………………… 53
421 Missing data analysis ………………………………… 53
422 Reliability analysis …………………………………… 54
43 Descriptive Analysis ………………………………………… 54
431 Demographic Statistics ………………………………… 55
432 Knowledge Statement Statistics ……………………… 61
433 Conclusion Statement Statistics ……………………… 63
44 Multivariate Normality ……………………………………… 64
441 Multicolinearity …………………………… - ………… 65
45 Analysis of Independent Variables ………………………… 65
451 Comparison between genders ………………………… 66
46 Multiple Linear Regression ………………………… - ……… 68
461 Hypothesis test ………………………………………… 69
462 Multiple regression model …………………………… 69
47 Summary …………………………………………………… 70
CHAPTER 5 DISCUSSION AND CONCLUSION ……………………… 71
51 Overview …………………………………………… - …… 71
52 Discussion on Analysis Result ……………………………… 72
521 Employee‟s perception ……………………………… 72
522 Key factors that affect employee‟s compliance ……… 73
523 Opinion upon survey done …………………………… 74
524 Perception among genders …………………………… 75
53 Limitation of the Study ……………………………………… 75
54 Future Research Recommendation ………………………… 76
55 Conclusion …………………………………………… - …… 76
Reference ……………………………………………………………… - …… 78
Appendices …………………………………………………………………… 84
CHAPTER 1
INTRODUCTION
11 Overview
Chapter 1 discusses the research‟s background whereby the researcher try to
answer the questions of "what is information security governance?" and "why is
information security governance necessary?" It formed the base of this study
which assessing the employee‟s knowledge and compliance on information
security governance Next, problem statement was clarified
Significant of this study accordance to individual level, body of knowledge and
organisation level was presented and four research questions had been clearly
listed before the research objectives being derived Consequently, the scope of this
study being discussed At the end of this chapter, researcher proposed remainder
chapters and a summary was written
12 Background to Research
"Information security provides the management processes, technology and
assurance to allow business management to ensure business transactions can be
trusted; ensure information technology services are usable and can appropriately
resist and recover from failures due to error, deliberate attacks or disaster; and
ensure critical confidential information is withheld from those who should not
have access to it" (COBIT Security, 2004)
As quoted in ISO 17799 (2005), information is an important asset to business It is
present in many forms (voice recording, paper, electronic documents and others)
and stored in various ways (electronic database, hard copy files, back ups and
archive) which enable organisation transmit electronically or by post and even as
films and short message services (SMS)
Since information treated and recognised as an asset to organisations, it should be
protected as with other business assets to ensure that information is available and
confidential and that its integrity is preserved where necessary (ISO 17799, 2005)
Consequently, information security governance is recognised as part of the
component of corporate governance for all organisations It is a must for
organisations to develop and implement the information security governance
within the organisation
A comprehensive information security governance must be able to suit and align
with organisation‟s goals or missions and operations Various of information
security governance being introduced to managers and IT professionals For
example, internationally, those common and comprehensive information security
governance are refer to Control Objectives for Information and Related
Technology (COBIT), Information Technology Infrastructure Library (ITIL),
International Standard Organisations 17799 (ISO 17799) which will be further
discussed in later chapters As in Malaysia, Cyber Laws of Malaysia had been in
force in the year of 1998 which focuses more on the technology security systems